src/CmsBundle/EventListener/SecurityListener.php line 270

Open in your IDE?
  1. <?php
  2. namespace App\CmsBundle\EventListener;
  4. use App\CmsBundle\Entity\Ipcheck;
  5. use Symfony\Component\HttpKernel\Kernel;
  6. use Doctrine\ORM\EntityManager;
  7. use Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage;
  8. use Symfony\Component\HttpFoundation\Session\Session;
  9. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  10. use Symfony\Component\HttpFoundation\RequestStack;
  11. use Symfony\Component\DependencyInjection\ContainerInterface;
  12. use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
  14. use App\CmsBundle\Entity\Log;
  15. use GeoIp2\Database\Reader;
  17. class SecurityListener
  18. {
  20.     private $em              null;
  21.     private $security        null;
  22.     private $session         null;
  23.     private $kernel          null;
  24.     private $requestStack    null;
  25.     private $container       null;
  26.     private $translator      null;
  27.     private $GeoIPDB      null;
  28.     
  29.     private $version         null;
  30.     private $git_hash        null;
  31.     private $git_hash_long   null;
  32.     private $date            null;
  33.     private $prev_version    null;
  34.     
  35.     private $cooldown 'U bent tijdelijk geblokkeerd vanwege herhaaldelijk onjuist inloggen. Probeer het later opnieuw.';
  36.     private $blocked 'Je bent geblokkeerd, neem contact op met de applicatieleverancier.';
  38.    public function __construct(EntityManager $entityManagerUsageTrackingTokenStorage $securitySession $session\App\Kernel $kernelRequestStack $requestStackContainerInterface $container$translator)
  39.    {
  40.       $this->em       $entityManager;
  41.       $this->security $security;
  42.       $this->session  $session;
  43.       $this->kernel  $kernel;
  44.       $this->requestStack  $requestStack;
  45.       $this->container  $container;
  46.       $this->translator   $translator;
  49.       $this->GeoIPDB = new Reader('../src/CmsBundle/GeoLite2-City.mmdb');
  50.    }
  52.     public function onAuthenticationFailureAuthenticationFailureEvent $event )
  53.     {
  54.         $request $this->requestStack->getCurrentRequest();
  55.         $authDir $this->kernel->getProjectDir() . '/var/auth/';
  56.         if(!file_exists($authDir)){ mkdir($authDir); }
  58.         $Settings $this->em->getRepository('CmsBundle:Settings')->findOneBy([], ['id' => 'asc']);
  60.         $errorKey $event->getAuthenticationException()->getMessageKey();
  61.         if(file_exists($authDir)){
  62.             $ip $request->getClientIp();
  63.             $_credentials $event->getAuthenticationToken()->getCredentials();
  65.             if (isset($_credentials['username']) && !empty($_credentials['username'])) {
  66.                 $username $_credentials['username'];
  67.             } else {
  68.                 $username 'unknown';
  69.             }
  71.             // Whitelist IP's in .ip file
  72.             $whitelist false;
  73.             $ipFile str_replace('/src/CmsBundle/EventListener''/.ip'__DIR__);
  74.             if(file_exists($ipFile)){
  75.                 $ip_list file($ipFile);
  76.                 foreach($ip_list as $ip_entry){
  77.                     $ip_entry explode(':'trim($ip_entry));
  78.                     $ip_entry trim($ip_entry[0]);
  79.                     if($ip == $ip_entry){
  80.                         $whitelist true;
  81.                         break;
  82.                     }
  83.                 }
  84.             }
  86.             // Whitelist IP's in .whitelist file
  87.             $whitelist false;
  88.             $ipFile str_replace('/src/CmsBundle/EventListener''/.whitelist'__DIR__);
  89.             if(file_exists($ipFile)){
  90.                 $ip_list file($ipFile);
  91.                 foreach($ip_list as $ip_entry){
  92.                     $ip_entry trim($ip_entry);
  93.                     if($ip == $ip_entry){
  94.                         $whitelist true;
  95.                         break;
  96.                     }
  97.                 }
  98.             }
  99.             
