Add single sign on logic

alexander-schranz · Mar 11, 2024 · 627346e · 627346e
1 parent b3c927d
commit 627346e
Show file tree

Hide file tree

Showing 24 changed files with 794 additions and 103 deletions.
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -52,6 +52,9 @@ security:
                 authentication_required_handler: sulu_security.two_factor_authentication_required_handler
                 success_handler: sulu_security.two_factor_authentication_success_handler
                 failure_handler: sulu_security.two_factor_authentication_failure_handler
+            access_token:
+                token_handler: sulu_security.single_sign_on_token_handler
+                token_extractors: sulu_security.single_sign_on_token_extractor
 
 #        website:
 #            pattern: ^/

diff --git a/config/packages/sulu_security.yaml b/config/packages/sulu_security.yaml
@@ -12,11 +12,6 @@ sulu_security:
         force:
             pattern: '/@sulu\.io$/'
 
-    single_sign_on:
-        providers:
-            'sulu.io':
-                dsn: 'openid://%env(resolve:SULU_OPEN_ID_CLIENT_ID)%:%env(resolve:SULU_OPEN_ID_CLIENT_SECRET)%@%env(resolve:SULU_OPEN_ID_ENDPOINT)%'
-
 when@test:
     sulu_security:
         two_factor:

diff --git a/config/routes/sulu_admin.yaml b/config/routes/sulu_admin.yaml
@@ -113,3 +113,9 @@ sulu_audience_targeting_api:
     type: rest
     resource: "@SuluAudienceTargetingBundle/Resources/config/routing_api.yml"
     prefix: /admin/api
+
+sulu_admin_single_sign_on:
+    path: /openid
+    controller: Symfony\Bundle\FrameworkBundle\Controller\RedirectController::redirectAction
+    defaults:
+        route: sulu_admin
diff --git a/src/Sulu/Bundle/AdminBundle/Controller/AdminController.php b/src/Sulu/Bundle/AdminBundle/Controller/AdminController.php
@@ -171,6 +171,11 @@ class AdminController
      */
     private $passwordInfoTranslationKey;
 
+    /**
+     * @var bool
+     */
+    private $hasSingleSignOnProvider;
+
     public function __construct(
         UrlGeneratorInterface $urlGenerator,
         TokenStorageInterface $tokenStorage,
@@ -198,7 +203,7 @@ public function __construct(
         ?bool $collaborationEnabled = null,
         ?string $passwordPattern = null,
         ?string $passwordInfoTranslationKey = null,
-        ?bool $hasSingleSignOnProvider = false
+        bool $hasSingleSignOnProvider = false
     ) {
         $this->urlGenerator = $urlGenerator;
         $this->tokenStorage = $tokenStorage;

diff --git a/src/Sulu/Bundle/AdminBundle/Resources/js/components/Input/Input.js b/src/Sulu/Bundle/AdminBundle/Resources/js/components/Input/Input.js
@@ -19,6 +19,7 @@ export default class Input<T: ?string | ?number> extends React.PureComponent<Inp
         skin: 'default',
         type: 'text',
         valid: true,
+        autoFocus: false,
     };
 
     setInputRef = (ref: ?ElementRef<'input'>) => {
@@ -86,6 +87,7 @@ export default class Input<T: ?string | ?number> extends React.PureComponent<Inp
             min,
             max,
             step,
+            autoFocus,
         } = this.props;
 
         const inputContainerClass = classNames(
@@ -159,6 +161,7 @@ export default class Input<T: ?string | ?number> extends React.PureComponent<Inp
                         ref={inputRef ? this.setInputRef : undefined}
                         step={step}
                         type={type}
+                        autoFocus={autoFocus}
                         value={value == null ? '' : value}
                     />
 

diff --git a/src/Sulu/Bundle/AdminBundle/Resources/js/containers/Application/tests/Application.test.js b/src/Sulu/Bundle/AdminBundle/Resources/js/containers/Application/tests/Application.test.js
@@ -39,6 +39,7 @@ const mockUserStoreContact = jest.fn();
 const mockUserStoreUser = jest.fn();
 const mockUserStoreGetPersistentSetting = jest.fn().mockReturnValue(0);
 const mockUserStoreSetPersistentSetting = jest.fn();
+const mockUserStoreHasSingleSignOn = jest.fn().mockReturnValue(false);
 
 jest.mock('../../../stores/userStore', () => {
     return new class {
@@ -54,6 +55,10 @@ jest.mock('../../../stores/userStore', () => {
             return mockUserStoreContact();
         }
 
