Update src/Sulu/Bundle/SecurityBundle/SingleSignOn/SingleSignOnLoginR…

…equestSubscriber.php
alexander-schranz · Mar 14, 2024 · 3d48921 · 3d48921
1 parent de3f5ff
commit 3d48921
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 19 deletions.
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -52,9 +52,9 @@ security:
                 authentication_required_handler: sulu_security.two_factor_authentication_required_handler
                 success_handler: sulu_security.two_factor_authentication_success_handler
                 failure_handler: sulu_security.two_factor_authentication_failure_handler
-            access_token:
-                token_handler: sulu_security.single_sign_on_token_handler
-                token_extractors: sulu_security.single_sign_on_token_extractor
+#            access_token:
+#                token_handler: sulu_security.single_sign_on_token_handler
+#                token_extractors: sulu_security.single_sign_on_token_extractor
 
 #        website:
 #            pattern: ^/

diff --git a/src/Sulu/Bundle/SecurityBundle/DependencyInjection/SuluSecurityExtension.php b/src/Sulu/Bundle/SecurityBundle/DependencyInjection/SuluSecurityExtension.php
@@ -32,6 +32,7 @@
 use Symfony\Component\DependencyInjection\Loader\XmlFileLoader;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\HttpKernel\DependencyInjection\Extension;
+use Symfony\Component\Security\Http\AccessToken\AccessTokenExtractorInterface;
 use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
 
 /**
@@ -111,22 +112,29 @@ public function load(array $configs, ContainerBuilder $container)
 
         $container->setParameter('sulu_security.has_single_sign_on_providers', false);
 
-        if (\array_key_exists('single_sign_on', $config)
-            && \array_key_exists('providers', $config['single_sign_on'])) {
-            $container->setParameter(
-                'sulu_security.has_single_sign_on_providers',
-                \count($config['single_sign_on']['providers']) > 0,
-            );
+        if (!\array_key_exists('single_sign_on', $config) || !\array_key_exists('providers', $config['single_sign_on'])) {
+            return;
+        }
 
-            foreach ($config['single_sign_on']['providers'] as $domain => $providerConfig) {
-                $definition = new Definition();
-                $definition->setFactory([new Reference('sulu_security.single_sign_on_adapter_factory'), 'createAdapter']);
-                $definition->setClass(SingleSignOnAdapterInterface::class);
-                $definition->setArguments([$providerConfig['dsn'], $providerConfig['user_role'] ?? null]);
-                $definition->addTag('sulu_security.single_sign_on_adapter', ['domain' => $domain]);
+        if (!\interface_exists(AccessTokenExtractorInterface::class)) {
+            throw new \RuntimeException('The symfony/security-http package is required to use the SuluSecurityBundle. At least symfony/security-http 6.2 is required.');
+        }
 
-                $container->setDefinition('sulu_security.single_sign_on_adapter_' . \str_replace('.', '_', $domain), $definition);
-            }
+        $loader->load('single_sign_on.xml');
+
+        $container->setParameter(
+            'sulu_security.has_single_sign_on_providers',
+            \count($config['single_sign_on']['providers']) > 0,
+        );
+
+        foreach ($config['single_sign_on']['providers'] as $domain => $providerConfig) {
+            $definition = new Definition();
+            $definition->setFactory([new Reference('sulu_security.single_sign_on_adapter_factory'), 'createAdapter']);
+            $definition->setClass(SingleSignOnAdapterInterface::class);
+            $definition->setArguments([$providerConfig['dsn'], $providerConfig['user_role'] ?? null]);
+            $definition->addTag('sulu_security.single_sign_on_adapter', ['domain' => $domain]);
+
+            $container->setDefinition('sulu_security.single_sign_on_adapter_' . \str_replace('.', '_', $domain), $definition);
         }
     }
 

diff --git a/src/Sulu/Bundle/SecurityBundle/Resources/config/single_sign_on.xml b/src/Sulu/Bundle/SecurityBundle/Resources/config/single_sign_on.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<container xmlns="http://symfony.com/schema/dic/services"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+    <services>
+
+        <service id="sulu_security.open_id_login_subscriber" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnLoginRequestSubscriber">
+            <argument type="service" id="sulu_security.single_sign_provider"/>
+            <argument type="service" id="router"/>
+            <argument type="service" id="sulu.repository.user"/>
+            <tag name="kernel.event_subscriber"/>
+        </service>
+
+        <service id="sulu_security.single_sign_on_adapter_factory_open_id" class="Sulu\Bundle\SecurityBundle\SingleSignOn\Adapter\OpenId\OpenIdSingleSignOnAdapterFactory">
+            <argument type="service" id="http_client"/>
+            <argument type="service" id="sulu_security.user_repository"/>
+            <argument type="service" id="doctrine.orm.entity_manager"/>
+            <argument type="service" id="sulu.repository.contact"/>
+            <argument type="service" id="sulu.repository.role"/>
+            <argument type="service" id="router"/>
+            <argument>%sulu_core.translations%</argument>
+
+            <tag name="sulu_security.single_sign_on_factory"/>
+        </service>
+
+        <service id="sulu_security.single_sign_on_adapter_factory" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnAdapterFactory">
+            <argument type="tagged_iterator" tag="sulu_security.single_sign_on_factory"/>
+        </service>
+
+        <service id="sulu_security.single_sign_provider" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnAdapterProvider">
+            <argument type="tagged_locator" tag="sulu_security.single_sign_on_adapter" index-by="domain" />
+        </service>
+
+        <service id="sulu_security.single_sign_on_token_extractor" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnTokenExtractor">
+            <argument type="service" id="sulu_security.single_sign_provider"/>
+        </service>
+
+        <service id="sulu_security.single_sign_on_token_handler" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnTokenHandler">
+            <argument type="service" id="sulu_security.single_sign_provider"/>
+            <argument type="service" id="http_client"/>
+        </service>
+    </services>
+</container>
diff --git a/src/Sulu/Bundle/SecurityBundle/SingleSignOn/SingleSignOnLoginRequestSubscriber.php b/src/Sulu/Bundle/SecurityBundle/SingleSignOn/SingleSignOnLoginRequestSubscriber.php
@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /*
  * This file is part of Sulu.
  *

diff --git a/src/Sulu/Bundle/SecurityBundle/Tests/Unit/SingleSignOn/SingleSignOnTokeExtractorTest.php b/src/Sulu/Bundle/SecurityBundle/Tests/Unit/SingleSignOn/SingleSignOnTokeExtractorTest.php
@@ -21,6 +21,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
+use Symfony\Component\Security\Http\AccessToken\AccessTokenExtractorInterface;
 
 class SingleSignOnTokeExtractorTest extends TestCase
 {
@@ -35,6 +36,10 @@ class SingleSignOnTokeExtractorTest extends TestCase
 
     protected function setUp(): void
     {
+        if (!\interface_exists(AccessTokenExtractorInterface::class)) {
+            $this->markTestSkipped('This test requires symfony/security-http ^6.2');
+        }
+
         $this->singleSignOnAdapterProvider = $this->prophesize(SingleSignOnAdapterProvider::class);
 
         $this->tokenExtractor = new SingleSignOnTokenExtractor(