home/torsearch
1
0
Fork 0
Code Issues 22 Pull Requests 1 Actions 3 Packages Projects 4 Releases Wiki Activity

wip: working oidc login

Browse Source
This commit is contained in:
brock
2025-07-11 11:27:34 -05:00
parent db521ad9a9
commit 04993ebb27
10 changed files with 726 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/User/Framework/Controller/Web/LoginController.php
View File

@@ -3,10 +3,17 @@
namespace App\User\Framework\Controller\Web;
use App\User\Framework\Repository\UserRepository;
use App\User\Framework\Security\OidcUserProvider;
use Doctrine\Common\Collections\ArrayCollection;
use Drenso\OidcBundle\Exception\OidcException;
use Drenso\OidcBundle\OidcClientInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
class LoginController extends AbstractController
@@ -31,7 +38,7 @@ class LoginController extends AbstractController
}
#[Route(path: '/logout', name: 'app_logout')]
public function logout(): void
public function logout(Security $security, Request $request): void
{
throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
}

32
src/User/Framework/Controller/Web/LoginOidcController.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
namespace App\User\Framework\Controller\Web;
use Drenso\OidcBundle\OidcClientInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Attribute\Route;
class LoginOidcController extends AbstractController
{
#[Route('/login/oidc', name: 'app_login_oidc')]
public function oidcStart(OidcClientInterface $oidcClient): RedirectResponse
{
// Redirect to authorization @ OIDC provider
return $oidcClient->generateAuthorizationRedirect();
}
#[Route('/login/oidc/auth', name: 'app_login_oidc_auth')]
public function oidcAuthenticate(): RedirectResponse
{
throw new \LogicException('This method can be blank - it will be intercepted by the "oidc" key on your firewall.');
}
#[Route('/logout/oidc', 'app_logout_oidc')]
public function oidcLogout(OidcClientInterface $oidcClient, Request $request, Security $security): RedirectResponse
{
// ToDo: Configure multiple authentication methods and redirect to the form login here
}
}

55
src/User/Framework/Security/OidcUserProvider.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
namespace App\User\Framework\Security;
use App\User\Framework\Entity\User;
use App\User\Framework\Repository\UserRepository;
use Drenso\OidcBundle\Exception\OidcException;
use Drenso\OidcBundle\Model\OidcTokens;
use Drenso\OidcBundle\Model\OidcUserData;
use Drenso\OidcBundle\Security\UserProvider\OidcUserProviderInterface;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\Exception\UserNotFoundException;
use Symfony\Component\Security\Core\User\OidcUser;
use Symfony\Component\Security\Core\User\UserInterface;
class OidcUserProvider implements OidcUserProviderInterface
{
public function __construct(
private readonly UserRepository $userRepository,
) {}
public function ensureUserExists(string $userIdentifier, OidcUserData $userData, OidcTokens $tokens): void
{
$user = $this->userRepository->findOneBy(['email' => $userIdentifier]);
if (null === $user) {
$user = new User()
->setEmail($userData->getEmail())
->setName($userData->getFullName())
;
$this->userRepository->getEntityManager()->persist($user);
$this->userRepository->getEntityManager()->flush();
}
}
public function loadOidcUser(string $userIdentifier): UserInterface
{
return $this->userRepository->findOneBy(['email' => $userIdentifier]);
}
public function refreshUser(UserInterface $user): UserInterface
{
return $this->userRepository->findOneBy(['email' => $user->getUserIdentifier()]);
}
public function supportsClass(string $class): bool
{
return User::class === $class || OidcUser::class === $class;
}
public function loadUserByIdentifier(string $identifier): UserInterface
{
return $this->userRepository->findOneBy(['email' => $identifier]);
}
}