source/Security/Authentication/OauthAuthenticator.php line 19

Open in your IDE?
  1. <?php
  3. namespace App\Security\Authentication;
  5. use App\Crud\Crudable;
  6. use App\Domain\Model\Administration\DataWizUser;
  7. use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
  8. use KnpU\OAuth2ClientBundle\Security\Authenticator\SocialAuthenticator;
  9. use Symfony\Component\HttpFoundation\RedirectResponse;
  10. use Symfony\Component\HttpFoundation\Request;
  11. use Symfony\Component\HttpFoundation\Response;
  12. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  15. use Symfony\Component\Security\Core\User\UserProviderInterface;
  16. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  17. use Symfony\Component\Uid\Uuid;
  19. class OauthAuthenticator extends SocialAuthenticator
  20. {
  21.     use TargetPathTrait;
  23.     private ClientRegistry $clientRegistry;
  24.     private Crudable $crud;
  25.     private UrlGeneratorInterface $urlGenerator;
  27.     public function __construct(
  28.         ClientRegistry $clientRegistry,
  29.         Crudable $crud,
  30.         UrlGeneratorInterface $urlGenerator
  31.     ) {
  32.         $this->clientRegistry $clientRegistry;
  33.         $this->crud $crud;
  34.         $this->urlGenerator $urlGenerator;
  35.     }
  37.     public function start(Request $requestAuthenticationException $authException null): RedirectResponse
  38.     {
  39.         return new RedirectResponse('/'Response::HTTP_TEMPORARY_REDIRECT);
  40.     }
  42.     public function supports(Request $request): bool
  43.     {
  44.         return $request->attributes->get('_route') === 'Security-check';
  45.     }
  47.     public function getCredentials(Request $request)
  48.     {
  49.         return $this->fetchAccessToken($this->clientRegistry->getClient('keycloak'));
  50.     }
  52.     public function getUser($credentialsUserProviderInterface $userProvider)
  53.     {
  54.         $keycloakUser $this->clientRegistry->getClient('keycloak')->fetchUserFromToken($credentials);
  55.         $user null;
  56.         $kcArray null;
  57.         if ($keycloakUser) {
  58.             $user $this->crud->readById(DataWizUser::class, $keycloakUser->getId());
  59.             $kcArray $keycloakUser->toArray();
  60.         }
  61.         if (is_iterable($kcArray)) {
  62.             if ($user === null) {
  63.                 $user = new DataWizUser();
  64.                 $user->setId(new Uuid($keycloakUser->getId()));
  65.             }
  66.             if (key_exists('email'$kcArray)) {
  67.                 $user->setEmail($kcArray['email']);
  68.             }
  69.             if (key_exists('given_name'$kcArray)) {
  70.                 $user->setFirstname($kcArray['given_name']);
  71.             }
  72.             if (key_exists('family_name'$kcArray)) {
  73.                 $user->setLastname($kcArray['family_name']);
  74.             }
  75.             $this->crud->update($user);
  76.         }
  78.         return $user;
  79.     }
  81.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response
  82.     {
  83.         $message strtr($exception->getMessageKey(), $exception->getMessageData());
  85.         return new Response($messageResponse::HTTP_FORBIDDEN);
  86.     }
  88.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey): RedirectResponse
  89.     {
  90.         // Redirect to previous selected route
  91.         if ($targetPath $this->getTargetPath($request->getSession(), $providerKey)) {
  92.             return new RedirectResponse($targetPath);
  93.         }
  95.         return new RedirectResponse($this->urlGenerator->generate('dashboard'));
  96.     }
  97. }