fix: creates new users on demand from idp
This commit is contained in:
@@ -31,6 +31,7 @@ security:
|
|||||||
oidc:
|
oidc:
|
||||||
login_path: '/login/oidc'
|
login_path: '/login/oidc'
|
||||||
check_path: '/login/oidc/auth'
|
check_path: '/login/oidc/auth'
|
||||||
|
enable_end_session_listener: true
|
||||||
entry_point: form_login
|
entry_point: form_login
|
||||||
|
|
||||||
# activate different ways to authenticate
|
# activate different ways to authenticate
|
||||||
|
|||||||
@@ -1,61 +0,0 @@
|
|||||||
security:
|
|
||||||
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
|
|
||||||
password_hashers:
|
|
||||||
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
|
|
||||||
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
|
|
||||||
providers:
|
|
||||||
users_in_memory: { memory: null }
|
|
||||||
app_local:
|
|
||||||
entity:
|
|
||||||
class: App\User\Framework\Entity\User
|
|
||||||
property: email
|
|
||||||
|
|
||||||
app_ldap:
|
|
||||||
id: App\User\Framework\Security\LdapUserProvider
|
|
||||||
|
|
||||||
firewalls:
|
|
||||||
dev:
|
|
||||||
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
|
||||||
security: false
|
|
||||||
main:
|
|
||||||
lazy: true
|
|
||||||
provider: app_ldap
|
|
||||||
entry_point: form_login_ldap
|
|
||||||
form_login_ldap:
|
|
||||||
login_path: app_login
|
|
||||||
check_path: app_login
|
|
||||||
enable_csrf: true
|
|
||||||
service: Symfony\Component\Ldap\Ldap
|
|
||||||
dn_string: '%env(LDAP_DN_STRING)%'
|
|
||||||
form_login:
|
|
||||||
login_path: app_login
|
|
||||||
check_path: app_login
|
|
||||||
enable_csrf: true
|
|
||||||
logout:
|
|
||||||
path: app_logout
|
|
||||||
|
|
||||||
# activate different ways to authenticate
|
|
||||||
# https://symfony.com/doc/current/security.html#the-firewall
|
|
||||||
|
|
||||||
# https://symfony.com/doc/current/security/impersonating_user.html
|
|
||||||
# switch_user: true
|
|
||||||
|
|
||||||
# Easy way to control access for large sections of your site
|
|
||||||
# Note: Only the *first* access control that matches will be used
|
|
||||||
access_control:
|
|
||||||
- { path: ^/reset-password, roles: PUBLIC_ACCESS }
|
|
||||||
- { path: ^/login, roles: PUBLIC_ACCESS }
|
|
||||||
- { path: ^/, roles: ROLE_USER } # Or ROLE_ADMIN, ROLE_SUPER_ADMIN,
|
|
||||||
|
|
||||||
when@test:
|
|
||||||
security:
|
|
||||||
password_hashers:
|
|
||||||
# By default, password hashers are resource intensive and take time. This is
|
|
||||||
# important to generate secure password hashes. In tests however, secure hashes
|
|
||||||
# are not important, waste resources and increase test times. The following
|
|
||||||
# reduces the work factor to the lowest possible values.
|
|
||||||
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
|
|
||||||
algorithm: auto
|
|
||||||
cost: 4 # Lowest possible value for bcrypt
|
|
||||||
time_cost: 3 # Lowest possible value for argon
|
|
||||||
memory_cost: 10 # Lowest possible value for argon
|
|
||||||
@@ -25,7 +25,7 @@ class LoginOidcController extends AbstractController
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Redirect to authorization @ OIDC provider
|
// Redirect to authorization @ OIDC provider
|
||||||
return $oidcClient->generateAuthorizationRedirect();
|
return $oidcClient->generateAuthorizationRedirect(scopes: ['openid', 'profile']);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[Route('/login/oidc/auth', name: 'app_login_oidc_auth')]
|
#[Route('/login/oidc/auth', name: 'app_login_oidc_auth')]
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ use Drenso\OidcBundle\Exception\OidcException;
|
|||||||
use Drenso\OidcBundle\Model\OidcTokens;
|
use Drenso\OidcBundle\Model\OidcTokens;
|
||||||
use Drenso\OidcBundle\Model\OidcUserData;
|
use Drenso\OidcBundle\Model\OidcUserData;
|
||||||
use Drenso\OidcBundle\Security\UserProvider\OidcUserProviderInterface;
|
use Drenso\OidcBundle\Security\UserProvider\OidcUserProviderInterface;
|
||||||
|
use Symfony\Component\PasswordHasher\PasswordHasherInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
|
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
|
||||||
use Symfony\Component\Security\Core\Exception\UserNotFoundException;
|
use Symfony\Component\Security\Core\Exception\UserNotFoundException;
|
||||||
use Symfony\Component\Security\Core\User\OidcUser;
|
use Symfony\Component\Security\Core\User\OidcUser;
|
||||||
@@ -25,8 +26,9 @@ class OidcUserProvider implements OidcUserProviderInterface
|
|||||||
|
|
||||||
if (null === $user) {
|
if (null === $user) {
|
||||||
$user = new User()
|
$user = new User()
|
||||||
->setEmail($userData->getEmail())
|
->setEmail(!empty($userData->getEmail()) ? $userData->getEmail() : $userData->getSub())
|
||||||
->setName($userData->getFullName())
|
->setName(!empty($userData->getFullName()) ? $userData->getFullName() : $userData->getGivenName())
|
||||||
|
->setPassword('n/a')
|
||||||
;
|
;
|
||||||
$this->userRepository->getEntityManager()->persist($user);
|
$this->userRepository->getEntityManager()->persist($user);
|
||||||
$this->userRepository->getEntityManager()->flush();
|
$this->userRepository->getEntityManager()->flush();
|
||||||
|
|||||||
Reference in New Issue
Block a user