Database updates, change for authenticators to not run on specific en…

…dpoints
ConductionNL · Mar 21, 2024 · 443f682 · 443f682
1 parent dcd0d76
commit 443f682
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 8 deletions.
diff --git a/api/migrations/Version20240321082004.php b/api/migrations/Version20240321082004.php
@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20240321082004 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql('ALTER TABLE endpoint ADD proxy_overrules_authentication BOOLEAN DEFAULT false');
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql('ALTER TABLE endpoint DROP proxy_overrules_authentication');
+    }
+}
diff --git a/api/src/Entity/Endpoint.php b/api/src/Entity/Endpoint.php
@@ -139,11 +139,10 @@ class Endpoint
      /**
       * @var bool Whether or not the proxy should overrule the authentication from the request.
       *
-      *
       * @Groups({"read", "write"})
-      * @ORM\Column(type="bool", default=false)
+      * @ORM\Column(type="boolean", options={"default":false}, nullable=true)
       */
-     private bool $proxyOverrulesAuthentication = false;
+     private ?bool $proxyOverrulesAuthentication = false;
 
     /**
      * @var array|null The path of this Endpoint.
@@ -982,7 +981,7 @@ public function removeFederationProxy(Gateway $federationProxy): self
         return $this;
     }
 
-    public function getProxyOverrulesAuthentication(): bool
+    public function getProxyOverrulesAuthentication(): ?bool
     {
         return $this->proxyOverrulesAuthentication;
     }

diff --git a/api/src/Security/ApiKeyAuthenticator.php b/api/src/Security/ApiKeyAuthenticator.php
@@ -3,6 +3,7 @@
 namespace App\Security;
 
 use App\Entity\Application;
+use App\Entity\Endpoint;
 use App\Entity\User;
 use App\Security\User\AuthenticationUser;
 use Doctrine\ORM\EntityManagerInterface;
@@ -37,8 +38,18 @@ public function __construct(
      */
     public function supports(Request $request): ?bool
     {
-        return $request->headers->has('Authorization') &&
-            strpos($request->headers->get('Authorization'), 'Bearer') === false;
+        if($request->headers->has('Authorization') === true &&
+            strpos($request->headers->get('Authorization'), 'Bearer') === false) {
+
+            $pathTemp = explode('/api/', $request->getPathInfo(), 2);
+            $endpoint = null;
+            if(count($pathTemp) > 1) {
+                $path = $pathTemp[1];
+                $endpoint = $this->entityManager->getRepository(Endpoint::class)->findByMethodRegex($request->getMethod(), $path);
+            }
+            return ($endpoint instanceof Endpoint === false || $endpoint->getProxyOverrulesAuthentication() == false);
+        }
+        return false;
     }
 
     private function prefixRoles(array $roles): array
@@ -130,6 +141,7 @@ public function authenticate(Request $request): PassportInterface
             'roles'        => $roleArray['roles'],
         ];
 
+
         return new Passport(
             new UserBadge($userArray['id'], function ($userIdentifier) use ($userArray) {
                 return new AuthenticationUser(

diff --git a/api/src/Security/TokenAuthenticator.php b/api/src/Security/TokenAuthenticator.php
@@ -3,6 +3,7 @@
 namespace App\Security;
 
 use App\Entity\Authentication;
+use App\Entity\Endpoint;
 use App\Entity\SecurityGroup;
 use App\Exception\GatewayException;
 use App\Security\User\AuthenticationUser;
@@ -52,8 +53,18 @@ public function __construct(
      */
     public function supports(Request $request): ?bool
     {
-        return $request->headers->has('Authorization') &&
-            strpos($request->headers->get('Authorization'), 'Bearer') === 0;
+        if($request->headers->has('Authorization') === true &&
+            strpos($request->headers->get('Authorization'), 'Bearer') === 0) {
+
+            $pathTemp = explode('/api/', $request->getPathInfo(), 2);
+            $endpoint = null;
+            if(count($pathTemp) > 1) {
+                $path = $pathTemp[1];
+                $endpoint = $this->entityManager->getRepository(Endpoint::class)->findByMethodRegex($request->getMethod(), $path);
+            }
+            return ($endpoint instanceof Endpoint === false || $endpoint->getProxyOverrulesAuthentication() == false);
+        }
+        return false;
     }
 
     /**