init

Author: nuvolapl

.gitignore

@@ -0,0 +1,3 @@
+/vendor/
+
+/composer.lock

composer.json

@@ -0,0 +1,29 @@
+{
+  "name": "nuvolapl/oauth2-authenticator-bundle",
+  "type": "library",
+  "license": "proprietary",
+  "minimum-stability": "dev",
+  "prefer-stable": true,
+  "require": {
+    "php": "^8.2",
+    "ext-json": "*",
+    "lcobucci/jwt": "^5.0",
+    "symfony/config": "^6.2",
+    "symfony/http-client": "^6.2",
+    "symfony/http-foundation": "^6.2",
+    "symfony/http-kernel": "^6.2",
+    "symfony/security-core": "^6.2"
+  },
+  "config": {
+    "optimize-autoloader": true,
+    "preferred-install": {
+      "*": "dist"
+    },
+    "sort-packages": true
+  },
+  "autoload": {
+    "psr-4": {
+      "Nuvola\\OAuth2AuthenticatorBundle\\": "src/"
+    }
+  }
+}

src/DependencyInjection/Configuration.php

@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nuvola\OAuth2AuthenticatorBundle\DependencyInjection;
+
+use Symfony\Component\Config\Definition\Builder\TreeBuilder;
+use Symfony\Component\Config\Definition\ConfigurationInterface;
+
+final class Configuration implements ConfigurationInterface
+{
+    public function getConfigTreeBuilder()
+    {
+        $treeBuilder = new TreeBuilder('oauth2_authenticator');
+        $treeBuilder->getRootNode()
+            ->children()
+            ->scalarNode('client_id')->isRequired()->cannotBeEmpty()->end()
+            ->scalarNode('client_secret')->isRequired()->cannotBeEmpty()->end()
+            ->arrayNode('itrospect')
+            ->isRequired()
+            ->children()
+            ->scalarNode('endpoint')->isRequired()->cannotBeEmpty()->end()
+            ->scalarNode('user_identifier_property')->defaultValue('sub')->end()
+            ->end()
+            ->end()
+            ->scalarNode('userinfo_endpoint')->cannotBeEmpty()->end()
+            ->end()
+        ;
+
+        return $treeBuilder;
+    }
+}

src/DependencyInjection/OAuth2AuthenticatorExtension.php

@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nuvola\OAuth2AuthenticatorBundle\DependencyInjection;
+
+use Symfony\Component\Config\FileLocator;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Loader\YamlFileLoader;
+use Symfony\Component\HttpKernel\DependencyInjection\ConfigurableExtension;
+use Nuvola\OAuth2AuthenticatorBundle\Repository\UserRepository;
+use Nuvola\OAuth2AuthenticatorBundle\Service\IntrospectService;
+use Nuvola\OAuth2AuthenticatorBundle\Token\TokenFactory;
+
+final class OAuth2AuthenticatorExtension extends ConfigurableExtension
+{
+    public function loadInternal(array $mergedConfig, ContainerBuilder $container): void
+    {
+        $loader = new YamlFileLoader(
+            $container,
+            new FileLocator(__DIR__.'/../Resources/config')
+        );
+
+        $loader->load('services.yaml');
+
+        $definition = $container->getDefinition(IntrospectService::class);
+        $definition->replaceArgument(1, $mergedConfig['client_id']);
+        $definition->replaceArgument(2, $mergedConfig['client_secret']);
+        $definition->replaceArgument(3, $mergedConfig['itrospect']['endpoint']);
+
+        $definition = $container->getDefinition(TokenFactory::class);
+        $definition->replaceArgument(0, $mergedConfig['itrospect']['user_identifier_property']);
+
+        $definition = $container->getDefinition(UserRepository::class);
+        $definition->replaceArgument(1, $mergedConfig['userinfo_endpoint'] ?? '');
+    }
+
+    public function getAlias(): string
+    {
+        return 'oauth2_authenticator';
+    }
+}

