Charles-Edouard
/
test_server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

temp server

This commit is contained in:
Charles 2025-03-27 11:44:49 +01:00
parent 86769e8d6e
commit fc94c0f48c
35 changed files with 2721 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.env
View File

@ -39,3 +39,10 @@ MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
###> symfony/mailer ###
MAILER_DSN=null://null
###< symfony/mailer ###
###> league/oauth2-server-bundle ###
OAUTH_PRIVATE_KEY=%kernel.project_dir%/config/jwt/private.pem
OAUTH_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
OAUTH_PASSPHRASE=a3c39947511d0cb3a682f50041805922
OAUTH_ENCRYPTION_KEY=cab3f0f4a9beaaa90a77ee55cf01790b
###< league/oauth2-server-bundle ###

4
.gitignore vendored
View File

@ -23,3 +23,7 @@
/public/assets/
/assets/vendor/
###< symfony/asset-mapper ###
###> league/oauth2-server-bundle ###
/config/jwt/*.pem
###< league/oauth2-server-bundle ###

1
composer.json
View File

@ -11,6 +11,7 @@
"doctrine/doctrine-bundle": "^2.13",
"doctrine/doctrine-migrations-bundle": "^3.4",
"doctrine/orm": "^3.3",
"league/oauth2-server-bundle": "^0.10.0",
"phpdocumentor/reflection-docblock": "^5.6",
"phpstan/phpdoc-parser": "^2.1",
"symfony/asset": "7.2.*",

1042
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

1
config/bundles.php
View File

@ -13,4 +13,5 @@ return [
Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
League\Bundle\OAuth2ServerBundle\LeagueOAuth2ServerBundle::class => ['all' => true],
];

30
config/oauth/private.key Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIKLNNtdUp7M4CAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBDMDNcnYR56ZlMbvkfMLWUvBIIE
0CQZaKA3CQU2r2SMoVyKwLBgSQJicPwuYpRV0HdfEB/j8zZgQW4mv3N4kCvFbALx
1p6WPEHSekCqM1h2O1w4BPLfJMTC3PreEf+Mp+zxrJJsXPYZIk1nqCrGiW5Yz9u4
eBfC9V4eBkL34nD+pQDl9PqKFenhX3ft0PjEhM1OYpVAiMoajtOz983qvW2bUbCn
NzLIcbuh4g5xDqagjpjFLesrfTwaplWsx8S/b/kAnlUP9kFIgx27mn/wBaHPnGN0
YaPiQDtnZDJrEXiNF3LiEh846HPxqYpqlosoJLyulKqbXsvSiFmp6qXP4vnbX3fm
df8Rv/jExMATagS2UfZOIzy4Z3l6P9AkiBRzsvk0HHLHy2Phh3N3KO+n+p7pIwO9
t1v4SlAPHQb8yr0WBgZXn/+83WNQl/PXk+Zf0TqcRQXoUQ3Vk4nt6bqXjm3l7Cu8
P+l/j1gzfJ+YTxF7NcAvzE2z1uYVnQv4zMerZeoVmBBs4scuZBVjCZg6yZr2hZqw
ZvJs/PL95Zz9FRqbGBQpA+gybePiLXmMjiy91csbagcE6IuDQI3dPTMYqS/WqdzX
0wbxUNb/Fq8kzRD4tR04jvUEkhUQLLOc3ffl+e7tXQoMS60OjA0Y1vfsp7uAqOMh
ofuRSk5uYQT2fayOIq68CDarxWEdtEDKAC5MeHm7poXKOgz+QSuKOepR6b1wuo+B
IODzIJoaT7RGqyg8dKBWMDjRZmztqK1SVagzPPEnxf2OqjxdHWHScpqh6aq74Qiy
zXHHxHFPpG/Ah4SyIB1If3cmQdYUxcK5OpFezD5/++E5U0XKyO13GvgTexyn2Gvu
R1dzMMyEU50xKy/OHLS9Pa2js1lU6k/X4hbOH8F6ADkMVT/d1G8uVQwYZj3oRixQ
ymr1CNbtglAUXb0R5hzlQeA3eAnNWKhK2q3s85x5IBjOj7+zP+hfapIFohogBdoQ
07aRTFi3aEW9xn47JBNCwnR/F69C9We0RNp4it2Kp9mAabTshLxmIc58NrLLeppP
PcQ4bvpNa92s33Seu3m/0baV8iaD8JFZz6aNoiYwEI0CHNJwmehjhgrst4pP4Cc2
30KljCqSg86hiv9R9OBKL7j1Kip5ZVtP95jrmlf9j+M1XcIbKRLlnTXxA5deRQql
DuUlF9+ioehRqjCvROocePe35Nhu/55em/ksX4FSjnLav5hAIQbC0CZEecmUlpuu
V/bVk1+cGfaqv6QU3G3rfOj2SAAWnfCsOv5wPsUEOAw2e0cpF2AoKYo5LxRJbDmu
VbDX5/euciW6mqlSadXzReUuSLb4wHedfMEw4LzLYmje8I/ukzeFhSrtB7+cbapy
YM+rqrK9zoew/YZtSxNL90dn1xXCmJOvcSm/oJJKg5InEo1e3kYLEq6AqFZCqX9J
YoT2D+iEvoKu2qLy5SWkjzz0aR33hpCqqoeRe2Oaf10w0+D7L/jTtqpJ66qBW/4s
BMtCeUKXc6lX5qpayHXIxdzAGTajHLVi4/Hoic1h0MmRKxzgCt7pAZiuerubPhvY
Uvf5Q4INof8218bEpYvEZNpA7A030SIdymnc+u+J6B+seMFS+Xtvt+0aaFBEvQiy
rYjBkdHRokf3LyHPw4Q53C/2dLx9xuL0b/4JaYGVY2UF
-----END ENCRYPTED PRIVATE KEY-----

