Skip to content
Snippets Groups Projects
Commit d570f806 authored by Pierre Fleutot's avatar Pierre Fleutot
Browse files

Fix démo OAuth2 : import des routes du bundle OAuth2

parent e2c1646f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
client/app.php
+ 5
5
View file @ d570f806
......@@ -8,17 +8,17 @@ use Firebase\JWT\JWT;
require_once __DIR__ . '/vendor/autoload.php';
// Simple app class with a couple of endpoints to simulate an OAuth2 client.
// Run via `php -S localhost:8080 app.php` from this directory.
// Run via `php -S localhost:8001 app.php` from this directory.
// Create the OAuth2 Client from the Symfony console:
// bin/console league:oauth2-server:create-client "Test Client" testclient testpass --scope=email --scope=profile --scope=blog_read --grant-type=refresh_token --grant_type=authorization_code --redirect-uri=http://localhost:8080/callback
// bin/console league:oauth2-server:create-client "Test Client" testclient testpass --scope=email --scope=profile --scope=blog_read --grant-type=refresh_token --grant_type=authorization_code --redirect-uri=http://localhost:8001/callback
class App
{
private $htmlTemplate = '';
private $clientId = 'testclient';
private $clientSecret = 'testpass';
private $redirectUri = 'http://localhost:8080/callback';
private $authServer = 'http://localhost:8000/consent';
private $redirectUri = 'http://localhost:8001/callback';
private $authServer = 'http://localhost:8000/authorize';
private $tokenServer = 'http://localhost:8000/token';
private $jwksUri = 'http://localhost:8000/.well-known/jwks.json';
private $apiUri = 'http://localhost:8000/api/test';
......@@ -81,7 +81,7 @@ class App
'scope' => 'blog_read profile email',
];
$url = $this->authServer . '?' . http_build_query($params);
header('Location: ' . $url);
header('Location: ' . $url); // Send a raw http header
}
private function indexAction()
......
config/routes.yaml
+ 3
0
View file @ d570f806
#index:
# path: /
# controller: App\Controller\DefaultController::index
oauth2:
resource: '@LeagueOAuth2ServerBundle/Resources/config/routes.php'
type: php
\ No newline at end of file
src/Command/BootstrapCommand.php
+ 1
1
View file @ d570f806
......@@ -41,7 +41,7 @@ class BootstrapCommand extends Command
$this
->addOption('email', null, InputOption::VALUE_REQUIRED, 'User email adddress', 'me@davegebler.com')
->addOption('password', null, InputOption::VALUE_REQUIRED, 'User password', 'password')
->addOption('redirect-uris', null, InputOption::VALUE_REQUIRED, 'Redirect URIs', 'http://localhost:8080/callback')
->addOption('redirect-uris', null, InputOption::VALUE_REQUIRED, 'Redirect URIs', 'http://localhost:8001/callback')
;
}
......
src/Controller/IndexController.php
+ 1
1
View file @ d570f806
......@@ -12,7 +12,7 @@ class IndexController extends AbstractController
/**
* @Route("/", name="app_index")
*/
public function authorize(): Response
public function index(): Response
{
return $this->render('index/index.html.twig', [
'controller_name' => 'IndexController',
......
src/Controller/LoginController.php
+ 47
43
View file @ d570f806
......@@ -83,54 +83,58 @@ class LoginController extends AbstractController
return $consent->getClient() === $appClient;
}
)->first() ?: null;
$userScopes = $userConsents->getScopes() ?? [];
$hasExistingScopes = count($userScopes) > 0;
$userScopes = $userConsents ? $userConsents->getScopes() : [];
$hasExistingScopes = count($userScopes) > 0;
// If user has already consented to the scopes, give consent
if (count(array_diff($requestedScopes, $userScopes)) === 0) {
$request->getSession()->set('consent_granted', true);
return $this->redirectToRoute('oauth2_authorize', $request->query->all());
}
// If user has already consented to the scopes, give consent
if (count(array_diff($requestedScopes, $userScopes)) === 0) {
$request->getSession()->set('consent_granted', true);
return $this->redirectToRoute('oauth2_authorize', $request->query->all());
}
// Remove the scopes to which the user has already consented
$requestedScopes = array_diff($requestedScopes, $userScopes);
// Remove the scopes to which the user has already consented
$requestedScopes = array_diff($requestedScopes, $userScopes);
// Map the requested scopes to scope names
$scopeNames = [
'profile' => 'Your profile',
'email' => 'Your email address',
'blog_read' => 'Your blog posts (read)',
'blog_write' => 'Your blog posts (write)',
];
// Map the requested scopes to scope names
$scopeNames = [
'profile' => 'Your profile',
'email' => 'Your email address',
'blog_read' => 'Your blog posts (read)',
'blog_write' => 'Your blog posts (write)',
];
// Get all the scope names in the requested scopes.
$requestedScopeNames = array_map(function($scope) use ($scopeNames) { return $scopeNames[$scope]; }, $requestedScopes);
$existingScopes = array_map(function($scope) use ($scopeNames) { $scopeNames[$scope]; }, $userScopes);
// Get all the scope names in the requested scopes.
$requestedScopeNames = array_map(function ($scope) use ($scopeNames) {
return $scopeNames[$scope];
}, $requestedScopes);
$existingScopes = array_map(function ($scope) use ($scopeNames) {
$scopeNames[$scope];
}, $userScopes);
if ($request->isMethod('POST')) {
if ($request->request->get('consent') === 'yes') {
$request->getSession()->set('consent_granted', true);
// Add the requested scopes to the user's scopes
$consents = $userConsents ?? new OAuth2UserConsent();;
$consents->setScopes(array_merge($requestedScopes, $userScopes));
$consents->setClient($appClient);
$consents->setCreated(new \DateTimeImmutable());
$consents->setExpires(new \DateTimeImmutable('+30 days'));
$consents->setIpAddress($request->getClientIp());
$user->addOAuth2UserConsent($consents);
$this->em->getManager()->persist($consents);
$this->em->getManager()->flush();
}
if ($request->request->get('consent') === 'no') {
$request->getSession()->set('consent_granted', false);
if ($request->isMethod('POST')) {
if ($request->request->get('consent') === 'yes') {
$request->getSession()->set('consent_granted', true);
// Add the requested scopes to the user's scopes
$consents = $userConsents ?? new OAuth2UserConsent();;
$consents->setScopes(array_merge($requestedScopes, $userScopes));
$consents->setClient($appClient);
$consents->setCreated(new \DateTimeImmutable());
$consents->setExpires(new \DateTimeImmutable('+30 days'));
$consents->setIpAddress($request->getClientIp());
$user->addOAuth2UserConsent($consents);
$this->em->getManager()->persist($consents);
$this->em->getManager()->flush();
}
if ($request->request->get('consent') === 'no') {
$request->getSession()->set('consent_granted', false);
}
return $this->redirectToRoute('oauth2_authorize', $request->query->all());
}
return $this->redirectToRoute('oauth2_authorize', $request->query->all());
return $this->render('login/consent.html.twig', [
'app_name' => $appName,
'scopes' => $requestedScopeNames,
'has_existing_scopes' => $hasExistingScopes,
'existing_scopes' => $existingScopes,
]);
}
return $this->render('login/consent.html.twig', [
'app_name' => $appName,
'scopes' => $requestedScopeNames,
'has_existing_scopes' => $hasExistingScopes,
'existing_scopes' => $existingScopes,
]);
}
}
src/Entity/OAuth2UserConsent.php
+ 17
0
View file @ d570f806
......@@ -30,6 +30,11 @@ class OAuth2UserConsent
*/
private $client;
/**
* @ORM\Column(type="string", length=255, nullable=true)
*/
private $ipAddress;
/**
* @ORM\Column(type="datetime")
*/
......@@ -109,4 +114,16 @@ class OAuth2UserConsent
return $this;
}
public function getIpAddress(): ?string
{
return $this->ipAddress;
}
public function setIpAddress(?string $ipAddress): self
{
$this->ipAddress = $ipAddress;
return $this;
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment