authserver
/
oauth-account
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make registration with external account (and prefilled/forced fields) configurable

Browse Source
master
Lars Vierbergen 7 years ago
parent d6609302a2
commit 1544c09bdd
7 changed files with 244 additions and 41 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      DependencyInjection/AuthserverOAuthAccountExtension.php
  2. 10
      DependencyInjection/Configuration.php
  3. 135
      EventListener/RegistrationFieldsListener.php
  4. 22
      EventListener/RegistrationHandlerListener.php
  5. 42
      Resources/config/registration_services.xml
  6. 10
      Resources/config/services.xml
  7. 12
      Security/Core/User/OAuthUserProvider.php

10
DependencyInjection/AuthserverOAuthAccountExtension.php
Unescape View File

@ -17,10 +17,8 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace vierbergenlars\AuthserverOAuthAccountBundle\DependencyInjection;
use Symfony\Component\Config\Definition\Processor;
use Symfony\Component\DependencyInjection\ChildDefinition;
use Symfony\Component\DependencyInjection\ContainerBuilder;
@ -89,12 +87,18 @@ class AuthserverOAuthAccountExtension extends Extension implements PrependExtens
$config = $processor->processConfiguration(new Configuration(), $configs);
$container->getDefinition(self::RESOURCE_OWNER_MAP_SERVICE)->setArgument(0, $config['resource_owners']);
foreach ($config['resource_owners'] as $name => $config) {
foreach ($config['resource_owners'] as $name => $_) {
$service = new DefinitionDecorator('vierbergenlars.authserver_oauth_account.external_account_provider.abstract');
$service->replaceArgument(0, $name);
$service->addTag(AuthserverExternalAccountBundle::EXTERNAL_ACCOUNT_PROVIDER_TAG);
$container->setDefinition('vierbergenlars.authserver_oauth_account.external_account_provider.impl.' . $name, $service);
}
$container->setParameter('vierbergenlars.authserver_oauth_account.registration.enabled', $config['registration']['enabled']);
$container->setParameter('vierbergenlars.authserver_oauth_account.registration.fields', $config['registration']);
if ($config['registration']['enabled']) {
$xmlLoader->load('registration_services.xml');
}
}
public function getAlias()

10
DependencyInjection/Configuration.php
Unescape View File

@ -69,6 +69,16 @@ class Configuration implements ConfigurationInterface
->end()
->end()
->end()
->end()
->arrayNode('registration')
->canBeEnabled()
->addDefaultsIfNotSet()
->children()
->enumNode('display_name')->values(['prefill', 'blank', 'force'])->defaultValue('prefill')->end()
->enumNode('email')->values(['prefill', 'blank', 'force'])->defaultValue('prefill')->end()
->enumNode('password')->values(['blank', 'hidden', 'force-disable'])->defaultValue('hidden')->end()
->end()
->end()
;
// @formatter:on

