src/Platform/SecurityBundle/Controller/System/OAuthController.php line 123

Open in your IDE?
  1. <?php
  3. namespace Platform\SecurityBundle\Controller\System;
  5. use Cms\CoreBundle\Util\Controller;
  6. use Cms\TenantBundle\Entity\Tenant;
  7. use Platform\SecurityBundle\Controller\SingleSignOnController;
  8. use Platform\SecurityBundle\Model\OAuth\OAuthOptions;
  9. use Platform\SecurityBundle\Service\OAuth\OAuthProviderService;
  10. use Platform\SecurityBundle\Service\OAuth\Providers\AbstractOAuthProvider;
  11. use Symfony\Component\HttpFoundation\Exception\BadRequestException;
  12. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  13. use Symfony\Component\Routing\Annotation\Route;
  14. use Symfony\Component\HttpFoundation\RedirectResponse;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  17. use Laminas\Uri\Uri;
  19. /**
  20.  * Class OAuthEndpointController
  21.  * @package Platform\SecurityBundle\Controller\System
  22.  */
  23. class OAuthController extends Controller
  24. {
  25.     const ROUTES__CALLBACK 'platform.security.oauth.callback';
  26.     const ROUTES__INSTANT_LOGIN 'platform.security.oauth.instant_login';
  28.     /**
  29.      * @param Request $request
  30.      * @param string $provider
  31.      * @return RedirectResponse
  32.      * @throws \Exception
  33.      *
  34.      * @Route(
  35.      *     "/{provider}",
  36.      *     name = OAuthController::ROUTES__INSTANT_LOGIN
  37.      * )
  38.      */
  39.     public function instantAction(Request $requeststring $provider)
  40.     {
  41.         // obtain the provider
  42.         $provider $this->getOAuthProviderService()->getProvider($provider);
  44.         // make sure the provider supports instant logins
  45.         if ( ! $provider->isInstant()) {
  46.             throw new \Exception(sprintf(
  47.                 'OAuth provider "%s" does not support instant logins.',
  48.                 $provider->getId()
  49.             ));
  50.         }
  52.         // get a token
  53.         $token $provider->getAccessToken(
  54.             $request->query->get('code'),
  55.             new OAuthOptions([
  56.                 'callback' => strtok($request->getUri(), '?')
  57.             ])
  58.         );
  60.         // get the identity
  61.         $identity $provider->getMe($token);
  63.         // obtain the client id
  64.         // the format of this varies but uses the same field from the customized payload
  65.         $client $identity['client'];
  66.         if (empty($client)) {
  67.             throw new \Exception(sprintf(
  68.                 'Client ID not found in OAuth identity for provider "%s"',
  69.                 $provider->getId()
  70.             ));
  71.         }
  73.         // find the tenant for the district
  74.         $field sprintf(
  75.             '%sCustomerId',
  76.             $provider->getId()
  77.         );
  78.         $tenant $this->getEntityManager()->getRepository(Tenant::class)->findOneBy([
  79.             $field => $client,
  80.         ]);
  81.         if (empty($tenant)) {
  82.             throw new \Exception('Could not associate tenant to instant login attempt.');
  83.         }
  85.         /*
  86.          * TODO: make this cleaner...
  87.          * currently this just restarts the login process by forcing the user through the full flow
  88.          * this was actually suggested by clever or gg4l docs
  89.          * however, since we have kind of processed a login by this point, we should be able to just let them go in
  90.          */
  92.         // generate a new endpoint
  93.         $uri = new Uri($this->generateUrl(
  94.             SingleSignOnController::ROUTES__START,
  95.             [
  96.                 'id' => $provider->getId(),
  97.             ],
  98.             UrlGeneratorInterface::ABSOLUTE_URL
  99.         ));
  100.         $uri->setHost(sprintf(
  101.             '%s.%s',
  102.             $tenant->getSlug(),
  103.             $this->getGlobalContext()->getDashboard(true)
  104.         ));
  106.         // do the redirect
  107.         return new RedirectResponse($uri->toString());
  108.     }
  110.     /**
  111.      * Handles the OAuth callback endpoint.
  112.      * The job of this controller is to basically forward the request to the proper tenanted route.
  113.      *
  114.      * @param Request $request
  115.      * @return RedirectResponse
  116.      * @throws \Exception
  117.      *
  118.      * @Route(
  119.      *     "",
  120.      *     name = OAuthController::ROUTES__CALLBACK
  121.      * )
  122.      */
  123.     public function callbackAction(Request $request)
  124.     {
  125.         // if there is no state, that means somebody hit this directly or there was an error
  126.         if ( ! $request->query->has('state')) {
  127.             throw new BadRequestException();
  128.         }
  130.         // we should always have a state bag, grab its details
  131.         $state AbstractOauthProvider::parseState($request->query->get('state'));
  133.         // we should now have a redirect in the state
  134.         if (empty($state->get('redirect'))) {
  135.             throw new \Exception();
  136.         }
  137.         $redirect = new Uri($state->get('redirect'));
  139.         // need to merge in the query string from this request
  140.         $redirect->setQuery(array_merge(
  141.             $redirect->getQueryAsArray(),
  142.             $request->query->all()
  143.         ));
  145.         // perform the redirect
  146.         return new RedirectResponse($redirect->toString());
  147.     }
  149.     /**
  150.      * @return OAuthProviderService|object
  151.      */
  152.     private function getOAuthProviderService(): OAuthProviderService
  153.     {
  154.         return $this->get(__METHOD__);
  155.     }
  156. }