Merge pull request #12 from K-Phoen/key-extractor

API keys can be extracted from different sources

Author: cryptiklemur

src/Uecode/Bundle/ApiKeyBundle/DependencyInjection/Configuration.php

@@ -15,6 +15,21 @@ public function getConfigTreeBuilder()
         $treeBuilder = new TreeBuilder();
         $rootNode = $treeBuilder->root('uecode_api_key');
 
+        $rootNode
+            ->children()
+                ->scalarNode('delivery')
+                    ->defaultValue('query')
+                    ->validate()
+                        ->ifNotInArray(array('query', 'header'))
+                        ->thenInvalid('Unknown authentication delivery type "%s".')
+                     ->end()
+                 ->end()
+                ->scalarNode('parameter_name')
+                    ->defaultValue('api_key')
+                 ->end()
+            ->end()
+        ;
+
         return $treeBuilder;
     }
 }

src/Uecode/Bundle/ApiKeyBundle/DependencyInjection/UecodeApiKeyExtension.php

@@ -22,6 +22,14 @@ public function load(array $configs, ContainerBuilder $container)
             new FileLocator(__DIR__.'/../Resources/config')
         );
         $loader->load('services.yml');
+
+        $this->defineKeyExtractor($config, $container);
+    }
+
+    private function defineKeyExtractor(array $config, ContainerBuilder $container)
+    {
+        $container->setParameter('uecode.api_key.parameter_name', $config['parameter_name']);
+        $container->setAlias('uecode.api_key.extractor', 'uecode.api_key.extractor.'.$config['delivery']);
     }
 }
 

src/Uecode/Bundle/ApiKeyBundle/Extractor/HeaderExtractor.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace Uecode\Bundle\ApiKeyBundle\Extractor;
+
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Extracts API keys from request headers.
+ *
+ * @author Kévin Gomez <contact@kevingomez.fr>
+ */
+class HeaderExtractor implements KeyExtractor
+{
+    private $parameterName;
+
+    /**
+     * @param string $parameterName The name of the URL parameter containing the API key.
+     */
+    public function __construct($parameterName)
+    {
+        $this->parameterName = $parameterName;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function hasKey(Request $request)
+    {
+        return $request->headers->has($this->parameterName);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function extractKey(Request $request)
+    {
+        return $request->headers->get($this->parameterName);
+    }
+}

src/Uecode/Bundle/ApiKeyBundle/Extractor/KeyExtractor.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace Uecode\Bundle\ApiKeyBundle\Extractor;
+
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * @author Kévin Gomez <contact@kevingomez.fr>
+ */
+interface KeyExtractor
+{
+    /**
+     * Tells if the given requests carries an API key.
+     *
+     * @param Request $request
+     *
+     * @return bool
+     */
+    function hasKey(Request $request);
+
+    /**
+     * Extract the API key from thhe given request
+     *
+     * @param Request $request
+     *
+     * @return string
+     */
+    function extractKey(Request $request);
+}

src/Uecode/Bundle/ApiKeyBundle/Extractor/QueryExtractor.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace Uecode\Bundle\ApiKeyBundle\Extractor;
+
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Extracts API keys from a request query string.
+ *
+ * @author Kévin Gomez <contact@kevingomez.fr>
+ */
+class QueryExtractor implements KeyExtractor
+{
+    private $parameterName;
+
+    /**
+     * @param string $parameterName The name of the URL parameter containing the API key.
+     */
+    public function __construct($parameterName)
+    {
+        $this->parameterName = $parameterName;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function hasKey(Request $request)
+    {
+        return $request->query->has($this->parameterName);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function extractKey(Request $request)
+    {
+        return $request->query->get($this->parameterName);
+    }
+}

src/Uecode/Bundle/ApiKeyBundle/Resources/config/services.yml

@@ -3,6 +3,9 @@ parameters:
     uecode.api_key.provider.api_key.class:       Uecode\Bundle\ApiKeyBundle\Security\Authentication\Provider\ApiKeyProvider
     uecode.api_key.listener.api_key.class:       Uecode\Bundle\ApiKeyBundle\Security\Firewall\ApiKeyListener
 
+    uecode.api_key.extractor.query.class:        Uecode\Bundle\ApiKeyBundle\Extractor\QueryExtractor
+    uecode.api_key.extractor.header.class:       Uecode\Bundle\ApiKeyBundle\Extractor\HeaderExtractor
+
 services:
     uecode.api_key.provider.user_provider:
         class: %uecode.api_key.provider.user_provider.class%
@@ -12,5 +15,13 @@ services:
         arguments: [""]
     uecode.api_key.listener.api_key:
         class: %uecode.api_key.listener.api_key.class%
-        arguments: [@security.context, @security.authentication.manager]
+        arguments: [@security.context, @security.authentication.manager, @uecode.api_key.extractor]
 
+    uecode.api_key.extractor.query:
+        class: %uecode.api_key.extractor.query.class%
+        arguments: [%uecode.api_key.parameter_name%]
+        public: false
+    uecode.api_key.extractor.header:
+        class: %uecode.api_key.extractor.header.class%
+        arguments: [%uecode.api_key.parameter_name%]
+        public: false

src/Uecode/Bundle/ApiKeyBundle/Security/Firewall/ApiKeyListener.php

@@ -9,6 +9,7 @@
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\Security\Http\Firewall\ListenerInterface;
 use Uecode\Bundle\ApiKeyBundle\Security\Authentication\Token\ApiKeyUserToken;
+use Uecode\Bundle\ApiKeyBundle\Extractor\KeyExtractor;
 
 /**
  * @author Aaron Scherer <aequasi@gmail.com>
@@ -25,10 +26,16 @@ class ApiKeyListener implements ListenerInterface
      */
     protected $authenticationManager;
 
-    public function __construct(SecurityContextInterface $context, AuthenticationManagerInterface $manager)
+    /**
+     * @var KeyExtractor
+     */
+    protected $keyExtractor;
+
+    public function __construct(SecurityContextInterface $context, AuthenticationManagerInterface $manager, KeyExtractor $keyExtractor)
     {
         $this->securityContext       = $context;
         $this->authenticationManager = $manager;
+        $this->keyExtractor          = $keyExtractor;
     }
 
     /**
@@ -39,15 +46,18 @@ public function __construct(SecurityContextInterface $context, AuthenticationMan
     public function handle(GetResponseEvent $event)
     {
         $request = $event->getRequest();
-        if (!$request->query->has('api_key')) {
+
+        if (!$this->keyExtractor->hasKey($request)) {
             $response = new Response();
             $response->setStatusCode(401);
             $event->setResponse($response);
             return ;
         }
 
+        $apiKey = $this->keyExtractor->extractKey($request);
+
         $token = new ApiKeyUserToken();
-        $token->setApiKey($request->query->get('api_key'));
+        $token->setApiKey($apiKey);
 
         try {
             $authToken = $this->authenticationManager->authenticate($token);
@@ -56,7 +66,7 @@ public function handle(GetResponseEvent $event)
             return;
         } catch (AuthenticationException $failed) {
             $token = $this->securityContext->getToken();
-            if ($token instanceof ApiKeyUserToken && $token->getCredentials() == $request->query->get('apiKey')) {
+            if ($token instanceof ApiKeyUserToken && $token->getCredentials() == $apiKey) {
                 $this->securityContext->setToken(null);
             }