9
config/oauth/public.key Normal file
View File

@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHCTBoDL4DzdqFRDYX1V
lIIVW74IvdN41Yhs2FujdbnDylOh/Iwqa4r20F0RPneKh9lKFEXK5/2hi3I2obRJ
j2AGFNu/lMRt9V05eK5Z3zEmf2RLaI6zLHWxpQQt/NKjcSU9ciO5KaPI5fkwtfvz
v4WLrn+/SWFTM7HkzHBzIekhi+RIiN/iqNy4bsiSbruIDQkCBCAJ+v8vdRzAx/wg
bVfYK4mniP0PzdSzEEGWRyOXShSCj5hFfWAxi1VRor3ORdiNQEtWINFFYsNKBzlx
q7xSQ65Co+ViH2NMo0i5swr8tmXV75AKCvYmuO7MhfSzKwnYiFERnTE2qs2W0NLy
jwIDAQAB
-----END PUBLIC KEY-----

7
config/packages/framework.yaml
View File

@ -3,9 +3,10 @@ framework:
secret: '%env(APP_SECRET)%'
# Note that the session will be started ONLY if you read or write from it.
session: true
#esi: true
session:
cookie_domain: '.solutions-easy.moi'
cookie_samesite: lax # Use 'none' only with HTTPS
#esi: true
#fragments: true
when@test:

18
config/packages/league_oauth2_server.yaml Normal file
View File

@ -0,0 +1,18 @@
league_oauth2_server:
authorization_server:
private_key: '%env(resolve:OAUTH_PRIVATE_KEY)%'
private_key_passphrase: '%env(resolve:OAUTH_PASSPHRASE)%'
encryption_key: '%env(resolve:OAUTH_ENCRYPTION_KEY)%'
resource_server:
public_key: '%env(resolve:OAUTH_PUBLIC_KEY)%'
scopes:
available: ['email']
default: ['email']
persistence:
doctrine:
entity_manager: default
when@test:
league_oauth2_server:
persistence:
in_memory: null

11
config/packages/nyholm_psr7.yaml Normal file
View File

@ -0,0 +1,11 @@
services:
# Register nyholm/psr7 services for autowiring with PSR-17 (HTTP factories)
Psr\Http\Message\RequestFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\ResponseFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\ServerRequestFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\StreamFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\UploadedFileFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\UriFactoryInterface: '@nyholm.psr7.psr17_factory'
nyholm.psr7.psr17_factory:
class: Nyholm\Psr7\Factory\Psr17Factory

47
config/packages/security.yaml
View File

@ -4,14 +4,46 @@ security:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
users_in_memory: { memory: null }
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: username
firewalls:
api:
pattern: ^/oauth2/api
security: true
stateless: true
oauth2: true
token:
pattern: ^/token
security: false
oauth2_token:
pattern: ^/oauth2/token
security: false
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
authorize:
pattern: ^/authorize
lazy: true
provider: app_user_provider
form_login:
login_path: app_login
check_path: app_login
enable_csrf: true
default_target_path: /authorize
main:
lazy: true
provider: users_in_memory
provider: app_user_provider
form_login:
login_path: app_login
check_path: app_login
enable_csrf: true
default_target_path: app_login_check
logout:
path: app_logout
target: app_login
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
@ -22,8 +54,15 @@ security:
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
- { path: ^/login, roles: PUBLIC_ACCESS }
- { path: ^/login/check, roles: ROLE_USER }
- { path: ^/authorize, roles: ROLE_USER }
- { path: ^/oauth2/authorize, roles: ROLE_USER }
- { path: ^/oauth2/api, roles: PUBLIC_ACCESS }
- { path: ^/token, roles: PUBLIC_ACCESS }
- { path: ^/oauth2/token, roles: PUBLIC_ACCESS }
- { path: ^/oauth2/userinfo, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/, roles: ROLE_USER }
when@test:
security:

3
config/routes/league_oauth2_server.yaml Normal file
View File

@ -0,0 +1,3 @@
oauth2_server:
resource: '@LeagueOAuth2ServerBundle/Resources/config/routes.php'
type: php

13
config/services.yaml
View File

@ -22,3 +22,16 @@ services:
# add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones
# OAuth2 repositories
App\Repository\ClientRepository:
tags: ['league.oauth2_server.repository']
App\Repository\AccessTokenRepository:
tags: ['league.oauth2_server.repository']
App\Repository\RefreshTokenRepository:
tags: ['league.oauth2_server.repository']
App\Repository\AuthCodeRepository:
tags: ['league.oauth2_server.repository']

48
migrations/Version20250321144914.php Normal file
View File

@ -0,0 +1,48 @@
<?php
declare(strict_types=1);
namespace DoctrineMigrations;
use Doctrine\DBAL\Schema\Schema;
use Doctrine\Migrations\AbstractMigration;
/**
* Auto-generated Migration: Please modify to your needs!
*/
final class Version20250321144914 extends AbstractMigration
{
public function getDescription(): string
{
return '';
}
public function up(Schema $schema): void
{
// this up() migration is auto-generated, please modify it to your needs
$this->addSql('CREATE TABLE "user" (id SERIAL NOT NULL, username VARCHAR(255) NOT NULL, email VARCHAR(255) NOT NULL, password VARCHAR(255) NOT NULL, PRIMARY KEY(id))');
$this->addSql('CREATE TABLE messenger_messages (id BIGSERIAL NOT NULL, body TEXT NOT NULL, headers TEXT NOT NULL, queue_name VARCHAR(190) NOT NULL, created_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL, available_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL, delivered_at TIMESTAMP(0) WITHOUT TIME ZONE DEFAULT NULL, PRIMARY KEY(id))');
$this->addSql('CREATE INDEX IDX_75EA56E0FB7336F0 ON messenger_messages (queue_name)');
$this->addSql('CREATE INDEX IDX_75EA56E0E3BD61CE ON messenger_messages (available_at)');
$this->addSql('CREATE INDEX IDX_75EA56E016BA31DB ON messenger_messages (delivered_at)');
$this->addSql('COMMENT ON COLUMN messenger_messages.created_at IS \'(DC2Type:datetime_immutable)\'');
$this->addSql('COMMENT ON COLUMN messenger_messages.available_at IS \'(DC2Type:datetime_immutable)\'');
$this->addSql('COMMENT ON COLUMN messenger_messages.delivered_at IS \'(DC2Type:datetime_immutable)\'');
$this->addSql('CREATE OR REPLACE FUNCTION notify_messenger_messages() RETURNS TRIGGER AS $$
BEGIN
PERFORM pg_notify(\'messenger_messages\', NEW.queue_name::text);
RETURN NEW;
END;
$$ LANGUAGE plpgsql;');
$this->addSql('DROP TRIGGER IF EXISTS notify_trigger ON messenger_messages;');
$this->addSql('CREATE TRIGGER notify_trigger AFTER INSERT OR UPDATE ON messenger_messages FOR EACH ROW EXECUTE PROCEDURE notify_messenger_messages();');
}
public function down(Schema $schema): void
{
// this down() migration is auto-generated, please modify it to your needs
$this->addSql('CREATE SCHEMA public');
$this->addSql('DROP TABLE "user"');
$this->addSql('DROP TABLE messenger_messages');
}
}

