src/Security/OAuthAuthenticator.php

<?php

namespace App\Security;

use App\Entity\User;
use App\Repository\UserRepository;
use Doctrine\ORM\EntityManagerInterface;
use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use KnpU\OAuth2ClientBundle\Security\Authenticator\OAuth2Authenticator;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;

class OAuthAuthenticator extends OAuth2Authenticator implements AuthenticationEntrypointInterface
{

    public function __construct(
        private readonly ClientRegistry         $clientRegistry,
        private readonly UserRepository         $userRepository,
        private readonly EntityManagerInterface $em,
        private readonly RouterInterface        $router
    )
    {
    }

    /**
     * Called on every request to decide if this authenticator should be
     * used for the request. Returning `false` will cause this authenticator
     * to be skipped.
     */
    public function supports(Request $request): ?bool
    {
        return $request->attributes->get('_route') === 'oauth_connect_check';
    }

    public function authenticate(Request $request): Passport
    {
        $client = $this->clientRegistry->getClient('oauth');
        $accessToken = $this->fetchAccessToken($client);

        return new SelfValidatingPassport(
            new UserBadge($accessToken->getToken(), function () use ($accessToken, $client) {

                /** @var OAuthResourceOwner $userFromToken */
                $userFromToken = $client->fetchUserFromToken($accessToken);

                $existingUser = $this->userRepository->findOneBy(['email' => $userFromToken->getEmail()]);

                if ($existingUser) return $existingUser;

                $user = new User();
                $user->setEmail($userFromToken->getEmail());
                $this->em->persist($user);
                $this->em->flush();

                return $user;
            })
        );
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): RedirectResponse
    {
        return new RedirectResponse($this->router->generate('index'));
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
    {
        $message = strtr($exception->getMessageKey(), $exception->getMessageData());

        return new Response($message, Response::HTTP_UNAUTHORIZED);
    }

    public function start(Request $request, ?AuthenticationException $authException = null): Response
    {
        return new RedirectResponse(
            '/login/oauth',
            Response::HTTP_TEMPORARY_REDIRECT
        );
    }
}
feat: implement OAuth 2.0 login flow 2024-07-22 02:17:42 +02:00			`<?php`

			`namespace App\Security;`

			`use App\Entity\User;`
			`use App\Repository\UserRepository;`
			`use Doctrine\ORM\EntityManagerInterface;`
			`use KnpU\OAuth2ClientBundle\Client\ClientRegistry;`
			`use KnpU\OAuth2ClientBundle\Security\Authenticator\OAuth2Authenticator;`
			`use Symfony\Component\HttpFoundation\RedirectResponse;`
			`use Symfony\Component\HttpFoundation\Request;`
			`use Symfony\Component\HttpFoundation\Response;`
			`use Symfony\Component\Routing\RouterInterface;`
			`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
			`use Symfony\Component\Security\Core\Exception\AuthenticationException;`
			`use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;`
			`use Symfony\Component\Security\Http\Authenticator\Passport\Passport;`
			`use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;`
			`use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;`

			`class OAuthAuthenticator extends OAuth2Authenticator implements AuthenticationEntrypointInterface`
			`{`

			`public function __construct(`
			`private readonly ClientRegistry $clientRegistry,`
			`private readonly UserRepository $userRepository,`
			`private readonly EntityManagerInterface $em,`
			`private readonly RouterInterface $router`
			`)`
			`{`
			`}`

			`/**`
			`* Called on every request to decide if this authenticator should be`
			* used for the request. Returning `false` will cause this authenticator
			`* to be skipped.`
			`*/`
			`public function supports(Request $request): ?bool`
			`{`
			`return $request->attributes->get('_route') === 'oauth_connect_check';`
			`}`

			`public function authenticate(Request $request): Passport`
			`{`
			`$client = $this->clientRegistry->getClient('oauth');`
			`$accessToken = $this->fetchAccessToken($client);`

			`return new SelfValidatingPassport(`
			`new UserBadge($accessToken->getToken(), function () use ($accessToken, $client) {`

			`/** @var OAuthResourceOwner $userFromToken */`
			`$userFromToken = $client->fetchUserFromToken($accessToken);`

			`$existingUser = $this->userRepository->findOneBy(['email' => $userFromToken->getEmail()]);`

			`if ($existingUser) return $existingUser;`

			`$user = new User();`
			`$user->setEmail($userFromToken->getEmail());`
			`$this->em->persist($user);`
			`$this->em->flush();`

			`return $user;`
			`})`
			`);`
			`}`

			`public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): RedirectResponse`
			`{`
feat: add frontend 2024-07-22 14:45:21 +02:00			`return new RedirectResponse($this->router->generate('index'));`
feat: implement OAuth 2.0 login flow 2024-07-22 02:17:42 +02:00			`}`

			`public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response`
			`{`
			`$message = strtr($exception->getMessageKey(), $exception->getMessageData());`

			`return new Response($message, Response::HTTP_UNAUTHORIZED);`
			`}`

			`public function start(Request $request, ?AuthenticationException $authException = null): Response`
			`{`
			`return new RedirectResponse(`
			`'/login/oauth',`
			`Response::HTTP_TEMPORARY_REDIRECT`
			`);`
			`}`
			`}`