diff --git a/composer.json b/composer.json index 2c5951c25..d300a5ee4 100644 --- a/composer.json +++ b/composer.json @@ -34,6 +34,7 @@ "gregwar/captcha-bundle": "^2.4", "hidehalo/nanoid-php": "^1.1", "html2text/html2text": "*", + "hwi/oauth-bundle": "2.*", "incenteev/composer-parameter-handler": "^2.0", "intervention/image": "^2.4", "jfcherng/php-levenshtein-distance": "*", diff --git a/composer.lock b/composer.lock index 5b3a358fd..6ce2f36a4 100644 --- a/composer.lock +++ b/composer.lock @@ -3612,6 +3612,174 @@ }, "time": "2024-08-20T02:43:29+00:00" }, + { + "name": "hwi/oauth-bundle", + "version": "2.4.0", + "source": { + "type": "git", + "url": "https://github.com/hwi/HWIOAuthBundle.git", + "reference": "e0f730c195ba3bf94c464fbba7d8b52570df1caf" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/hwi/HWIOAuthBundle/zipball/e0f730c195ba3bf94c464fbba7d8b52570df1caf", + "reference": "e0f730c195ba3bf94c464fbba7d8b52570df1caf", + "shasum": "" + }, + "require": { + "php": "^8.1", + "symfony/deprecation-contracts": "^3.0", + "symfony/form": "^5.4 || ^6.4 || ^7.1", + "symfony/framework-bundle": "^5.4 || ^6.4 || ^7.1", + "symfony/http-client": "^5.4 || ^6.4 || ^7.1", + "symfony/http-foundation": "^5.4 || ^6.4 || ^7.1", + "symfony/options-resolver": "^5.4 || ^6.4 || ^7.1", + "symfony/routing": "^5.4 || ^6.4 || ^7.1", + "symfony/security-bundle": "^5.4 || ^6.4 || ^7.1", + "symfony/twig-bundle": "^5.4 || ^6.4 || ^7.1" + }, + "conflict": { + "twig/twig": "<1.43|>=2.0,<2.13" + }, + "require-dev": { + "doctrine/doctrine-bundle": "^2.4", + "doctrine/orm": "^2.9", + "firebase/php-jwt": "^6.8", + "friendsofphp/php-cs-fixer": "^3.23", + "phpstan/extension-installer": "^1.3", + "phpstan/phpstan": "^1.10", + "phpstan/phpstan-symfony": "^1.3", + "phpunit/phpunit": "^9.6.11", + "symfony/browser-kit": "^5.4 || ^6.4 || ^7.1", + "symfony/css-selector": "^5.4 || ^6.4 || ^7.1", + "symfony/monolog-bundle": "^3.4", + "symfony/phpunit-bridge": "^5.4 || ^6.4 || ^7.1", + "symfony/property-access": "^5.4 || ^6.4 || ^7.1", + "symfony/stopwatch": "^5.4 || ^6.4 || ^7.1", + "symfony/translation": "^5.4 || ^6.4 || ^7.1", + "symfony/validator": "^5.4 || ^6.4 || ^7.1", + "symfony/yaml": "^5.4 || ^6.4 || ^7.1" + }, + "suggest": { + "doctrine/doctrine-bundle": "to use Doctrine user provider", + "firebase/php-jwt": "to use JWT utility functions", + "symfony/property-access": "to use FOSUB integration with this bundle", + "symfony/twig-bundle": "to use the Twig hwi_oauth_* functions" + }, + "type": "symfony-bundle", + "extra": { + "branch-alias": { + "dev-master": "2.0-dev" + } + }, + "autoload": { + "psr-4": { + "HWI\\Bundle\\OAuthBundle\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Alexander", + "email": "iam.asm89@gmail.com" + }, + { + "name": "Joseph Bielawski", + "email": "stloyd@gmail.com" + }, + { + "name": "Geoffrey Bachelet", + "email": "geoffrey.bachelet@gmail.com" + }, + { + "name": "Contributors", + "homepage": "https://github.com/hwi/HWIOAuthBundle/contributors" + } + ], + "description": "Support for authenticating users using both OAuth1.0a and OAuth2 in Symfony.", + "homepage": "https://github.com/hwi/HWIOAuthBundle", + "keywords": [ + "37signals", + "Authentication", + "Deezer", + "EVE Online", + "amazon", + "apple", + "asana", + "auth0", + "azure", + "bitbucket", + "bitly", + "box", + "bufferapp", + "clever", + "dailymotion", + "deviantart", + "discogs", + "disqus", + "dropbox", + "eventbrite", + "facebook", + "firewall", + "fiware", + "flickr", + "foursquare", + "genius", + "github", + "gitlab", + "google", + "hubic", + "instagram", + "jawbone", + "jira", + "linkedin", + "mail.ru", + "oauth", + "oauth1", + "oauth2", + "odnoklassniki", + "paypal", + "qq", + "reddit", + "runkeeper", + "salesforce", + "security", + "sensio connect", + "sina weibo", + "slack", + "sound cloud", + "spotify", + "stack exchange", + "stereomood", + "strava", + "toshl", + "trakt", + "trello", + "twitch", + "twitter", + "vkontakte", + "windows live", + "wordpress", + "xing", + "yahoo", + "yandex", + "youtube" + ], + "support": { + "issues": "https://github.com/hwi/HWIOAuthBundle/issues", + "source": "https://github.com/hwi/HWIOAuthBundle/tree/2.4.0" + }, + "funding": [ + { + "url": "https://github.com/stloyd", + "type": "github" + } + ], + "time": "2025-05-29T20:23:24+00:00" + }, { "name": "incenteev/composer-parameter-handler", "version": "v2.2.0", diff --git a/config/bundles.php b/config/bundles.php index ca9528667..eb2be6446 100644 --- a/config/bundles.php +++ b/config/bundles.php @@ -24,4 +24,5 @@ Nelmio\SecurityBundle\NelmioSecurityBundle::class => ['all' => true], BabDev\PagerfantaBundle\BabDevPagerfantaBundle::class => ['all' => true], Stof\DoctrineExtensionsBundle\StofDoctrineExtensionsBundle::class => ['all' => true], + HWI\Bundle\OAuthBundle\HWIOAuthBundle::class => ['all' => true], ]; diff --git a/config/packages/hwi_oauth.yaml b/config/packages/hwi_oauth.yaml new file mode 100644 index 000000000..c360c2a71 --- /dev/null +++ b/config/packages/hwi_oauth.yaml @@ -0,0 +1,9 @@ +# config/packages/hwi_oauth.yaml + +hwi_oauth: + resource_owners: + any_name: + type: github + client_id: + client_secret: + scope: 'user:email,public_repo' diff --git a/config/packages/security.yaml b/config/packages/security.yaml index 61686aec0..b7b9f041b 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -46,11 +46,23 @@ security: # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true + pattern: ^/ + oauth: + resource_owners: + my_github: "/login/check-github" + login_path: /login + use_forward: false + failure_path: /login + + oauth_user_provider: + service: my.oauth_aware.user_provider.service + # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/$, roles: PUBLIC_ACCESS } - { path: ^/login, roles: PUBLIC_ACCESS } + - { path: ^/connect, roles: PUBLIC_ACCESS } - { path: ^/about, roles: PUBLIC_ACCESS } - { path: ^/donate, roles: PUBLIC_ACCESS } - { path: ^/donation, roles: PUBLIC_ACCESS } diff --git a/config/routes.yaml b/config/routes.yaml index 245bba4ab..8de4028ea 100644 --- a/config/routes.yaml +++ b/config/routes.yaml @@ -7,3 +7,18 @@ controllers: legacy: resource: . type: legacy + +hwi_oauth_redirect: + resource: "@HWIOAuthBundle/Resources/config/routing/redirect.php" + prefix: /connect + +hwi_oauth_connect: + resource: "@HWIOAuthBundle/Resources/config/routing/connect.php" + prefix: /connect + +hwi_oauth_login: + resource: "@HWIOAuthBundle/Resources/config/routing/login.php" + prefix: /login + +github_login: + path: /login/check-github diff --git a/config/routes/hwi_oauth_routing.yaml b/config/routes/hwi_oauth_routing.yaml new file mode 100644 index 000000000..190b994dd --- /dev/null +++ b/config/routes/hwi_oauth_routing.yaml @@ -0,0 +1,11 @@ +hwi_oauth_redirect: + resource: "@HWIOAuthBundle/Resources/config/routing/redirect.php" + prefix: /connect + +hwi_oauth_connect: + resource: "@HWIOAuthBundle/Resources/config/routing/connect.php" + prefix: /connect + +hwi_oauth_login: + resource: "@HWIOAuthBundle/Resources/config/routing/login.php" + prefix: /login diff --git a/config/services.yaml b/config/services.yaml index 3dc76ccd3..2bad4b761 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -447,6 +447,12 @@ services: class: App\Model\MockupProvider\ProfileMockups tags: [ 'app.mockup_provider' ] + hwi_oauth.user.provider.entity: + class: HWI\Bundle\OAuthBundle\Security\Core\User\EntityUserProvider + arguments: + $class: App\Entity\Member + $properties: + 'github': 'github' + App\Form\DataTransformer\LocationRequestToLocationTransformer: ~ App\Form\DataTransformer\DateTransformer: ~ - diff --git a/src/Kernel.php b/src/Kernel.php index 779cd1f2b..09f239a1b 100644 --- a/src/Kernel.php +++ b/src/Kernel.php @@ -8,4 +8,11 @@ class Kernel extends BaseKernel { use MicroKernelTrait; + + public function registerBundles() + { + $bundles = [ + new HWI\Bundle\OAuthBundle\HWIOAuthBundle(), + ]; + } } diff --git a/symfony.lock b/symfony.lock index f28a5b89b..c34167fe2 100644 --- a/symfony.lock +++ b/symfony.lock @@ -219,6 +219,19 @@ "html2text/html2text": { "version": "4.3.1" }, + "hwi/oauth-bundle": { + "version": "2.4", + "recipe": { + "repo": "github.com/symfony/recipes-contrib", + "branch": "main", + "version": "2.0", + "ref": "20154480d558409ad3eb9de3644817c81fad2268" + }, + "files": [ + "config/packages/hwi_oauth.yaml", + "config/routes/hwi_oauth_routing.yaml" + ] + }, "incenteev/composer-parameter-handler": { "version": "v2.1.4" }, diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig index 9e4568693..0effdfbae 100644 --- a/templates/security/login.html.twig +++ b/templates/security/login.html.twig @@ -184,6 +184,9 @@ class="o-button o-button--full">{{ 'indexpageloginsubmit' | trans }} + + Login with SSO +