135
EventListener/RegistrationFieldsListener.php
Unescape View File

@ -0,0 +1,135 @@
<?php
/**
* Authserver, an OAuth2-based single-signon authentication provider written in PHP.
*
* Copyright (C) $today.date Lars Vierbergen
*
* his program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace vierbergenlars\AuthserverOAuthAccountBundle\EventListener;
use Registration\Event\RegistrationHandleEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Registration\RegistrationEvents;
use Registration\Event\RegistrationFormEvent;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use vierbergenlars\AuthserverOAuthAccountBundle\Entity\TemporaryUser;
use Doctrine\ORM\EntityManagerInterface;
use App\Entity\EmailAddress;
use vierbergenlars\AuthserverOAuthAccountBundle\ResourceOwner\ResourceOwnerMap;
use EmailRulesBundle\EmailHandler\EmailRules;
use Registration\RegistrationHandler\RegistrationRules;
class RegistrationFieldsListener implements EventSubscriberInterface
{
/**
*
* @var TokenStorageInterface
*/
private $tokenStorage;
/**
*
* @var string[]
*/
private $registrationFields;
public static function getSubscribedEvents()
{
return [
RegistrationEvents::BUILD_FORM => [
'onBuildForm',
9
]
];
}
public function __construct(TokenStorageInterface $tokenStorage, array $registrationFields)
{
$this->tokenStorage = $tokenStorage;
$this->registrationFields = $registrationFields;
}
private function getTemporaryUser()
{
$token = $this->tokenStorage->getToken();
if (!$token)
return null;
$user = $token->getUser();
if ($user instanceof TemporaryUser)
return $user;
return null;
}
public function onBuildForm(RegistrationFormEvent $event)
{
if ($this->getTemporaryUser()) {
switch ($this->registrationFields['email']) {
case 'prefill':
break;
case 'blank':
$event->getFormBuilder()
->getData()
->getPrimaryEmailAddress()
->setEmail('');
break;
case 'force':
$event->getFormBuilder()
->get('emailAddresses')
->setDisabled(true);
break;
}
switch ($this->registrationFields['display_name']) {
case 'prefill':
break;
case 'blank':
$event->getFormBuilder()
->getData()
->setDisplayName('');
break;
case 'force':
$event->getFormBuilder()
->get('displayName')
->setDisabled(true);
break;
}
switch ($this->registrationFields['password']) {
case 'blank':
$event->getFormBuilder()
->getData()
->setPasswordEnabled(1);
break;
case 'hidden':
$event->getFormBuilder()
->getData()
->setPasswordEnabled(2);
break;
case 'force-disable':
$event->getFormBuilder()
->getData()
->setPasswordEnabled(0);
break;
}
if ($this->registrationFields['password'] === false) {
$event->getFormBuilder()
->getData()
->setPasswordEnabled(1);
}
}
}
}

22
EventListener/RegistrationHandlerListener.php
Unescape View File

@ -52,6 +52,12 @@ class RegistrationHandlerListener implements EventSubscriberInterface
*/
private $resourceOwnerMap;
/**
*
* @var string[]
*/
private $registrationFields;
/**
*
* @var EmailRules|null
@ -78,11 +84,12 @@ class RegistrationHandlerListener implements EventSubscriberInterface
];
}
public function __construct(EntityManagerInterface $em, TokenStorageInterface $tokenStorage, ResourceOwnerMap $resourceOwnerMap, EmailRules $emailRules = null, RegistrationRules $registrationRules = null)
public function __construct(EntityManagerInterface $em, TokenStorageInterface $tokenStorage, ResourceOwnerMap $resourceOwnerMap, array $registrationFields, EmailRules $emailRules = null, RegistrationRules $registrationRules = null)
{
$this->em = $em;
$this->tokenStorage = $tokenStorage;
$this->resourceOwnerMap = $resourceOwnerMap;
$this->registrationFields = $registrationFields;
$this->emailRules = $emailRules;
$this->registrationRules = $registrationRules;
}
@ -100,7 +107,14 @@ class RegistrationHandlerListener implements EventSubscriberInterface
public function onBuildForm(RegistrationFormEvent $event)
{
if ($tempuser = $this->getTemporaryUser()) {
if (($tempuser = $this->getTemporaryUser()) && $this->registrationFields['email']) {
$user = $event->getFormBuilder()->getData();
/* @var $user \App\Entity\User */
if (!$user->getPrimaryEmailAddress())
$user->addEmailAddress(new EmailAddress());
if ($this->registrationFields['email'] === 'force') {
$user->getPrimaryEmailAddress()->setEmail($tempuser->getEmail());
}
if ($tempuser->getEmail()) {
if ($this->emailRules) {
$rule = $this->emailRules->getFirstRuleMatching($tempuser->getEmail());
@ -116,10 +130,6 @@ class RegistrationHandlerListener implements EventSubscriberInterface
return;
}
}
$user = $event->getFormBuilder()->getData();
/* @var $user \App\Entity\User */
if (!$user->getPrimaryEmailAddress())
$user->addEmailAddress(new EmailAddress());
$user->getPrimaryEmailAddress()->setEmail($tempuser->getEmail());
}
}

