|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/* |
|
6
|
|
|
* The MIT License (MIT) |
|
7
|
|
|
* |
|
8
|
|
|
* Copyright (c) 2014-2018 Spomky-Labs |
|
9
|
|
|
* |
|
10
|
|
|
* This software may be modified and distributed under the terms |
|
11
|
|
|
* of the MIT license. See the LICENSE file for details. |
|
12
|
|
|
*/ |
|
13
|
|
|
|
|
14
|
|
|
namespace OAuth2Framework\ServerBundle\Component\Endpoint\Authorization; |
|
15
|
|
|
|
|
16
|
|
|
use OAuth2Framework\Component\AuthorizationEndpoint\AuthorizationEndpoint; |
|
17
|
|
|
use OAuth2Framework\ServerBundle\Component\Component; |
|
18
|
|
|
use OAuth2Framework\ServerBundle\Component\Endpoint\Authorization\Compiler\AuthorizationEndpointRouteCompilerPass; |
|
19
|
|
|
use OAuth2Framework\ServerBundle\Component\Endpoint\Authorization\Compiler\AuthorizationRequestMetadataCompilerPass; |
|
20
|
|
|
use OAuth2Framework\ServerBundle\Component\Endpoint\Authorization\Compiler\ConsentScreenExtensionCompilerPass; |
|
21
|
|
|
use OAuth2Framework\ServerBundle\Component\Endpoint\Authorization\Compiler\ParameterCheckerCompilerPass; |
|
22
|
|
|
use OAuth2Framework\ServerBundle\Component\Endpoint\Authorization\Compiler\ResponseModeCompilerPass; |
|
23
|
|
|
use OAuth2Framework\ServerBundle\Component\Endpoint\Authorization\Compiler\ResponseTypeCompilerPass; |
|
24
|
|
|
use OAuth2Framework\ServerBundle\Component\Endpoint\Authorization\Compiler\TemplatePathCompilerPass; |
|
25
|
|
|
use OAuth2Framework\ServerBundle\Component\Endpoint\Authorization\Compiler\RequestObjectCompilerPass; |
|
26
|
|
|
use OAuth2Framework\Component\AuthorizationEndpoint\ConsentScreen\Extension; |
|
27
|
|
|
use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ParameterChecker; |
|
28
|
|
|
use OAuth2Framework\Component\AuthorizationEndpoint\ResponseMode\ResponseMode; |
|
29
|
|
|
use OAuth2Framework\Component\AuthorizationEndpoint\ResponseType; |
|
30
|
|
|
use OAuth2Framework\Component\AuthorizationEndpoint\UserAccount\UserAccountDiscovery; |
|
31
|
|
|
use OAuth2Framework\ServerBundle\Service\SymfonyUserDiscovery; |
|
32
|
|
|
use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition; |
|
33
|
|
|
use Symfony\Component\Config\FileLocator; |
|
34
|
|
|
use Symfony\Component\DependencyInjection\ContainerBuilder; |
|
35
|
|
|
use Symfony\Component\DependencyInjection\Loader\PhpFileLoader; |
|
36
|
|
|
|
|
37
|
|
|
class AuthorizationEndpointSource implements Component |
|
38
|
|
|
{ |
|
39
|
|
|
/** |
|
40
|
|
|
* @var Component[] |
|
41
|
|
|
*/ |
|
42
|
|
|
private $subComponents = []; |
|
43
|
|
|
|
|
44
|
|
|
/** |
|
45
|
|
|
* AuthorizationEndpointSource constructor. |
|
46
|
|
|
*/ |
|
47
|
|
|
public function __construct() |
|
48
|
|
|
{ |
|
49
|
|
|
$this->subComponents = [ |
|
50
|
|
|
new ResponseModeSource(), |
|
51
|
|
|
new RequestObjectSource(), |
|
52
|
|
|
]; |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
|
|
/** |
|
56
|
|
|
* {@inheritdoc} |
|
57
|
|
|
*/ |
|
58
|
|
|
public function name(): string |
|
59
|
|
|
{ |
|
60
|
|
|
return 'authorization'; |
|
61
|
|
|
} |
|
62
|
|
|
|
|
63
|
|
|
/** |
|
64
|
|
|
* {@inheritdoc} |
|
65
|
|
|
*/ |
|
66
|
|
|
public function load(array $configs, ContainerBuilder $container) |
|
67
|
|
|
{ |
|
68
|
|
|
if (!class_exists(AuthorizationEndpoint::class)) { |
|
69
|
|
|
return; |
|
70
|
|
|
} |
|
71
|
|
|
$config = $configs['endpoint']['authorization']; |
|
72
|
|
|
$container->setParameter('oauth2_server.endpoint.authorization.enabled', $config['enabled']); |
|
73
|
|
|
if (!$config['enabled']) { |
|
74
|
|
|
return; |
|
75
|
|
|
} |
|
76
|
|
|
|
|
77
|
|
|
$container->registerForAutoconfiguration(ResponseType::class)->addTag('oauth2_server_response_type'); |
|
78
|
|
|
$container->registerForAutoconfiguration(ResponseMode::class)->addTag('oauth2_server_response_mode'); |
|
79
|
|
|
$container->registerForAutoconfiguration(ParameterChecker::class)->addTag('oauth2_server_authorization_parameter_checker'); |
|
80
|
|
|
$container->registerForAutoconfiguration(UserAccountDiscovery::class)->addTag('oauth2_server_user_account_discovery'); |
|
81
|
|
|
$container->registerForAutoconfiguration(Extension::class)->addTag('oauth2_server_consent_screen_extension'); |
|
82
|
|
|
|
|
83
|
|
|
$loader = new PhpFileLoader($container, new FileLocator(__DIR__.'/../../../Resources/config/endpoint/authorization')); |
|
84
|
|
|
$loader->load('authorization.php'); |
|
85
|
|
|
$loader->load('user_account_discovery.php'); |
|
86
|
|
|
|
|
87
|
|
|
$container->setAlias(UserAccountDiscovery::class, $config['user_account_discovery']); |
|
88
|
|
|
|
|
89
|
|
|
$container->setParameter('oauth2_server.endpoint.authorization.path', $config['path']); |
|
90
|
|
|
$container->setParameter('oauth2_server.endpoint.authorization.host', $config['host']); |
|
91
|
|
|
$container->setParameter('oauth2_server.endpoint.authorization.login_route_name', $config['login_route_name']); |
|
92
|
|
|
$container->setParameter('oauth2_server.endpoint.authorization.login_route_parameters', $config['login_route_parameters']); |
|
93
|
|
|
$container->setParameter('oauth2_server.endpoint.authorization.template', $config['template']); |
|
94
|
|
|
$container->setParameter('oauth2_server.endpoint.authorization.enforce_state', $config['enforce_state']); |
|
95
|
|
|
$container->setParameter('oauth2_server.endpoint.authorization.form', $config['form']); |
|
96
|
|
|
|
|
97
|
|
|
foreach ($this->subComponents as $subComponent) { |
|
98
|
|
|
$subComponent->load($configs, $container); |
|
99
|
|
|
} |
|
100
|
|
|
} |
|
101
|
|
|
|
|
102
|
|
|
/** |
|
103
|
|
|
* {@inheritdoc} |
|
104
|
|
|
*/ |
|
105
|
|
|
public function getNodeDefinition(ArrayNodeDefinition $node, ArrayNodeDefinition $rootNode) |
|
106
|
|
|
{ |
|
107
|
|
|
if (!class_exists(AuthorizationEndpoint::class)) { |
|
108
|
|
|
return; |
|
109
|
|
|
} |
|
110
|
|
|
$childNode = $node->children() |
|
111
|
|
|
->arrayNode($this->name()) |
|
112
|
|
|
->canBeEnabled(); |
|
113
|
|
|
|
|
114
|
|
|
$childNode->children() |
|
115
|
|
|
->scalarNode('path') |
|
116
|
|
|
->info('The path to the authorization endpoint.') |
|
117
|
|
|
->defaultValue('/authorize') |
|
118
|
|
|
->end() |
|
119
|
|
|
->scalarNode('host') |
|
120
|
|
|
->info('If set, the route will be limited to that host') |
|
121
|
|
|
->defaultValue('') |
|
122
|
|
|
->treatFalseLike('') |
|
123
|
|
|
->treatNullLike('') |
|
124
|
|
|
->end() |
|
125
|
|
|
->scalarNode('login_route_name') |
|
126
|
|
|
