From a63306becbc8184298e7deb794bbecdd7286c07c Mon Sep 17 00:00:00 2001 From: Constantin Simonis Date: Thu, 12 Dec 2024 18:30:18 +0100 Subject: [PATCH] wip --- composer.json | 1 + composer.lock | 243 +++++++++++++++++++- config/bundles.php | 1 + config/packages/knpu_oauth2_client.yaml | 3 +- config/packages/security.yaml | 9 +- src/Controller/AuthenticationController.php | 8 +- src/Entity/User.php | 21 -- src/Security/Authenticator.php | 14 +- src/Security/User.php | 51 ++++ src/Security/UserProvider.php | 60 +++++ src/Service/Security/Provider.php | 43 ---- symfony.lock | 9 + 12 files changed, 390 insertions(+), 73 deletions(-) delete mode 100644 src/Entity/User.php create mode 100644 src/Security/User.php create mode 100644 src/Security/UserProvider.php delete mode 100644 src/Service/Security/Provider.php diff --git a/composer.json b/composer.json index b1b0ff3..32df7fc 100644 --- a/composer.json +++ b/composer.json @@ -77,6 +77,7 @@ } }, "require-dev": { + "symfony/maker-bundle": "^1.61", "symfony/stopwatch": "7.1.*", "symfony/web-profiler-bundle": "7.1.*" } diff --git a/composer.lock b/composer.lock index 0521d20..88f2526 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "31c0071a06bedb7ec89d9182950ed345", + "content-hash": "bfafba7d3f6a227b403d39b34a6bf3de", "packages": [ { "name": "composer/semver", @@ -5211,6 +5211,247 @@ } ], "packages-dev": [ + { + "name": "doctrine/inflector", + "version": "2.0.10", + "source": { + "type": "git", + "url": "https://github.com/doctrine/inflector.git", + "reference": "5817d0659c5b50c9b950feb9af7b9668e2c436bc" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/inflector/zipball/5817d0659c5b50c9b950feb9af7b9668e2c436bc", + "reference": "5817d0659c5b50c9b950feb9af7b9668e2c436bc", + "shasum": "" + }, + "require": { + "php": "^7.2 || ^8.0" + }, + "require-dev": { + "doctrine/coding-standard": "^11.0", + "phpstan/phpstan": "^1.8", + "phpstan/phpstan-phpunit": "^1.1", + "phpstan/phpstan-strict-rules": "^1.3", + "phpunit/phpunit": "^8.5 || ^9.5", + "vimeo/psalm": "^4.25 || ^5.4" + }, + "type": "library", + "autoload": { + "psr-4": { + "Doctrine\\Inflector\\": "lib/Doctrine/Inflector" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Guilherme Blanco", + "email": "guilhermeblanco@gmail.com" + }, + { + "name": "Roman Borschel", + "email": "roman@code-factory.org" + }, + { + "name": "Benjamin Eberlei", + "email": "kontakt@beberlei.de" + }, + { + "name": "Jonathan Wage", + "email": "jonwage@gmail.com" + }, + { + "name": "Johannes Schmitt", + "email": "schmittjoh@gmail.com" + } + ], + "description": "PHP Doctrine Inflector is a small library that can perform string manipulations with regard to upper/lowercase and singular/plural forms of words.", + "homepage": "https://www.doctrine-project.org/projects/inflector.html", + "keywords": [ + "inflection", + "inflector", + "lowercase", + "manipulation", + "php", + "plural", + "singular", + "strings", + "uppercase", + "words" + ], + "support": { + "issues": "https://github.com/doctrine/inflector/issues", + "source": "https://github.com/doctrine/inflector/tree/2.0.10" + }, + "funding": [ + { + "url": "https://www.doctrine-project.org/sponsorship.html", + "type": "custom" + }, + { + "url": "https://www.patreon.com/phpdoctrine", + "type": "patreon" + }, + { + "url": "https://tidelift.com/funding/github/packagist/doctrine%2Finflector", + "type": "tidelift" + } + ], + "time": "2024-02-18T20:23:39+00:00" + }, + { + "name": "nikic/php-parser", + "version": "v5.3.1", + "source": { + "type": "git", + "url": "https://github.com/nikic/PHP-Parser.git", + "reference": "8eea230464783aa9671db8eea6f8c6ac5285794b" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/8eea230464783aa9671db8eea6f8c6ac5285794b", + "reference": "8eea230464783aa9671db8eea6f8c6ac5285794b", + "shasum": "" + }, + "require": { + "ext-ctype": "*", + "ext-json": "*", + "ext-tokenizer": "*", + "php": ">=7.4" + }, + "require-dev": { + "ircmaxell/php-yacc": "^0.0.7", + "phpunit/phpunit": "^9.0" + }, + "bin": [ + "bin/php-parse" + ], + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "5.0-dev" + } + }, + "autoload": { + "psr-4": { + "PhpParser\\": "lib/PhpParser" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Nikita Popov" + } + ], + "description": "A PHP parser written in PHP", + "keywords": [ + "parser", + "php" + ], + "support": { + "issues": "https://github.com/nikic/PHP-Parser/issues", + "source": "https://github.com/nikic/PHP-Parser/tree/v5.3.1" + }, + "time": "2024-10-08T18:51:32+00:00" + }, + { + "name": "symfony/maker-bundle", + "version": "v1.61.