mirror of
https://github.com/maelgangloff/domain-watchdog.git
synced 2025-12-18 10:15:41 +00:00
refactor: provider authentication flow
This commit is contained in:
Vincent
parent
b162f2313e
commit
81512bebb4
@ -3,7 +3,7 @@
|
||||
namespace App\Config;
|
||||
|
||||
use App\Service\Connector\GandiProvider;
|
||||
use App\Service\Connector\NamecheapConnector;
|
||||
use App\Service\Connector\NamecheapProvider;
|
||||
use App\Service\Connector\OvhProvider;
|
||||
|
||||
enum ConnectorProvider: string
|
||||
@ -17,7 +17,7 @@ enum ConnectorProvider: string
|
||||
return match ($this) {
|
||||
ConnectorProvider::OVH => OvhProvider::class,
|
||||
ConnectorProvider::GANDI => GandiProvider::class,
|
||||
ConnectorProvider::NAMECHEAP => NamecheapConnector::class,
|
||||
ConnectorProvider::NAMECHEAP => NamecheapProvider::class,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@ -9,6 +9,8 @@ use Doctrine\Common\Collections\Collection;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
||||
use Symfony\Component\DependencyInjection\ContainerInterface;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
@ -20,7 +22,9 @@ class ConnectorController extends AbstractController
|
||||
public function __construct(
|
||||
private readonly SerializerInterface $serializer,
|
||||
private readonly EntityManagerInterface $em,
|
||||
private readonly LoggerInterface $logger
|
||||
private readonly LoggerInterface $logger,
|
||||
#[Autowire(service: 'service_container')]
|
||||
private ContainerInterface $locator
|
||||
) {
|
||||
}
|
||||
|
||||
@ -71,10 +75,9 @@ class ConnectorController extends AbstractController
|
||||
throw new BadRequestHttpException('Provider not found');
|
||||
}
|
||||
|
||||
/** @var AbstractProvider $connectorProviderClass */
|
||||
$connectorProviderClass = $provider->getConnectorProvider();
|
||||
|
||||
$authData = $connectorProviderClass::verifyAuthData($connector->getAuthData(), $client);
|
||||
/** @var AbstractProvider $providerClient */
|
||||
$providerClient = $this->locator->get($provider->getConnectorProvider());
|
||||
$authData = $providerClient->verifyAuthData($connector->getAuthData());
|
||||
$connector->setAuthData($authData);
|
||||
|
||||
$this->logger->info('User {username} authentication data with the {provider} provider has been validated.', [
|
||||
|
||||
@ -41,7 +41,6 @@ use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
use Symfony\Component\Serializer\SerializerInterface;
|
||||
use Symfony\Contracts\HttpClient\HttpClientInterface;
|
||||
|
||||
class WatchListController extends AbstractController
|
||||
{
|
||||
@ -50,7 +49,6 @@ class WatchListController extends AbstractController
|
||||
private readonly EntityManagerInterface $em,
|
||||
private readonly WatchListRepository $watchListRepository,
|
||||
private readonly LoggerInterface $logger,
|
||||
private readonly HttpClientInterface $httpClient,
|
||||
private readonly ChatNotificationService $chatNotificationService,
|
||||
#[Autowire(service: 'service_container')]
|
||||
private ContainerInterface $locator
|
||||
@ -184,7 +182,6 @@ class WatchListController extends AbstractController
|
||||
/** @var AbstractProvider $connectorProvider */
|
||||
$connectorProvider = $this->locator->get($connectorProviderClass);
|
||||
|
||||
$connectorProvider::verifyAuthData($connector->getAuthData(), $this->httpClient); // We want to check if the tokens are OK
|
||||
$connectorProvider->authenticate($connector->getAuthData());
|
||||
$supported = $connectorProvider->isSupported(...$watchList->getDomains()->toArray());
|
||||
|
||||
|
||||
@ -5,8 +5,14 @@ namespace App\Service\Connector;
|
||||
use App\Entity\Domain;
|
||||
use Psr\Cache\CacheItemInterface;
|
||||
use Psr\Cache\CacheItemPoolInterface;
|
||||
use Symfony\Contracts\HttpClient\HttpClientInterface;
|
||||
|
||||
/**
|
||||
