app/Plugin/TwoFactorAuthCustomer42/EventListener/CustomerTwoFactorAuthListener.php line 125

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of EC-CUBE
  5.  *
  6.  * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
  7.  *
  8.  * http://www.ec-cube.co.jp/
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Plugin\TwoFactorAuthCustomer42\EventListener;
  16. use Eccube\Common\EccubeConfig;
  17. use Eccube\Entity\BaseInfo;
  18. use Eccube\Entity\Customer;
  19. use Eccube\Entity\Master\CustomerStatus;
  20. use Eccube\Repository\BaseInfoRepository;
  21. use Eccube\Request\Context;
  22. use Plugin\TwoFactorAuthCustomer42\Repository\TwoFactorAuthTypeRepository;
  23. use Plugin\TwoFactorAuthCustomer42\Repository\TwoFactorAuthCustomerCookieRepository;
  24. use Plugin\TwoFactorAuthCustomer42\Service\CustomerTwoFactorAuthService;
  25. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  26. use Symfony\Component\HttpFoundation\RedirectResponse;
  27. use Symfony\Component\HttpFoundation\RequestStack;
  28. use Symfony\Component\HttpKernel\Event\ControllerArgumentsEvent;
  29. use Symfony\Component\HttpKernel\KernelEvents;
  30. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  31. use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
  32. use Symfony\Component\Security\Http\Event\LogoutEvent;
  33. use Symfony\Contracts\EventDispatcher\Event;
  35. class CustomerTwoFactorAuthListener implements EventSubscriberInterface
  36. {
  37.     /**
  38.      * @var EccubeConfig
  39.      */
  40.     protected $eccubeConfig;
  41.     /**
  42.      * @var Context
  43.      */
  44.     protected $requestContext;
  45.     /**
  46.      * @var UrlGeneratorInterface
  47.      */
  48.     protected $router;
  49.     /**
  50.      * @var CustomerTwoFactorAuthService
  51.      */
  52.     protected $customerTwoFactorAuthService;
  53.     /**
  54.      * @var TwoFactorAuthTypeRepository
  55.      */
  56.     protected TwoFactorAuthTypeRepository $twoFactorAuthTypeRepository;
  57.     /**
  58.      * @var TwoFactorAuthCustomerCookieRepository
  59.      */
  60.     protected TwoFactorAuthCustomerCookieRepository $twoFactorAuthCustomerCookieRepository;
  61.     /**
  62.      * @var BaseInfo|object|null
  63.      */
  64.     protected $baseInfo;
  65.     /**
  66.      * @var Session
  67.      */
  68.     protected $session;
  69.     /**
  70.      * 通常(ログイン・マイページ)ルート.
  71.      */
  72.     protected $default_routes;
  73.     /**
  74.      * 重要操作ルート.
  75.      */
  76.     protected $include_routes;
  78.     /**
  79.      * @param Context $requestContext
  80.      * @param UrlGeneratorInterface $router
  81.      * @param CustomerTwoFactorAuthService $customerTwoFactorAuthService
  82.      * @param TwoFactorAuthTypeRepository $twoFactorAuthTypeRepository
  83.      * @param TwoFactorAuthCustomerCookieRepository $twoFactorAuthCustomerCookieRepository
  84.      * @param BaseInfoRepository $baseInfoRepository
  85.      * @param RequestStack $requestStack
  86.      */
  87.     public function __construct(
  88.         Context $requestContext,
  89.         UrlGeneratorInterface $router,
  90.         CustomerTwoFactorAuthService $customerTwoFactorAuthService,
  91.         TwoFactorAuthTypeRepository $twoFactorAuthTypeRepository,
  92.         TwoFactorAuthCustomerCookieRepository $twoFactorAuthCustomerCookieRepository,
  93.         BaseInfoRepository $baseInfoRepository,
  94.         RequestStack $requestStack
  95.     ) {
  96.         $this->requestContext $requestContext;
  97.         $this->router $router;
  98.         $this->customerTwoFactorAuthService $customerTwoFactorAuthService;
  99.         $this->baseInfo $baseInfoRepository->find(1);
  100.         $this->twoFactorAuthTypeRepository $twoFactorAuthTypeRepository;
  101.         $this->twoFactorAuthCustomerCookieRepository $twoFactorAuthCustomerCookieRepository;
  102.         $this->session $requestStack->getSession();
  104.         $this->default_routes $this->customerTwoFactorAuthService->getDefaultAuthRoutes();
  105.         $this->include_routes $this->customerTwoFactorAuthService->getIncludeRoutes();
  106.     }
  108.     /**
  109.      * @return array
  110.      */
  111.     public static function getSubscribedEvents(): array
  112.     {
  113.         return [
  114.             KernelEvents::CONTROLLER_ARGUMENTS => ['onKernelController'7],
  115.             LoginSuccessEvent::class => ['onLoginSuccess'],
  116.             LogoutEvent::class => 'logoutEvent',
  117.         ];
  118.     }
  120.     /**
  121.      * リクエスト受信時イベントハンドラ.