31
migrations/Version20250326084945.php Normal file
View File

@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace DoctrineMigrations;
use Doctrine\DBAL\Schema\Schema;
use Doctrine\Migrations\AbstractMigration;
/**
* Auto-generated Migration: Please modify to your needs!
*/
final class Version20250326084945 extends AbstractMigration
{
public function getDescription(): string
{
return '';
}
public function up(Schema $schema): void
{
// this up() migration is auto-generated, please modify it to your needs
}
public function down(Schema $schema): void
{
// this down() migration is auto-generated, please modify it to your needs
$this->addSql('CREATE SCHEMA public');
}
}

94
src/Command/CreateOAuthClientCommand.php Normal file
View File

@ -0,0 +1,94 @@
<?php
namespace App\Command;
use App\Entity\Client;
use App\Repository\ClientRepository;
use League\Bundle\OAuth2ServerBundle\ValueObject\Grant as GrantVO;
use League\Bundle\OAuth2ServerBundle\ValueObject\RedirectUri as RedirectUriVO;
use League\Bundle\OAuth2ServerBundle\ValueObject\Scope as ScopeVO;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
#[AsCommand(
name: 'app:create-oauth-client',
description: 'Creates a new OAuth client',
)]
class CreateOAuthClientCommand extends Command
{
public function __construct(
private ClientRepository $clientRepository
) {
parent::__construct();
}
protected function configure(): void
{
$this
->addArgument('identifier', InputArgument::REQUIRED, 'Client identifier (max 32 chars)')
->addArgument('name', InputArgument::REQUIRED, 'Client name')
->addArgument('redirect-uri', InputArgument::REQUIRED, 'Redirect URI')
->addOption('grant-type', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Grant type (authorization_code, client_credentials, implicit, password, refresh_token)', ['authorization_code'])
->addOption('scope', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Scope', ['email'])
->addOption('secret', null, InputOption::VALUE_OPTIONAL, 'Client secret (for confidential clients)')
;
}
protected function execute(InputInterface $input, OutputInterface $output): int
{
$io = new SymfonyStyle($input, $output);
$identifier = $input->getArgument('identifier');
$name = $input->getArgument('name');
$redirectUri = $input->getArgument('redirect-uri');
$grantTypes = $input->getOption('grant-type');
$scopes = $input->getOption('scope');
$secret = $input->getOption('secret');
if (strlen($identifier) > 32) {
$io->error('Identifier must be 32 characters or less');
return Command::FAILURE;
}
if ($this->clientRepository->find($identifier)) {
$io->error(sprintf('Client with identifier "%s" already exists', $identifier));
return Command::FAILURE;
}
$client = new Client($identifier, $secret, $name);
// Create and spread the redirect URI
$client->setRedirectUris(new RedirectUriVO($redirectUri));
// Create the grant type objects
$grantObjects = array_map(fn($grantType) => new GrantVO($grantType), $grantTypes);
// Spread the grant objects to the setter
$client->setGrants(...$grantObjects);
// Create the scope objects
$scopeObjects = array_map(fn($scope) => new ScopeVO($scope), $scopes);
// Spread the scope objects to the setter
$client->setScopes(...$scopeObjects);
$this->clientRepository->save($client, true);
$io->success(sprintf('Client "%s" created successfully', $identifier));
$io->table(
['Property', 'Value'],
[
['Identifier', $identifier],
['Secret', $secret ?: 'none (public client)'],
['Name', $name],
['Redirect URI', $redirectUri],
['Grant Types', implode(', ', $grantTypes)],
['Scopes', implode(', ', $scopes)],
]
);
return Command::SUCCESS;
}
}

88
src/Command/CreateUserCommand.php Normal file
View File

@ -0,0 +1,88 @@
<?php
namespace App\Command;
use App\Entity\User;
use App\Repository\UserRepository;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
#[AsCommand(
name: 'app:create-user',
description: 'Creates a new user',
)]
class CreateUserCommand extends Command
{
public function __construct(
private UserRepository $userRepository,
private UserPasswordHasherInterface $passwordHasher
) {
parent::__construct();
}
protected function configure(): void
{
$this
->addArgument('username', InputArgument::REQUIRED, 'Username')
->addArgument('email', InputArgument::REQUIRED, 'Email address')
->addArgument('password', InputArgument::REQUIRED, 'Password')
->addOption('admin', null, InputOption::VALUE_NONE, 'Set as admin user')
;
}
protected function execute(InputInterface $input, OutputInterface $output): int
{
$io = new SymfonyStyle($input, $output);
$username = $input->getArgument('username');
$email = $input->getArgument('email');
$plainPassword = $input->getArgument('password');
$isAdmin = $input->getOption('admin');
// Check if username already exists
$existingUser = $this->userRepository->findOneBy(['username' => $username]);
if ($existingUser) {
$io->error(sprintf('User with username "%s" already exists', $username));
return Command::FAILURE;
}
// Check if email already exists
$existingUser = $this->userRepository->findOneBy(['email' => $email]);
if ($existingUser) {
$io->error(sprintf('User with email "%s" already exists', $email));
return Command::FAILURE;
}
$user = new User();
$user->setUsername($username);
$user->setEmail($email);
$hashedPassword = $this->passwordHasher->hashPassword($user, $plainPassword);
$user->setPassword($hashedPassword);
$roles = ['ROLE_USER'];
if ($isAdmin) {
$roles[] = 'ROLE_ADMIN';
}
$user->setRoles($roles);
$this->userRepository->save($user, true);
$io->success(sprintf('User "%s" created successfully', $username));
$io->table(
['Property', 'Value'],
[
['Username', $username],
['Email', $email],
['Roles', implode(', ', $user->getRoles())],
]
);
return Command::SUCCESS;
}
}