->info('The name of the login route. Will be converted into URL and used to redirect the user if not logged in. If you use "FOSUserBundle", the route name should be "fos_user_security_login".') |
|
127
|
|
|
->end() |
|
128
|
|
|
->arrayNode('login_route_parameters') |
|
129
|
|
|
->info('Parameters associated to the login route (optional).') |
|
130
|
|
|
->useAttributeAsKey('name') |
|
131
|
|
|
->scalarPrototype()->end() |
|
132
|
|
|
->treatNullLike([]) |
|
133
|
|
|
->end() |
|
134
|
|
|
->scalarNode('user_account_discovery') |
|
135
|
|
|
->info('The user account discovery service.') |
|
136
|
|
|
->defaultValue(SymfonyUserDiscovery::class) |
|
137
|
|
|
->end() |
|
138
|
|
|
->scalarNode('template') |
|
139
|
|
|
->info('The consent page template.') |
|
140
|
|
|
->defaultValue('@OAuth2FrameworkServerBundle/authorization/authorization.html.twig') |
|
141
|
|
|
->end() |
|
142
|
|
|
->scalarNode('enforce_state') |
|
143
|
|
|
->info('If true the "state" parameter is mandatory (recommended).') |
|
144
|
|
|
->defaultFalse() |
|
145
|
|
|
->end() |
|
146
|
|
|
->scalarNode('form') |
|
147
|
|
|
->info('If form used for authorization requests.') |
|
148
|
|
|
->defaultValue('oauth2_server_authorization_form') |
|
149
|
|
|
->end() |
|
150
|
|
|
->end(); |
|
151
|
|
|
|
|
152
|
|
|
foreach ($this->subComponents as $subComponent) { |
|
153
|
|
|
$subComponent->getNodeDefinition($childNode, $node); |
|
154
|
|
|
} |
|
155
|
|
|
} |
|
156
|
|
|
|
|
157
|
|
|
/** |
|
158
|
|
|
* {@inheritdoc} |
|
159
|
|
|
*/ |
|
160
|
|
|
public function prepend(ContainerBuilder $container, array $config): array |
|
161
|
|
|
{ |
|
162
|
|
|
if (!class_exists(AuthorizationEndpoint::class)) { |
|
163
|
|
|
return []; |
|
164
|
|
|
} |
|
165
|
|
|
if (!$config['endpoint']['authorization']['enabled']) { |
|
166
|
|
|
return []; |
|
167
|
|
|
} |
|
168
|
|
|
|
|
169
|
|
|
$updatedConfig = []; |
|
170
|
|
|
foreach ($this->subComponents as $subComponent) { |
|
171
|
|
|
$updatedConfig = array_merge( |
|
172
|
|
|
$updatedConfig, |
|
173
|
|
|
$subComponent->prepend($container, $config) |
|
174
|
|
|
); |
|
175
|
|
|
} |
|
176
|
|
|
|
|
177
|
|
|
return $updatedConfig; |
|
178
|
|
|
} |
|
179
|
|
|
|
|
180
|
|
|
/** |
|
181
|
|
|
* {@inheritdoc} |
|
182
|
|
|
*/ |
|
183
|
|
|
public function build(ContainerBuilder $container) |
|
184
|
|
|
{ |
|
185
|
|
|
if (!class_exists(AuthorizationEndpoint::class)) { |
|
186
|
|
|
return; |
|
187
|
|
|
} |
|
188
|
|
|
$container->addCompilerPass(new AuthorizationEndpointRouteCompilerPass()); |
|
189
|
|
|
$container->addCompilerPass(new RequestObjectCompilerPass()); |
|
190
|
|
|
$container->addCompilerPass(new AuthorizationRequestMetadataCompilerPass()); |
|
191
|
|
|
$container->addCompilerPass(new ConsentScreenExtensionCompilerPass()); |
|
192
|
|
|
$container->addCompilerPass(new ParameterCheckerCompilerPass()); |
|
193
|
|
|
$container->addCompilerPass(new ResponseModeCompilerPass()); |
|
194
|
|
|
$container->addCompilerPass(new ResponseTypeCompilerPass()); |
|
195
|
|
|
$container->addCompilerPass(new TemplatePathCompilerPass()); |
|
196
|
|
|
|
|
197
|
|
|
foreach ($this->subComponents as $component) { |
|
198
|
|
|
$component->build($container); |
|
199
|
|
|
} |
|
200
|
|
|
} |
|
201
|
|
|
} |
|
202
|
|
|
|
OAuth2-Framework /
oauth2-framework