+        hasSingleSignOn() {
+            return mockUserStoreHasSingleSignOn();
+        }
+
         getPersistentSetting(value) {
             return mockUserStoreGetPersistentSetting(value);
         }

diff --git a/src/Sulu/Bundle/AdminBundle/Resources/js/containers/Login/LoginForm.js b/src/Sulu/Bundle/AdminBundle/Resources/js/containers/Login/LoginForm.js
@@ -119,7 +119,7 @@ class LoginForm extends React.Component<Props> {
                                 />
                             </label>
                         )}
-                        {!this.props.hasSingleSignOn || (this.props.hasSingleSignOn && this.props.hasOnlyPassword) && (
+                        {(!this.props.hasSingleSignOn || (this.props.hasSingleSignOn && this.props.hasOnlyPassword)) && (
                             <label className={inputFieldClass}>
                                 <div className={formStyles.labelText}>
                                     {translate('sulu_admin.password')}
@@ -131,22 +131,23 @@ class LoginForm extends React.Component<Props> {
                                     type="password"
                                     valid={!this.props.error}
                                     value={this.password}
+                                    autoFocus={this.props.hasOnlyPassword}
                                 />
                             </label>
                         )}
-                        <div className={formStyles.buttons}>
-                            <Button onClick={this.props.onChangeForm} skin="link">
-                                {translate('sulu_admin.forgot_password')}
-                            </Button>
-                            <Button
-                                disabled={this.submitButtonDisabled}
-                                loading={this.props.loading}
-                                skin="primary"
-                                type="submit"
-                            >
-                                {translate('sulu_admin.login')}
-                            </Button>
-                        </div>
+                            <div className={formStyles.buttons}>
+                                    <Button onClick={this.props.onChangeForm} skin="link">
+                                        {translate('sulu_admin.forgot_password')}
+                                    </Button>
+                                <Button
+                                    disabled={this.submitButtonDisabled}
+                                    loading={this.props.loading}
+                                    skin="primary"
+                                    type="submit"
+                                >
+                                    {translate('sulu_admin.login')}
+                                </Button>
+                            </div>
                     </fieldset>
                 </form>
             </Fragment>

diff --git a/src/Sulu/Bundle/AdminBundle/Resources/js/containers/Login/tests/Login.test.js b/src/Sulu/Bundle/AdminBundle/Resources/js/containers/Login/tests/Login.test.js
@@ -27,6 +27,8 @@ const mockUserStoreTwoFactorError = jest.fn();
 const mockUserStoreSetResetSuccess = jest.fn();
 const mockUserStoreLoading = jest.fn().mockReturnValue(false);
 const mockUserStoreForgotPasswordSuccess = jest.fn().mockReturnValue(false);
+const mockUserStoreHasJsonLogin = jest.fn().mockReturnValue(false);
+const mockUserStoreHasSingleSignOn = jest.fn().mockReturnValue(false);
 
 jest.mock('../../../stores/userStore', () => {
     return new class {
@@ -66,6 +68,14 @@ jest.mock('../../../stores/userStore', () => {
             return mockUserStoreSetResetSuccess(value);
         }
 
+        hasSingleSignOn() {
+            return mockUserStoreHasSingleSignOn();
+        }
+
+        get hasJsonLogin() {
+            return mockUserStoreHasJsonLogin();
+        }
+
         get loading() {
             return mockUserStoreLoading();
         }
@@ -247,3 +257,25 @@ test('Should not call the submit handler of the reset password view with not mat
         expect(router.reset).not.toBeCalled();
     });
 });
+
+test('Should render the Login with only username/email', () => {
+    const router = new Router();
+    mockUserStoreHasSingleSignOn.mockReturnValueOnce(true);
+
+    const loginForm = mount(
+        <Login initialized={true} onLoginSuccess={jest.fn()} router={router} />
+    );
+
+    expect(loginForm.render()).toMatchSnapshot()
+});
+
+test('Should render the Login with only password', () => {
+    const router = new Router();
+    mockUserStoreHasJsonLogin.mockReturnValue(true);
+
+    const loginForm = mount(
+        <Login initialized={true} onLoginSuccess={jest.fn()} router={router} />
+    );
+
+    expect(loginForm.render()).toMatchSnapshot()
+});
diff --git a/...u/Bundle/AdminBundle/Resources/js/containers/Login/tests/__snapshots__/Login.test.js.snap b/...u/Bundle/AdminBundle/Resources/js/containers/Login/tests/__snapshots__/Login.test.js.snap
@@ -323,6 +323,204 @@ exports[`Should render the Login with forgot password with success 1`] = `
 </div>
 `;
 
+exports[`Should render the Login with only password 1`] = `
+<div
+  class="login"
+>
+  <div
+    class="loginContainer"
+  >
+    <div
+      class="formContainer"
+    >
+      <div
+        class="logoContainer"
+      >
+        <span
+          aria-label="su-sulu"
+          class="su-sulu"
+        />
+      </div>
+      <div
+        class="header"
+      >
+        sulu_admin.welcome
+      </div>
+      <form
+        class="form"
+      >
+        <fieldset>
+          <label
+            class="inputField"
+          >
+            <div
+              class="labelText"
+            >
+              sulu_admin.password
+            </div>
+            <div
+              class="input default left"
+            >
+              <div
+                class="prependedContainer default"
+              >
+                <span
+                  aria-label="su-lock"
+                  class="su-lock icon default"
+                />
+              </div>
+              <input
+                autocomplete="current-password"
+                type="password"
+                value=""
+              />
+            </div>
+          </label>
+          <div
+            class="buttons"
+          >
+            <button
+              class="button link hasText"
+              type="button"
+            >
+              <span
+                class="buttonText"
+              >
+                sulu_admin.forgot_password
+              </span>
+            </button>
+            <button
+              class="button primary hasText"
+              disabled=""
+              type="submit"
+            >
+              <span
+                class="buttonText"
+              >
+                sulu_admin.login
+              </span>
+            </button>
+          </div>
+        </fieldset>
+      </form>
+    </div>
+    <div
+      class="backLinkContainer"
+    >
+      <a
+        class="backLink"
+        href="/"
+      >
+        <span
+          aria-label="su-angle-left"
+          class="su-angle-left backLinkIcon"
+        />
+        sulu_admin.back_to_website
+      </a>
+    </div>
+  </div>
+</div>
+`;
+
+exports[`Should render the Login with only username/email 1`] = `
+<div
+  class="login"
+>
+  <div
+    class="loginContainer"
+  >
+    <div
+      class="formContainer"
+    >
+      <div
+        class="logoContainer"
+      >
+        <span
+          aria-label="su-sulu"
+          class="su-sulu"
+        />
+      </div>
+      <div
+        class="header"
+      >
+        sulu_admin.welcome
+      </div>
+      <form
+        class="form"
+      >
+        <fieldset>
+          <label
+            class="inputField"
+          >
+            <div
+              class="labelText"
+            >
+              sulu_admin.username_or_email
+            </div>
+            <div
+              class="input default left"
+            >
+              <div
+                class="prependedContainer default"
+              >
+                <span
+                  aria-label="su-user"
+                  class="su-user icon default"
+                />
+              </div>
+              <input
+                autocomplete="username"
+                type="text"
+                value=""
+              />
+            </div>
+          </label>
+          <div
+            class="buttons"
+          >
+            <button
+              class="button link hasText"
+              type="button"
+            >
+              <span
+                class="buttonText"
+              >
+                sulu_admin.forgot_password
+              </span>
+            </button>
+            <button
+              class="button primary hasText"
+              disabled=""
+              type="submit"
+            >
+              <span
+                class="buttonText"
+              >
+                sulu_admin.login
+              </span>
+            </button>
+          </div>
+        </fieldset>
+      </form>
+    </div>
+    <div
+      class="backLinkContainer"
+    >
+      <a
+        class="backLink"
+        href="/"
+      >
+        <span
+          aria-label="su-angle-left"
+          class="su-angle-left backLinkIcon"
+        />
+        sulu_admin.back_to_website
+      </a>
+    </div>
+  </div>
+</div>
+`;
+
 exports[`Should render the Login with reset password view 1`] = `
 <div
   class="login"