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/maker-bundle.git", + "reference": "a3b7f14d349f8f44ed752d4dde2263f77510cc18" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/maker-bundle/zipball/a3b7f14d349f8f44ed752d4dde2263f77510cc18", + "reference": "a3b7f14d349f8f44ed752d4dde2263f77510cc18", + "shasum": "" + }, + "require": { + "doctrine/inflector": "^2.0", + "nikic/php-parser": "^4.18|^5.0", + "php": ">=8.1", + "symfony/config": "^6.4|^7.0", + "symfony/console": "^6.4|^7.0", + "symfony/dependency-injection": "^6.4|^7.0", + "symfony/deprecation-contracts": "^2.2|^3", + "symfony/filesystem": "^6.4|^7.0", + "symfony/finder": "^6.4|^7.0", + "symfony/framework-bundle": "^6.4|^7.0", + "symfony/http-kernel": "^6.4|^7.0", + "symfony/process": "^6.4|^7.0" + }, + "conflict": { + "doctrine/doctrine-bundle": "<2.10", + "doctrine/orm": "<2.15" + }, + "require-dev": { + "composer/semver": "^3.0", + "doctrine/doctrine-bundle": "^2.5.0", + "doctrine/orm": "^2.15|^3", + "symfony/http-client": "^6.4|^7.0", + "symfony/phpunit-bridge": "^6.4.1|^7.0", + "symfony/security-core": "^6.4|^7.0", + "symfony/yaml": "^6.4|^7.0", + "twig/twig": "^3.0|^4.x-dev" + }, + "type": "symfony-bundle", + "extra": { + "branch-alias": { + "dev-main": "1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Bundle\\MakerBundle\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony Maker helps you create empty commands, controllers, form classes, tests and more so you can forget about writing boilerplate code.", + "homepage": "https://symfony.com/doc/current/bundles/SymfonyMakerBundle/index.html", + "keywords": [ + "code generator", + "dev", + "generator", + "scaffold", + "scaffolding" + ], + "support": { + "issues": "https://github.com/symfony/maker-bundle/issues", + "source": "https://github.com/symfony/maker-bundle/tree/v1.61.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-08-29T22:50:23+00:00" + }, { "name": "symfony/stopwatch", "version": "v7.1.6", diff --git a/config/bundles.php b/config/bundles.php index 33d3bab..ec18832 100644 --- a/config/bundles.php +++ b/config/bundles.php @@ -10,4 +10,5 @@ return [ Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true], KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true], Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true], + Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true], ]; diff --git a/config/packages/knpu_oauth2_client.yaml b/config/packages/knpu_oauth2_client.yaml index 09cad5c..6dafe17 100644 --- a/config/packages/knpu_oauth2_client.yaml +++ b/config/packages/knpu_oauth2_client.yaml @@ -2,8 +2,7 @@ knpu_oauth2_client: clients: auth: type: generic - provider_class: App\Service\Security\Provider - + provider_class: App\Security\UserProvider client_id: '%env(AUTHENTIK_CLIENT_ID)%' client_secret: '%env(AUTHENTIK_CLIENT_SECRET)%' redirect_route: auth_callback diff --git a/config/packages/security.yaml b/config/packages/security.yaml index 1bbbe8b..8595232 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -4,10 +4,10 @@ security: Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider providers: + # used to reload user from session & other features (e.g. switch_user) app_user_provider: - entity: - class: App\Entity\User - property: email + id: App\Security\UserProvider + firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ @@ -17,6 +17,8 @@ security: provider: app_user_provider custom_authenticators: - App\Security\Authenticator + form_login: + login_path: auth_entrypoint # activate different ways to authenticate # https://symfony.com/doc/current/security.html#the-firewall @@ -29,6 +31,7 @@ security: access_control: # - { path: ^/admin, roles: ROLE_ADMIN } # - { path: ^/profile, roles: ROLE_USER } + - { path: ^/auth, roles: PUBLIC_ACCESS } - { path: /, roles: ROLE_USER } when@test: diff --git a/src/Controller/AuthenticationController.php b/src/Controller/AuthenticationController.php index 8471cf4..840c04c 100644 --- a/src/Controller/AuthenticationController.php +++ b/src/Controller/AuthenticationController.php @@ -14,6 +14,12 @@ class AuthenticationController extends AbstractController #[Route(path: '/auth/callback', name: 'auth_callback', methods: Request::METHOD_GET)] public function __invoke(ClientRegistry $clientRegistry): Response { - $clientRegistry->getClient('auth')->fetchUser(); + dd($clientRegistry->getClient('auth')->fetchUser()); + } + + #[Route(path: '/auth/sso', name: 'auth_entrypoint', methods: Request::METHOD_GET)] + public function entrypoint(ClientRegistry $clientRegistry): Response + { + return $clientRegistry->getClient('auth')->redirect(); } } \ No newline at end of file diff --git a/src/Entity/User.php b/src/Entity/User.php deleted file mode 100644 index 640f2ff..0000000 --- a/src/Entity/User.php +++ /dev/null @@ -1,21 +0,0 @@ -id; - } - - public function toArray(): array - { - return ['id' => $this->id]; - } -} \ No newline at end of file diff --git a/src/Security/Authenticator.php b/src/Security/Authenticator.php index 44b0f52..9f9a3b8 100644 --- a/src/Security/Authenticator.php +++ b/src/Security/Authenticator.php @@ -3,15 +3,22 @@ declare(strict_types=1); namespace App\Security; +use KnpU\OAuth2ClientBundle\Client\ClientRegistry; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator; +use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge; use Symfony\Component\Security\Http\Authenticator\Passport\Passport; +use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport; class Authenticator extends AbstractAuthenticator { + public function __construct(private ClientRegistry $clientRegistry) + { + } + public function supports(Request $request): ?bool { return $request->attributes->get('_route') === 'auth_callback'; @@ -19,15 +26,18 @@ class Authenticator extends AbstractAuthenticator public function authenticate(Request $request): Passport { + dd($this->clientRegistry->getClient('auth')->getAccessToken()); + + return new SelfValidatingPassport(new UserBadge('')); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response { - // TODO: Implement onAuthenticationSuccess() method. + return null; } public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response { - // TODO: Implement onAuthenticationFailure() method. + dd($request ); } } \ No newline at end of file diff --git a/src/Security/User.php b/src/Security/User.php new file mode 100644 index 0000000..db153d4 --- /dev/null +++ b/src/Security/User.php @@ -0,0 +1,51 @@ +email; + } + + public function setEmail(string $email): static + { + $this->email = $email; + + return $this; + } + + public function getUserIdentifier(): string + { + return $this->email; + } + + public function getRoles(): array + { + $roles = $this->roles; + $roles[] = 'ROLE_USER'; + + return array_unique($roles); + } + + public function setRoles(array $roles): static + { + $this->roles = $roles; + + return $this; + } + + public function eraseCredentials(): void + { + } +} diff --git a/src/Security/UserProvider.php b/src/Security/UserProvider.php new file mode 100644 index 0000000..0a58871 --- /dev/null +++ b/src/Security/UserProvider.php @@ -0,0 +1,60 @@ +getStatusCode(), $response); + } + } + + protected function createResourceOwner(array $response, AccessToken $token) + { + dd($response); + } +} diff --git a/src/Service/Security/Provider.php b/src/Service/Security/Provider.php deleted file mode 100644 index e41221e..0000000 --- a/src/Service/Security/Provider.php +++ /dev/null @@ -1,43 +0,0 @@ -