FOSSology  4.4.0
Open Source License Compliance by Open Source Software
RestAuthMiddleware.php
Go to the documentation of this file.
1 <?php
2 /*
3  SPDX-FileCopyrightText: © 2018-2019 Siemens AG
4  Author: Gaurav Mishra <mishra.gaurav@siemens.com>
5 
6  SPDX-License-Identifier: GPL-2.0-only
7 */
15 namespace Fossology\UI\Api\Middlewares;
16 
17 use Fossology\UI\Api\Exceptions\HttpBadRequestException;
18 use Fossology\UI\Api\Exceptions\HttpForbiddenException;
19 use Fossology\UI\Api\Helper\AuthHelper;
20 use Fossology\UI\Api\Helper\CorsHelper;
21 use Fossology\UI\Api\Models\ApiVersion;
22 use Psr\Http\Message\ResponseInterface;
23 use Psr\Http\Message\ServerRequestInterface as Request;
24 use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
25 
30 class RestAuthMiddleware
31 {
42  public function __invoke(Request $request, RequestHandler $handler) : ResponseInterface
43  {
44  $requestUri = $request->getUri();
45  $requestPath = strtolower($requestUri->getPath());
46  $authFreePaths = ["/info", "/openapi", "/health"];
47 
48  $isPassThroughPath = false;
49  // path is /repo/api/v2/<endpoint>, we need to get only the endpoint part
50  $parts = explode("/", $requestPath, 5);
51  $endpoint = "/".end($parts);
52  foreach ($authFreePaths as $authFreePath) {
53  if ( $endpoint === $authFreePath ) {
54  $isPassThroughPath = true;
55  break;
56  }
57  }
58 
59  if (stristr($request->getMethod(), "options") !== false) {
60  $response = $handler->handle($request);
61  } elseif ($isPassThroughPath) {
62  $response = $handler->handle($request);
63  } elseif (stristr($requestUri->getPath(), "/tokens") !== false &&
64  stristr($requestUri->getPath(), "/users/tokens") === false &&
65  stristr($request->getMethod(), "post") !== false) {
66  $response = $handler->handle($request);
67  } else {
69  $authHelper = $GLOBALS['container']->get('helper.authHelper');
70  $authHeaders = $request->getHeader('Authorization');
71  if (!empty($authHeaders)) {
72  $jwtToken = $authHeaders[0];
73  } else {
74  $jwtToken = "";
75  }
76  $userId = -1;
77  $tokenScope = false;
78  $authHelper->verifyAuthToken($jwtToken, $userId, $tokenScope);
79  if (stristr($request->getMethod(), "get") === false &&
80  stristr($tokenScope, "write") === false) {
81  /*
82  * If the request method is not GET and token scope is not write,
83  * do not allow the request to pass through.
84  */
85  throw new HttpForbiddenException("Do not have required scope.");
86  }
87  if (ApiVersion::getVersion($request) == ApiVersion::V2) {
88  $queryParameters = $request->getQueryParams();
89  $groupName = $queryParameters['groupName'] ?? "";
90  } else {
91  $groupName = $request->getHeaderLine('groupName');
92  }
93  if (!empty($groupName)) { // if request contains groupName
94  $authHelper->userHasGroupAccess($userId, $groupName);
95  $authHelper->updateUserSession($userId, $tokenScope, $groupName);
96  } else { // no groupName passed, use default groupId saved in DB
97  $authHelper->updateUserSession($userId, $tokenScope);
98  }
99  $response = $handler->handle($request);
100  }
101  return CorsHelper::addCorsHeaders($response);
102  }
103 }
Fossology\UI\Api\Helper\AuthHelper
Provides helper methods for REST api.
Definition: AuthHelper.php:38
Fossology\UI\Api\Helper\CorsHelper\addCorsHeaders
static addCorsHeaders(ResponseInterface $response)
Definition: CorsHelper.php:21
Fossology\UI\Api\Middlewares\RestAuthMiddleware
Authentication middleware for Slim framework.
Definition: RestAuthMiddleware.php:31
Fossology\UI\Api\Models\ApiVersion\getVersion
static getVersion(ServerRequestInterface $request)
Definition: ApiVersion.php:29