35
src/Controller/OAuth2Controller.php Normal file
View File

@ -0,0 +1,35 @@
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use League\OAuth2\Server\AuthorizationServer;
class OAuth2Controller extends AbstractController
{
/**
* This controller intercepts the /authorize route before the League OAuth2 Server
* bundle handles it. If the user is logged in, it will pass through to the OAuth2
* server. If not, it will redirect to the login page.
*/
#[Route('/authorize', name: 'oauth2_authorize_check', methods: ['GET', 'POST'])]
public function authorize(Request $request): Response
{
// If the user is not logged in, redirect to login
if (!$this->getUser()) {
// Store the original request parameters
$session = $request->getSession();
$session->set('oauth_authorization_request', $request->query->all());
// Redirect to login
return $this->redirectToRoute('app_login');
}
// User is logged in, let the OAuth2 server handle the authorization
// We'll just forward the request to the League OAuth2 Server bundle's controller
return $this->forward('league.oauth2_server.controller.authorization::indexAction');
}
}

85
src/Controller/SecurityController.php Normal file
View File

@ -0,0 +1,85 @@
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
final class SecurityController extends AbstractController
{
#[Route('/login', name: 'app_login')]
public function login(AuthenticationUtils $authenticationUtils, Request $request): Response
{
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', [
'last_username' => $lastUsername,
'error' => $error,
]);
}
#[Route('/logout', name: 'app_logout')]
public function logout(): void
{
// This method can be empty - it will be intercepted by the logout key on your firewall
// The logout is handled by Symfony's security system
}
#[Route('/', name: 'app_home')]
public function home(): Response
{
return $this->render('security/home.html.twig', [
'user' => $this->getUser(),
]);
}
#[Route('/connect/sso', name: 'connect_sso_start')]
public function connectAction(ClientRegistry $clientRegistry): Response
{
return $clientRegistry
->getClient('sso_server')
->redirect([
'profile',
'email'
]);
}
#[Route('/connect/sso/check', name: 'connect_sso_check')]
public function connectCheckAction(): Response
{
// This method can be empty - it will be intercepted by the oauth2 firewall
throw new \Exception('Don\'t forget to activate check_path in security.yaml');
}
/**
* This route is used after successful authentication to redirect
* back to the OAuth2 authorization if there was a pending request
*/
#[Route('/login/check', name: 'app_login_check')]
public function loginCheck(Request $request): Response
{
// Check if there was a pending OAuth2 authorization request
$session = $request->getSession();
$oauthRequest = $session->get('oauth_authorization_request');
if ($oauthRequest) {
// Clear the stored request
$session->remove('oauth_authorization_request');
// Rebuild the authorization URL
$queryString = http_build_query($oauthRequest);
return $this->redirect('/authorize?' . $queryString);
}
// No pending OAuth2 request, go to homepage
return $this->redirectToRoute('app_home');
}
}

28
src/Controller/UserInfoController.php Normal file
View File

@ -0,0 +1,28 @@
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Routing\Attribute\Route;
#[Route('/oauth2', name: 'oauth2_')]
class UserInfoController extends AbstractController
{
#[Route('/userinfo', name: 'userinfo', methods: ['GET'])]
public function userinfo(): JsonResponse
{
$user = $this->getUser();
if (!$user) {
return new JsonResponse(['error' => 'Unauthorized'], 401);
}
return new JsonResponse([
'sub' => $user->getId(),
'username' => $user->getUsername(),
'email' => $user->getEmail(),
'roles' => $user->getRoles(),
]);
}
}

111
src/Entity/AccessToken.php Normal file
View File

@ -0,0 +1,111 @@
<?php
namespace App\Entity;
use App\Repository\AccessTokenRepository;
use Doctrine\ORM\Mapping as ORM;
use League\Bundle\OAuth2ServerBundle\Model\AccessTokenInterface;
use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
use League\Bundle\OAuth2ServerBundle\Model\Scope;
use League\Bundle\OAuth2ServerBundle\ValueObject\Scope as ScopeVO;
#[ORM\Entity(repositoryClass: AccessTokenRepository::class)]
class AccessToken implements AccessTokenInterface
{
#[ORM\Id]
#[ORM\Column(length: 80)]
private string $identifier;
#[ORM\Column]
private \DateTimeImmutable $expiry;
#[ORM\Column]
private string $userIdentifier;
#[ORM\Column]
private string $clientIdentifier;
#[ORM\Column]
private bool $revoked = false;
#[ORM\Column]
private array $scopes = [];
public function __construct(
string $identifier,
\DateTimeImmutable $expiry,
string $userIdentifier,
string $clientIdentifier
) {
$this->identifier = $identifier;
$this->expiry = $expiry;
$this->userIdentifier = $userIdentifier;
$this->clientIdentifier = $clientIdentifier;
}
public function getIdentifier(): string
{
return $this->identifier;
}
public function getExpiry(): \DateTimeImmutable
{
return $this->expiry;
}
/**
* Proxies to getExpiry for backward compatibility with older versions of the library
*/
public function getExpiryDateTime(): \DateTimeImmutable
{
return $this->getExpiry();
}
public function getUserIdentifier(): string
{
return $this->userIdentifier;
}
public function getClient(): ClientInterface
{
throw new \RuntimeException('Method not implemented.');
}
public function getClientIdentifier(): string
{
return $this->clientIdentifier;
}
public function isRevoked(): bool
{
return $this->revoked;
}
public function revoke(): AccessTokenInterface
{
$this->revoked = true;
return $this;
}
public function getScopes(): array
{
return array_map(
static fn (string $scope): Scope => new ScopeVO($scope),
$this->scopes
);
}
public function setScopes(array $scopes): self
{
$this->scopes = array_map(
static fn (Scope $scope): string => (string) $scope,
$scopes
);
return $this;
}
public function __toString(): string
{
return $this->getIdentifier();
}
}

121
src/Entity/AuthCode.php Normal file
View File

@ -0,0 +1,121 @@
<?php
namespace App\Entity;
use App\Repository\AuthCodeRepository;
use Doctrine\ORM\Mapping as ORM;
use League\Bundle\OAuth2ServerBundle\Model\AuthorizationCodeInterface;
use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
use League\Bundle\OAuth2ServerBundle\Model\Scope;
use League\Bundle\OAuth2ServerBundle\ValueObject\Scope as ScopeVO;
#[ORM\Entity(repositoryClass: AuthCodeRepository::class)]
class AuthCode implements AuthorizationCodeInterface
{
#[ORM\Id]
#[ORM\Column(length: 80)]
private string $identifier;
#[ORM\Column]
private \DateTimeImmutable $expiry;
#[ORM\Column(length: 255, nullable: true)]
private ?string $userIdentifier = null;
#[ORM\Column(length: 32)]
private string $clientIdentifier;
#[ORM\Column(length: 255, nullable: true)]
private ?string $redirectUri = null;
#[ORM\Column]
private bool $revoked = false;
#[ORM\Column]
private array $scopes = [];
public function __construct(
string $identifier,
\DateTimeImmutable $expiry,
string $userIdentifier,
string $clientIdentifier,
?string $redirectUri
) {
$this->identifier = $identifier;
$this->expiry = $expiry;
$this->userIdentifier = $userIdentifier;
$this->clientIdentifier = $clientIdentifier;
$this->redirectUri = $redirectUri;
}
public function getIdentifier(): string
{
return $this->identifier;
}
public function getExpiry(): \DateTimeImmutable
{
return $this->expiry;
}
/**
* Proxies to getExpiry for backward compatibility with older versions of the library
*/
public function getExpiryDateTime(): \DateTimeImmutable
{
return $this->getExpiry();
}
public function getUserIdentifier(): ?string
{
return $this->userIdentifier;
}
public function getClient(): ClientInterface
{
throw new \RuntimeException('Method not implemented.');
}
public function getClientIdentifier(): string
{
return $this->clientIdentifier;
}
public function getRedirectUri(): ?string
{
return $this->redirectUri;
}
public function isRevoked(): bool
{
return $this->revoked;
}
public function revoke(): AuthorizationCodeInterface
{
$this->revoked = true;
return $this;
}
public function getScopes(): array
{
return array_map(
static fn (string $scope): Scope => new ScopeVO($scope),
$this->scopes
);
}
public function setScopes(array $scopes): self
{
$this->scopes = array_map(
static fn (Scope $scope): string => (string) $scope,
$scopes
);
return $this;
}
public function __toString(): string
{
return $this->getIdentifier();
}
}

160
src/Entity/Client.php Normal file
View File

@ -0,0 +1,160 @@
<?php
namespace App\Entity;
use App\Repository\ClientRepository;
use Doctrine\ORM\Mapping as ORM;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\Bundle\OAuth2ServerBundle\ValueObject\ClientMetadata;
use League\Bundle\OAuth2ServerBundle\ValueObject\Grant as GrantVO;
use League\Bundle\OAuth2ServerBundle\ValueObject\RedirectUri as RedirectUriVO;
use League\Bundle\OAuth2ServerBundle\ValueObject\Scope as ScopeVO;
#[ORM\Entity(repositoryClass: ClientRepository::class)]
class Client implements ClientEntityInterface
{
#[ORM\Id]
#[ORM\Column(length: 32)]
private string $identifier;
#[ORM\Column]
private ?string $secret = null;
#[ORM\Column]
private string $name;
#[ORM\Column]
private bool $active = true;
#[ORM\Column]
private array $redirectUris = [];
#[ORM\Column]
private array $grants = [];
#[ORM\Column]
private array $scopes = [];
#[ORM\Column(options: ["default" => false])]
private bool $allowPlainTextPkce = false;
public function __construct(string $identifier, ?string $secret, string $name)
{
$this->identifier = $identifier;
$this->secret = $secret;
$this->name = $name;
}
public function getIdentifier(): string
{
return $this->identifier;
}
public function getSecret(): ?string
{
return $this->secret;
}
public function getName(): string
{
return $this->name;
}
public function isActive(): bool
{
return $this->active;
}
public function setActive(bool $active): self
{
$this->active = $active;
return $this;
}
public function getRedirectUri(): string|array
{
$uris = array_map(
static fn (string $redirectUri): string => $redirectUri,
$this->redirectUris
);
return $uris;
}
public function getGrants(): array
{
return array_map(
static fn (string $grant): GrantVO => new GrantVO($grant),
$this->grants
);
}
public function setGrants(GrantVO ...$grants): self
{
$this->grants = array_map(
static fn (GrantVO $grant): string => (string) $grant,
$grants
);
return $this;
}
public function getScopes(): array
{
return array_map(
static fn (string $scope): ScopeVO => new ScopeVO($scope),
$this->scopes
);
}
public function setScopes(ScopeVO ...$scopes): self
{
$this->scopes = array_map(
static fn (ScopeVO $scope): string => (string) $scope,
$scopes
);
return $this;
}
public function getMetadata(): ClientMetadata
{
return new ClientMetadata($this->name);
}
public function isConfidential(): bool
{
return $this->secret !== null;
}
public function isPlainTextPkceAllowed(): bool
{
return $this->allowPlainTextPkce;
}
public function setAllowPlainTextPkce(bool $allowPlainTextPkce): self
{
$this->allowPlainTextPkce = $allowPlainTextPkce;
return $this;
}
public function __toString(): string
{
return $this->getIdentifier();
}
public function getRedirectUris(): array
{
return array_map(
static fn (string $redirectUri): RedirectUriVO => new RedirectUriVO($redirectUri),
$this->redirectUris
);
}
public function setRedirectUris(RedirectUriVO ...$redirectUris): self
{
$this->redirectUris = array_map(
static fn (RedirectUriVO $redirectUri): string => (string) $redirectUri,
$redirectUris
);
return $this;
}
}

79
src/Entity/RefreshToken.php Normal file
View File

@ -0,0 +1,79 @@
<?php
namespace App\Entity;
use App\Repository\RefreshTokenRepository;
use Doctrine\ORM\Mapping as ORM;
use League\Bundle\OAuth2ServerBundle\Model\AccessTokenInterface;
use League\Bundle\OAuth2ServerBundle\Model\RefreshTokenInterface;
#[ORM\Entity(repositoryClass: RefreshTokenRepository::class)]
class RefreshToken implements RefreshTokenInterface
{
#[ORM\Id]
#[ORM\Column(length: 80)]
private string $identifier;
#[ORM\Column]
private \DateTimeImmutable $expiry;
#[ORM\Column(length: 80)]
private string $accessTokenIdentifier;
#[ORM\Column]
private bool $revoked = false;
public function __construct(
string $identifier,
\DateTimeImmutable $expiry,
string $accessTokenIdentifier
) {
$this->identifier = $identifier;
$this->expiry = $expiry;
$this->accessTokenIdentifier = $accessTokenIdentifier;
}
public function getIdentifier(): string
{
return $this->identifier;
}
public function getExpiry(): \DateTimeImmutable
{
return $this->expiry;
}
/**
* Proxies to getExpiry for backward compatibility with older versions of the library
*/
public function getExpiryDateTime(): \DateTimeImmutable
{
return $this->getExpiry();
}
public function getAccessToken(): AccessTokenInterface
{
throw new \RuntimeException('Method not implemented.');
}
public function getAccessTokenIdentifier(): string
{
return $this->accessTokenIdentifier;
}
public function isRevoked(): bool
{
return $this->revoked;
}
public function revoke(): RefreshTokenInterface
{
$this->revoked = true;
return $this;
}
public function __toString(): string
{
return $this->getIdentifier();
}
}

120
src/Entity/User.php Normal file
View File

@ -0,0 +1,120 @@
<?php
namespace App\Entity;
use App\Repository\UserRepository;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\UserInterface;
#[ORM\Entity(repositoryClass: UserRepository::class)]
#[ORM\Table(name: '`user`')]
class User implements UserInterface, PasswordAuthenticatedUserInterface
{
#[ORM\Id]
#[ORM\GeneratedValue]
#[ORM\Column]
private ?int $id = null;
#[ORM\Column(length: 180, unique: true)]
private ?string $username = null;
#[ORM\Column(length: 255)]
private ?string $email = null;
#[ORM\Column]
private array $roles = [];
/**
* @var string The hashed password
*/
#[ORM\Column]
private ?string $password = null;
public function getId(): ?int
{
return $this->id;
}
public function getUsername(): ?string
{
return $this->username;
}
public function setUsername(string $username): static
{
$this->username = $username;
return $this;
}
public function getEmail(): ?string
{
return $this->email;
}
public function setEmail(string $email): static
{
$this->email = $email;
return $this;
}
public function getPassword(): ?string
{
return $this->password;
}
public function setPassword(string $password): static
{
$this->password = $password;
return $this;
}
/**
* A visual identifier that represents this user.
*
* @see UserInterface
*/
public function getUserIdentifier(): string
{
return (string) $this->username;
}
/**
* @see UserInterface
*/
public function getRoles(): array
{
$roles = $this->roles;
// guarantee every user at least has ROLE_USER
$roles[] = 'ROLE_USER';
return array_unique($roles);
}
public function setRoles(array $roles): static
{
$this->roles = $roles;
return $this;
}
/**
* @see UserInterface
*/
public function eraseCredentials(): void
{
// If you store any temporary, sensitive data on the user, clear it here
// $this->plainPassword = null;
}
/**
* Returns a string that can be used as a user identifier for the OAuth2 server.
*/
public function getOAuth2Identifier(): string
{
return (string) $this->getId();
}
}

96
src/Repository/AccessTokenRepository.php Normal file
View File

@ -0,0 +1,96 @@
<?php
namespace App\Repository;
use App\Entity\AccessToken;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
use League\Bundle\OAuth2ServerBundle\Model\AccessTokenInterface;
use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
use League\Bundle\OAuth2ServerBundle\Repository\AccessTokenRepositoryInterface;
use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
/**
* @extends ServiceEntityRepository<AccessToken>
*/
class AccessTokenRepository extends ServiceEntityRepository implements AccessTokenRepositoryInterface
{
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry, AccessToken::class);
}
public function save(AccessToken $entity, bool $flush = false): void
{
$this->getEntityManager()->persist($entity);
if ($flush) {
$this->getEntityManager()->flush();
}
}
public function remove(AccessToken $entity, bool $flush = false): void
{
$this->getEntityManager()->remove($entity);
if ($flush) {
$this->getEntityManager()->flush();
}
}
public function getAccessToken(string $identifier): ?AccessTokenInterface
{
return $this->find($identifier);
}
public function persistNewAccessToken(AccessTokenInterface $accessToken): void
{
if (!$accessToken instanceof AccessToken) {
throw new \RuntimeException('Invalid access token type');
}
$this->save($accessToken, true);
}
public function revokeAccessToken(string $identifier): void
{
$accessToken = $this->find($identifier);
if (null !== $accessToken) {
$accessToken->revoke();
$this->save($accessToken, true);
}
}
public function isAccessTokenRevoked(string $identifier): bool
{
$accessToken = $this->find($identifier);
if (null === $accessToken) {
return true;
}
return $accessToken->isRevoked();
}
public function createNewAccessToken(
ClientInterface $client,
array $scopes,
string $userIdentifier = null
): AccessTokenInterface {
$accessToken = new AccessToken(
bin2hex(random_bytes(40)),
new \DateTimeImmutable('+1 hour'),
$userIdentifier ?? '',
$client->getIdentifier()
);
$accessToken->setScopes(array_map(
static fn(string $scope) => new Scope($scope),
array_map(
static fn($scope) => (string) $scope,
$scopes
)
));
return $accessToken;
}
}