  100.             if($whitelist){
  101.                 // IP is whitelisted
  103.                 $Ipcheck $this->em->getRepository(Ipcheck::class)->findOneBy(['user_attempt' => $username'ip' => $ip]);
  104.                 if($Ipcheck){
  105.                     // Remove existing entry
  106.                     $this->em->remove($Ipcheck);
  107.                     $this->em->flush();
  108.                 }
  110.                 $Syslog = new Log();
  111.                 $Syslog->setAction('login');
  112.                 $Syslog->setType('auth');
  113.                 $Syslog->setStatus('failure');
  114.                 $Syslog->setMessage('Foutieve inlog met gebruikersnaam, IP op whitelist.');
  115.                 $Syslog->setSettings($Settings);
  116.                 $this->em->persist($Syslog);
  118.                 if($Settings->getIntegrations()){ $Settings->getIntegrations()->sendTelegram($Settings->getLabel() . ': Foutieve inlog met gebruikersnaam, IP op whitelist. Gebruikersnaam: "' $username '"'); }
  120.                 $this->session->getFlashBag()->add(
  121.                     'error',
  122.                     $this->translator->trans('Gebruikersnaam en/of wachtwoord is onjuist.', [], 'security')
  123.                 );
  125.             }else{
  127.                 $is_admin = (empty($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], '/admin') !== false true false);
  129.                 if($is_admin){
  130.                 // $User = $this->em->getRepository('CmsBundle:User')->findOneByUsername($username);
  131.                 // if($User){
  132.                     $Ipcheck $this->em->getRepository(Ipcheck::class)->findOneBy(['user_attempt' => $username'ip' => $ip]);
  133.                     if(empty($Ipcheck)){
  134.                         $Ipcheck = new Ipcheck();
  135.                         $Ipcheck->setIp($ip);
  136.                         $Ipcheck->setBlocked(false);
  138.                         if($ip != '127.0.0.1'){
  139.                             try{
  140.                                 $client_ip $this->GeoIPDB->city($ip);
  141.                                 $client_country $client_ip->country->isoCode;
  142.                                 $Ipcheck->setCountry($client_country);
  143.                             }catch(\GeoIp2\Exception\AddressNotFoundException $e){}
  144.                         }
  145.                     }
  147.                     try{
  148.                         $datetime1 $Ipcheck->getLoginLastAttempt();
  149.                         if(!empty($datetime1)){
  150.                             $datetime2 = new \DateTime();
  151.                             $interval $datetime1->diff($datetime2);
  152.                             $min $interval->format('%i');
  153.                         }else{
  154.                             $min 0;
  155.                         }
  156.                     }catch(\Exception $e){
  157.                         $min 0;
  158.                     }
  160.                     $Ipcheck->setLoginAttempts($Ipcheck->getLoginAttempts() + 1);
  161.                     // $Ipcheck->setLoginLastAttempt(new \DateTime());
  163.                     if(preg_match('/\w+/'$username)){
  164.                         $Ipcheck->setUserAttempt($username);
  165.                     }else{
  166.                         $Ipcheck->setUserAttempt('unknown: ' $username);
  167.                     }
  169.                     // $User->setIpCheck($Ipcheck);
  171.                     $this->em->persist($Ipcheck);
  172.                     $this->em->flush();
  174.                     // Last invalid login was less then 15 minutes ago, check if it has 5 failed attempts
  175.                     if($Ipcheck->getLoginAttempts() >= 5){
  177.                         if($min >= 15){
  178.                             // Cooldown period is over, restart 5 attempts, with 1 attempt directly used (4 to go before next cooldown)
  179.                             $Ipcheck->setLoginAttempts(1);
  180.                             $Ipcheck->setLoginLastAttempt(new \DateTime());
  181.                             $this->em->persist($Ipcheck);
  182.                             $this->em->flush();
  183.                             $this->session->getFlashBag()->add(
  184.                                 'error',
  185.                                 $this->translator->trans('Gebruikersnaam en/of wachtwoord is onjuist.', [], 'security')
  186.                             );
  187.                         }else{
  188.                             $response = new \Symfony\Component\HttpFoundation\RedirectResponse($this->container->get('router')->generate('admin_login') . '?cooldown=1');
  190.                             $this->security->setToken(null);
  191.                             $this->session->invalidate();
  192.                             // $sec = $interval->format('%s');
  193.                             // $dev = ($this->kernel->getEnvironment() == 'dev');
  195.                             $this->session->getFlashBag()->add(
  196.                                 'error',
  197.                                 ($Ipcheck->getBlocked() ? $this->blocked $this->cooldown)
  198.                             );
  200.                             $Syslog = new Log();
  201.                             $Syslog->setAction('login');
  202.                             $Syslog->setUsername($username);
  203.                             $Syslog->setType('blocked');
  204.                             $Syslog->setPriority(1);
  205.                             $Syslog->setMessage('Meer dan 5 pogingen, vervolg pogingen zijn geblokkeerd.');
  206.                             $Syslog->setSettings($Settings);
  207.                             $this->em->persist($Syslog);
  208.                             $this->em->flush();
  210.                             if($Settings->getIntegrations()){ $Settings->getIntegrations()->sendTelegram($Settings->getLabel() . ': Meer dan 5 pogingen, vervolg pogingen zijn geblokkeerd. Gebruikersnaam: "' $username '"'); }
  212.                             return $response;
  213.                         }
  214.                     }else{
  216.                         $Syslog = new Log();
  217.                         $Syslog->setAction('login');
  218.                         $Syslog->setUsername($username);
  219.                         $Syslog->setType('auth');
  220.                         $Syslog->setStatus('failure');
  221.                         $Syslog->setMessage('Foutieve inlog met gebruikersnaam.');
  222.                         $Syslog->setSettings($Settings);
  223.                         $this->em->persist($Syslog);
  224.                         $this->em->flush();
  226.                         if($Settings->getIntegrations()){ $Settings->getIntegrations()->sendTelegram($Settings->getLabel() . ': Foutieve inlog met gebruikersnaam: "' $username '"'); }
  228.                         $this->session->getFlashBag()->add(
  229.                             'error',
  230.                             $this->translator->trans('Gebruikersnaam en/of wachtwoord is onjuist.', [], 'security')
  231.                         );
  232.                     }
  234.                     // dump($ip);
  235.                     // dump($username);
  236.                 // }
  237.                 }else{
  238.                     $this->session->getFlashBag()->add(
  239.                         'error',
  240.                         $this->translator->trans('Gebruikersnaam en/of wachtwoord is onjuist.', [], 'security')
  241.                     );
  242.                 }
  243.                 $errorLine = [
  244.                     '[' date('Y-m-d H:i:s') . ']',
  245.                     $ip,
  246.                     $username,
  247.                     $errorKey,
  248.                 ];
  249.                 $errorLine implode(' | '$errorLine) . "\n";
  250.                 file_put_contents($authDir $username$errorLineFILE_APPEND);
  251.             }
  252.             /*if(file_exists($authDir . $username)){
  253.                 file_put_contents($errorLine, $authDir . $username, FILE_APPEND);
  254.             }else{
  255.                 echo ( '<pre>' . print_r( '??', 1 ) . '</pre>' );
  256.                 file_put_contents($errorLine, $authDir . $username);
  257.             }*/
  258.             // die( "<pre>" . print_r( $errorLine, 1 ) . "</pre>" );
  259.             // dump($request->getParameter('_username'));die();
  260.         }else{
  261.             $this->session->getFlashBag()->add(
  262.                 'error',
  263.                 $this->translator->trans('Gebruikersnaam en/of wachtwoord is onjuist.', [], 'security')
  264.             );
  265.         }
  267.         // die();
  268.     }
  270.     public function onSecurityInteractiveLogin(InteractiveLoginEvent $event)
  271.     {
  272.         $request $request $this->requestStack->getCurrentRequest();
  274.         $Settings $this->em->getRepository('CmsBundle:Settings')->findOneBy([], ['id' => 'asc']);
  276.         $User $this->security->getToken()->getUser();
  277.         $username $event->getAuthenticationToken()->getUsername();
  279.         if(empty($username)){
  280.             $username 'unknown';
  281.         }
  283.         $is_admin = (empty($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], '/admin') !== false true false);
  284.         if(!$is_admin){
  285.             if($User->getUsername() == 'admin'){
  286.                 $response = new \Symfony\Component\HttpFoundation\RedirectResponse($this->container->get('router')->generate('admin_login') . '?cooldown=1');
  288.                 $this->security->setToken(null);
  289.                 $this->session->invalidate();
  291.                 return $response;
  292.             }
  293.         }
  296.         $ip $request->getClientIp();
  297.         $Ipcheck $this->em->getRepository(Ipcheck::class)->findOneBy(['user_attempt' => $username'ip' => $ip]);
  299.         // Whitelist IP's in .ip file
  300.         $whitelist false;
  301.         $ipFile str_replace('/src/CmsBundle/EventListener''/.ip'__DIR__);
  302.         if(file_exists($ipFile)){
  303.             $ip_list file($ipFile);
  304.             foreach($ip_list as $ip_entry){
  305.                 $ip_entry explode(':'trim($ip_entry));
  306.                 $ip_entry trim($ip_entry[0]);
  307.                 if($ip == $ip_entry){
  308.                     $whitelist true;
  309.                     break;
  310.                 }
  311.             }
  312.         }
  314.         // Whitelist IP's in .whitelist file
  315.         $whitelist false;
  316.         $ipFile str_replace('/src/CmsBundle/EventListener''/.whitelist'__DIR__);
  317.         if(file_exists($ipFile)){
  318.             $ip_list file($ipFile);
  319.             foreach($ip_list as $ip_entry){
  320.                 $ip_entry trim($ip_entry);
  321.                 if($ip == $ip_entry){
  322.                     $whitelist true;
  323.                     break;
  324.                 }
  325.             }
  326.         }
  327.         
  328.         if($whitelist){
  329.             // IP is whitelisted
  331.             if($Ipcheck){
  332.                 // Remove existing entry
  333.                 $this->em->remove($Ipcheck);
  334.                 $this->em->flush();
  335.             }
  337.         }else{
  338.             $is_admin = (empty($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], '/admin') !== false true false);
  339.             /**
  340.              COOLDOWN
  341.              */
  342.             if($is_admin && $Ipcheck && $Ipcheck->getLoginAttempts() >= 5){
  344.                 $datetime1 $Ipcheck->getLoginLastAttempt();
  345.                 $datetime2 = new \DateTime();
  346.                 $interval $datetime1->diff($datetime2);
  347.                 $min $interval->format('%i');
  349.                 if((float)$min >= 15){
  350.                     // Cooldown of 15 minutes is gone, reset.
  351.                     $this->em->remove($Ipcheck);
  352.                     $this->em->flush();
  353.                 }else{
  354.                     // Still in cooldown, return error
  355.                     $response = new \Symfony\Component\HttpFoundation\RedirectResponse($this->container->get('router')->generate('admin_login') . '?cooldown=1');
  357.                     $this->security->setToken(null);
  358.                     $this->session->invalidate();
  360.                     $this->session->getFlashBag()->add(
  361.                         'error',
  362.                         ($Ipcheck->getBlocked() ? $this->blocked $this->cooldown)
  363.                     );
  365.                     return $response;
  366.                 }
  367.             }
  368.         }
  370.         /**
  371.          ACCOUNT IS EXPIRED
  372.          */
  373.         if($User->getExpire()){
  374.             $d = new \DateTime();
  375.             if($User->getExpireDate()->format('Ymd') <= $d->format('Ymd')){
  376.                 $response = new \Symfony\Component\HttpFoundation\RedirectResponse($this->container->get('router')->generate('admin_login') . '?expired=1');
  380.                 $this->security->setToken(null);
  381.                 $this->session->invalidate();
  383.                 $this->session->getFlashBag()->add(
  384.                     'warning',
  385.                     'Your account has expired.'
  386.                 );
  388.                 $Syslog = new Log();
  389.                 $Syslog->setAction('login');
  390.                 $Syslog->setUser($User);
  391.                 $Syslog->setUsername($username);
  392.                 $Syslog->setType('auth');
  393.                 $Syslog->setStatus('expired');
  394.                 $Syslog->setMessage('Succesvolle login met verlopen account.');
  395.                 $Syslog->setSettings($Settings);
  396.                 $this->em->persist($Syslog);
  397.                 $this->em->flush();
  399.                 if($Settings->getIntegrations()){ $Settings->getIntegrations()->sendTelegram($Settings->getLabel() . ': Succesvolle login met verlopen account. Gebruikersnaam: "' $username '"'); }
  401.                 return $response;
  402.             }
  403.         }
  405.         /**
  406.          * PASSWORD IS EXPIRED
  407.          */
  408.         if($User->getExpirePasswordEnable()){
  409.             $d = new \DateTime();
  410.             if ($User->getExpirePasswordDate()->format('Ymd') <= $d->format('Ymd')) {
  411.                 $response = new \Symfony\Component\HttpFoundation\RedirectResponse($this->container->get('router')->generate('admin_login') . '?passwordexpired=1');
  413.                 $this->security->setToken(null);
  414.                 $this->session->invalidate();
  416.                 $this->session->getFlashBag()->add(
  417.                     'warning',
  418.                     'Je wachtwoord is verlopen.<br/><a href="/admin/lostpassword?expired=1">Verander wachtwoord</a>'
  419.                 );
  421.                 $Syslog = new Log();
  422.                 $Syslog->setAction('login');
  423.                 $Syslog->setUser($User);
  424.                 $Syslog->setUsername($username);
  425.                 $Syslog->setType('auth');
  426.                 $Syslog->setStatus('expired');
  427.                 $Syslog->setMessage('Wachtwoord is verlopen.');
  428.                 $Syslog->setSettings($Settings);
  429.                 $this->em->persist($Syslog);
  430.                 $this->em->flush();
  432.                 if($Settings->getIntegrations()){ $Settings->getIntegrations()->sendTelegram($Settings->getLabel() . ': Wachtwoord is verlopen. Gebruikersnaam: "' $username '"'); }
  434.                 return $response;
  435.             }
  437.             $expireDate $User->getExpirePasswordDate();
  438.             $expireDate->modify('-1 month');
  439.             if ($User->getExpirePasswordDate()->format('Ymd') <= $d->format('Ymd')) {
  440.                 $this->session->getFlashBag()->add(
  441.                     'warning',
  442.                     'Uw wachtwoord verloopt op: ' $User->getExpirePasswordDate()->format('d-m-Y')
  443.                 );
  444.             }
  445.         }
  447.         /*$validCaptcha = $Settings->validateGoogleRecaptcha($request->request->get('g-recaptcha-response'));
  448.         if(!$validCaptcha){
  449.             $response = new \Symfony\Component\HttpFoundation\RedirectResponse($this->container->get('router')->generate('admin_login') . '?expired=1');
  451.             $this->security->setToken(null);
  452.             $this->session->invalidate();
  454.             $this->session->getFlashBag()->add(
  455.                 'warning',
  456.                 'Ongeldige captcha.'
  457.             );
  459.             return $response;
  460.         }*/
  462.         /**
  463.          RESET LOGIN ATTEMPTS
  464.          */
  465.         if(!empty($Ipcheck)){
  466.             $Ipcheck->setLoginAttempts(0);
  467.             $this->em->persist($Ipcheck);
  468.             $this->em->flush();
  469.         }
  477.         $symfony_version \Symfony\Component\HttpKernel\Kernel::VERSION;
  479.         $target $this->container->getParameter('trinity_cc_server') . '/';
  480.         $target_clean preg_replace('/^http(s)?:\/\//'''$target);
  482.         $authKey $Settings->getCcAuthKey();
  484.         $versionFile $this->kernel->getProjectDir() . '/src/CmsBundle/VERSION';
  485.         if (file_exists($versionFile)) {
  486.             $versionEntries file($versionFile);
  488.             $this->version         trim($versionEntries[0]);
  489.             $this->git_hash        trim($versionEntries[1]);
  490.             $this->git_hash_long   trim($versionEntries[2]);
  491.             $this->date            trim($versionEntries[3]);
  492.             $this->prev_version    trim($versionEntries[4]);
  493.             /*foreach(file($versionFile) as $ln){
  494.                 $ln = trim($ln);
  495.                 dump($ln);
  496.             }*/
  497.         }
  499.         $bundleList = [];
  500.         $bundleDir $this->kernel->getProjectDir() . '/src/Trinity/';
  501.         foreach(scandir($bundleDir) as $d){
  502.             $path $bundleDir $d;
  503.             if(is_dir($path) && !in_array($d, ['.''..'])){
  505.                 $version '';
  506.                 if(file_exists($path '/VERSION')){
  507.                     $versionEntries file($path '/VERSION');
  509.                     if(!empty($versionEntries)){
  510.                         $version = [
  511.                             'version'        => trim($versionEntries[0]),
  512.                             'git_hash'       => trim($versionEntries[1]),
  513.                             'git_hash_long'  => trim($versionEntries[2]),
  514.                             'date'           => trim($versionEntries[3]),
  515.                             'date'           => trim($versionEntries[3]),
  516.                         ];
  517.                     }
  518.                 }
  520.                 $bundleList[$d] = [
  521.                     'path' => $path,
  522.                     'version' => $version,
  523.                 ];
  524.             }
  525.         }
  527.         $Syslog = new Log();
  528.         $Syslog->setAction('login');
  529.         $Syslog->setUser($User);
  530.         $Syslog->setUsername($username);
  531.         $Syslog->setType('auth');
  532.         $Syslog->setStatus('success');
  533.         $Syslog->setMessage('Succesvol ingelogd.');
  534.         $Syslog->setSettings($Settings);
  535.         $this->em->persist($Syslog);
  536.         $this->em->flush();
  538.         if($Settings->getIntegrations()){ 
  539.             $Settings->getIntegrations()->sendTelegram($Settings->getLabel() . ': Succesvol ingelogd. Gebruikersnaam: "' $username '"'); 
  540.         }
  542.         $installed $this->container->getParameter('kernel.bundles');
  543.         if(array_key_exists('TrinityWebshopBundle',  $installed) && $User){
  544.             $WebshopUser $this->em->getRepository('TrinityWebshopBundle:User')->findOneByUser($User);
  545.             $cartId $request->getSession()->get('cart');
  546.             if($WebshopUser && $WebshopUser->getType() == && $WebshopUser->getIsApproved() && !empty($cartId)){
  547.                 $Cart $this->em->getRepository('TrinityWebshopBundle:Cart')->findOneBy(['id' => $cartId]);
  548.                 if(!empty($Cart)){
  549.                     foreach($Cart->getProducts() as $product){
  550.                         $this->em->remove($product);
  551.                     }
  552.                     $this->em->flush();
  553.                 }
  554.             }
  555.         }
  557.         if($User && $request->getHost() != $target_clean){
  558.             $client_data = [
  559.                 'domain'          => $request->getHost(),
  560.                 'uri'             => $request->get('uri') ?? '/',
  561.                 'hostname'        => '',
  562.                 'serverip'        => $_SERVER['SERVER_ADDR'],
  563.                 'datetime'        => date('Y-m-d H:i:s'),
  564.                 'version'         => $this->version,
  565.                 'symfony_version' => $symfony_version,
  566.                 'username'        => $User->getUsername(),
  567.                 'title'           => $Settings->getLabel(),
  568.                 'matomo_url'      => $Settings->getPiwikUrl(),
  569.                 'matomo_hash'     => $Settings->getPiwikApiHash(),
  570.                 'userip'          => $_SERVER['REMOTE_ADDR'],
  571.                 'bundleList'      => $bundleList,
