Skip to content

Commit

Permalink
Add single sign on logic
Browse files Browse the repository at this point in the history
  • Loading branch information
@martinlagler
martinlagler committed Mar 8, 2024
1 parent b3c927d commit 7a330fe
Show file tree
Hide file tree
Showing 18 changed files with 502 additions and 95 deletions.
3 changes: 3 additions & 0 deletions config/packages/security.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@ security:
authentication_required_handler: sulu_security.two_factor_authentication_required_handler
success_handler: sulu_security.two_factor_authentication_success_handler
failure_handler: sulu_security.two_factor_authentication_failure_handler
access_token:
token_handler: sulu_security.single_sign_on_token_handler
token_extractors: sulu_security.single_sign_on_token_extractor

# website:
# pattern: ^/
Expand Down
6 changes: 6 additions & 0 deletions config/routes/sulu_admin.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,9 @@ sulu_audience_targeting_api:
type: rest
resource: "@SuluAudienceTargetingBundle/Resources/config/routing_api.yml"
prefix: /admin/api

sulu_admin_single_sign_on:
path: /openid
controller: Symfony\Bundle\FrameworkBundle\Controller\RedirectController::redirectAction
defaults:
route: sulu_admin
3 changes: 3 additions & 0 deletions src/Sulu/Bundle/AdminBundle/Resources/js/components/Input/Input.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ export default class Input<T: ?string | ?number> extends React.PureComponent<Inp
skin: 'default',
type: 'text',
valid: true,
autoFocus: false,
};

setInputRef = (ref: ?ElementRef<'input'>) => {
Expand Down Expand Up @@ -86,6 +87,7 @@ export default class Input<T: ?string | ?number> extends React.PureComponent<Inp
min,
max,
step,
autoFocus,
} = this.props;

const inputContainerClass = classNames(
Expand Down Expand Up @@ -159,6 +161,7 @@ export default class Input<T: ?string | ?number> extends React.PureComponent<Inp
ref={inputRef ? this.setInputRef : undefined}
step={step}
type={type}
autoFocus={autoFocus}
value={value == null ? '' : value}
/>

Expand Down
29 changes: 15 additions & 14 deletions src/Sulu/Bundle/AdminBundle/Resources/js/containers/Login/LoginForm.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ class LoginForm extends React.Component<Props> {
/>
</label>
)}
{!this.props.hasSingleSignOn || (this.props.hasSingleSignOn && this.props.hasOnlyPassword) && (
{(!this.props.hasSingleSignOn || (this.props.hasSingleSignOn && this.props.hasOnlyPassword)) && (
<label className={inputFieldClass}>
<div className={formStyles.labelText}>
{translate('sulu_admin.password')}
Expand All @@ -131,22 +131,23 @@ class LoginForm extends React.Component<Props> {
type="password"
valid={!this.props.error}
value={this.password}
autoFocus={this.props.hasOnlyPassword}
/>
</label>
)}
<div className={formStyles.buttons}>
<Button onClick={this.props.onChangeForm} skin="link">
{translate('sulu_admin.forgot_password')}
</Button>
<Button
disabled={this.submitButtonDisabled}
loading={this.props.loading}
skin="primary"
type="submit"
>
{translate('sulu_admin.login')}
</Button>
</div>
<div className={formStyles.buttons}>
<Button onClick={this.props.onChangeForm} skin="link">
{translate('sulu_admin.forgot_password')}
</Button>
<Button
disabled={this.submitButtonDisabled}
loading={this.props.loading}
skin="primary"
type="submit"
>
{translate('sulu_admin.login')}
</Button>
</div>
</fieldset>
</form>
</Fragment>
Expand Down
8 changes: 7 additions & 1 deletion src/Sulu/Bundle/AdminBundle/Resources/js/stores/userStore/userStore.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,13 @@ class UserStore {
this.setLoading(true);

return Requester.post(Config.endpoints.forgotPasswordReset, data)
.then(() => {
.then((data) => {
if (data.method === 'redirect' && data.url) {
window.location.href = data.url;

return
}

this.setLoading(false);
this.setForgotPasswordSuccess(true);
})
Expand Down
3 changes: 3 additions & 0 deletions src/Sulu/Bundle/SecurityBundle/DependencyInjection/Configuration.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,9 @@ public function getConfigTreeBuilder(): TreeBuilder
->scalarNode('dsn')
->cannotBeEmpty()
->end()
->scalarNode('user_role')
->cannotBeEmpty()
->end()
->end()
->end()
->end()
Expand Down
29 changes: 20 additions & 9 deletions src/Sulu/Bundle/SecurityBundle/DependencyInjection/SuluSecurityExtension.php
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
<?php

declare(strict_types=1);

