1 | <?php |
||
22 | class ExternalOauthAuthenticator extends SocialAuthenticator |
||
23 | { |
||
24 | protected $clientRegistry; |
||
25 | |||
26 | protected $um; |
||
27 | |||
28 | protected $security; |
||
29 | |||
30 | public function __construct( |
||
31 | ClientRegistry $clientRegistry, |
||
32 | UserManagerInterface $um, |
||
33 | Security $security |
||
34 | ) { |
||
35 | $this->clientRegistry = $clientRegistry; |
||
36 | $this->um = $um; |
||
37 | $this->security = $security; |
||
38 | } |
||
39 | |||
40 | public function supports(Request $request): bool |
||
41 | { |
||
42 | if (!$this->security->getUser() && ($request->query->get('code') && $request->get('state'))) { |
||
43 | return true; |
||
44 | } |
||
45 | |||
46 | return false; |
||
47 | } |
||
48 | |||
49 | public function getCredentials(Request $request): AccessToken |
||
50 | { |
||
51 | return $this->fetchAccessToken($this->getOauthClient()); |
||
52 | } |
||
53 | |||
54 | /** |
||
55 | * Get the user given the access token. If the user exists as a local user, |
||
56 | * fetch that one, if it does not, create a new user using the OAuth user |
||
57 | * fetched from the resource server using the access token. |
||
58 | * |
||
59 | * @inehritdoc |
||
60 | */ |
||
61 | public function getUser($credentials, UserProviderInterface $userProvider): UserInterface |
||
62 | { |
||
63 | // Fetch the user from the resource server |
||
64 | $oauthUser = $this->getOauthClient()->fetchUserFromToken($credentials); |
||
65 | $oauthEmail = $oauthUser->getEmail(); |
||
66 | $oauthId = $oauthUser->getId(); |
||
67 | |||
68 | if (!$oauthUser) { |
||
69 | return null; |
||
70 | } |
||
71 | |||
72 | // Is there an existing user with the same oauth id? |
||
73 | /** @var \SWP\Bundle\CoreBundle\Model\UserInterface $user */ |
||
74 | $user = $userProvider->findOneByExternalId($oauthId); |
||
|
|||
75 | if ($user) { |
||
76 | if ($user->getEmail() !== $oauthEmail) { |
||
77 | // If the email has changed for the user, update it here as well |
||
78 | $user->setEmail($oauthEmail); |
||
79 | $user->setUsername($oauthEmail); |
||
80 | $this->um->updateUser($user); |
||
81 | } |
||
82 | |||
83 | return $user; |
||
84 | } |
||
85 | |||
86 | // Is there an existing user with the same email address? |
||
87 | $user = $userProvider->findOneByEmail($oauthEmail); |
||
88 | if ($user) { |
||
89 | return $user; |
||
90 | } |
||
91 | |||
92 | // No user found, create one using the user info provided by resource server |
||
93 | $user = $this->um->createUser(); |
||
94 | $user->setEmail($oauthEmail); |
||
95 | $user->setUsername($oauthEmail); |
||
96 | $user->setExternalId($oauthId); |
||
97 | $user->setPassword(uniqid('', true)); |
||
98 | $user->setEnabled(true); |
||
99 | $user->setSuperAdmin(false); |
||
100 | |||
101 | $this->um->updateUser($user); |
||
102 | |||
103 | return $user; |
||
104 | } |
||
105 | |||
106 | public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): void |
||
107 | { |
||
108 | } |
||
109 | |||
110 | public function onAuthenticationFailure(Request $request, AuthenticationException $exception): void |
||
111 | { |
||
112 | } |
||
113 | |||
114 | public function start(Request $request, AuthenticationException $authException = null): RedirectResponse |
||
115 | { |
||
116 | return new RedirectResponse( |
||
117 | '/connect/oauth/', |
||
118 | Response::HTTP_TEMPORARY_REDIRECT |
||
119 | ); |
||
120 | } |
||
121 | |||
122 | private function getOauthClient(): OAuth2Client |
||
126 | } |
||
127 |
Let’s take a look at an example:
In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break.
Available Fixes
Change the type-hint for the parameter:
Add an additional type-check:
Add the method to the interface: