1
|
|
|
<?php |
2
|
|
|
declare(strict_types=1); |
3
|
|
|
|
4
|
|
|
namespace RZ\Roadiz\OpenId\User; |
5
|
|
|
|
6
|
|
|
use Lcobucci\JWT\Token; |
7
|
|
|
use Symfony\Component\Security\Core\User\EquatableInterface; |
8
|
|
|
use Symfony\Component\Security\Core\User\UserInterface; |
9
|
|
|
use JMS\Serializer\Annotation as Serializer; |
10
|
|
|
|
11
|
|
|
/** |
12
|
|
|
* @package RZ\Roadiz\Core\Authentication |
13
|
|
|
* @see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims |
14
|
|
|
*/ |
15
|
|
|
class OpenIdAccount implements UserInterface, EquatableInterface |
16
|
|
|
{ |
17
|
|
|
/** |
18
|
|
|
* @var array<string> |
19
|
|
|
* @Serializer\Groups({"user"}) |
20
|
|
|
*/ |
21
|
|
|
protected $roles; |
22
|
|
|
/** |
23
|
|
|
* @var string|null |
24
|
|
|
* @Serializer\Groups({"user"}) |
25
|
|
|
*/ |
26
|
|
|
protected $issuer; |
27
|
|
|
/** |
28
|
|
|
* @var string |
29
|
|
|
* @Serializer\Groups({"user"}) |
30
|
|
|
*/ |
31
|
|
|
protected $email; |
32
|
|
|
/** |
33
|
|
|
* @var string|null |
34
|
|
|
* @Serializer\Groups({"user"}) |
35
|
|
|
*/ |
36
|
|
|
protected $name; |
37
|
|
|
/** |
38
|
|
|
* @var string|null |
39
|
|
|
* @Serializer\Groups({"user"}) |
40
|
|
|
*/ |
41
|
|
|
protected $nickname; |
42
|
|
|
/** |
43
|
|
|
* @var string|null |
44
|
|
|
* @Serializer\Groups({"user"}) |
45
|
|
|
*/ |
46
|
|
|
protected $website; |
47
|
|
|
/** |
48
|
|
|
* @var string|null |
49
|
|
|
* @Serializer\Groups({"user"}) |
50
|
|
|
*/ |
51
|
|
|
protected $locale; |
52
|
|
|
/** |
53
|
|
|
* @var string|null |
54
|
|
|
* @Serializer\Groups({"user"}) |
55
|
|
|
*/ |
56
|
|
|
protected $phoneNumber; |
57
|
|
|
/** |
58
|
|
|
* @var array|null |
59
|
|
|
* @Serializer\Groups({"user"}) |
60
|
|
|
*/ |
61
|
|
|
protected $address; |
62
|
|
|
/** |
63
|
|
|
* @var string|null |
64
|
|
|
* @Serializer\Groups({"user"}) |
65
|
|
|
*/ |
66
|
|
|
protected $familyName; |
67
|
|
|
/** |
68
|
|
|
* @var string|null |
69
|
|
|
* @Serializer\Groups({"user"}) |
70
|
|
|
*/ |
71
|
|
|
protected $middleName; |
72
|
|
|
/** |
73
|
|
|
* @var string|null |
74
|
|
|
* @Serializer\Groups({"user"}) |
75
|
|
|
*/ |
76
|
|
|
protected $givenName; |
77
|
|
|
/** |
78
|
|
|
* @var string|null |
79
|
|
|
* @Serializer\Groups({"user"}) |
80
|
|
|
*/ |
81
|
|
|
protected $picture; |
82
|
|
|
/** |
83
|
|
|
* @var string|null |
84
|
|
|
* @Serializer\Groups({"user"}) |
85
|
|
|
*/ |
86
|
|
|
protected $profile; |
87
|
|
|
/** |
88
|
|
|
* @var Token |
89
|
|
|
*/ |
90
|
|
|
protected $jwtToken; |
91
|
|
|
|
92
|
|
|
/** |
93
|
|
|
* OpenIdAccount constructor. |
94
|
|
|
* |
95
|
|
|
* @param string $email |
96
|
|
|
* @param array $roles |
97
|
|
|
* @param Token $jwtToken |
98
|
|
|
*/ |
99
|
|
|
public function __construct( |
100
|
|
|
string $email, |
101
|
|
|
array $roles, |
102
|
|
|
Token $jwtToken |
103
|
|
|
) { |
104
|
|
|
$this->roles = $roles; |
105
|
|
|
$this->email = $email; |
106
|
|
|
$this->jwtToken = $jwtToken; |
107
|
|
|
/* |
108
|
|
|
* https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims |
109
|
|
|
*/ |
110
|
|
|
$this->name = $jwtToken->hasClaim('name') ? (string) $jwtToken->getClaim('name') : null; |
111
|
|
|
$this->issuer = $jwtToken->hasClaim('iss') ? (string) $jwtToken->getClaim('iss') : null; |
112
|
|
|
$this->givenName = $jwtToken->hasClaim('given_name') ? (string) $jwtToken->getClaim('given_name') : null; |
113
|
|
|
$this->familyName = $jwtToken->hasClaim('family_name') ? (string) $jwtToken->getClaim('family_name') : null; |
114
|
|
|
$this->middleName = $jwtToken->hasClaim('middle_name') ? (string) $jwtToken->getClaim('middle_name') : null; |
115
|
|
|
$this->nickname = $jwtToken->hasClaim('nickname') ? (string) $jwtToken->getClaim('nickname') : null; |
116
|
|
|
$this->profile = $jwtToken->hasClaim('profile') ? (string) $jwtToken->getClaim('profile') : null; |
117
|
|
|
$this->picture = $jwtToken->hasClaim('picture') ? (string) $jwtToken->getClaim('picture') : null; |
118
|
|
|
$this->locale = $jwtToken->hasClaim('locale') ? (string) $jwtToken->getClaim('locale') : null; |
119
|
|
|
$this->phoneNumber = $jwtToken->hasClaim('phone_number') ? (string) $jwtToken->getClaim('phone_number') : null; |
120
|
|
|
$this->address = $jwtToken->hasClaim('address') ? $jwtToken->getClaim('address') : null; |
121
|
|
|
} |
122
|
|
|
|
123
|
|
|
/** |
124
|
|
|
* @inheritDoc |
125
|
|
|
*/ |
126
|
|
|
public function getRoles() |
127
|
|
|
{ |
128
|
|
|
return $this->roles; |
129
|
|
|
} |
130
|
|
|
|
131
|
|
|
/** |
132
|
|
|
* @inheritDoc |
133
|
|
|
*/ |
134
|
|
|
public function getPassword() |
135
|
|
|
{ |
136
|
|
|
return ''; |
137
|
|
|
} |
138
|
|
|
|
139
|
|
|
/** |
140
|
|
|
* @inheritDoc |
141
|
|
|
*/ |
142
|
|
|
public function getSalt() |
143
|
|
|
{ |
144
|
|
|
return ''; |
145
|
|
|
} |
146
|
|
|
|
147
|
|
|
/** |
148
|
|
|
* @inheritDoc |
149
|
|
|
*/ |
150
|
|
|
public function getUsername() |
151
|
|
|
{ |
152
|
|
|
return $this->email; |
153
|
|
|
} |
154
|
|
|
|
155
|
|
|
/** |
156
|
|
|
* @inheritDoc |
157
|
|
|
*/ |
158
|
|
|
public function eraseCredentials() |
159
|
|
|
{ |
160
|
|
|
return; |
161
|
|
|
} |
162
|
|
|
|
163
|
|
|
/** |
164
|
|
|
* @return string |
165
|
|
|
*/ |
166
|
|
|
public function getEmail(): ?string |
167
|
|
|
{ |
168
|
|
|
return $this->email; |
169
|
|
|
} |
170
|
|
|
|
171
|
|
|
/** |
172
|
|
|
* @return string |
173
|
|
|
*/ |
174
|
|
|
public function getName(): ?string |
175
|
|
|
{ |
176
|
|
|
return $this->name; |
177
|
|
|
} |
178
|
|
|
|
179
|
|
|
/** |
180
|
|
|
* @return string |
181
|
|
|
*/ |
182
|
|
|