/*
* This file is part of Sulu.
*
Expand Down Expand Up @@ -76,7 +78,7 @@ public function load(array $configs, ContainerBuilder $container)
/** @var array<string, class-string> $bundles */
$bundles = $container->getParameter('kernel.bundles');

if (\in_array(SchebTwoFactorBundle::class, $bundles)) {
if (\in_array(SchebTwoFactorBundle::class, $bundles, true)) {
$loader->load('2fa.xml');

if (\interface_exists(AuthCodeMailerInterface::class)) {
Expand All @@ -103,18 +105,27 @@ public function load(array $configs, ContainerBuilder $container)
RoleRepositoryInterface::class => 'sulu.repository.role',
RoleSettingRepositoryInterface::class => 'sulu.repository.role_setting',
AccessControlRepositoryInterface::class => 'sulu.repository.access_control',
]
],
);

$singleSignOnMapping = [];

$container->setParameter('sulu_security.has_single_sign_on_providers', false);

if (array_key_exists('single_sign_on', $config)
&& array_key_exists('providers', $config['single_sign_on'])) {
if (\array_key_exists('single_sign_on', $config)
&& \array_key_exists('providers', $config['single_sign_on'])) {
$container->setParameter(
'sulu_security.has_single_sign_on_providers',
\count($config['single_sign_on']['providers']) > 0
\count($config['single_sign_on']['providers']) > 0,
);

foreach ($config['single_sign_on']['providers'] as $domain => $provider) {
$singleSignOnMapping[$domain]['dsn'] = $provider['dsn'];
$singleSignOnMapping[$domain]['user_role'] = $provider['user_role'] ?? null;
}
}

$container->setParameter('sulu_security.single_sign_on_mapping', $singleSignOnMapping);
}

/**
Expand All @@ -130,7 +141,7 @@ public function prepend(ContainerBuilder $container)
'enabled' => false,
'mailer' => 'sulu_security.two_factor_mailer',
],
]
],
);
}

Expand All @@ -146,7 +157,7 @@ public function prepend(ContainerBuilder $container)
EmailNotUniqueException::class => 409,
],
],
]
],
);
}

Expand All @@ -163,7 +174,7 @@ public function prepend(ContainerBuilder $container)
'fragments' => [
'path' => '/admin/_fragments',
],
]
],
);
}

Expand Down Expand Up @@ -205,7 +216,7 @@ public function prepend(ContainerBuilder $container)
],
],
],
]
],
);
}
}
Expand Down
34 changes: 33 additions & 1 deletion src/Sulu/Bundle/SecurityBundle/Resources/config/services.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -386,8 +386,40 @@
<tag name="sulu_admin.form_metadata_visitor" />
</service>

<service id="sulu_security.open_id_login_subscriber" class="Sulu\Bundle\SecurityBundle\Security\OpenIdLoginSubscriber">
<service id="sulu_security.open_id_login_subscriber" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnLoginRequestSubscriber">
<argument type="service" id="sulu_security.single_sign_provider"/>
<argument type="service" id="router"/>
<argument type="service" id="sulu.repository.user"/>
<tag name="kernel.event_subscriber"/>
</service>

<service id="sulu_security.single_sign_on_adapter_factory_open_id" class="Sulu\Bundle\SecurityBundle\SingleSignOn\Adapter\OpenId\OpenIdSingleSignOnAdapterFactory">
<argument type="service" id="http_client"/>
<argument type="service" id="sulu_security.user_repository"/>
<argument type="service" id="doctrine.orm.entity_manager"/>
<argument type="service" id="sulu.repository.contact"/>
<argument type="service" id="sulu.repository.role"/>
<argument type="service" id="router"/>

<tag name="sulu_security.single_sign_on_factory"/>
</service>

<service id="sulu_security.single_sign_on_adapter_factory" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnAdapterFactory">
<argument type="tagged_iterator" tag="sulu_security.single_sign_on_factory"/>
</service>

<service id="sulu_security.single_sign_provider" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnAdapterProvider">
<argument type="service" id="sulu_security.single_sign_on_adapter_factory"/>
<argument>%sulu_security.single_sign_on_mapping%</argument>
</service>

<service id="sulu_security.single_sign_on_token_extractor" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnTokenExtractor">
<argument type="service" id="sulu_security.single_sign_provider"/>
</service>

<service id="sulu_security.single_sign_on_token_handler" class="Sulu\Bundle\SecurityBundle\SingleSignOn\SingleSignOnTokenHandler">
<argument type="service" id="sulu_security.single_sign_provider"/>
<argument type="service" id="http_client"/>
</service>
</services>
</container>
58 changes: 0 additions & 58 deletions src/Sulu/Bundle/SecurityBundle/Security/OpenIdLoginSubscriber.php
View file

This file was deleted.

Loading

0 comments on commit 7a330fe

Please sign in to comment.