wip: adds config options for oidc
This commit is contained in:
@@ -23,6 +23,21 @@ final class ConfigResolver
|
||||
|
||||
#[Autowire(param: 'media.tvshows.path')]
|
||||
private readonly ?string $tvshowsPath = null,
|
||||
|
||||
#[Autowire(param: 'auth.method')]
|
||||
private readonly ?string $authMethod = null,
|
||||
|
||||
#[Autowire(param: 'auth.oidc.well_known_url')]
|
||||
private readonly ?string $authOidcWellKnownUrl = null,
|
||||
|
||||
#[Autowire(param: 'auth.oidc.client_id')]
|
||||
private readonly ?string $authOidcClientId = null,
|
||||
|
||||
#[Autowire(param: 'auth.oidc.client_secret')]
|
||||
private readonly ?string $authOidcClientSecret = null,
|
||||
|
||||
#[Autowire(param: 'auth.oidc.bypass_form_login')]
|
||||
private ?bool $authOidcBypassFormLogin = null,
|
||||
) {}
|
||||
|
||||
public function validate(): bool
|
||||
@@ -46,4 +61,35 @@ final class ConfigResolver
|
||||
{
|
||||
return $this->messages;
|
||||
}
|
||||
|
||||
public function authIs(string $method): bool
|
||||
{
|
||||
if (strtolower($method) === strtolower($this->getAuthMethod())) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getAuthMethod(): string
|
||||
{
|
||||
return strtolower($this->authMethod);
|
||||
}
|
||||
|
||||
public function bypassFormLogin(): bool
|
||||
{
|
||||
return $this->authOidcBypassFormLogin;
|
||||
}
|
||||
|
||||
public function getAuthConfig(): array
|
||||
{
|
||||
return [
|
||||
'method' => $this->authMethod,
|
||||
'oidc' => [
|
||||
'well_known_url' => $this->authOidcWellKnownUrl,
|
||||
'client_id' => $this->authOidcClientId,
|
||||
'client_secret' => $this->authOidcClientSecret,
|
||||
'bypass_form_login' => $this->authOidcBypassFormLogin,
|
||||
]
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,29 +2,30 @@
|
||||
|
||||
namespace App\User\Framework\Controller\Web;
|
||||
|
||||
use App\Base\ConfigResolver;
|
||||
use App\User\Framework\Repository\UserRepository;
|
||||
use App\User\Framework\Security\OidcUserProvider;
|
||||
use Doctrine\Common\Collections\ArrayCollection;
|
||||
use Drenso\OidcBundle\Exception\OidcException;
|
||||
use Drenso\OidcBundle\OidcClientInterface;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
use Symfony\Component\Security\Http\Attribute\IsGranted;
|
||||
|
||||
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
|
||||
|
||||
class LoginController extends AbstractController
|
||||
{
|
||||
#[Route(path: '/login', name: 'app_login')]
|
||||
public function login(AuthenticationUtils $authenticationUtils, UserRepository $userRepository): Response
|
||||
public function login(ConfigResolver $config, AuthenticationUtils $authenticationUtils, UserRepository $userRepository): Response
|
||||
{
|
||||
if ((new ArrayCollection($userRepository->findAll()))->count() === 0) {
|
||||
return $this->redirectToRoute('app_getting_started');
|
||||
}
|
||||
|
||||
if ($config->authIs('oidc') && $config->bypassFormLogin()) {
|
||||
return $this->redirectToRoute('app_login_oidc');
|
||||
}
|
||||
|
||||
// get the login error if there is one
|
||||
$error = $authenticationUtils->getLastAuthenticationError();
|
||||
|
||||
@@ -32,6 +33,7 @@ class LoginController extends AbstractController
|
||||
$lastUsername = $authenticationUtils->getLastUsername();
|
||||
|
||||
return $this->render('user/login.html.twig', [
|
||||
'show_oidc_button' => $config->authIs('oidc'),
|
||||
'last_username' => $lastUsername,
|
||||
'error' => $error,
|
||||
]);
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\User\Framework\Controller\Web;
|
||||
|
||||
use App\Base\ConfigResolver;
|
||||
use Drenso\OidcBundle\OidcClientInterface;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
@@ -11,9 +12,18 @@ use Symfony\Component\Routing\Attribute\Route;
|
||||
|
||||
class LoginOidcController extends AbstractController
|
||||
{
|
||||
|
||||
public function __construct(
|
||||
private ConfigResolver $configResolver,
|
||||
) {}
|
||||
|
||||
#[Route('/login/oidc', name: 'app_login_oidc')]
|
||||
public function oidcStart(OidcClientInterface $oidcClient): RedirectResponse
|
||||
{
|
||||
if (false === $this->configResolver->authIs('oidc')) {
|
||||
throw new \Exception('You must configure the OIDC environment variables before logging in at this route.');
|
||||
}
|
||||
|
||||
// Redirect to authorization @ OIDC provider
|
||||
return $oidcClient->generateAuthorizationRedirect();
|
||||
}
|
||||
@@ -21,6 +31,10 @@ class LoginOidcController extends AbstractController
|
||||
#[Route('/login/oidc/auth', name: 'app_login_oidc_auth')]
|
||||
public function oidcAuthenticate(): RedirectResponse
|
||||
{
|
||||
if (false === $this->configResolver->authIs('oidc')) {
|
||||
throw new \Exception('You must configure the OIDC environment variables before logging in at this route.');
|
||||
}
|
||||
|
||||
throw new \LogicException('This method can be blank - it will be intercepted by the "oidc" key on your firewall.');
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user