42
Resources/config/registration_services.xml
Unescape View File

@ -0,0 +1,42 @@
<?xml version="1.0" ?>
<!--
~ Authserver, an OAuth2-based single-signon authentication provider written in PHP.
~
~ Copyright (C) $today.date Lars Vierbergen
~
~ his program is free software: you can redistribute it and/or modify
~ it under the terms of the GNU Affero General Public License as
~ published by the Free Software Foundation, either version 3 of the
~ License, or (at your option) any later version.
~
~ This program is distributed in the hope that it will be useful,
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
~ GNU Affero General Public License for more details.
~
~ You should have received a copy of the GNU Affero General Public License
~ along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
<services>
<service class="vierbergenlars\AuthserverOAuthAccountBundle\EventListener\RegistrationHandlerListener">
<argument type="service" id="doctrine.orm.entity_manager" />
<argument type="service" id="security.token_storage" />
<argument type="service" id="vierbergenlars.authserver_oauth_account.resource_owner_map" />
<argument>%vierbergenlars.authserver_oauth_account.registration.fields%</argument>
<argument type="service" id="email_rules.rules" on-invalid="null" />
<argument type="service" id="registration.rules" on-invalid="null" />
<tag name="kernel.event_subscriber" />
</service>
<service class="vierbergenlars\AuthserverOAuthAccountBundle\EventListener\RegistrationFieldsListener">
<argument type="service" id="security.token_storage" />
<argument>%vierbergenlars.authserver_oauth_account.registration.fields%</argument>
<tag name="kernel.event_subscriber" />
</service>
</services>
</container>

10
Resources/config/services.xml
Unescape View File

@ -25,6 +25,7 @@
<services>
<service id="vierbergenlars.authserver_oauth_account.user_provider" class="vierbergenlars\AuthserverOAuthAccountBundle\Security\Core\User\OAuthUserProvider">
<argument type="service" id="doctrine" />
<argument>%vierbergenlars.authserver_oauth_account.registration.enabled%</argument>
</service>
<service id="vierbergenlars.authserver_oauth_account.route_provider" class="vierbergenlars\AuthserverOAuthAccountBundle\Routing\RouteProvider">
<argument type="service" id="hwi_oauth.resource_ownermap.public" />
@ -42,14 +43,5 @@
<argument type="service" id="security.token_storage"/>
<argument type="service" id="hwi_oauth.resource_ownermap.public" />
</service>
<service class="vierbergenlars\AuthserverOAuthAccountBundle\EventListener\RegistrationHandlerListener">
<argument type="service" id="doctrine.orm.entity_manager" />
<argument type="service" id="security.token_storage" />
<argument type="service" id="vierbergenlars.authserver_oauth_account.resource_owner_map" />
<argument type="service" id="email_rules.rules" on-invalid="null" />
<argument type="service" id="registration.rules" on-invalid="null" />
<tag name="kernel.event_subscriber" />
</service>
</services>
</container>

12
Security/Core/User/OAuthUserProvider.php
Unescape View File

@ -39,10 +39,17 @@ class OAuthUserProvider extends UserProvider implements OAuthAwareUserProviderIn
*/
private $registry;
public function __construct(ManagerRegistry $registry)
/**
*
* @var boolean
*/
private $allowRegistrations;
public function __construct(ManagerRegistry $registry, $allowRegistrations)
{
parent::__construct($registry);
$this->registry = $registry;
$this->allowRegistrations = $allowRegistrations;
}
/**
@ -59,6 +66,9 @@ class OAuthUserProvider extends UserProvider implements OAuthAwareUserProviderIn
try {
return $this->getExternalAccount($response)->getUser();
} catch (AccountNotLinkedException $ex) {
if (!$this->allowRegistrations) {
throw $ex;
}
$user = new TemporaryUser();
$externalUser = $this->createExternalUser($response);
$user->setExternalUser($externalUser);