Fix on get multi audience

implement FIND_BY_SET native query

Change-Id: I264ddacc4c04f8e28a142517209b935a6f6796b4

Author: smarcet

app/Repositories/DoctrineResourceServerRepository.php

@@ -12,6 +12,7 @@
  * limitations under the License.
  **/
 
+use Doctrine\ORM\Query\ResultSetMappingBuilder;
 use Illuminate\Support\Facades\Log;
 use Models\OAuth2\ResourceServer;
 use OAuth2\Repositories\IResourceServerRepository;
@@ -93,18 +94,47 @@ public function getByFriendlyName(string $name):?ResourceServer
      */
     public function getByAudienceAndIpAndActive(array $audience, string $ip):?ResourceServer
     {
-        Log::debug(sprintf("DoctrineResourceServerRepository::getByAudienceAndIpAndActive audience %s ip %s", json_encode($audience), $ip));
-        return $this->getEntityManager()
-            ->createQueryBuilder()
-            ->select("r")
-            ->from($this->getBaseEntity(), "r")
-            ->where("r.ips like :ip ")
-            ->andWhere("r.host in (:host)")
-            ->andWhere("r.active = 1")
-            ->setParameter("ip", '%'.trim($ip).'%')
-            ->setParameter("host", $audience)
-            ->setMaxResults(1)
-            ->getQuery()
-            ->getOneOrNullResult();
+        Log::debug
+        (
+            sprintf
+            (
+                "DoctrineResourceServerRepository::getByAudienceAndIpAndActive audience %s ip %s",
+                json_encode($audience),
+                $ip
+            )
+        );
+
+        $query = <<<SQL
+SELECT r.* FROM oauth2_resource_server r
+WHERE FIND_IN_SET('{$ip}', r.ips) AND r.active = 1
+SQL;
+
+        $hosts_query = "";
+
+        foreach ($audience as $index => $audience_item) {
+            if ($index > 0) {
+                $hosts_query .= " OR ";
+            }
+            $hosts_query.= sprintf(" FIND_IN_SET('%s',r.host) ", $audience_item);
+        }
+
+        if(!empty($hosts_query))
+             $hosts_query = " AND (". $hosts_query .")";
+
+        Log::debug(sprintf("DoctrineResourceServerRepository::getByAudienceAndIpAndActive hosts_query %s", $hosts_query));
+
+        $query = $query . $hosts_query. " LIMIT 1;";
+
+        Log::debug(sprintf("DoctrineResourceServerRepository::getByAudienceAndIpAndActive query %s", $query));
+
+        $rsm = new ResultSetMappingBuilder($this->getEntityManager());
+        $rsm->addRootEntityFromClassMetadata($this->getBaseEntity(), 'r');
+
+        // build rsm here
+        $native_query = $this->getEntityManager()->createNativeQuery($query, $rsm);
+
+        $res = $native_query->getResult();
+
+        return count($res) > 0 ? $res[0] : null;
     }
 }

app/Services/OAuth2/TokenService.php

@@ -864,14 +864,24 @@ public function checkAccessTokenAudience(AccessToken $access_token, $current_ip)
             $current_audience = array($current_audience);
         }
 
-        $resource_server = $this->resource_server_repository->getByIp($current_ip);
+        $resource_server = $this->resource_server_repository->getByAudienceAndIpAndActive($current_audience, $current_ip);
 
         // check audience
         if(is_null($resource_server)){
             Log::warning(sprintf("TokenService::checkAccessTokenAudience not found resource server for ip %s", $current_ip));
             return false;
         }
 
+        Log::debug
+        (
+            sprintf
+            (
+                "TokenService::checkAccessTokenAudience found resource server %s (%s)",
+                $resource_server->getId(),
+                $resource_server->getHost()
+            )
+        );
+
         $hosts = explode(',', $resource_server->getHost());
 
         Log::debug

tests/DoctrineRepositoriesTests.php

@@ -13,6 +13,7 @@
  **/
 use LaravelDoctrine\ORM\Facades\EntityManager;
 use Illuminate\Support\Facades\Redis;
+use Models\OAuth2\ResourceServer;
 use Models\OAuth2\ServerPrivateKey;
 use Models\UserExceptionTrail;
 /**
@@ -65,4 +66,21 @@ public function testUserExceptionTrailRepository(){
         EntityManager::remove($ex);
         EntityManager::flush();
     }
+
+    public function testResourceServerRepository(){
+        $repository = EntityManager::getRepository(ResourceServer::class);
+
+        $rs = new ResourceServer();
+        $rs->setFriendlyName("test".rand(1,1000));
+        $rs->setActive(true);
+        $rs->setIps("127.0.0.1,200.0.0.0");
+        $rs->setHost("https://www.openstack.org,https://test.com");
+
+        EntityManager::persist($rs);
+        EntityManager::flush();
+
+        $res = $repository->getByAudienceAndIpAndActive(['https://www.openstack.org', 'https://test.com'], '127.0.0.1');
+
+        $this->assertTrue(!is_null($res));
+    }
 }