* The typical flow of a provider will go as follows:
|
||||
*
|
||||
* MyProvider $provider; // gotten from DI
|
||||
* $provider->authenticate($authData);
|
||||
* $provider->orderDomain($domain, $dryRun);
|
||||
*/
|
||||
abstract class AbstractProvider
|
||||
{
|
||||
protected array $authData;
|
||||
@ -16,7 +22,17 @@ abstract class AbstractProvider
|
||||
) {
|
||||
}
|
||||
|
||||
abstract public static function verifyAuthData(array $authData, HttpClientInterface $client): array;
|
||||
/**
|
||||
* @param array $authData raw authentication data as supplied by the user
|
||||
*
|
||||
* @return array a cleaned up version of the authentication data
|
||||
*/
|
||||
abstract public function verifyAuthData(array $authData): array;
|
||||
|
||||
/**
|
||||
* @throws \Exception when the registrar denies the authentication
|
||||
*/
|
||||
abstract public function assertAuthentication(): void; // TODO use dedicated exception type
|
||||
|
||||
abstract public function orderDomain(Domain $domain, bool $dryRun): void;
|
||||
|
||||
@ -53,9 +69,13 @@ abstract class AbstractProvider
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function authenticate(array $authData): void
|
||||
{
|
||||
$this->authData = $authData;
|
||||
$this->authData = $this->verifyAuthData($authData);
|
||||
$this->assertAuthentication();
|
||||
}
|
||||
|
||||
abstract protected function getCachedTldList(): CacheItemInterface;
|
||||
|
||||
@ -43,17 +43,15 @@ class GandiProvider extends AbstractProvider
|
||||
throw new \InvalidArgumentException('Domain name cannot be null');
|
||||
}
|
||||
|
||||
$authData = self::verifyAuthData($this->authData, $this->client);
|
||||
|
||||
$user = $this->client->request('GET', '/v5/organization/user-info', (new HttpOptions())
|
||||
->setAuthBearer($authData['token'])
|
||||
->setAuthBearer($this->authData['token'])
|
||||
->setHeader('Accept', 'application/json')
|
||||
->setBaseUri(self::BASE_URL)
|
||||
->toArray()
|
||||
)->toArray();
|
||||
|
||||
$httpOptions = (new HttpOptions())
|
||||
->setAuthBearer($authData['token'])
|
||||
->setAuthBearer($this->authData['token'])
|
||||
->setHeader('Accept', 'application/json')
|
||||
->setBaseUri(self::BASE_URL)
|
||||
->setHeader('Dry-Run', $dryRun ? '1' : '0')
|
||||
@ -74,9 +72,9 @@ class GandiProvider extends AbstractProvider
|
||||
'tld_period' => 'golive',
|
||||
]);
|
||||
|
||||
if (array_key_exists('sharingId', $authData)) {
|
||||
if (array_key_exists('sharingId', $this->authData)) {
|
||||
$httpOptions->setQuery([
|
||||
'sharing_id' => $authData['sharingId'],
|
||||
'sharing_id' => $this->authData['sharingId'],
|
||||
]);
|
||||
}
|
||||
|
||||
@ -91,7 +89,7 @@ class GandiProvider extends AbstractProvider
|
||||
/**
|
||||
* @throws TransportExceptionInterface
|
||||
*/
|
||||
public static function verifyAuthData(array $authData, HttpClientInterface $client): array
|
||||
public function verifyAuthData(array $authData): array
|
||||
{
|
||||
$token = $authData['token'];
|
||||
|
||||
@ -111,17 +109,6 @@ class GandiProvider extends AbstractProvider
|
||||
throw new HttpException(451, 'The user has not given explicit consent');
|
||||
}
|
||||
|
||||
$response = $client->request('GET', '/v5/organization/user-info', (new HttpOptions())
|
||||
->setAuthBearer($token)
|
||||
->setHeader('Accept', 'application/json')
|
||||
->setBaseUri(self::BASE_URL)
|
||||
->toArray()
|
||||
);
|
||||
|
||||
if (Response::HTTP_OK !== $response->getStatusCode()) {
|
||||
throw new BadRequestHttpException('The status of these credentials is not valid');
|
||||
}
|
||||
|
||||
$authDataReturned = [
|
||||
'token' => $token,
|
||||
'acceptConditions' => $acceptConditions,
|
||||
@ -136,6 +123,20 @@ class GandiProvider extends AbstractProvider
|
||||
return $authDataReturned;
|
||||
}
|
||||
|
||||
public function assertAuthentication(): void
|
||||
{
|
||||
$response = $this->client->request('GET', '/v5/organization/user-info', (new HttpOptions())
|
||||
->setAuthBearer($this->authData['token'])
|
||||
->setHeader('Accept', 'application/json')
|
||||
->setBaseUri(self::BASE_URL)
|
||||
->toArray()
|
||||
);
|
||||
|
||||
if (Response::HTTP_OK !== $response->getStatusCode()) {
|
||||
throw new BadRequestHttpException('The status of these credentials is not valid');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws TransportExceptionInterface
|
||||
* @throws ServerExceptionInterface
|
||||
@ -145,10 +146,8 @@ class GandiProvider extends AbstractProvider
|
||||
*/
|
||||
protected function getSupportedTldList(): array
|
||||
{
|
||||
$authData = self::verifyAuthData($this->authData, $this->client);
|
||||
|
||||
$response = $this->client->request('GET', '/v5/domain/tlds', (new HttpOptions())
|
||||
->setAuthBearer($authData['token'])
|
||||
->setAuthBearer($this->authData['token'])
|
||||
->setHeader('Accept', 'application/json')
|
||||
->setBaseUri(self::BASE_URL)
|
||||
->toArray())->toArray();
|
||||
|
||||
@ -9,7 +9,7 @@ use Symfony\Component\DependencyInjection\Attribute\Autoconfigure;
|
||||
use Symfony\Contracts\HttpClient\HttpClientInterface;
|
||||
|
||||
#[Autoconfigure(public: true)]
|
||||
class NamecheapConnector extends AbstractProvider
|
||||
class NamecheapProvider extends AbstractProvider
|
||||
{
|
||||
public const BASE_URL = 'https://api.namecheap.com/xml.response';
|
||||
|
||||
@ -81,20 +81,21 @@ class NamecheapConnector extends AbstractProvider
|
||||
return $data->CommandResponse;
|
||||
}
|
||||
|
||||
public static function verifyAuthData(array $authData, HttpClientInterface $client): array
|
||||
public function verifyAuthData(array $authData): array
|
||||
{
|
||||
// TODO call gettldlist to introspect authentication
|
||||
// need to make verifyAuthData local to do this properly...
|
||||
|
||||
return [
|
||||
'ApiUser' => $authData['ApiUser'],
|
||||
'ApiKey' => $authData['ApiKey'],
|
||||
'acceptConditions' => $authData['acceptConditions'],
|
||||
'ownerLegalAge' => $authData['ownerLegalAge'],
|
||||
'waiveRetractionPeriod' => $authData['waiveRetractionPeriod'],
|
||||
];
|
||||
}
|
||||
|
||||
public function assertAuthentication(): void
|
||||
{
|
||||
$this->call('namecheap.domains.gettldlist', [], false);
|
||||
}
|
||||
|
||||
protected function getCachedTldList(): CacheItemInterface
|
||||
{
|
||||
return $this->cacheItemPool->getItem('app.provider.namecheap.supported-tld');
|
||||
@ -7,10 +7,10 @@ use GuzzleHttp\Exception\ClientException;
|
||||
use Ovh\Api;
|
||||
use Ovh\Exceptions\InvalidParameterException;
|
||||
use Psr\Cache\CacheItemInterface;
|
||||
use Psr\Cache\CacheItemPoolInterface;
|
||||
use Psr\Cache\InvalidArgumentException;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Symfony\Contracts\HttpClient\HttpClientInterface;
|
||||
|
||||
class OvhProvider extends AbstractProvider
|
||||
{
|
||||
@ -41,8 +41,9 @@ class OvhProvider extends AbstractProvider
|
||||
],
|
||||
];
|
||||
|
||||
public function __construct(private HttpClientInterface $client)
|
||||
public function __construct(CacheItemPoolInterface $cacheItemPool)
|
||||
{
|
||||
parent::__construct($cacheItemPool);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -61,21 +62,19 @@ class OvhProvider extends AbstractProvider
|
||||
throw new \InvalidArgumentException('Domain name cannot be null');
|
||||
}
|
||||
|
||||
$authData = self::verifyAuthData($this->authData, $this->client);
|
||||
|
||||
$acceptConditions = $authData['acceptConditions'];
|
||||
$ownerLegalAge = $authData['ownerLegalAge'];
|
||||
$waiveRetractationPeriod = $authData['waiveRetractationPeriod'];
|
||||
$acceptConditions = $this->authData['acceptConditions'];
|
||||
$ownerLegalAge = $this->authData['ownerLegalAge'];
