authserver
/
oauth-account
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
1 Commit
1 Branch
2 Tags
150 KiB
Tag: Branch: Tree: ac227fd8f7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ac227fd8f7'
${ noResults }
oauth-account/Security/Core/User/OAuthUserProvider.php

125 lines
4.2 KiB
Raw Normal View History Unescape

Initial commit
8 years ago
<?php
/**
* Authserver, an OAuth2-based single-signon authentication provider written in PHP.
*
* Copyright (C) $today.date Lars Vierbergen
*
* his program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace vierbergenlars\AuthserverOAuthAccountBundle\Security\Core\User;
use App\Entity\User;
use App\Security\User\UserProvider;
use Doctrine\Common\Persistence\ManagerRegistry;
use HWI\Bundle\OAuthBundle\Connect\AccountConnectorInterface;
use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;
use HWI\Bundle\OAuthBundle\Security\Core\Exception\AccountNotLinkedException;
use HWI\Bundle\OAuthBundle\Security\Core\User\OAuthAwareUserProviderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use vierbergenlars\AuthserverExternalAccountBundle\Entity\ExternalUser;
class OAuthUserProvider extends UserProvider implements OAuthAwareUserProviderInterface, AccountConnectorInterface
{
/**
* @var ManagerRegistry
*/
private $registry;
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry);
$this->registry = $registry;
}
/**
* Loads the user by a given UserResponseInterface object.
*
* @param UserResponseInterface $response
*
* @return UserInterface
*
* @throws AccountNotLinkedException if the provider is not linked to an account
*/
public function loadUserByOAuthUserResponse(UserResponseInterface $response)
{
return $this->getExternalAccount($response)->getUser();
}
public function connect(UserInterface $user, UserResponseInterface $response)
{
if(!$user instanceof User)
throw new \UnexpectedValueException('User must be instance of '.User::class.', got '.get_class($username));
try {
$externalUser = $this->getExternalAccount($response);
$this->disconnect($externalUser);
} catch(AccountNotLinkedException $ex) {
// do nothing
}
$externalUser = new ExternalUser();
$externalUser->setUser($user);
$externalUser->setProvider($response->getResourceOwner()->getName());
$externalUser->setProviderRef($response->getUsername());
$externalUser->setProviderFriendlyName($response->getRealName());
$this->getManager()->persist($externalUser);
$this->getManager()->flush();
}
public function disconnect(ExternalUser $externalUser)
{
$this->getManager()->remove($externalUser);
$this->getManager()->flush();
}
/**
* @return \Doctrine\Common\Persistence\ObjectRepository
*/
private function getRepo()
{
return $this->getManager()->getRepository('AuthserverExternalAccountBundle:ExternalUser');
}
/**
* @return \Doctrine\Common\Persistence\ObjectManager|null
*/
private function getManager()
{
return $this->registry->getManagerForClass('AuthserverExternalAccountBundle:ExternalUser');
}
/**
* @param UserResponseInterface $response
* @return ExternalUser
*/
private function getExternalAccount(UserResponseInterface $response)
{
$repo = $this->getRepo();
$externalAccount = $repo->findOneBy([
'provider' => $response->getResourceOwner()->getName(),
'provider_ref' => $response->getUsername()
]);
if(!$externalAccount) {
throw new AccountNotLinkedException(sprintf('No external account registered for provider "%s", ref: "%s"', $response->getResourceOwner()->getName(), $response->getUsername()));
}
return $externalAccount;
}
}