vendor/wns/security-compliance-suite/src/Hardening/Subscriber/ApiRequestSubscriber.php line 32

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace WnsSecurityComplianceSuite\Hardening\Subscriber;
  7. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  8. use Symfony\Component\HttpFoundation\JsonResponse;
  9. use Symfony\Component\HttpKernel\Event\RequestEvent;
  10. use Symfony\Component\HttpKernel\KernelEvents;
  11. use WnsSecurityComplianceSuite\Util\Provider\PluginConfigProvider;
  13. final class ApiRequestSubscriber implements EventSubscriberInterface
  14. {
  15. private const PLUGIN_API_PREFIX = '/api/wscs';
  17. private PluginConfigProvider $pluginConfigProvider;
  19. public function __construct(
  20. PluginConfigProvider $pluginConfigProvider
  21. ) {
  22. $this->pluginConfigProvider = $pluginConfigProvider;
  23. }
  25. public static function getSubscribedEvents(): array
  26. {
  27. return [
  28. KernelEvents::REQUEST => 'onKernelRequest',
  29. ];
  30. }
  32. public function onKernelRequest(RequestEvent $event): void
  33. {
  34. $request = $event->getRequest();
  35. $path = $request->getPathInfo();
  37. if ($this->pluginConfigProvider->isPluginApiDisabled() === false) {
  38. return;
  39. }
  41. if (
  42. strpos($path, self::PLUGIN_API_PREFIX) === 0
  43. && strpos($path, 'two-factor') === false
  44. ) {
  45. $event->setResponse(new JsonResponse(['error' => 'The plugin API is disabled'], 403));
  46. }
  47. }
  48. }