Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- namespace Vendor\Application\Security\Authentication\Oauth\Provider;
- abstract class AbstractOauthProvider extends AbstractProvider {
- /**
- * Oauth manager
- *
- * @var OauthManager
- * @Flow\Inject
- */
- protected $oauthManager;
- /**
- * @Flow\Inject
- * @var \Neos\Flow\Persistence\PersistenceManagerInterface
- */
- protected $persistenceManager;
- /**
- * @var PropertyMapper
- * @Flow\Inject
- */
- protected $propertyMapper;
- /**
- * @var HashService
- * @Flow\Inject
- */
- protected $hashService;
- /**
- * Account repository
- *
- * @var AccountRepository
- * @Flow\Inject
- */
- protected $accountRepository;
- /**
- * User repository
- *
- * @var UserRepository
- * @Flow\Inject
- */
- protected $userRepository;
- /**
- * @Flow\Inject
- * @var \Neos\Flow\Security\Context
- */
- protected $securityContext;
- /**
- * @return string
- */
- abstract protected function getResourceOwnerClassName();
- /**
- * Get oauth provider
- *
- * @return \League\OAuth2\Client\Provider\AbstractProvider
- */
- protected function getOauthProvider() {
- $strategy = $this->oauthManager->getStrategyNameByProviderName($this->name);
- $provider = $this->oauthManager->getImplementedProviderByStrategyName($strategy);
- return $provider;
- }
- /**
- * @param TokenInterface $authenticationToken
- * @return \League\OAuth2\Client\Provider\ResourceOwnerInterface
- */
- protected function getResourceOwner(TokenInterface $authenticationToken) {
- $credentials = $authenticationToken->getCredentials();
- $provider = $this->getOauthProvider();
- $resourceOwner = $provider->getResourceOwner($credentials['accessToken']);
- return $resourceOwner;
- }
- public function authenticate(TokenInterface $authenticationToken)
- {
- $tokens = $this->getTokenClassNames();
- $tokenClassName = $tokens[0];
- if (!($authenticationToken instanceof $tokenClassName)) {
- throw new UnsupportedAuthenticationTokenException(sprintf('This provider only supports %s', [$this->getTokenClassNames()[0]]));
- }
- $resourceOwner = $this->getResourceOwner($authenticationToken);
- if (!(get_class($resourceOwner) === $this->getResourceOwnerClassName())) {
- $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
- return;
- }
- $providerName = $this->name;
- $accountRepository = $this->accountRepository;
- $account = NULL;
- $this->securityContext->withoutAuthorizationChecks(function () use ($resourceOwner, $providerName, $accountRepository , &$account) {
- $account = $accountRepository->findByAccountIdentifierAndAuthenticationProviderName($resourceOwner->getId(), $providerName);
- });
- if ($account === NULL) {
- $user = User::signUp(
- $resourceOwner->getId(),
- $this->hashService->hashPassword(Algorithms::generateRandomString(32)),
- $this->name
- );
- $this->userRepository->add($user);
- $account = $user->getAccount();
- }
- $authenticationToken->setAccount($account);
- $randomPassword = $this->hashService->hashPassword(Algorithms::generateRandomString(32));
- $account->setCredentialsSource($randomPassword);
- $authenticationToken->setAccount($account);
- $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
- $this->accountRepository->update($account);
- $this->persistenceManager->persistAll();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement