From 42b48bc79be9a4c7e0056990c0c0fa252ae97869 Mon Sep 17 00:00:00 2001
From: Lars Vierbergen <lars@vbgn.be>
Date: Fri, 29 Sep 2017 07:48:30 +0200
Subject: [PATCH] Prevent user from disconnecting the external user they are
 currently authenticated with

---
 Controller/ConnectController.php | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/Controller/ConnectController.php b/Controller/ConnectController.php
index 3138448..b032be3 100644
--- a/Controller/ConnectController.php
+++ b/Controller/ConnectController.php
@@ -21,11 +21,12 @@
 
 namespace vierbergenlars\AuthserverOAuthAccountBundle\Controller;
 
-use HWI\Bundle\OAuthBundle\Controller\ConnectController as BaseConnectController;
-use Symfony\Component\Form\Extension\Core\Type\FormType;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Form\Extension\Core\Type\FormType;
 use vierbergenlars\AuthserverExternalAccountBundle\Entity\ExternalUser;
+use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
+use HWI\Bundle\OAuthBundle\Controller\ConnectController as BaseConnectController;
 use vierbergenlars\AuthserverExternalAccountBundle\ExternalAccount\ExternalAccountProviderManager;
 use vierbergenlars\AuthserverOAuthAccountBundle\DependencyInjection\AuthserverOAuthAccountExtension;
 
@@ -45,6 +46,21 @@ class ConnectController extends BaseConnectController
     {
         if($externalUser->getUser() !== $this->getUser())
             throw $this->createAccessDeniedException();
+        $token = $this->getToken();
+        if($token instanceof OAuthToken) {
+            if('oauth_'.$token->getResourceOwnerName() === $externalUser->getProvider()) {
+                $resourceOwnerMap = $this->get('hwi_oauth.resource_ownermap.public');
+                /* @var $resourceOwnerMap \HWI\Bundle\OAuthBundle\Security\Http\ResourceOwnerMap */
+                $resourceOwner = $resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
+                $userInfo = $resourceOwner->getUserInformation($token->getRawToken());
+
+                if($userInfo->getUsername() == $externalUser->getProviderRef()) {
+                    throw $this->createAccessDeniedException('You can not disconnect the external user you are currently authenticated with.');
+                }
+
+            }
+        }
+
 
         $form = $this->createForm(FormType::class);
         $form->handleRequest($request);