wip: working oidc login

2025-07-11 11:27:34 -05:00
parent db521ad9a9
commit 04993ebb27
10 changed files with 726 additions and 17 deletions
--- a/src/User/Framework/Controller/Web/LoginController.php
+++ b/src/User/Framework/Controller/Web/LoginController.php
@@ -3,10 +3,17 @@
 namespace App\User\Framework\Controller\Web;

 use App\User\Framework\Repository\UserRepository;
+use App\User\Framework\Security\OidcUserProvider;
 use Doctrine\Common\Collections\ArrayCollection;
+use Drenso\OidcBundle\Exception\OidcException;
+use Drenso\OidcBundle\OidcClientInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
 use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

 class LoginController extends AbstractController
@@ -31,7 +38,7 @@ class LoginController extends AbstractController
    }

    #[Route(path: '/logout', name: 'app_logout')]
-    public function logout(): void
+    public function logout(Security $security, Request $request): void
    {
        throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
    }
--- a/src/User/Framework/Controller/Web/LoginOidcController.php
+++ b/src/User/Framework/Controller/Web/LoginOidcController.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\User\Framework\Controller\Web;
+
+use Drenso\OidcBundle\OidcClientInterface;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Attribute\Route;
+
+class LoginOidcController extends AbstractController
+{
+    #[Route('/login/oidc', name: 'app_login_oidc')]
+    public function oidcStart(OidcClientInterface $oidcClient): RedirectResponse
+    {
+        // Redirect to authorization @ OIDC provider
+        return $oidcClient->generateAuthorizationRedirect();
+    }
+
+    #[Route('/login/oidc/auth', name: 'app_login_oidc_auth')]
+    public function oidcAuthenticate(): RedirectResponse
+    {
+        throw new \LogicException('This method can be blank - it will be intercepted by the "oidc" key on your firewall.');
+    }
+
+    #[Route('/logout/oidc', 'app_logout_oidc')]
+    public function oidcLogout(OidcClientInterface $oidcClient, Request $request, Security $security): RedirectResponse
+    {
+        // ToDo: Configure multiple authentication methods and redirect to the form login here
+    }
+}
--- a/src/User/Framework/Security/OidcUserProvider.php
+++ b/src/User/Framework/Security/OidcUserProvider.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace App\User\Framework\Security;
+
+use App\User\Framework\Entity\User;
+use App\User\Framework\Repository\UserRepository;
+use Drenso\OidcBundle\Exception\OidcException;
+use Drenso\OidcBundle\Model\OidcTokens;
+use Drenso\OidcBundle\Model\OidcUserData;
+use Drenso\OidcBundle\Security\UserProvider\OidcUserProviderInterface;
+use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+use Symfony\Component\Security\Core\Exception\UserNotFoundException;
+use Symfony\Component\Security\Core\User\OidcUser;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class OidcUserProvider implements OidcUserProviderInterface
+{
+    public function __construct(
+        private readonly UserRepository $userRepository,
+    ) {}
+
+    public function ensureUserExists(string $userIdentifier, OidcUserData $userData, OidcTokens $tokens): void
+    {
+        $user = $this->userRepository->findOneBy(['email' => $userIdentifier]);
+
+        if (null === $user) {
+            $user = new User()
+                ->setEmail($userData->getEmail())
+                ->setName($userData->getFullName())
+                ;
+            $this->userRepository->getEntityManager()->persist($user);
+            $this->userRepository->getEntityManager()->flush();
+        }
+    }
+
+    public function loadOidcUser(string $userIdentifier): UserInterface
+    {
+        return $this->userRepository->findOneBy(['email' => $userIdentifier]);
+    }
+
+    public function refreshUser(UserInterface $user): UserInterface
+    {
+        return $this->userRepository->findOneBy(['email' => $user->getUserIdentifier()]);
+    }
+
+    public function supportsClass(string $class): bool
+    {
+        return User::class === $class || OidcUser::class === $class;
+    }
+
+    public function loadUserByIdentifier(string $identifier): UserInterface
+    {
+        return $this->userRepository->findOneBy(['email' => $identifier]);
+    }
+}