Cadoles/nineskeletor
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

hydra passwordless

Browse Source
This commit is contained in:
Arnaud Fornerot
2022-08-26 15:13:22 +02:00
parent 7962e2ca9a
commit 21fb28a6f0
8 changed files with 262 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/Controller/SecurityController.php
View File

@ -214,8 +214,10 @@ class SecurityController extends AbstractController
public function loginOPENID(Request $request, AuthenticationUtils $authenticationUtils)
{
$state=Uuid::uuid4();
$request->getSession()->set("oauthState",$state);
$callback=$this->generateUrl('app_loginopenidcallback', array(), UrlGeneratorInterface::ABSOLUTE_URL);
$url=$this->getParameter("oauthLoginurl")."?client_id=".$this->getParameter("oauthClientid")."&redirect_uri=".$callback."&response_type=code&state=12345678&scope=openid";
$url=$this->getParameter("oauthLoginurl")."?client_id=".$this->getParameter("oauthClientid")."&redirect_uri=".$callback."&response_type=code&state=".$state."&scope=openid";
return $this->redirect($url);
}
@ -236,15 +238,20 @@ class SecurityController extends AbstractController
"client_id" => $this->getParameter("oauthClientid"),
"client_secret" => $this->getParameter("oauthClientsecret"),
];
$response=$this->apiservice->run("POST",$apiurl,$query);
if(!$response||$response->code!="200") return $this->logout($request);
$token=$response->body->access_token;
$request->getSession()->set("oauthToken",$token);
$response=$this->apiservice->run("POST",$apiurl,$query,null,"form");
if(!$response||$response->code!="200") die("pb openid 01");
$accesstoken=$response->body->access_token;
$accesstokentype=$response->body->token_type;
$îdtoken=$response->body->id_token;
$request->getSession()->set("oauthAccesstoken",$accesstoken);
$request->getSession()->set("oauthIdtoken",$îdtoken);
$apiurl = $this->getParameter("oauthUserinfo");
$response=$this->apiservice->run("GET",$apiurl,null,["Authorization"=>"token ".$token]);
if(!$response||$response->code!="200") return $this->logout($request);
$response=$this->apiservice->run("GET",$apiurl,null,["Authorization"=>$accesstokentype." ".$accesstoken]);
if(!$response||$response->code!="200") die("pb openid 02");
$attributes=json_decode(json_encode($response->body), true);
@ -346,14 +353,21 @@ class SecurityController extends AbstractController
public function logoutOPENID(Request $request) {
$token=$request->getSession()->get("oauthToken");
$accesstoken=$request->getSession()->get("oauthAccesstoken");
$idtoken=$request->getSession()->get("oauthIdtoken");
$state=$request->getSession()->get("oauthState");
$this->tokenstorage->setToken(null);
$request->getSession()->invalidate();
$url=$this->getParameter("oauthLogouturl");
if($url) {
$url.="?id_token_hint=$token&scope=openid&post_logout_redirect_uri=http://127.0.0.1:8000";
$callback=($request->isSecure()?"https://":"http://").str_replace("//","/",$this->getParameter("appWeburl").$this->getParameter("appAlias").$this->generateUrl('app_home'));
$callback=substr($callback, 0, -1);
$url.="?id_token_hint=$idtoken&scope=openid&state=$state&post_logout_redirect_uri=$callback";
return $this->redirect($url);
} else return $this->redirect($this->generateUrl("app_home"));
}