projects/file-explorer
projects/file-explorer
1
0
Fork 1
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

implement authentication with oauth #8

Open
csimonis wants to merge 4 commits from feature/oauth into main
pull from: feature/oauth
merge into: projects:main
Conversation 1 Commits 4 Files Changed 11 +390 -73
12 changed files with 390 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 77951dd48b - Show all commits

1
composer.json
View File

@ -79,6 +79,7 @@
}
},
"require-dev": {
"symfony/maker-bundle": "^1.61",
"symfony/stopwatch": "7.1.*",
"symfony/web-profiler-bundle": "7.1.*"
}

243
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "1a472169bb195f264c84a0e4b2662cd8",
"content-hash": "4ebb20d494235bfba6d97cd0991e3354",
"packages": [
{
"name": "composer/semver",
@ -5323,6 +5323,247 @@
}
],
"packages-dev": [
{
"name": "doctrine/inflector",
"version": "2.0.10",
"source": {
"type": "git",
"url": "https://github.com/doctrine/inflector.git",
"reference": "5817d0659c5b50c9b950feb9af7b9668e2c436bc"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/doctrine/inflector/zipball/5817d0659c5b50c9b950feb9af7b9668e2c436bc",
"reference": "5817d0659c5b50c9b950feb9af7b9668e2c436bc",
"shasum": ""
},
"require": {
"php": "^7.2 || ^8.0"
},
"require-dev": {
"doctrine/coding-standard": "^11.0",
"phpstan/phpstan": "^1.8",
"phpstan/phpstan-phpunit": "^1.1",
"phpstan/phpstan-strict-rules": "^1.3",
"phpunit/phpunit": "^8.5 || ^9.5",
"vimeo/psalm": "^4.25 || ^5.4"
},
"type": "library",
"autoload": {
"psr-4": {
"Doctrine\\Inflector\\": "lib/Doctrine/Inflector"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Guilherme Blanco",
"email": "guilhermeblanco@gmail.com"
},
{
"name": "Roman Borschel",
"email": "roman@code-factory.org"
},
{
"name": "Benjamin Eberlei",
"email": "kontakt@beberlei.de"
},
{
"name": "Jonathan Wage",
"email": "jonwage@gmail.com"
},
{
"name": "Johannes Schmitt",
"email": "schmittjoh@gmail.com"
}
],
"description": "PHP Doctrine Inflector is a small library that can perform string manipulations with regard to upper/lowercase and singular/plural forms of words.",
"homepage": "https://www.doctrine-project.org/projects/inflector.html",
"keywords": [
"inflection",
"inflector",
"lowercase",
"manipulation",
"php",
"plural",
"singular",
"strings",
"uppercase",
"words"
],
"support": {
"issues": "https://github.com/doctrine/inflector/issues",
"source": "https://github.com/doctrine/inflector/tree/2.0.10"
},
"funding": [
{
"url": "https://www.doctrine-project.org/sponsorship.html",
"type": "custom"
},
{
"url": "https://www.patreon.com/phpdoctrine",
"type": "patreon"
},
{
"url": "https://tidelift.com/funding/github/packagist/doctrine%2Finflector",
"type": "tidelift"
}
],
"time": "2024-02-18T20:23:39+00:00"
},
{
"name": "nikic/php-parser",
"version": "v5.3.1",
"source": {
"type": "git",
"url": "https://github.com/nikic/PHP-Parser.git",
"reference": "8eea230464783aa9671db8eea6f8c6ac5285794b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/8eea230464783aa9671db8eea6f8c6ac5285794b",
"reference": "8eea230464783aa9671db8eea6f8c6ac5285794b",
"shasum": ""
},
"require": {
"ext-ctype": "*",
"ext-json": "*",
"ext-tokenizer": "*",
"php": ">=7.4"
},
"require-dev": {
"ircmaxell/php-yacc": "^0.0.7",
"phpunit/phpunit": "^9.0"
},
"bin": [
"bin/php-parse"
],
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "5.0-dev"
}
},
"autoload": {
"psr-4": {
"PhpParser\\": "lib/PhpParser"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Nikita Popov"
}
],
"description": "A PHP parser written in PHP",
"keywords": [
"parser",
"php"
],
"support": {
"issues": "https://github.com/nikic/PHP-Parser/issues",
"source": "https://github.com/nikic/PHP-Parser/tree/v5.3.1"
},
"time": "2024-10-08T18:51:32+00:00"
},
{
"name": "symfony/maker-bundle",
"version": "v1.61.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/maker-bundle.git",
"reference": "a3b7f14d349f8f44ed752d4dde2263f77510cc18"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/maker-bundle/zipball/a3b7f14d349f8f44ed752d4dde2263f77510cc18",
"reference": "a3b7f14d349f8f44ed752d4dde2263f77510cc18",
"shasum": ""
},
"require": {
"doctrine/inflector": "^2.0",
"nikic/php-parser": "^4.18|^5.0",
"php": ">=8.1",
"symfony/config": "^6.4|^7.0",
"symfony/console": "^6.4|^7.0",
"symfony/dependency-injection": "^6.4|^7.0",
"symfony/deprecation-contracts": "^2.2|^3",
"symfony/filesystem": "^6.4|^7.0",
"symfony/finder": "^6.4|^7.0",
"symfony/framework-bundle": "^6.4|^7.0",
"symfony/http-kernel": "^6.4|^7.0",
"symfony/process": "^6.4|^7.0"
},
"conflict": {
"doctrine/doctrine-bundle": "<2.10",
"doctrine/orm": "<2.15"
},
"require-dev": {
"composer/semver": "^3.0",
"doctrine/doctrine-bundle": "^2.5.0",
"doctrine/orm": "^2.15|^3",
"symfony/http-client": "^6.4|^7.0",
"symfony/phpunit-bridge": "^6.4.1|^7.0",
"symfony/security-core": "^6.4|^7.0",
"symfony/yaml": "^6.4|^7.0",
"twig/twig": "^3.0|^4.x-dev"
},
"type": "symfony-bundle",
"extra": {
"branch-alias": {
"dev-main": "1.x-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Bundle\\MakerBundle\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony Maker helps you create empty commands, controllers, form classes, tests and more so you can forget about writing boilerplate code.",
"homepage": "https://symfony.com/doc/current/bundles/SymfonyMakerBundle/index.html",
"keywords": [
"code generator",
"dev",
"generator",
"scaffold",
"scaffolding"
],
"support": {
"issues": "https://github.com/symfony/maker-bundle/issues",
"source": "https://github.com/symfony/maker-bundle/tree/v1.61.0"
},
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2024-08-29T22:50:23+00:00"
},
{
"name": "symfony/stopwatch",
"version": "v7.1.6",

1
config/bundles.php
View File

@ -10,4 +10,5 @@ return [
Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
];

3
config/packages/knpu_oauth2_client.yaml
View File

@ -2,8 +2,7 @@ knpu_oauth2_client:
clients:
auth:
type: generic
provider_class: App\Service\Security\Provider
provider_class: App\Security\UserProvider
client_id: '%env(AUTHENTIK_CLIENT_ID)%'
client_secret: '%env(AUTHENTIK_CLIENT_SECRET)%'
redirect_route: auth_callback

9
config/packages/security.yaml
View File

@ -4,10 +4,10 @@ security:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
id: App\Security\UserProvider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
@ -17,6 +17,8 @@ security:
provider: app_user_provider
custom_authenticators:
- App\Security\Authenticator
form_login:
login_path: auth_entrypoint
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
@ -29,6 +31,7 @@ security:
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
- { path: ^/auth, roles: PUBLIC_ACCESS }
- { path: /, roles: ROLE_USER }
when@test:

8
src/Controller/AuthenticationController.php
View File

@ -14,6 +14,12 @@ class AuthenticationController extends AbstractController
#[Route(path: '/auth/callback', name: 'auth_callback', methods: Request::METHOD_GET)]
public function __invoke(ClientRegistry $clientRegistry): Response
{
$clientRegistry->getClient('auth')->fetchUser();
dd($clientRegistry->getClient('auth')->fetchUser());
}
#[Route(path: '/auth/sso', name: 'auth_entrypoint', methods: Request::METHOD_GET)]
public function entrypoint(ClientRegistry $clientRegistry): Response
{
return $clientRegistry->getClient('auth')->redirect();
}
}

21
src/Entity/User.php
View File

@ -1,21 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Entity;
use League\OAuth2\Client\Provider\ResourceOwnerInterface;
class User implements ResourceOwnerInterface
{
private int $id;
public function getId(): int
{
return $this->id;
}
public function toArray(): array
{
return ['id' => $this->id];
}
}

14
src/Security/Authenticator.php
View File

@ -3,15 +3,22 @@ declare(strict_types=1);
namespace App\Security;
use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
class Authenticator extends AbstractAuthenticator
{
public function __construct(private ClientRegistry $clientRegistry)
{
}
public function supports(Request $request): ?bool
{
return $request->attributes->get('_route') === 'auth_callback';
@ -19,15 +26,18 @@ class Authenticator extends AbstractAuthenticator
public function authenticate(Request $request): Passport
{
dd($this->clientRegistry->getClient('auth')->getAccessToken());
return new SelfValidatingPassport(new UserBadge(''));
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
{
// TODO: Implement onAuthenticationSuccess() method.
return null;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
{
// TODO: Implement onAuthenticationFailure() method.
dd($request );
csimonis marked this conversation as resolved Outdated
jank1619 commented 2024-12-21 13:21:33 +00:00
Outdated
Review
Copy Link

This might not be the best idea

This might not be the best idea
}
}

51
src/Security/User.php Normal file
View File

@ -0,0 +1,51 @@
<?php
namespace App\Security;
use Symfony\Component\Security\Core\User\UserInterface;
class User implements UserInterface
{
private string $email;
/**
* @var string[]
*/
private array $roles = [];
public function getEmail(): ?string
{
return $this->email;
}
public function setEmail(string $email): static
{
$this->email = $email;
return $this;
}
public function getUserIdentifier(): string
{
return $this->email;
}
public function getRoles(): array
{
$roles = $this->roles;
$roles[] = 'ROLE_USER';
return array_unique($roles);
}
public function setRoles(array $roles): static
{
$this->roles = $roles;
return $this;
}
public function eraseCredentials(): void
{
}
}

60
src/Security/UserProvider.php Normal file
View File

@ -0,0 +1,60 @@
<?php
namespace App\Security;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use League\OAuth2\Client\Token\AccessToken;
use Psr\Http\Message\ResponseInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
class UserProvider extends AbstractProvider implements UserProviderInterface
{
public function loadUserByIdentifier($identifier): UserInterface
{
return new User();
}
public function refreshUser(UserInterface $user): UserInterface
{
return $user;
}
public function supportsClass(string $class): bool
{
return User::class === $class || is_subclass_of($class, User::class);
}
public function getBaseAuthorizationUrl(): string
{
return 'https://oauth.simonis.lol/application/o/authorize/';
}
public function getBaseAccessTokenUrl(array $params): string
{
return 'https://oauth.simonis.lol/application/o/token/';
}
public function getResourceOwnerDetailsUrl(AccessToken $token): string
{
return 'https://oauth.simonis.lol/application/o/userinfo/';
}
protected function getDefaultScopes(): array
{
return ['profile', 'email', 'openid'];
}
protected function checkResponse(ResponseInterface $response, $data): void
{
if (isset($data['error'])) {
throw new IdentityProviderException($data['error'], $response->getStatusCode(), $response);
}
}
protected function createResourceOwner(array $response, AccessToken $token)
{
dd($response);
csimonis marked this conversation as resolved Outdated
jank1619 commented 2024-12-21 13:22:10 +00:00
Outdated
Review
Copy Link

This one isnt that good either

This one isnt that good either
}
}

43
src/Service/Security/Provider.php
View File

@ -1,43 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Service\Security;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Provider\GenericResourceOwner;
use League\OAuth2\Client\Token\AccessToken;
use Psr\Http\Message\ResponseInterface;
class Provider extends AbstractProvider
{
public function getBaseAuthorizationUrl(): string
{
return 'https://oauth.simonis.lol/application/o/authorize/';
}
public function getBaseAccessTokenUrl(array $params): string
{
return 'https://oauth.simonis.lol/application/o/token/';
}
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
return 'https://oauth.simonis.lol/application/o/userinfo/';
}
protected function getDefaultScopes(): array
{
return ['email', 'profile', 'openid'];
}
protected function checkResponse(ResponseInterface $response, $data)
{
}
protected function createResourceOwner(array $response, AccessToken $token)
{
dd($response);
}
}

9
symfony.lock
View File

@ -81,6 +81,15 @@
"src/Kernel.php"
]
},
"symfony/maker-bundle": {
"version": "1.61",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "1.0",
"ref": "fadbfe33303a76e25cb63401050439aa9b1a9c7f"
}
},
"symfony/routing": {
"version": "7.1",
"recipe": {