source/Security/Authentication/OauthAuthenticator.php line 47

Open in your IDE?
  1. <?php
  2. namespace App\Security\Authentication;
  3. use App\Crud\Crudable;
  4. use App\Domain\Model\Administration\DataWizUser;
  5. use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
  6. use KnpU\OAuth2ClientBundle\Security\Authenticator\SocialAuthenticator;
  7. use Symfony\Component\HttpFoundation\RedirectResponse;
  8. use Symfony\Component\HttpFoundation\Request;
  9. use Symfony\Component\HttpFoundation\Response;
  10. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  13. use Symfony\Component\Security\Core\User\UserProviderInterface;
  14. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  15. use Symfony\Component\Uid\Uuid;
  16. class OauthAuthenticator extends SocialAuthenticator
  17. {
  18.     use TargetPathTrait;
  19.     private ClientRegistry $clientRegistry;
  20.     private Crudable $crud;
  21.     private UrlGeneratorInterface $urlGenerator;
  22.     public function __construct(
  23.         ClientRegistry $clientRegistry,
  24.         Crudable $crud,
  25.         UrlGeneratorInterface $urlGenerator
  26.     ) {
  27.         $this->clientRegistry $clientRegistry;
  28.         $this->crud $crud;
  29.         $this->urlGenerator $urlGenerator;
  30.     }
  31.     public function start(Request $requestAuthenticationException $authException null): RedirectResponse
  32.     {
  33.         return new RedirectResponse('/'Response::HTTP_TEMPORARY_REDIRECT);
  34.     }
  35.     public function supports(Request $request): bool
  36.     {
  37.         return $request->attributes->get('_route') === 'Security-check';
  38.     }
  39.     public function getCredentials(Request $request)
  40.     {
  41.         return $this->fetchAccessToken($this->clientRegistry->getClient('keycloak'));
  42.     }
  43.     public function getUser($credentialsUserProviderInterface $userProvider)
  44.     {
  45.         $keycloakUser $this->clientRegistry->getClient('keycloak')->fetchUserFromToken($credentials);
  46.         $user null;
  47.         $kcArray null;
  48.         if ($keycloakUser) {
  49.             $user $this->crud->readById(DataWizUser::class, $keycloakUser->getId());
  50.             $kcArray $keycloakUser->toArray();
  51.         }
  52.         if (is_iterable($kcArray)) {
  53.             if ($user === null) {
  54.                 $user = new DataWizUser();
  55.                 $user->setId(new Uuid($keycloakUser->getId()));
  56.             }
  57.             if (key_exists('email'$kcArray)) {
  58.                 $user->setEmail($kcArray['email']);
  59.             }
  60.             if (key_exists('given_name'$kcArray)) {
  61.                 $user->setFirstname($kcArray['given_name']);
  62.             }
  63.             if (key_exists('family_name'$kcArray)) {
  64.                 $user->setLastname($kcArray['family_name']);
  65.             }
  66.             $this->crud->update($user);
  67.         }
  68.         return $user;
  69.     }
  70.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): Response
  71.     {
  72.         $message strtr($exception->getMessageKey(), $exception->getMessageData());
  73.         return new Response($messageResponse::HTTP_FORBIDDEN);
  74.     }
  75.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey): RedirectResponse
  76.     {
  77.         // Redirect to previous selected route
  78.         if ($targetPath $this->getTargetPath($request->getSession(), $providerKey)) {
  79.             return new RedirectResponse($targetPath);
  80.         }
  81.         return new RedirectResponse($this->urlGenerator->generate('dashboard'));
  82.     }
  83. }