98
src/Repository/AuthCodeRepository.php Normal file
View File

@ -0,0 +1,98 @@
<?php
namespace App\Repository;
use App\Entity\AuthCode;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
use League\Bundle\OAuth2ServerBundle\Model\AuthorizationCodeInterface;
use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
use League\Bundle\OAuth2ServerBundle\Repository\AuthorizationCodeRepositoryInterface;
use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
/**
* @extends ServiceEntityRepository<AuthCode>
*/
class AuthCodeRepository extends ServiceEntityRepository implements AuthorizationCodeRepositoryInterface
{
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry, AuthCode::class);
}
public function save(AuthCode $entity, bool $flush = false): void
{
$this->getEntityManager()->persist($entity);
if ($flush) {
$this->getEntityManager()->flush();
}
}
public function remove(AuthCode $entity, bool $flush = false): void
{
$this->getEntityManager()->remove($entity);
if ($flush) {
$this->getEntityManager()->flush();
}
}
public function getAuthorizationCode(string $identifier): ?AuthorizationCodeInterface
{
return $this->find($identifier);
}
public function persistNewAuthorizationCode(AuthorizationCodeInterface $authorizationCode): void
{
if (!$authorizationCode instanceof AuthCode) {
throw new \RuntimeException('Invalid authorization code type');
}
$this->save($authorizationCode, true);
}
public function revokeAuthorizationCode(string $identifier): void
{
$authCode = $this->find($identifier);
if (null !== $authCode) {
$authCode->revoke();
$this->save($authCode, true);
}
}
public function isAuthorizationCodeRevoked(string $identifier): bool
{
$authCode = $this->find($identifier);
if (null === $authCode) {
return true;
}
return $authCode->isRevoked();
}
public function createNewAuthorizationCode(
ClientInterface $client,
array $scopes,
?string $userIdentifier,
?string $redirectUri
): AuthorizationCodeInterface {
$authCode = new AuthCode(
bin2hex(random_bytes(40)),
new \DateTimeImmutable('+5 minutes'),
$userIdentifier ?? '',
$client->getIdentifier(),
$redirectUri
);
$authCode->setScopes(array_map(
static fn(string $scope) => new Scope($scope),
array_map(
static fn($scope) => (string) $scope,
$scopes
)
));
return $authCode;
}
}

75
src/Repository/ClientRepository.php Normal file
View File

@ -0,0 +1,75 @@
<?php
namespace App\Repository;
use App\Entity\Client;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
/**
* @extends ServiceEntityRepository<Client>
*/
class ClientRepository extends ServiceEntityRepository implements ClientRepositoryInterface
{
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry, Client::class);
}
public function save(Client $entity, bool $flush = false): void
{
$this->getEntityManager()->persist($entity);
if ($flush) {
$this->getEntityManager()->flush();
}
}
public function remove(Client $entity, bool $flush = false): void
{
$this->getEntityManager()->remove($entity);
if ($flush) {
$this->getEntityManager()->flush();
}
}
public function getClientEntity(string $clientIdentifier): ?ClientEntityInterface
{
return $this->find($clientIdentifier);
}
public function validateClient(string $clientIdentifier, ?string $clientSecret, ?string $grantType): bool
{
$client = $this->find($clientIdentifier);
if (null === $client || !$client->isActive()) {
return false;
}
// Validate grant type
if (null !== $grantType) {
$validGrantTypes = array_map(
static fn($grant) => (string) $grant,
$client->getGrants()
);
if (!in_array($grantType, $validGrantTypes, true)) {
return false;
}
}
// Validate secret
if (null === $client->getSecret()) {
return true;
}
if (null === $clientSecret) {
return false;
}
return $client->getSecret() === $clientSecret;
}
}

83
src/Repository/RefreshTokenRepository.php Normal file
View File

@ -0,0 +1,83 @@
<?php
namespace App\Repository;
use App\Entity\RefreshToken;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
use League\Bundle\OAuth2ServerBundle\Model\AccessTokenInterface;
use League\Bundle\OAuth2ServerBundle\Model\RefreshTokenInterface;
use League\Bundle\OAuth2ServerBundle\Repository\RefreshTokenRepositoryInterface;
/**
* @extends ServiceEntityRepository<RefreshToken>
*/
class RefreshTokenRepository extends ServiceEntityRepository implements RefreshTokenRepositoryInterface
{
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry, RefreshToken::class);
}
public function save(RefreshToken $entity, bool $flush = false): void
{
$this->getEntityManager()->persist($entity);
if ($flush) {
$this->getEntityManager()->flush();
}
}
public function remove(RefreshToken $entity, bool $flush = false): void
{
$this->getEntityManager()->remove($entity);
if ($flush) {
$this->getEntityManager()->flush();
}
}
public function getRefreshToken(string $identifier): ?RefreshTokenInterface
{
return $this->find($identifier);
}
public function persistNewRefreshToken(RefreshTokenInterface $refreshToken): void
{
if (!$refreshToken instanceof RefreshToken) {
throw new \RuntimeException('Invalid refresh token type');
}
$this->save($refreshToken, true);
}
public function revokeRefreshToken(string $identifier): void
{
$refreshToken = $this->find($identifier);
if (null !== $refreshToken) {
$refreshToken->revoke();
$this->save($refreshToken, true);
}
}
public function isRefreshTokenRevoked(string $identifier): bool
{
$refreshToken = $this->find($identifier);
if (null === $refreshToken) {
return true;
}
return $refreshToken->isRevoked();
}
public function createNewRefreshToken(
AccessTokenInterface $accessToken,
\DateTimeImmutable $expiry
): RefreshTokenInterface {
return new RefreshToken(
bin2hex(random_bytes(40)),
$expiry,
$accessToken->getIdentifier()
);
}
}

74
src/Repository/UserRepository.php Normal file
View File

@ -0,0 +1,74 @@
<?php
namespace App\Repository;
use App\Entity\User;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
/**
* @extends ServiceEntityRepository<User>
*/
class UserRepository extends ServiceEntityRepository implements PasswordUpgraderInterface
{
public function __construct(ManagerRegistry $registry)
{
parent::__construct($registry, User::class);
}
/**
* Used to upgrade (rehash) the user's password automatically over time.
*/
public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void
{
if (!$user instanceof User) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', \get_class($user)));
}
$user->setPassword($newHashedPassword);
$this->getEntityManager()->persist($user);
$this->getEntityManager()->flush();
}
public function findByUsername(string $username): ?User
{
return $this->findOneBy(['username' => $username]);
}
public function save(User $user, bool $flush = false): void
{
$this->getEntityManager()->persist($user);
if ($flush) {
$this->getEntityManager()->flush();
}
}
// /**
// * @return User[] Returns an array of User objects
// */
// public function findByExampleField($value): array
// {
// return $this->createQueryBuilder('u')
// ->andWhere('u.exampleField = :val')
// ->setParameter('val', $value)
// ->orderBy('u.id', 'ASC')
// ->setMaxResults(10)
// ->getQuery()
// ->getResult()
// ;
// }
// public function findOneBySomeField($value): ?User
// {
// return $this->createQueryBuilder('u')
// ->andWhere('u.exampleField = :val')
// ->setParameter('val', $value)
// ->getQuery()
// ->getOneOrNullResult()
// ;
// }
}

25
symfony.lock
View File

@ -26,6 +26,31 @@
"migrations/.gitignore"
]
},
"league/oauth2-server-bundle": {
"version": "0.10",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "0.4",
"ref": "7f26963037fce3b69c1b3f6a75a3265edb1e1caa"
},
"files": [
"config/packages/league_oauth2_server.yaml",
"config/routes/league_oauth2_server.yaml"
]
},
"nyholm/psr7": {
"version": "1.8",
"recipe": {
"repo": "github.com/symfony/recipes",
"branch": "main",
"version": "1.0",
"ref": "4a8c0345442dcca1d8a2c65633dcf0285dd5a5a2"
},
"files": [
"config/packages/nyholm_psr7.yaml"
]
},
"phpunit/phpunit": {
"version": "9.6",
"recipe": {

3
templates/base.html.twig
View File

@ -2,13 +2,16 @@
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>{% block title %}Welcome!{% endblock %}</title>
<link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 128 128%22><text y=%221.2em%22 font-size=%2296%22>⚫️</text><text y=%221.3em%22 x=%220.2em%22 font-size=%2276%22 fill=%22%23fff%22>sf</text></svg>">
{% block stylesheets %}
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
{% endblock %}
{% block javascripts %}
{% block importmap %}{{ importmap('app') }}{% endblock %}
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL" crossorigin="anonymous"></script>
{% endblock %}
</head>
<body>

20
templates/security/home.html.twig Normal file
View File

@ -0,0 +1,20 @@
{% extends 'base.html.twig' %}
{% block title %}Home{% endblock %}
{% block body %}
<div class="container mt-5">
<div class="row">
<div class="col-12">
<div class="jumbotron">
<h1 class="display-4">Welcome, {{ user.username }}!</h1>
<p class="lead">You have successfully logged in to the secure area.</p>
<hr class="my-4">
<p>This is your landing page after successful authentication.</p>
<a class="btn btn-danger" href="{{ path('app_logout') }}">Logout</a>
<a class="btn btn-danger" href="https://monithor.solutions-easy.moi">Monithor</a>
</div>
</div>
</div>
</div>
{% endblock %}

20
templates/security/index.html.twig Normal file
View File

@ -0,0 +1,20 @@
{% extends 'base.html.twig' %}
{% block title %}Hello SecurityController!{% endblock %}
{% block body %}
<style>
.example-wrapper { margin: 1em auto; max-width: 800px; width: 95%; font: 18px/1.5 sans-serif; }
.example-wrapper code { background: #F5F5F5; padding: 2px 6px; }
</style>
<div class="example-wrapper">
<h1>Hello {{ controller_name }}! ✅</h1>
This friendly message is coming from:
<ul>
<li>Your controller at <code>/home/margueritecharles-edouard/Workspace/serveurSSO/src/Controller/SecurityController.php</code></li>
<li>Your template at <code>/home/margueritecharles-edouard/Workspace/serveurSSO/templates/security/index.html.twig</code></li>
</ul>
</div>
{% endblock %}

42
templates/security/login.html.twig Normal file
View File

@ -0,0 +1,42 @@
{% extends 'base.html.twig' %}
{% block title %}Log in{% endblock %}
{% block body %}
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h1 class="h3 mb-0">Please sign in</h1>
</div>
<div class="card-body">
{% if error %}
<div class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}
<form action="{{ path('app_login') }}" method="post">
<div class="mb-3">
<label for="username" class="form-label">Username</label>
<input type="text" value="{{ last_username }}" name="_username" id="username" class="form-control" autocomplete="username" required autofocus>
</div>
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" name="_password" id="password" class="form-control" autocomplete="current-password" required>
</div>
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
<div class="mb-3">
<button class="btn btn-lg btn-primary w-100" type="submit">
Sign in
</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
{% endblock %}