From 7e7aa33bebc3095649f6a9c51f58ce7024beccf5 Mon Sep 17 00:00:00 2001 From: jj2bw <226866852+jj2bw@users.noreply.github.com> Date: Sat, 16 Aug 2025 21:44:06 +0200 Subject: [PATCH 1/2] feat: SSO support hwi/oauth-bundle - test github only --- composer.json | 1 + composer.lock | 176 ++++++++++++++++++++++++++- config/bundles.php | 1 + config/packages/hwi_oauth.yaml | 9 ++ config/packages/security.yaml | 12 ++ config/routes.yaml | 15 +++ config/routes/hwi_oauth_routing.yaml | 11 ++ config/services.yaml | 7 ++ src/Kernel.php | 7 ++ symfony.lock | 13 ++ templates/security/login.html.twig | 3 + 11 files changed, 251 insertions(+), 4 deletions(-) create mode 100644 config/packages/hwi_oauth.yaml create mode 100644 config/routes/hwi_oauth_routing.yaml diff --git a/composer.json b/composer.json index cf28814ca..d5513221c 100644 --- a/composer.json +++ b/composer.json @@ -34,6 +34,7 @@ "gregwar/captcha-bundle": "^2.1", "hidehalo/nanoid-php": "^1.1", "html2text/html2text": "*", + "hwi/oauth-bundle": "2.*", "incenteev/composer-parameter-handler": "^2.0", "intervention/image": "^2.4", "jfcherng/php-levenshtein-distance": "*", diff --git a/composer.lock b/composer.lock index 236b37b10..0bd9d04f1 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "71054a3266c21c57eb1c8419f904a353", + "content-hash": "76a1e5042949de7e631759a1ac2c3040", "packages": [ { "name": "amphp/amp", @@ -3760,6 +3760,174 @@ }, "time": "2024-08-20T02:43:29+00:00" }, + { + "name": "hwi/oauth-bundle", + "version": "2.4.0", + "source": { + "type": "git", + "url": "https://github.com/hwi/HWIOAuthBundle.git", + "reference": "e0f730c195ba3bf94c464fbba7d8b52570df1caf" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/hwi/HWIOAuthBundle/zipball/e0f730c195ba3bf94c464fbba7d8b52570df1caf", + "reference": "e0f730c195ba3bf94c464fbba7d8b52570df1caf", + "shasum": "" + }, + "require": { + "php": "^8.1", + "symfony/deprecation-contracts": "^3.0", + "symfony/form": "^5.4 || ^6.4 || ^7.1", + "symfony/framework-bundle": "^5.4 || ^6.4 || ^7.1", + "symfony/http-client": "^5.4 || ^6.4 || ^7.1", + "symfony/http-foundation": "^5.4 || ^6.4 || ^7.1", + "symfony/options-resolver": "^5.4 || ^6.4 || ^7.1", + "symfony/routing": "^5.4 || ^6.4 || ^7.1", + "symfony/security-bundle": "^5.4 || ^6.4 || ^7.1", + "symfony/twig-bundle": "^5.4 || ^6.4 || ^7.1" + }, + "conflict": { + "twig/twig": "<1.43|>=2.0,<2.13" + }, + "require-dev": { + "doctrine/doctrine-bundle": "^2.4", + "doctrine/orm": "^2.9", + "firebase/php-jwt": "^6.8", + "friendsofphp/php-cs-fixer": "^3.23", + "phpstan/extension-installer": "^1.3", + "phpstan/phpstan": "^1.10", + "phpstan/phpstan-symfony": "^1.3", + "phpunit/phpunit": "^9.6.11", + "symfony/browser-kit": "^5.4 || ^6.4 || ^7.1", + "symfony/css-selector": "^5.4 || ^6.4 || ^7.1", + "symfony/monolog-bundle": "^3.4", + "symfony/phpunit-bridge": "^5.4 || ^6.4 || ^7.1", + "symfony/property-access": "^5.4 || ^6.4 || ^7.1", + "symfony/stopwatch": "^5.4 || ^6.4 || ^7.1", + "symfony/translation": "^5.4 || ^6.4 || ^7.1", + "symfony/validator": "^5.4 || ^6.4 || ^7.1", + "symfony/yaml": "^5.4 || ^6.4 || ^7.1" + }, + "suggest": { + "doctrine/doctrine-bundle": "to use Doctrine user provider", + "firebase/php-jwt": "to use JWT utility functions", + "symfony/property-access": "to use FOSUB integration with this bundle", + "symfony/twig-bundle": "to use the Twig hwi_oauth_* functions" + }, + "type": "symfony-bundle", + "extra": { + "branch-alias": { + "dev-master": "2.0-dev" + } + }, + "autoload": { + "psr-4": { + "HWI\\Bundle\\OAuthBundle\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Alexander", + "email": "iam.asm89@gmail.com" + }, + { + "name": "Joseph