  122.      *
  123.      * @param ControllerArgumentsEvent $event
  124.      */
  125.     public function onKernelController(ControllerArgumentsEvent $event)
  126.     {
  127.         if (!$event->isMainRequest()) {
  128.             // サブリクエストの場合、処理なし
  129.             return;
  130.         }
  132.         if ($this->requestContext->isAdmin()) {
  133.             // バックエンドURLの場合、処理なし
  134.             return;
  135.         }
  137.         if (!$this->baseInfo->isTwoFactorAuthUse()) {
  138.             // 2段階認証使用しない場合は処理なし
  139.             return;
  140.         }
  142.         $route $event->getRequest()->attributes->get('_route');
  143.         $uri $event->getRequest()->getRequestUri();
  145.         $Customer $this->requestContext->getCurrentUser();
  147.         if ($Customer instanceof Customer) {
  148.             if ($Customer->getStatus()->getId() !== CustomerStatus::REGULAR) {
  149.                 // ログインしていない場合、処理なし
  150.                 return;
  151.             }
  153.             if (!$this->isDefaultRoute($route$uri) && !$this->isIncludeRoute($route$uri)) {
  154.                 // 重要操作指定ではなく、マイページ系列ではない場合、処理なし
  155.                 return;
  156.             }
  158.             $this->multiFactorAuth($event$Customer$route);
  159.         }
  160.     }
  162.     /**
  163.      * ログイン完了 イベントハンドラ.
  164.      *
  165.      * @param LoginSuccessEvent $event
  166.      *
  167.      * @return RedirectResponse|void
  168.      */
  169.     public function onLoginSuccess(LoginSuccessEvent $event)
  170.     {
  171.         if ($this->requestContext->isAdmin()) {
  172.             // バックエンドURLの場合処理なし
  173.             return;
  174.         }
  176.         if (!$this->baseInfo->isTwoFactorAuthUse()) {
  177.             // 2段階認証使用しない場合は処理なし
  178.             return;
  179.         }
  181.         if ($this->requestContext->getCurrentUser() === null) {
  182.             // ログインしていない場合は処理なし
  183.             return;
  184.         }
  186.         if ($this->requestContext->getCurrentUser()->getTwoFactorAuthType() !== null &&
  187.             $this->requestContext->getCurrentUser()->getTwoFactorAuthType()->isDisabled()) {
  188.             // ユーザーが選択した2段階認証方式は無効になっている場合、ログアウトさせる。
  189.             return new RedirectResponse($this->router->generate('logout'), 302);
  190.         }
  192.         $this->multiFactorAuth(
  193.             $event,
  194.             $this->requestContext->getCurrentUser(),
  195.             $event->getRequest()->attributes->get('_route'));
  196.     }
  198.     /**
  199.      * ログアウトする前に全ての2FA認証クッキーを消す
  200.      *
  201.      * @param LogoutEvent $logoutEvent ログアウトイベント
  202.      *
  203.      * @return void
  204.      */
  205.     public function logoutEvent(LogoutEvent $logoutEvent)
  206.     {
  207.         $Customer $this->requestContext->getCurrentUser();
  208.         if ($Customer instanceof Customer) {
  209.             $this->customerTwoFactorAuthService->clear2AuthCookies($logoutEvent->getRequest(), $logoutEvent->getResponse());
  210.             $this->twoFactorAuthCustomerCookieRepository->deleteByCustomer($Customer);
  211.         }
  212.     }
  215.     /**
  216.      * ルート・URIが個別認証対象かチェック.
  217.      *
  218.      * @param string $route
  219.      * @param string $uri
  220.      *
  221.      * @return bool
  222.      */
  223.     private function isDefaultRoute(string $routestring $uri): bool
  224.     {
  225.         return $this->isTargetRoute($this->default_routes$route$uri);
  226.     }
  228.     /**
  229.      * ルート・URIが対象であるかチェック.
  230.      *
  231.      * @param array $targetRoutes
  232.      * @param string $route
  233.      * @param string $uri
  234.      *
  235.      * @return bool
  236.      */
  237.     private function isTargetRoute(array $targetRoutesstring $routestring $uri): bool
  238.     {
  239.         // ルートで認証
  240.         if (in_array($route$targetRoutes)) {
  241.             return true;
  242.         }
  244.         // URIで認証
  245.         foreach ($targetRoutes as $r) {
  246.             if ($r != '' && $r !== '/' && strpos($uri$r) === 0) {
  247.                 return true;
  248.             }
  249.         }
  251.         return false;
  252.     }
  254.     /**
  255.      * ルート・URIが個別認証対象かチェック.
  256.      *
  257.      * @param string $route
  258.      * @param string $uri
  259.      *
  260.      * @return bool
  261.      */
  262.     private function isIncludeRoute(string $routestring $uri): bool
  263.     {
  264.         return $this->isTargetRoute($this->include_routes$route$uri);
  265.     }
  267.     /**
  268.      * 多要素認証.
  269.      *
  270.      * @param Event $event
  271.      * @param Customer $Customer
  272.      * @param string $route
  273.      *
  274.      * @return mixed
  275.      */
  276.     private function multiFactorAuth($event$Customer$route)
  277.     {
  278.         if (!$this->baseInfo->isTwoFactorAuthUse()) {
  279.             // MFA無効の場合処理なし
  280.             return;
  281.         }
  283.         if (count($this->twoFactorAuthTypeRepository->findBy(['isDisabled' => false])) == 0) {
  284.             // 2段階認証プラグインが有効化されていない場合処理なし
  285.             return;
  286.         }
  288.         // [会員] ログイン時2段階認証状態
  289.         $is_auth $this->customerTwoFactorAuthService->isAuthed($Customer$route);
  291.         if (!$is_auth) {
  292.             log_info('[2段階認証] 実施');
  293.             if ($Customer->getTwoFactorAuthType() === null) {
  294.                 // 2段階認証未設定
  295.                 $this->selectAuthType($event$route);
  296.             } else {
  297.                 // 2段階認証設定済み
  298.                 $this->auth($event$Customer$route);
  299.             }
  300.         }
  301.     }
  303.     /**
  304.      * 多要素認証方式設定画面へリダイレクト.
  305.      *
  306.      * @param Event $event
  307.      * @param string|null $route
  308.      */
  309.     private function selectAuthType($event, ?string $route)
  310.     {
  311.         // [会員] 2段階認証が未設定の場合
  312.         // コールバックURLをセッションへ設定
  313.         $this->setCallbackRoute($route);
  314.         // 2段階認証選択画面へリダイレクト
  315.         $url $this->router->generate('plg_customer_2fa_auth_type_select', [], UrlGeneratorInterface::ABSOLUTE_PATH);
  317.         if ($event instanceof ControllerArgumentsEvent) {
  318.             $event->setController(function () use ($url) {
  319.                 return new RedirectResponse($url302);
  320.             });
  321.         } else {
  322.             $event->setResponse(new RedirectResponse($url302));
  323.         }
  324.     }
  326.     /**
  327.      * コールバックルートをセッションへ設定.
  328.      *
  329.      * @param string|null $route
  330.      */
  331.     private function setCallbackRoute(?string $route)
  332.     {
  333.         if ($route) {
  334.             $this->session->set(CustomerTwoFactorAuthService::SESSION_CALL_BACK_URL$route);
  335.         }
  336.     }
  338.     /**
  339.      * 2段階認証のディスパッチ.
  340.      *
  341.      * @param Event $event
  342.      * @param Customer $Customer
  343.      * @param string|null $route
  344.      */
  345.     private function auth($eventCustomer $Customer, ?string $route)
  346.     {
  347.         // コールバックURLをセッションへ設定
  348.         $this->setCallbackRoute($route);
  349.         // 選択された多要素認証方式で指定されているルートへリダイレクト
  350.         if ($Customer->getTwoFactorAuthType() !== null && $Customer->getTwoFactorAuthType()->isDisabled()) {
  351.             // ユーザーが選択した2段階認証方式は無効になっている場合、ログアウトさせる。
  352.             $event->setController(function () {
  353.                 return new RedirectResponse($this->router->generate('logout'), 302);
  354.             });
  356.             return;
  357.         }
  359.         $url $this->router->generate($Customer->getTwoFactorAuthType()->getRoute());
  361.         if ($event instanceof ControllerArgumentsEvent) {
  362.             $event->setController(function () use ($url) {
  363.                 return new RedirectResponse($url302);
  364.             });
  365.         } else {
  366.             $event->setResponse(new RedirectResponse($url302));
  367.         }
  368.     }
  370. }