diff --git a/Controller/ConnectController.php b/Controller/ConnectController.php index 3138448..b032be3 100644 --- a/Controller/ConnectController.php +++ b/Controller/ConnectController.php @@ -21,11 +21,12 @@ namespace vierbergenlars\AuthserverOAuthAccountBundle\Controller; -use HWI\Bundle\OAuthBundle\Controller\ConnectController as BaseConnectController; -use Symfony\Component\Form\Extension\Core\Type\FormType; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\Form\Extension\Core\Type\FormType; use vierbergenlars\AuthserverExternalAccountBundle\Entity\ExternalUser; +use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken; +use HWI\Bundle\OAuthBundle\Controller\ConnectController as BaseConnectController; use vierbergenlars\AuthserverExternalAccountBundle\ExternalAccount\ExternalAccountProviderManager; use vierbergenlars\AuthserverOAuthAccountBundle\DependencyInjection\AuthserverOAuthAccountExtension; @@ -45,6 +46,21 @@ class ConnectController extends BaseConnectController { if($externalUser->getUser() !== $this->getUser()) throw $this->createAccessDeniedException(); + $token = $this->getToken(); + if($token instanceof OAuthToken) { + if('oauth_'.$token->getResourceOwnerName() === $externalUser->getProvider()) { + $resourceOwnerMap = $this->get('hwi_oauth.resource_ownermap.public'); + /* @var $resourceOwnerMap \HWI\Bundle\OAuthBundle\Security\Http\ResourceOwnerMap */ + $resourceOwner = $resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName()); + $userInfo = $resourceOwner->getUserInformation($token->getRawToken()); + + if($userInfo->getUsername() == $externalUser->getProviderRef()) { + throw $this->createAccessDeniedException('You can not disconnect the external user you are currently authenticated with.'); + } + + } + } + $form = $this->createForm(FormType::class); $form->handleRequest($request);