Harden module runtime: audited listener failures and DI-first resolver

This commit is contained in:
2026-03-25 10:02:03 +01:00
parent a721ec0043
commit cb5f7037b2
12 changed files with 314 additions and 79 deletions

View File

@@ -15,12 +15,17 @@ class AccessPolicyFactory
private ?TenantAuthorizationPolicy $tenantAuthorizationPolicy = null;
private ?DepartmentAuthorizationPolicy $departmentAuthorizationPolicy = null;
private ?AuthorizationService $authorizationService = null;
private \Closure $moduleClassResolver;
public function __construct(
private readonly PermissionService $permissionService,
private readonly TenantScopeService $tenantScopeService,
private readonly ?ModuleRegistry $moduleRegistry = null
private readonly ?ModuleRegistry $moduleRegistry = null,
?callable $moduleClassResolver = null
) {
$this->moduleClassResolver = $moduleClassResolver !== null
? \Closure::fromCallable($moduleClassResolver)
: static fn (string $class): ?object => null;
}
public function createUserAuthorizationPolicy(): UserAuthorizationPolicy
@@ -108,26 +113,11 @@ class AccessPolicyFactory
private function instantiateModulePolicy(string $policyClass): ?AuthorizationPolicyInterface
{
if (!class_exists($policyClass)) {
return null;
}
try {
$reflection = new \ReflectionClass($policyClass);
$constructor = $reflection->getConstructor();
if ($constructor === null || $constructor->getNumberOfRequiredParameters() === 0) {
$instance = $reflection->newInstance();
return $instance instanceof AuthorizationPolicyInterface ? $instance : null;
}
if ($constructor->getNumberOfRequiredParameters() === 1) {
$instance = $reflection->newInstance($this->permissionService);
return $instance instanceof AuthorizationPolicyInterface ? $instance : null;
}
$instance = ($this->moduleClassResolver)($policyClass);
return $instance instanceof AuthorizationPolicyInterface ? $instance : null;
} catch (\Throwable) {
return null;
}
return null;
}
}

View File

@@ -4,6 +4,7 @@ namespace MintyPHP\Service\Auth;
use MintyPHP\App\AppContainer;
use MintyPHP\App\Module\Contracts\SessionProvider;
use MintyPHP\App\Module\ModuleClassResolver;
use MintyPHP\App\Module\ModuleRegistry;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\User\UserTenantContextService;
@@ -70,10 +71,7 @@ class AuthSessionTenantContextService
return [];
}
foreach ($registry->getSessionProviders() as $providerClass) {
if (!class_exists($providerClass)) {
continue;
}
$provider = new $providerClass();
$provider = ModuleClassResolver::resolve($this->container, $providerClass);
if ($provider instanceof SessionProvider) {
$providers[] = $provider;
}

View File

@@ -31,8 +31,10 @@ class LdapConnectionGateway
return @ldap_bind($conn, $dn, $password);
}
/** @return \LDAP\Result|false */
public function search(\LDAP\Connection $conn, string $baseDn, string $filter, array $attributes = [], int $scope = 0): \LDAP\Result|false
/**
* @return mixed LDAP\Result on success, false on failure.
*/
public function search(\LDAP\Connection $conn, string $baseDn, string $filter, array $attributes = [], int $scope = 0): mixed
{
if ($scope === 1) {
return @ldap_list($conn, $baseDn, $filter, $attributes);
@@ -40,8 +42,12 @@ class LdapConnectionGateway
return @ldap_search($conn, $baseDn, $filter, $attributes);
}
public function getEntries(\LDAP\Connection $conn, \LDAP\Result $result): array|false
public function getEntries(\LDAP\Connection $conn, mixed $result): array|false
{
if (!$result instanceof \LDAP\Result) {
return false;
}
return ldap_get_entries($conn, $result);
}