  572.             ];
  574.             $id      '1_71cb7h9hd4m3k23ghpadk67ed8b663l8jcmb83hhhdk45';
  576.             if($Settings->getCcExpires()){
  577.                 $expiresIn $Settings->getCcExpires()->getTimestamp() - time();
  578.                 $expiresInHours = (($expiresIn 60) / 60);
  579.                 if($expiresInHours 4){
  580.                     // Force expire in 4 hours
  581.                     $authKey null;
  582.                 }
  583.             }
  585.             $key     'mp3mkk7lhh79cp4domebj8jgkeilk9nlef2dpi53p61hgf';
  586.             $payload 'grant_type=client_credentials&client_id=' $id '&client_secret=' $key;
  588.             $ch curl_init();
  589.             curl_setopt($chCURLOPT_URL,$target 'oauth/v2/token');
  590.             curl_setopt($chCURLOPT_POST1);
  591.             curl_setopt($chCURLOPT_POSTFIELDS$payload);
  592.             curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
  593.             $server_response json_decode(curl_exec ($ch), true);
  594.             curl_close ($ch);
  596.             if($server_response){
  597.                 if(!empty($server_response['access_token'])){
  598.                     $Settings->setCcExpires(new \DateTime(date('Y-m-d H:i:s'strtotime('+' $server_response['expires_in'] . ' seconds'))));
  599.                     $Settings->setCcAuthKey($server_response['access_token']);
  601.                     if($Settings->hasLogo()){
  602.                         $this->em->persist($Settings);
  603.                         $this->em->flush();
  604.                     }
  605.                 }
  606.             }
  608.             if($this->container->getParameter('kernel.environment') != 'dev'){
  609.                 $host $this->requestStack->getCurrentRequest()->getHost();
  610.                 $isLocal false;
  611.                 if(preg_match('/\.local/'$host)){
  612.                     $isLocal true;
  613.                 }
  615.                 if($Settings->getCcAuthKey() && !$isLocal){
  616.                     $encrypt_method "AES-256-CBC";
  617.                     $secret_key '0XBD7DsyTqGQJJ';
  618.                     $secret_iv 'sDRFpXBBy3q5rc';
  620.                     // hash
  621.                     $key hash('sha256'$secret_key);
  622.                     // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
  623.                     $iv substr(hash('sha256'$secret_iv), 016);
  625.                     $TRC_client $this->em->getRepository('TrinityApiBundle:Client')->findOneByLabel('TRC');
  626.                     if(empty($TRC_client)){
  627.                         $hash1 substr(md5(openssl_random_pseudo_bytes(20)),-25) . substr(md5(openssl_random_pseudo_bytes(20)),-25);
  628.                         $hash2 substr(md5(openssl_random_pseudo_bytes(20)),-25) . substr(md5(openssl_random_pseudo_bytes(20)),-25);
  629.                         $TRC_client = new \App\Trinity\ApiBundle\Entity\Client();
  630.                         $TRC_client->setLabel('TRC');
  631.                         $TRC_client->setRandomId($hash1);
  632.                         $TRC_client->setSecret($hash2);
  634.                         $grant_types = array(
  635.                             'authorization_code',
  636.                             'token',
  637.                             'client_credentials',
  638.                         );
  639.                         $TRC_client->setAllowedGrantTypes($grant_types);
  641.                         $this->em->persist($TRC_client);
  642.                         $this->em->flush();
  643.                     }
  645.                     $api_token base64_encode(openssl_encrypt($TRC_client->getId() . '_' $TRC_client->getRandomId(), $encrypt_method$key0$iv));
  646.                     $api_secret base64_encode(openssl_encrypt($TRC_client->getSecret(), $encrypt_method$key0$iv));
  648.                     $client_data['api_token'] = $api_token;
  649.                     $client_data['api_secret'] = $api_secret;
  651.                     $ch curl_init();
  652.                     curl_setopt($chCURLOPT_URL,$target 'api/authorize');
  653.                     $headers = array(
  654.                         'Content-Type:application/x-www-form-urlencoded',
  655.                         'Authorization:Bearer ' $Settings->getCcAuthKey()
  656.                     );
  657.                     curl_setopt($chCURLOPT_HTTPHEADER$headers);
  659.                     curl_setopt($chCURLOPT_POST1);
  660.                     curl_setopt($chCURLOPT_POSTFIELDShttp_build_query($client_data));
  662.                     curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
  664.                     $server_response_raw curl_exec ($ch);
  665.                     $server_response json_decode($server_response_raw);
  666.                     curl_close ($ch);
  667.                 }
  668.             }
  669.         }
  670.     }
  671. }