|
||||
$waiveRetractationPeriod = $this->authData['waiveRetractationPeriod'];
|
||||
|
||||
$conn = new Api(
|
||||
$authData['appKey'],
|
||||
$authData['appSecret'],
|
||||
$authData['apiEndpoint'],
|
||||
$authData['consumerKey']
|
||||
$this->authData['appKey'],
|
||||
$this->authData['appSecret'],
|
||||
$this->authData['apiEndpoint'],
|
||||
$this->authData['consumerKey']
|
||||
);
|
||||
|
||||
$cart = $conn->post('/order/cart', [
|
||||
'ovhSubsidiary' => $authData['ovhSubsidiary'],
|
||||
'ovhSubsidiary' => $this->authData['ovhSubsidiary'],
|
||||
'description' => 'Domain Watchdog',
|
||||
]);
|
||||
$cartId = $cart['cartId'];
|
||||
@ -85,8 +84,8 @@ class OvhProvider extends AbstractProvider
|
||||
]);
|
||||
|
||||
$pricingModes = ['create-default'];
|
||||
if ('create-default' !== $authData['pricingMode']) {
|
||||
$pricingModes[] = $authData['pricingMode'];
|
||||
if ('create-default' !== $this->authData['pricingMode']) {
|
||||
$pricingModes[] = $this->authData['pricingMode'];
|
||||
}
|
||||
|
||||
$offer = array_filter($offers, fn ($offer) => 'create' === $offer['action']
|
||||
@ -135,7 +134,7 @@ class OvhProvider extends AbstractProvider
|
||||
/**
|
||||
* @throws \Exception
|
||||
*/
|
||||
public static function verifyAuthData(array $authData, HttpClientInterface $client): array
|
||||
public function verifyAuthData(array $authData): array
|
||||
{
|
||||
$appKey = $authData['appKey'];
|
||||
$appSecret = $authData['appSecret'];
|
||||
@ -164,11 +163,26 @@ class OvhProvider extends AbstractProvider
|
||||
throw new HttpException(451, 'The user has not given explicit consent');
|
||||
}
|
||||
|
||||
return [
|
||||
'appKey' => $appKey,
|
||||
'appSecret' => $appSecret,
|
||||
'apiEndpoint' => $apiEndpoint,
|
||||
'consumerKey' => $consumerKey,
|
||||
'ovhSubsidiary' => $ovhSubsidiary,
|
||||
'pricingMode' => $pricingMode,
|
||||
'acceptConditions' => $acceptConditions,
|
||||
'ownerLegalAge' => $ownerLegalAge,
|
||||
'waiveRetractationPeriod' => $waiveRetractationPeriod,
|
||||
];
|
||||
}
|
||||
|
||||
public function assertAuthentication(): void
|
||||
{
|
||||
$conn = new Api(
|
||||
$appKey,
|
||||
$appSecret,
|
||||
$apiEndpoint,
|
||||
$consumerKey
|
||||
$this->authData['appKey'],
|
||||
$this->authData['appSecret'],
|
||||
$this->authData['apiEndpoint'],
|
||||
$this->authData['consumerKey'],
|
||||
);
|
||||
|
||||
try {
|
||||
@ -201,18 +215,6 @@ class OvhProvider extends AbstractProvider
|
||||
throw new BadRequestHttpException('This Connector does not have enough permissions on the Provider API. Please recreate this Connector.');
|
||||
}
|
||||
}
|
||||
|
||||
return [
|
||||
'appKey' => $appKey,
|
||||
'appSecret' => $appSecret,
|
||||
'apiEndpoint' => $apiEndpoint,
|
||||
'consumerKey' => $consumerKey,
|
||||
'ovhSubsidiary' => $ovhSubsidiary,
|
||||
'pricingMode' => $pricingMode,
|
||||
'acceptConditions' => $acceptConditions,
|
||||
'ownerLegalAge' => $ownerLegalAge,
|
||||
'waiveRetractationPeriod' => $waiveRetractationPeriod,
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
@ -222,17 +224,15 @@ class OvhProvider extends AbstractProvider
|
||||
*/
|
||||
protected function getSupportedTldList(): array
|
||||
{
|
||||
$authData = self::verifyAuthData($this->authData, $this->client);
|
||||
|
||||
$conn = new Api(
|
||||
$authData['appKey'],
|
||||
$authData['appSecret'],
|
||||
$authData['apiEndpoint'],
|
||||
$authData['consumerKey']
|
||||
$this->authData['appKey'],
|
||||
$this->authData['appSecret'],
|
||||
$this->authData['apiEndpoint'],
|
||||
$this->authData['consumerKey']
|
||||
);
|
||||
|
||||
return $conn->get('/domain/extensions', [
|
||||
'ovhSubsidiary' => $authData['ovhSubsidiary'],
|
||||
'ovhSubsidiary' => $this->authData['ovhSubsidiary'],
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user