src/EventDispatcher/Event/TokenVerifiedEvent.php

@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nuvola\OAuth2AuthenticatorBundle\EventDispatcher\Event;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+use Nuvola\OAuth2AuthenticatorBundle\Token\Token;
+
+final class TokenVerifiedEvent
+{
+    private ?UserInterface $user = null;
+
+    public function __construct(
+        public readonly Token $token,
+    ) {
+    }
+
+    public function getUser(): ?UserInterface
+    {
+        return $this->user;
+    }
+
+    public function isUserSet(): bool
+    {
+        return $this->user instanceof UserInterface;
+    }
+
+    public function setUser(UserInterface $user): void
+    {
+        $this->user = $user;
+    }
+}

src/OAuth2AuthenticatorBundle.php

@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nuvola\OAuth2AuthenticatorBundle;
+
+use Symfony\Component\DependencyInjection\Extension\ExtensionInterface;
+use Symfony\Component\HttpKernel\Bundle\Bundle;
+use Nuvola\OAuth2AuthenticatorBundle\DependencyInjection\OAuth2AuthenticatorExtension;
+
+final class OAuth2AuthenticatorBundle extends Bundle
+{
+    public function getContainerExtension(): ?ExtensionInterface
+    {
+        return new OAuth2AuthenticatorExtension();
+    }
+}

src/Repository/AuthBearerAwareInterface.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nuvola\OAuth2AuthenticatorBundle\Repository;
+
+interface AuthBearerAwareInterface
+{
+    public function setAuthBearer(string $token);
+}

src/Repository/UserRepository.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nuvola\OAuth2AuthenticatorBundle\Repository;
+
+use Symfony\Component\HttpClient\HttpOptions;
+use Symfony\Contracts\HttpClient\Exception\ExceptionInterface;
+use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
+use Symfony\Contracts\HttpClient\HttpClientInterface;
+
+final class UserRepository implements UserRepositoryInterface, AuthBearerAwareInterface
+{
+    public function __construct(
+        private HttpClientInterface $client,
+        private readonly string $endpoint,
+    ) {
+    }
+
+    public function setAuthBearer(string $token): void
+    {
+        $options = new HttpOptions();
+        $options->setAuthBearer($token);
+
+        $this->client = $this->client->withOptions($options->toArray());
+    }
+
+    public function getUserInfo(): array
+    {
+        try {
+            return $this->client->request('GET', $this->endpoint)->toArray();
+        } catch (ExceptionInterface|TransportExceptionInterface $e) {
+            throw new \RuntimeException($e->getMessage(), 0, $e); // TODO: custom exception
+        }
+    }
+}

src/Repository/UserRepositoryInterface.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nuvola\OAuth2AuthenticatorBundle\Repository;
+
+interface UserRepositoryInterface
+{
+    public function getUserInfo(): array;
+}

src/Resources/config/services.yaml

@@ -0,0 +1,32 @@
+services:
+  _defaults:
+    autowire: false
+    autoconfigure: false
+
+  nuvola.http_client:
+    class: Symfony\Contracts\HttpClient\HttpClientInterface
+    factory: [ 'Symfony\Component\HttpClient\HttpClient', 'create' ]
+
+  Nuvola\OAuth2AuthenticatorBundle\Token\TokenFactory:
+    - ~ # compiled
+
+  Nuvola\OAuth2AuthenticatorBundle\Token\TokenFactoryInterface: '@Nuvola\OAuth2AuthenticatorBundle\Token\TokenFactory'
+
+  Nuvola\OAuth2AuthenticatorBundle\Service\IntrospectService:
+    - '@nuvola.http_client'
+    - ~ # compiled
+    - ~ # compiled
+    - ~ # compiled
+    - '@Nuvola\OAuth2AuthenticatorBundle\Token\TokenFactoryInterface'
+
+  Nuvola\OAuth2AuthenticatorBundle\Service\IntrospectServiceInterface: '@Nuvola\OAuth2AuthenticatorBundle\Service\IntrospectService'
+
+  Nuvola\OAuth2AuthenticatorBundle\Security\OAuth2Authenticator:
+    - '@Nuvola\OAuth2AuthenticatorBundle\Service\IntrospectServiceInterface'
+    - '@Symfony\Contracts\EventDispatcher\EventDispatcherInterface'
+
+  Nuvola\OAuth2AuthenticatorBundle\Repository\UserRepository:
+    - '@nuvola.http_client'
+    - ~ # compiled
+
+  Nuvola\OAuth2AuthenticatorBundle\Repository\UserRepositoryInterface: '@Nuvola\OAuth2AuthenticatorBundle\Repository\UserRepository'