oauth-account/Security/Core/User/OAuthUserProvider.php

<?php
/**
 * Authserver, an OAuth2-based single-signon authentication provider written in PHP.
 *
 * Copyright (C) $today.date  Lars Vierbergen
 *
 * his program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */


namespace vierbergenlars\AuthserverOAuthAccountBundle\Security\Core\User;


use App\Entity\User;
use App\Security\User\UserProvider;
use Doctrine\Common\Persistence\ManagerRegistry;
use HWI\Bundle\OAuthBundle\Connect\AccountConnectorInterface;
use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;
use HWI\Bundle\OAuthBundle\Security\Core\Exception\AccountNotLinkedException;
use HWI\Bundle\OAuthBundle\Security\Core\User\OAuthAwareUserProviderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use vierbergenlars\AuthserverExternalAccountBundle\Entity\ExternalUser;

class OAuthUserProvider extends UserProvider implements OAuthAwareUserProviderInterface, AccountConnectorInterface
{
    /**
     * @var ManagerRegistry
     */
    private $registry;

    public function __construct(ManagerRegistry $registry)
    {
        parent::__construct($registry);
        $this->registry = $registry;
    }


    /**
     * Loads the user by a given UserResponseInterface object.
     *
     * @param UserResponseInterface $response
     *
     * @return UserInterface
     *
     * @throws AccountNotLinkedException if the provider is not linked to an account
     */
    public function loadUserByOAuthUserResponse(UserResponseInterface $response)
    {
        return $this->getExternalAccount($response)->getUser();
    }

    public function connect(UserInterface $user, UserResponseInterface $response)
    {
        if(!$user instanceof User)
            throw new \UnexpectedValueException('User must be instance of '.User::class.', got '.get_class($username));
        try {
            $externalUser = $this->getExternalAccount($response);
            $this->disconnect($externalUser);
        } catch(AccountNotLinkedException $ex) {
            // do nothing
        }
        $externalUser = new ExternalUser();
        $externalUser->setUser($user);
        $externalUser->setProvider('oauth_'.$response->getResourceOwner()->getName());
        $externalUser->setProviderRef($response->getUsername());
        $externalUser->setProviderFriendlyName($response->getRealName());
        $this->getManager()->persist($externalUser);
        $this->getManager()->flush();
    }

    public function disconnect(ExternalUser $externalUser)
    {
        $this->getManager()->remove($externalUser);
        $this->getManager()->flush();
    }

    /**
     * @return \Doctrine\Common\Persistence\ObjectRepository
     */
    private function getRepo()
    {
        return $this->getManager()->getRepository('AuthserverExternalAccountBundle:ExternalUser');
    }

    /**
     * @return \Doctrine\Common\Persistence\ObjectManager|null
     */
    private function getManager()
    {
        return $this->registry->getManagerForClass('AuthserverExternalAccountBundle:ExternalUser');
    }

    /**
     * @param UserResponseInterface $response
     * @return ExternalUser
     */
    private function getExternalAccount(UserResponseInterface $response)
    {
        $repo = $this->getRepo();

        $externalAccount = $repo->findOneBy([
            'provider'     => 'oauth_'. $response->getResourceOwner()->getName(),
            'provider_ref' => $response->getUsername()
        ]);

        if(!$externalAccount) {
            throw new AccountNotLinkedException(sprintf('No external account registered for provider "%s", ref: "%s"', $response->getResourceOwner()->getName(), $response->getUsername()));
        }

        return $externalAccount;
    }

}
Initial commit 7 years ago			`<?php`
			`/**`
			`* Authserver, an OAuth2-based single-signon authentication provider written in PHP.`
			`*`
			`* Copyright (C) $today.date Lars Vierbergen`
			`*`
			`* his program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`


			`namespace vierbergenlars\AuthserverOAuthAccountBundle\Security\Core\User;`


			`use App\Entity\User;`
			`use App\Security\User\UserProvider;`
			`use Doctrine\Common\Persistence\ManagerRegistry;`
			`use HWI\Bundle\OAuthBundle\Connect\AccountConnectorInterface;`
			`use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;`
			`use HWI\Bundle\OAuthBundle\Security\Core\Exception\AccountNotLinkedException;`
			`use HWI\Bundle\OAuthBundle\Security\Core\User\OAuthAwareUserProviderInterface;`
			`use Symfony\Component\Security\Core\User\UserInterface;`
			`use vierbergenlars\AuthserverExternalAccountBundle\Entity\ExternalUser;`

			`class OAuthUserProvider extends UserProvider implements OAuthAwareUserProviderInterface, AccountConnectorInterface`
			`{`
			`/**`
			`* @var ManagerRegistry`
			`*/`
			`private $registry;`

			`public function __construct(ManagerRegistry $registry)`
			`{`
			`parent::__construct($registry);`
			`$this->registry = $registry;`
			`}`


			`/**`
			`* Loads the user by a given UserResponseInterface object.`
			`*`
			`* @param UserResponseInterface $response`
			`*`
			`* @return UserInterface`
			`*`
			`* @throws AccountNotLinkedException if the provider is not linked to an account`
			`*/`
			`public function loadUserByOAuthUserResponse(UserResponseInterface $response)`
			`{`
			`return $this->getExternalAccount($response)->getUser();`
			`}`

			`public function connect(UserInterface $user, UserResponseInterface $response)`
			`{`
			`if(!$user instanceof User)`
			`throw new \UnexpectedValueException('User must be instance of '.User::class.', got '.get_class($username));`
			`try {`
			`$externalUser = $this->getExternalAccount($response);`
			`$this->disconnect($externalUser);`
			`} catch(AccountNotLinkedException $ex) {`
			`// do nothing`
			`}`
			`$externalUser = new ExternalUser();`
			`$externalUser->setUser($user);`
Move more logic to ExternalAccountBundle for a more centralized view 7 years ago			`$externalUser->setProvider('oauth_'.$response->getResourceOwner()->getName());`
Initial commit 7 years ago			`$externalUser->setProviderRef($response->getUsername());`
			`$externalUser->setProviderFriendlyName($response->getRealName());`
			`$this->getManager()->persist($externalUser);`
			`$this->getManager()->flush();`
			`}`

			`public function disconnect(ExternalUser $externalUser)`
			`{`
			`$this->getManager()->remove($externalUser);`
			`$this->getManager()->flush();`
			`}`

			`/**`
			`* @return \Doctrine\Common\Persistence\ObjectRepository`
			`*/`
			`private function getRepo()`
			`{`
			`return $this->getManager()->getRepository('AuthserverExternalAccountBundle:ExternalUser');`
			`}`

			`/**`
			`* @return \Doctrine\Common\Persistence\ObjectManager\|null`
			`*/`
			`private function getManager()`
			`{`
			`return $this->registry->getManagerForClass('AuthserverExternalAccountBundle:ExternalUser');`
			`}`

			`/**`
			`* @param UserResponseInterface $response`
			`* @return ExternalUser`
			`*/`
			`private function getExternalAccount(UserResponseInterface $response)`
			`{`
			`$repo = $this->getRepo();`

			`$externalAccount = $repo->findOneBy([`
Move more logic to ExternalAccountBundle for a more centralized view 7 years ago			`'provider' => 'oauth_'. $response->getResourceOwner()->getName(),`
Initial commit 7 years ago			`'provider_ref' => $response->getUsername()`
			`]);`

			`if(!$externalAccount) {`
			`throw new AccountNotLinkedException(sprintf('No external account registered for provider "%s", ref: "%s"', $response->getResourceOwner()->getName(), $response->getUsername()));`
			`}`

			`return $externalAccount;`
			`}`

			`}`