public function getFamilyName(): ?string |
183
|
|
|
{ |
184
|
|
|
return $this->familyName; |
185
|
|
|
} |
186
|
|
|
|
187
|
|
|
/** |
188
|
|
|
* @return string |
189
|
|
|
*/ |
190
|
|
|
public function getGivenName(): ?string |
191
|
|
|
{ |
192
|
|
|
return $this->givenName; |
193
|
|
|
} |
194
|
|
|
|
195
|
|
|
/** |
196
|
|
|
* @return string |
197
|
|
|
*/ |
198
|
|
|
public function getPicture(): ?string |
199
|
|
|
{ |
200
|
|
|
return $this->picture; |
201
|
|
|
} |
202
|
|
|
|
203
|
|
|
/** |
204
|
|
|
* @return string|null |
205
|
|
|
*/ |
206
|
|
|
public function getNickname(): ?string |
207
|
|
|
{ |
208
|
|
|
return $this->nickname; |
209
|
|
|
} |
210
|
|
|
|
211
|
|
|
/** |
212
|
|
|
* @return string|null |
213
|
|
|
*/ |
214
|
|
|
public function getWebsite(): ?string |
215
|
|
|
{ |
216
|
|
|
return $this->website; |
217
|
|
|
} |
218
|
|
|
|
219
|
|
|
/** |
220
|
|
|
* @return string|null |
221
|
|
|
*/ |
222
|
|
|
public function getLocale(): ?string |
223
|
|
|
{ |
224
|
|
|
return $this->locale; |
225
|
|
|
} |
226
|
|
|
|
227
|
|
|
/** |
228
|
|
|
* @return string|null |
229
|
|
|
*/ |
230
|
|
|
public function getPhoneNumber(): ?string |
231
|
|
|
{ |
232
|
|
|
return $this->phoneNumber; |
233
|
|
|
} |
234
|
|
|
|
235
|
|
|
/** |
236
|
|
|
* @return array|null |
237
|
|
|
*/ |
238
|
|
|
public function getAddress(): ?array |
239
|
|
|
{ |
240
|
|
|
return $this->address; |
241
|
|
|
} |
242
|
|
|
|
243
|
|
|
/** |
244
|
|
|
* @return string|null |
245
|
|
|
*/ |
246
|
|
|
public function getMiddleName(): ?string |
247
|
|
|
{ |
248
|
|
|
return $this->middleName; |
249
|
|
|
} |
250
|
|
|
|
251
|
|
|
/** |
252
|
|
|
* @return string|null |
253
|
|
|
*/ |
254
|
|
|
public function getProfile(): ?string |
255
|
|
|
{ |
256
|
|
|
return $this->profile; |
257
|
|
|
} |
258
|
|
|
|
259
|
|
|
/** |
260
|
|
|
* @return Token |
261
|
|
|
*/ |
262
|
|
|
public function getJwtToken(): Token |
263
|
|
|
{ |
264
|
|
|
return $this->jwtToken; |
265
|
|
|
} |
266
|
|
|
|
267
|
|
|
/** |
268
|
|
|
* @return string|null |
269
|
|
|
*/ |
270
|
|
|
public function getIssuer(): ?string |
271
|
|
|
{ |
272
|
|
|
return $this->issuer; |
273
|
|
|
} |
274
|
|
|
|
275
|
|
|
public function isEqualTo(UserInterface $user) |
276
|
|
|
{ |
277
|
|
|
if (!$user instanceof OpenIdAccount) { |
278
|
|
|
return false; |
279
|
|
|
} |
280
|
|
|
|
281
|
|
|
if ($this->getEmail() !== $user->getEmail()) { |
282
|
|
|
return false; |
283
|
|
|
} |
284
|
|
|
|
285
|
|
|
if (array_diff($this->getRoles(), $user->getRoles())) { |
286
|
|
|
return false; |
287
|
|
|
} |
288
|
|
|
|
289
|
|
|
if ($this->getJwtToken() !== $user->getJwtToken()) { |
290
|
|
|
return false; |
291
|
|
|
} |
292
|
|
|
|
293
|
|
|
return true; |
294
|
|
|
} |
295
|
|
|
} |
296
|
|
|
|