From b19b6a29884b6ad11df23a23bbc1041508eb9f65 Mon Sep 17 00:00:00 2001
From: Charles <ce.marguerite@sudalys.fr>
Date: Wed, 23 Apr 2025 16:26:54 +0200
Subject: [PATCH] Add scope modification in the token

---
 config/services.yaml                         |  3 +
 src/EventSubscriber/ScopeResolveListener.php | 76 ++++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 src/EventSubscriber/ScopeResolveListener.php

diff --git a/config/services.yaml b/config/services.yaml
index b82a1fa..32bf06b 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -22,6 +22,9 @@ services:
     App\EventSubscriber\:
         resource: '../src/EventSubscriber/'
         tags: ['kernel.event_subscriber']
+    App\EventSubscriber\ScopeResolveListener:
+        tags:
+            - { name: kernel.event_listener, event: league.oauth2_server.event.scope_resolve, method: onScopeResolve }
 
     # add more service definitions when explicit configuration is needed
     # please note that last definitions always *replace* previous ones
diff --git a/src/EventSubscriber/ScopeResolveListener.php b/src/EventSubscriber/ScopeResolveListener.php
new file mode 100644
index 0000000..3710424
--- /dev/null
+++ b/src/EventSubscriber/ScopeResolveListener.php
@@ -0,0 +1,76 @@
+<?php
+
+namespace App\EventSubscriber;
+
+use League\Bundle\OAuth2ServerBundle\Event\ScopeResolveEvent;
+use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
+use League\Bundle\OAuth2ServerBundle\Model\Client;
+use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
+use Psr\Log\LoggerInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+
+final class ScopeResolveListener implements EventSubscriberInterface
+{
+    private ClientRepositoryInterface $clientRepository;
+    private LoggerInterface $logger;
+
+    public function __construct(ClientRepositoryInterface $clientRepository, LoggerInterface $logger)
+    {
+        $this->logger = $logger;
+        // Inject the client repository
+        $this->clientRepository = $clientRepository;
+    }
+
+    public function onScopeResolve(ScopeResolveEvent $event): void
+    {
+        // Get the client ID from the event
+        $client = $event->getClient();
+        $clientIdentifier = $client->getIdentifier();
+
+        // Get the requested scopes from the event
+        $requestedScopes = $event->getScopes();
+        
+        // Prepare our final scopes collection
+        $finalScopes = [];
+        
+        // Add default scopes that everyone gets
+        $defaultScopes = ['email', 'profile', 'openid'];
+        foreach ($defaultScopes as $scope) {
+            $finalScopes[] = new Scope($scope);
+        }
+        
+        // Add client-specific scopes based on client identifier or name
+        switch ($clientIdentifier) {
+            case $_ENV['EASYEXPLOIT_CLIENT_ID']:
+                $finalScopes[] = new Scope('apps:easyexploit');
+                break;
+            case 'EasyAccess':
+                $finalScopes[] = new Scope('apps:easyaccess');
+                break;
+            case 'EasyMonithor':
+                $finalScopes[] = new Scope('apps:easymonithor');
+                break;
+            case 'EasyCheck':
+                $finalScopes[] = new Scope('apps:easycheck');
+                break;
+            // Add more cases as needed for other applications
+        }
+        
+        // // If the client is an admin client, add admin scopes
+        // if (str_contains($client->getName(), 'Admin')) {
+        //     $finalScopes[] = new Scope('apps:manage');
+        //     $finalScopes[] = new Scope('orgs:manage');
+        //     $finalScopes[] = new Scope('users:manage');
+        // }
+        
+        // Set the resolved scopes
+        $event->setScopes(...$finalScopes);
+    }
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            ScopeResolveEvent::class => 'onScopeResolve',
+        ];
+    }
+}