src/Security/MyAzureAuthenticator.php line 22

Open in your IDE?
  1. <?php
  2. namespace App\Security;
  4. use App\Entity\Kernel\User// your user entity
  5. use Doctrine\ORM\EntityManagerInterface;
  6. use KnpU\OAuth2ClientBundle\Security\Authenticator\SocialAuthenticator;
  7. use KnpU\OAuth2ClientBundle\Client\Provider\AzureClient;
  8. use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
  9. use Symfony\Component\HttpFoundation\Request;
  10. use Symfony\Component\HttpFoundation\Response;
  11. use Symfony\Component\Routing\RouterInterface;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  14. use Symfony\Component\Security\Core\User\UserProviderInterface;
  15. use Symfony\Component\HttpFoundation\RedirectResponse;
  16. use App\Service\Kernel\UserService;
  17. use App\Service\Kernel\KernelService;
  18. use Symfony\Component\HttpFoundation\RequestStack;
  22. class MyAzureAuthenticator extends SocialAuthenticator
  23. {
  24.     private $clientRegistry;
  25.     private $em;
  26.     private $router;
  27.     private $userService;
  28.     private $kernelService;
  29.     private $requestStack;
  31.     public function __construct(ClientRegistry $clientRegistryEntityManagerInterface $emRouterInterface $routerUserService $userServiceKernelService $kernelServiceRequestStack $requestStack)
  32.     {
  33.         $this->clientRegistry $clientRegistry;
  34.         $this->em $em;
  35.     $this->router $router;
  36.         $this->userService $userService;
  37.         $this->kernelService $kernelService;
  38.         $this->requestStack $requestStack;
  39.     }
  41.     public function supports(Request $request)
  42.     {
  43.         // continue ONLY if the current ROUTE matches the check ROUTE
  44.         return $request->attributes->get('_route') === 'connect_azure_check';
  45.     }
  47.     public function getCredentials(Request $request)
  48.     {
  49.         // this method is only called if supports() returns true
  51.         // For Symfony lower than 3.4 the supports method need to be called manually here:
  52.         // if (!$this->supports($request)) {
  53.         //     return null;
  54.         // }
  56.         return $this->fetchAccessToken($this->getAzureClient());
  57.     }
  59.     public function getUser($credentialsUserProviderInterface $userProvider)
  60.     {
  61.         /** @var FacebookUser $facebookUser */
  62.         $azureUser $this->getAzureClient()
  63.             ->fetchUserFromToken($credentials);
  64.         
  65.         //$email = $azureUser->getEmail();
  67.         // 1) have they logged in with Facebook before? Easy!
  68.         $existingUser $this->em->getRepository(User::class)
  69.             ->findOneBy(['uuid' => $azureUser->getId()]);
  70.         if ($existingUser) {
  71.             return $existingUser;
  72.         }
  74.         
  75.         
  76.         // 2) do we have a matching user by email?
  77.         //$user = $this->em->getRepository(User::class)
  78.         //    ->findOneBy(['email' => $email]);
  80.         // 3) Maybe you just want to "register" them by creating
  81.         // a User object
  82.                 
  83.         /*$user = new User();
  84.         $user->setUuid($azureUser->getId());
  85.         $user->setEmail($azureUser->toArray()['upn']);
  86.         $user->setFirstName($azureUser->getFirstName());
  87.         $user->setLastName($azureUser->getLastName());
  88.         $user->setPassword("?E(H+MbQeThWmZq4t7w!zPP&F)J@NcRf");
  89.         $this->em->persist($user);
  90.         $this->em->flush();*/
  91.         $defaultorg $this->kernelService->getApplicationInfoValue("Kernel.Defaultorganization");
  92.         $defaulttimezone $this->kernelService->getApplicationInfoValue("Kernel.Defaulttimezone");
  93.         $user $this->userService->CreateUser($azureUser->getId(), $azureUser->toArray()['upn'], $azureUser->getFirstName(), $azureUser->getLastName(), "?E(H+MbQeThWmZq4t7w!zPP&F)J@NcRf",
  94.                 """en-US"$defaulttimezonenull$defaultorg,1);
  96.         return $user;
  97.     }
  99.     /**
  100.      * @return AzureClient
  101.      */
  102.     private function getAzureClient()
  103.     {
  104.         return $this->clientRegistry
  105.             // "facebook_main" is the key used in config/packages/knpu_oauth2_client.yaml
  106.             ->getClient('azure');
  107.     }
  109.     public function onAuthenticationSuccess(Request $requestTokenInterface $token$providerKey)
  110.     {
  111.         $user $token->getUser();
  112.         if ($this->userService->CanLogin($user) == true)
  113.         {
  114.             $this->userService->Login($user);
  115.             $targetUrl $this->router->generate('app_home', ['_locale' => "".$user->getLocale()]);
  116.         }
  117.         else
  118.         {
  119.             $token->setAuthenticated(false);
  120.             $session $this->requestStack->getSession();
  121.             $session->set('error'"User.NotAllowedToLogin");
  122.             $targetUrl $this->router->generate('app_logout');
  123.         }
  124.         // change "app_homepage" to some route in your app
  125.         
  127.         return new RedirectResponse($targetUrl);
  128.     
  129.         // or, on success, let the request continue to be handled by the controller
  130.         //return null;
  131.     }
  133.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception)
  134.     {
  135.         $message strtr($exception->getMessageKey(), $exception->getMessageData());
  137.         return new Response($messageResponse::HTTP_FORBIDDEN);
  138.     }
  140.     /**
  141.      * Called when authentication is needed, but it's not sent.
  142.      * This redirects to the 'login'.
  143.      */
  144.     public function start(Request $requestAuthenticationException $authException null)
  145.     {
  146.         return new RedirectResponse(
  147.             '/connect/azure/'// might be the site, where users choose their oauth provider
  148.             Response::HTTP_TEMPORARY_REDIRECT
  149.         );
  150.     }
  152.     // ...
  153. }