refactor: consent checks are performed in AbstractProvider and not in child classes

2025-12-29 16:15:04 +00:00 · 2024-11-01 00:46:25 +01:00
parent 5be90247f4
commit c7a50eed65
29 changed files with 927 additions and 888 deletions
--- a/src/Service/Connector/AbstractProvider.php
+++ b/src/Service/Connector/AbstractProvider.php
@@ -3,8 +3,11 @@
 namespace App\Service\Connector;

 use App\Entity\Domain;
+use Exception;
 use Psr\Cache\CacheItemInterface;
 use Psr\Cache\CacheItemPoolInterface;
+use Symfony\Component\DependencyInjection\Attribute\Autoconfigure;
+use Symfony\Component\HttpKernel\Exception\HttpException;

 /**
 * The typical flow of a provider will go as follows:
@@ -13,21 +16,65 @@ use Psr\Cache\CacheItemPoolInterface;
 * $provider->authenticate($authData);
 * $provider->orderDomain($domain, $dryRun);
 */
+#[Autoconfigure(public: true)]
 abstract class AbstractProvider
 {
    protected array $authData;

    public function __construct(
-        protected CacheItemPoolInterface $cacheItemPool
+        protected CacheItemPoolInterface $cacheItemPool,
    ) {
    }

+    /**
+     * Perform a static check of the connector data.
+     * To be valid, the data fields must match the Provider and the conditions must be accepted.
+     * User consent is checked here.
+     *
+     * @param array $authData raw authentication data as supplied by the user
+     *
+     * @return array a cleaned up version of the authentication data
+     *
+     * @throws HttpException when the user does not accept the necessary conditions
+     */
+    public function verifyAuthData(array $authData): array
+    {
+        return [
+            ...$this->verifySpecificAuthData($this->verifyLegalAuthData($authData)),
+            'acceptConditions' => $authData['acceptConditions'],
+            'ownerLegalAge' => $authData['ownerLegalAge'],
+            'waiveRetractationPeriod' => $authData['waiveRetractationPeriod'],
+        ];
+    }
+
    /**
     * @param array $authData raw authentication data as supplied by the user
     *
-     * @return array a cleaned up version of the authentication data
+     * @return array specific authentication data
     */
-    abstract public function verifyAuthData(array $authData): array;
+    abstract protected function verifySpecificAuthData(array $authData): array;
+
+    /**
+     * @param array $authData raw authentication data as supplied by the user
+     *
+     * @return array raw authentication data as supplied by the user
+     *
+     * @throws HttpException when the user does not accept the necessary conditions
+     */
+    private function verifyLegalAuthData(array $authData): array
+    {
+        $acceptConditions = $authData['acceptConditions'];
+        $ownerLegalAge = $authData['ownerLegalAge'];
+        $waiveRetractationPeriod = $authData['waiveRetractationPeriod'];
+
+        if (true !== $acceptConditions
+            || true !== $ownerLegalAge
+            || true !== $waiveRetractationPeriod) {
+            throw new HttpException(451, 'The user has not given explicit consent');
+        }
+
+        return $authData;
+    }

    /**
     * @throws \Exception when the registrar denies the authentication