Vendor: SSO: Add league/oauth2-facebook + implement facebook login/registration - refs BT#21881

1 year ago · 007d59dc65
parent 21d5f05b0d
commit 007d59dc65
7 changed files with 119 additions and 0 deletions
--- a/composer.json
+++ b/composer.json
@ -97,6 +97,7 @@
        "league/glide-symfony": "^2.0",
        "league/html-to-markdown": "^5.1",
        "league/mime-type-detection": "^1.7",
+        "league/oauth2-facebook": "^2.2",
        "lexik/jwt-authentication-bundle": "^2.20",
        "maennchen/zipstream-php": "^2.1",
        "masterminds/html5": "^2.0",
--- a/config/authentication.yaml
+++ b/config/authentication.yaml
@ -27,3 +27,10 @@ parameters:
                resource_owner_hr_status_field: null
                resource_owner_status_status_field: null
                resource_owner_anon_status_field: null
+
+            facebook:
+                enabled: false
+                client_id: ''
+                client_secret: ''
+                graph_api_version: 'v20.0'
+                redirect_params: { }
--- a/config/packages/knpu_oauth2_client.yaml
+++ b/config/packages/knpu_oauth2_client.yaml
@ -7,4 +7,12 @@ knpu_oauth2_client:
            client_secret: ''
            redirect_route: chamilo.oauth2_generic_check

+        facebook:
+            type: facebook
+            client_id: ''
+            client_secret: ''
+            redirect_route: chamilo.oauth2_facebook_check
+            graph_api_version: ''
+            redirect_params: { }
+
        # configure your clients as described here: https://github.com/knpuniversity/oauth2-client-bundle#configuration
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -116,6 +116,7 @@ security:

            custom_authenticators:
                - Chamilo\CoreBundle\Security\Authenticator\OAuth2\GenericAuthenticator
+                - Chamilo\CoreBundle\Security\Authenticator\OAuth2\FacebookAuthenticator

    access_control:
        - {path: ^/login, roles: PUBLIC_ACCESS}
--- a/src/CoreBundle/Controller/OAuth2/FacebookProviderController.php
+++ b/src/CoreBundle/Controller/OAuth2/FacebookProviderController.php
@ -0,0 +1,26 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Controller\OAuth2;
+
+use Chamilo\CoreBundle\ServiceHelper\AuthenticationConfigHelper;
+use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Attribute\Route;
+
+class FacebookProviderController extends AbstractProviderController
+{
+    #[Route('/connect/facebook', name: 'chamilo.oauth2_facebook_start')]
+    public function connect(
+        ClientRegistry $clientRegistry,
+        AuthenticationConfigHelper $authenticationConfigHelper,
+    ): Response {
+        return $this->getStartResponse('facebook', $clientRegistry, $authenticationConfigHelper);
+    }
+
+    #[Route('/connect/facebook/check', name: 'chamilo.oauth2_facebook_check')]
+    public function connectCheck(): void {}
+}
--- a/src/CoreBundle/Decorator/OAuth2ProviderFactoryDecorator.php
+++ b/src/CoreBundle/Decorator/OAuth2ProviderFactoryDecorator.php
@ -11,6 +11,7 @@ use KnpU\OAuth2ClientBundle\DependencyInjection\KnpUOAuth2ClientExtension;
 use KnpU\OAuth2ClientBundle\DependencyInjection\ProviderFactory;
 use KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle;
 use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Provider\Facebook;
 use League\OAuth2\Client\Provider\GenericProvider;
 use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
 use Symfony\Component\DependencyInjection\Attribute\AutowireDecorated;
@ -33,6 +34,7 @@ readonly class OAuth2ProviderFactoryDecorator
    ): AbstractProvider {
        $options = match ($class) {
            GenericProvider::class => $this->getProviderOptions('generic'),
+            Facebook::class => $this->getProviderOptions('facebook'),
        };

        return $this->inner->createProvider($class, $options, $redirectUri, $redirectParams, $collaborators);
--- a/src/CoreBundle/Security/Authenticator/OAuth2/FacebookAuthenticator.php
+++ b/src/CoreBundle/Security/Authenticator/OAuth2/FacebookAuthenticator.php
@ -0,0 +1,74 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Security\Authenticator\OAuth2;
+
+use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Repository\Node\UserRepository;
+use Chamilo\CoreBundle\ServiceHelper\AuthenticationConfigHelper;
+use Cocur\Slugify\SlugifyInterface;
+use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
+use KnpU\OAuth2ClientBundle\Client\OAuth2ClientInterface;
+use League\OAuth2\Client\Provider\FacebookUser;
+use League\OAuth2\Client\Token\AccessToken;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\RouterInterface;
+
+class FacebookAuthenticator extends AbstractAuthenticator
+{
+    protected string $providerName = 'facebook';
+
+    public function __construct(
+        ClientRegistry $clientRegistry,
+        RouterInterface $router,
+        UserRepository $userRepository,
+        AuthenticationConfigHelper $authenticationConfigHelper,
+        protected readonly SlugifyInterface $slugify,
+    ) {
+        parent::__construct($clientRegistry, $router, $userRepository, $authenticationConfigHelper);
+    }
+
+    public function supports(Request $request): ?bool
+    {
+        return 'chamilo.oauth2_facebook_check' === $request->attributes->get('_route');
+    }
+
+    protected function userLoader(AccessToken $accessToken): User
+    {
+        /** @var FacebookUser $resourceOwner */
+        $resourceOwner = $this->client->fetchUserFromToken($accessToken);
+
+        $user = $this->userRepository->findOneBy(['email' => $resourceOwner->getEmail()]);
+
+        if (!$user) {
+            $user = (new User())
+                ->setCreatorId($this->userRepository->getRootUser()->getId())
+            ;
+        }
+
+        $user
+            ->setFirstname($resourceOwner->getFirstName())
+            ->setLastname($resourceOwner->getLastName())
+            //->setLocale($resourceOwner->getLocale())
+            ->setEmail($resourceOwner->getEmail())
+            ->setUsername($this->changeToValidChamiloLogin($resourceOwner->getEmail()))
+            ->setPlainPassword('facebook')
+            ->setStatus(STUDENT)
+            ->setAuthSource('facebook')
+            ->setRoleFromStatus(STUDENT)
+        ;
+
+        $this->userRepository->updateUser($user);
+        // updateAccessUrls ?
+
+        return $user;
+    }
+
+    private function changeToValidChamiloLogin(string $email): string
+    {
+        return $this->slugify->slugify($email);
+    }
+}