Add whiteliste functionality

Eye4web · Jul 14, 2014 · f43821a · f43821a
1 parent c56a7c6
commit f43821a
Show file tree

Hide file tree

Showing 7 changed files with 97 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -3,6 +3,9 @@ E4WZfcUserRedirectUrl
 
 Introduction
 ------------
+This module changes the redirect behavior of ZfcUser to use url's instead of routes.
+The redirect URL is matched against a whitelist.
+Localhost and current domain are whitelisted by default.
 
 Installation
 ------------
@@ -22,7 +25,7 @@ Installation
  $ php composer.phar update
  ```
 
-3. Enable it in your `application.config.php`file.
+3. Enable it in your `application.config.php` file.
 
  ```php
  <?php
@@ -34,3 +37,6 @@ Installation
  // ...
  );
  ```
+
+4. Copy config/e4w.zfcuser.redirecturl.global.php.dist to config/autoload/e4w.zfcuser.redirecturl.global.php and add
+whitelisted domains.
diff --git a/...w.zfcuser.redirecturl.config.php.dist.php → ...g/e4w.zfcuser.redirecturl.global.php.dist b/...w.zfcuser.redirecturl.config.php.dist.php → ...g/e4w.zfcuser.redirecturl.global.php.dist
diff --git a/config/module.config.php b/config/module.config.php
@@ -20,9 +20,7 @@
  'service_manager' => array(
  'factories' => array(
  'zfcuser_redirect_callback' => 'E4W\ZfcUser\RedirectUrl\Factory\Controller\RedirectCallableFactory',
- ),
- 'aliases' => array(
- //'zfcuser_redirect_callback' => 'E4W\ZfcUser\RedirectUrl\Controller\RedirectCallable'
+ 'E4W\ZfcUser\RedirectUrl\ModuleOptions' => 'E4W\ZfcUser\RedirectUrl\Factory\Options\ModuleOptionsFactory'
  ),
  ),
 );
diff --git a/src/E4W/ZfcUser/RedirectUrl/Controller/RedirectCallback.php b/src/E4W/ZfcUser/RedirectUrl/Controller/RedirectCallback.php
@@ -23,6 +23,7 @@
 use Zend\Mvc\Router\Exception;
 use Zend\Http\PhpEnvironment\Response;
 use ZfcUser\Options\ModuleOptions as ZfcUserOptions;
+use E4W\ZfcUser\RedirectUrl\Options\ModuleOptions;
 
 /**
  * Buils a redirect response based on the current routing and parameters
@@ -47,11 +48,11 @@ class RedirectCallback
  * @param RouteInterface $router
  * @param ModuleOptions $options
  */
- public function __construct(Application $application, RouteInterface $router, ZfcUserOptions $zfcUserOptions)
+ public function __construct(Application $application, RouteInterface $router, ZfcUserOptions $zfcUserOptions, ModuleOptions $options)
  {
  $this->router = $router;
  $this->application = $application;
- //$this->options = $options;
+ $this->options = $options;
  $this->zfcUserOptions = $zfcUserOptions;
  }
 
@@ -90,9 +91,38 @@ private function getRedirectUrlFromRequest()
  return false;
  }
 
+ /**
+ * Checks if a $url is in whitelist
+ * / and localhost are always allowed
+ *
+ * partly snatched from https://gist.github.com/mjangda/1623788
+ *
+ * @param $url
+ * @return bool
+ */
  private function urlWhitelisted($url)
  {
- return true;
+ $always_allowed = array('localhost');
+ $whitelisted_domains = array_merge($this->options->getWhitelist(), $always_allowed);
+
+ // Add http if missing(to satisfy parse_url())
+ if (strpos($url, "/") !== 0 && strpos($url, "http") !== 0) {
+ $url = 'http://' . $url;
+ }
+ $domain = parse_url($url, PHP_URL_HOST);
+
+ if (strpos($url, "/") === 0 || in_array($domain, $whitelisted_domains)) {
+ return true;
+ }
+
+ foreach ($whitelisted_domains as $whitelisted_domain) {
+ $whitelisted_domain = '.' . $whitelisted_domain;
+ if (strpos($domain, $whitelisted_domain) === (strlen($domain) - strlen($whitelisted_domain))) {
+ return true;
+ }
+ }
+
+ return false;
  }
 
  /**

diff --git a/src/E4W/ZfcUser/RedirectUrl/Factory/Controller/RedirectCallableFactory.php b/src/E4W/ZfcUser/RedirectUrl/Factory/Controller/RedirectCallableFactory.php
@@ -21,8 +21,8 @@ public function createService(ServiceLocatorInterface $serviceLocator)
  $zfcUserOtions = $serviceLocator->get('zfcuser_module_options');
 
  /* @var \E4W\ZfcUser\RedirectUrl\Options\ModuleOptions $options */
- //$options = $serviceLocator->get('E4W\ZfcUser\RedirectUrl\ModuleOptions');
+ $options = $serviceLocator->get('E4W\ZfcUser\RedirectUrl\ModuleOptions');
 
- return new RedirectCallback($application, $router, $zfcUserOtions);
+ return new RedirectCallback($application, $router, $zfcUserOtions, $options);
  }
 }
diff --git a/src/E4W/ZfcUser/RedirectUrl/Factory/Options/ModuleOptionsFactory.php b/src/E4W/ZfcUser/RedirectUrl/Factory/Options/ModuleOptionsFactory.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace E4W\ZfcUser\RedirectUrl\Factory\Options;
+
+use E4W\ZfcUser\RedirectUrl\Options\ModuleOptions;
+use Zend\ServiceManager\FactoryInterface;
+use Zend\ServiceManager\ServiceLocatorInterface;
+
+class ModuleOptionsFactory implements FactoryInterface
+{
+ /**
+ * Create options
+ *
+ * @param ServiceLocatorInterface $serviceLocator
+ * @return SocialService
+ */
+ public function createService(ServiceLocatorInterface $serviceLocator)
+ {
+ $config = $serviceLocator->get('Config');
+
+ $service = new ModuleOptions($config['e4wzfcuserredirecturl']);
+ return $service;
+ }
+}
diff --git a/src/E4W/ZfcUser/RedirectUrl/Options/ModuleOptions.php b/src/E4W/ZfcUser/RedirectUrl/Options/ModuleOptions.php
@@ -1,7 +1,31 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: Danielss89
- * Date: 09/07/14
- * Time: 10:39
- */ 
+
+namespace E4W\ZfcUser\RedirectUrl\Options;
+
+use Zend\Stdlib\AbstractOptions;
+
+class ModuleOptions extends AbstractOptions
+{
+ /**
+ * Array of urls which is allowed redirecting to.
+ * @var array
+ */
+ protected $whitelist;
+
+ /**
+ * @param array $whitelist
+ */
+ public function setWhitelist($whitelist)
+ {
+ $this->whitelist = $whitelist;
+ }
+
+ /**
+ * @return array
+ */
+ public function getWhitelist()
+ {
+ return $this->whitelist;
+ }
+
+}