Bielawski", + "email": "stloyd@gmail.com" + }, + { + "name": "Geoffrey Bachelet", + "email": "geoffrey.bachelet@gmail.com" + }, + { + "name": "Contributors", + "homepage": "https://github.com/hwi/HWIOAuthBundle/contributors" + } + ], + "description": "Support for authenticating users using both OAuth1.0a and OAuth2 in Symfony.", + "homepage": "https://github.com/hwi/HWIOAuthBundle", + "keywords": [ + "37signals", + "Authentication", + "Deezer", + "EVE Online", + "amazon", + "apple", + "asana", + "auth0", + "azure", + "bitbucket", + "bitly", + "box", + "bufferapp", + "clever", + "dailymotion", + "deviantart", + "discogs", + "disqus", + "dropbox", + "eventbrite", + "facebook", + "firewall", + "fiware", + "flickr", + "foursquare", + "genius", + "github", + "gitlab", + "google", + "hubic", + "instagram", + "jawbone", + "jira", + "linkedin", + "mail.ru", + "oauth", + "oauth1", + "oauth2", + "odnoklassniki", + "paypal", + "qq", + "reddit", + "runkeeper", + "salesforce", + "security", + "sensio connect", + "sina weibo", + "slack", + "sound cloud", + "spotify", + "stack exchange", + "stereomood", + "strava", + "toshl", + "trakt", + "trello", + "twitch", + "twitter", + "vkontakte", + "windows live", + "wordpress", + "xing", + "yahoo", + "yandex", + "youtube" + ], + "support": { + "issues": "https://github.com/hwi/HWIOAuthBundle/issues", + "source": "https://github.com/hwi/HWIOAuthBundle/tree/2.4.0" + }, + "funding": [ + { + "url": "https://github.com/stloyd", + "type": "github" + } + ], + "time": "2025-05-29T20:23:24+00:00" + }, { "name": "incenteev/composer-parameter-handler", "version": "v2.2.0", @@ -19613,7 +19781,7 @@ } ], "minimum-stability": "dev", - "stability-flags": [], + "stability-flags": {}, "prefer-stable": true, "prefer-lowest": false, "platform": { @@ -19631,9 +19799,9 @@ "ext-xsl": "*", "ext-zip": "*" }, - "platform-dev": [], + "platform-dev": {}, "platform-overrides": { "php": "8.3.4" }, - "plugin-api-version": "2.3.0" + "plugin-api-version": "2.6.0" } diff --git a/config/bundles.php b/config/bundles.php index a5459d586..6839dacaf 100644 --- a/config/bundles.php +++ b/config/bundles.php @@ -25,4 +25,5 @@ Nelmio\SecurityBundle\NelmioSecurityBundle::class => ['all' => true], BabDev\PagerfantaBundle\BabDevPagerfantaBundle::class => ['all' => true], Stof\DoctrineExtensionsBundle\StofDoctrineExtensionsBundle::class => ['all' => true], + HWI\Bundle\OAuthBundle\HWIOAuthBundle::class => ['all' => true], ]; diff --git a/config/packages/hwi_oauth.yaml b/config/packages/hwi_oauth.yaml new file mode 100644 index 000000000..c360c2a71 --- /dev/null +++ b/config/packages/hwi_oauth.yaml @@ -0,0 +1,9 @@ +# config/packages/hwi_oauth.yaml + +hwi_oauth: + resource_owners: + any_name: + type: github + client_id: + client_secret: + scope: 'user:email,public_repo' diff --git a/config/packages/security.yaml b/config/packages/security.yaml index cc91ef5fc..2238adc5f 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -66,9 +66,21 @@ security: # access_denied_handler: App\Security\AccessDeniedHandler + pattern: ^/ + oauth: + resource_owners: + my_github: "/login/check-github" + login_path: /login + use_forward: false + failure_path: /login + + oauth_user_provider: + service: my.oauth_aware.user_provider.service + access_control: - { path: ^/$, roles: PUBLIC_ACCESS } - { path: ^/login, roles: PUBLIC_ACCESS } + - { path: ^/connect, roles: PUBLIC_ACCESS } - { path: ^/about, roles: PUBLIC_ACCESS } - { path: ^/donate, roles: PUBLIC_ACCESS } - { path: ^/donation, roles: PUBLIC_ACCESS } diff --git a/config/routes.yaml b/config/routes.yaml index 245bba4ab..8de4028ea 100644 --- a/config/routes.yaml +++ b/config/routes.yaml @@ -7,3 +7,18 @@ controllers: legacy: resource: . type: legacy + +hwi_oauth_redirect: + resource: "@HWIOAuthBundle/Resources/config/routing/redirect.php" + prefix: /connect + +hwi_oauth_connect: + resource: "@HWIOAuthBundle/Resources/config/routing/connect.php" + prefix: /connect + +hwi_oauth_login: + resource: "@HWIOAuthBundle/Resources/config/routing/login.php" + prefix: /login + +github_login: + path: /login/check-github diff --git a/config/routes/hwi_oauth_routing.yaml b/config/routes/hwi_oauth_routing.yaml new file mode 100644 index 000000000..190b994dd --- /dev/null +++ b/config/routes/hwi_oauth_routing.yaml @@ -0,0 +1,11 @@ +hwi_oauth_redirect: + resource: "@HWIOAuthBundle/Resources/config/routing/redirect.php" + prefix: /connect + +hwi_oauth_connect: + resource: "@HWIOAuthBundle/Resources/config/routing/connect.php" + prefix: /connect + +hwi_oauth_login: + resource: "@HWIOAuthBundle/Resources/config/routing/login.php" + prefix: /login diff --git a/config/services.yaml b/config/services.yaml index 487750a51..e1546d15e 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -447,3 +447,10 @@ services: app.mockup_provider.profile: class: App\Model\MockupProvider\ProfileMockups tags: [ 'app.mockup_provider' ] + + hwi_oauth.user.provider.entity: + class: HWI\Bundle\OAuthBundle\Security\Core\User\EntityUserProvider + arguments: + $class: App\Entity\Member + $properties: + 'github': 'github' diff --git a/src/Kernel.php b/src/Kernel.php index 779cd1f2b..7fb8f656a 100644 --- a/src/Kernel.php +++ b/src/Kernel.php @@ -8,4 +8,11 @@ class Kernel extends BaseKernel { use MicroKernelTrait; + + public function registerBundles() + { + $bundles = [ + new HWI\Bundle\OAuthBundle\HWIOAuthBundle(), + ]; + } } diff --git a/symfony.lock b/symfony.lock index 1068f752f..83bc9493d 100644 --- a/symfony.lock +++ b/symfony.lock @@ -219,6 +219,19 @@ "html2text/html2text": { "version": "4.3.1" }, + "hwi/oauth-bundle": { + "version": "2.4", + "recipe": { + "repo": "github.com/symfony/recipes-contrib", + "branch": "main", + "version": "2.0", + "ref": "20154480d558409ad3eb9de3644817c81fad2268" + }, + "files": [ + "config/packages/hwi_oauth.yaml", + "config/routes/hwi_oauth_routing.yaml" + ] + }, "incenteev/composer-parameter-handler": { "version": "v2.1.4" }, diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig index d5a5e7349..f2305c263 100644 --- a/templates/security/login.html.twig +++ b/templates/security/login.html.twig @@ -180,6 +180,9 @@ class="o-button o-button--full">{{ 'indexpageloginsubmit' | trans }} + + Login with SSO +
From 4c74aba0433eea4a44a327f62223fa51a203ce64 Mon Sep 17 00:00:00 2001 From: jj2bw <226866852+jj2bw@users.noreply.github.com> Date: Sat, 16 Aug 2025 21:49:12 +0200 Subject: [PATCH 2/2] chore: autofix php-cs-fixer --- src/Kernel.php | 2 +- src/Model/ProfileModel.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Kernel.php b/src/Kernel.php index 7fb8f656a..09f239a1b 100644 --- a/src/Kernel.php +++ b/src/Kernel.php @@ -12,7 +12,7 @@ class Kernel extends BaseKernel public function registerBundles() { $bundles = [ - new HWI\Bundle\OAuthBundle\HWIOAuthBundle(), + new HWI\Bundle\OAuthBundle\HWIOAuthBundle(), ]; } } diff --git a/src/Model/ProfileModel.php b/src/Model/ProfileModel.php index 36d217e44..2ea1be240 100644 --- a/src/Model/ProfileModel.php +++ b/src/Model/ProfileModel.php @@ -21,8 +21,8 @@ class ProfileModel public function __construct( FormFactoryInterface $formFactory, EntityManagerInterface $entityManager, - Mailer $mailer) - { + Mailer $mailer, + ) { $this->formFactory = $formFactory; $this->entityManager = $entityManager; $this->mailer = $mailer;