124 lines
3.5 KiB
PHP
124 lines
3.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace KupShop\AgeVerifyBundle\Utils;
|
|
|
|
use KupShop\AgeVerifyBundle\Exception\BankIdException;
|
|
use KupShop\KupShopBundle\Config;
|
|
use KupShop\KupShopBundle\Util\System\CurlUtil;
|
|
use Symfony\Component\HttpClient\Exception\ClientException;
|
|
|
|
class BankIdUtil
|
|
{
|
|
/** @required */
|
|
public AgeVerifyUtil $ageVerifyUtil;
|
|
|
|
/** @required */
|
|
public CurlUtil $curlUtil;
|
|
|
|
public const SCOPES = [
|
|
'openid',
|
|
'profile.birthdate',
|
|
];
|
|
|
|
public const BANKID = 'bankId';
|
|
|
|
public const SANDBOX_URL = 'https://oidc.sandbox.bankid.cz/';
|
|
public const PROD_URL = '/'; // TODO
|
|
|
|
public function fetchData($code)
|
|
{
|
|
$query = [
|
|
'grant_type' => 'authorization_code',
|
|
'client_id' => $this->getClientId(),
|
|
'client_secret' => $this->getClientSecret(),
|
|
'redirect_uri' => $this->getRedirectUri(),
|
|
'code' => $code,
|
|
];
|
|
|
|
$client = $this->curlUtil->getClient(headers: ['Content-Type' => 'application/x-www-form-urlencoded'])
|
|
->request('POST', $this->getUrl('token'), ['body' => $query]);
|
|
|
|
try {
|
|
$response = $client->getContent();
|
|
$response = json_decode($response, true);
|
|
} catch (ClientException $e) {
|
|
throw new BankIdException('Unable to fetch access token');
|
|
}
|
|
|
|
if (!isset($response['access_token'])) {
|
|
throw new BankIdException('Unable to fetch access token');
|
|
}
|
|
|
|
$client = $this->curlUtil->getClient(['Authorization' => "Bearer {$response['access_token']}"])
|
|
->request('POST', $this->getUrl('userinfo'));
|
|
|
|
try {
|
|
$data = $client->getContent();
|
|
} catch (ClientException $e) {
|
|
throw new BankIdException('Unable to fetch verified birthdate');
|
|
}
|
|
|
|
$data = json_decode($data, true);
|
|
|
|
if (!isset($data['verified_claims']['claims']['birthdate'])) {
|
|
throw new BankIdException('Unable to fetch verified birthdate');
|
|
}
|
|
|
|
$birthdate = $data['verified_claims']['claims']['birthdate'];
|
|
|
|
$date = \DateTime::createFromFormat('Y-m-d', $birthdate)->add(\DateInterval::createFromDateString('+18YEARS'));
|
|
|
|
$this->ageVerifyUtil->setVerificationData($date <= (new \DateTime()) ? 'Y' : 'N', self::BANKID, $birthdate);
|
|
}
|
|
|
|
public function getRedirectUrl()
|
|
{
|
|
$query = http_build_query([
|
|
'client_id' => $this->getClientId(),
|
|
'redirect_uri' => $this->getRedirectUri(),
|
|
'scope' => implode(' ', self::SCOPES),
|
|
'response_type' => 'code',
|
|
'state' => 'BankID',
|
|
'prompt' => 'login',
|
|
'display' => 'page',
|
|
'acr_values' => 'loa2',
|
|
]);
|
|
|
|
return "{$this->getUrl('auth')}?{$query}";
|
|
}
|
|
|
|
protected function getUrl($path)
|
|
{
|
|
if (isDevelopment() || \Settings::getDefault()['oauth']['bank_id']['sandbox']) {
|
|
return self::SANDBOX_URL.$path;
|
|
}
|
|
|
|
return self::PROD_URL.$path;
|
|
}
|
|
|
|
protected function getClientId()
|
|
{
|
|
$settings = \Settings::getDefault();
|
|
|
|
return $settings['oauth']['bank_id']['client_id'] ?? '';
|
|
}
|
|
|
|
protected function getClientSecret()
|
|
{
|
|
$settings = \Settings::getDefault();
|
|
|
|
return $settings['oauth']['bank_id']['client_secret'] ?? '';
|
|
}
|
|
|
|
protected function getRedirectUri()
|
|
{
|
|
if (isDevelopment()) {
|
|
return Config::get()['Addr']['full_original'].'_bankid';
|
|
}
|
|
|
|
return Config::get()['Addr']['full'].'_bankid';
|
|
}
|
|
}
|