WIP: 23567c8 Require a logged in user to resolve an authoration request

thephpleague · Aug 16, 2024 · 917f218 · 917f218
1 parent 978087a
commit 917f218
Show file tree

Hide file tree

Showing 10 changed files with 122 additions and 121 deletions.
diff --git a/src/Converter/UserConverter.php b/src/Converter/UserConverter.php
@@ -27,15 +27,12 @@ public function __construct(string $anonymousUserIdentifier = self::DEFAULT_ANON
      * @psalm-suppress DeprecatedMethod
      * @psalm-suppress UndefinedInterfaceMethod
      */
-    public function toLeague(?UserInterface $user): UserEntityInterface
+    public function toLeague(UserInterface $user): UserEntityInterface
     {
         $userEntity = new User();
-        if ($user instanceof UserInterface) {
-            $identifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
-            if ('' === $identifier) {
-                $identifier = $this->anonymousUserIdentifier;
-            }
-        } else {
+
+        $identifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
+        if ('' === $identifier) {
             $identifier = $this->anonymousUserIdentifier;
         }
 

diff --git a/src/Converter/UserConverterInterface.php b/src/Converter/UserConverterInterface.php
@@ -9,5 +9,5 @@
 
 interface UserConverterInterface
 {
-    public function toLeague(?UserInterface $user): UserEntityInterface;
+    public function toLeague(UserInterface $user): UserEntityInterface;
 }
diff --git a/src/Event/AuthorizationRequestResolveEvent.php b/src/Event/AuthorizationRequestResolveEvent.php
@@ -42,18 +42,19 @@ final class AuthorizationRequestResolveEvent extends Event
     private $response;
 
     /**
-     * @var UserInterface|null
+     * @var UserInterface
      */
     private $user;
 
     /**
      * @param Scope[] $scopes
      */
-    public function __construct(AuthorizationRequestInterface $authorizationRequest, array $scopes, ClientInterface $client)
+    public function __construct(AuthorizationRequestInterface $authorizationRequest, array $scopes, ClientInterface $client, UserInterface $user)
     {
         $this->authorizationRequest = $authorizationRequest;
         $this->scopes = $scopes;
         $this->client = $client;
+        $this->user = $user;
     }
 
     public function getAuthorizationResolution(): bool
@@ -102,18 +103,11 @@ public function getClient(): ClientInterface
     /**
      * @psalm-mutation-free
      */
-    public function getUser(): ?UserInterface
+    public function getUser(): UserInterface
     {
         return $this->user;
     }
 
-    public function setUser(?UserInterface $user): self
-    {
-        $this->user = $user;
-
-        return $this;
-    }
-
     /**
      * @return Scope[]
      */

diff --git a/src/Event/AuthorizationRequestResolveEventFactory.php b/src/Event/AuthorizationRequestResolveEventFactory.php
@@ -6,36 +6,31 @@
 
 use League\Bundle\OAuth2ServerBundle\Converter\ScopeConverterInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
-use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\Security\Core\Security as LegacySecurity;
 
-class AuthorizationRequestResolveEventFactory
-{
-    /**
-     * @var ScopeConverterInterface
-     */
-    private $scopeConverter;
-
-    /**
-     * @var ClientManagerInterface
-     */
-    private $clientManager;
-
-    public function __construct(ScopeConverterInterface $scopeConverter, ClientManagerInterface $clientManager)
+if (class_exists(Security::class)) {
+    final class AuthorizationRequestResolveEventFactory
     {
-        $this->scopeConverter = $scopeConverter;
-        $this->clientManager = $clientManager;
-    }
+        use AuthorizationRequestResolveEventFactoryTrait;
 
-    public function fromAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest): AuthorizationRequestResolveEvent
+        public function __construct(ScopeConverterInterface $scopeConverter, ClientManagerInterface $clientManager, Security $security)
+        {
+            $this->scopeConverter = $scopeConverter;
+            $this->clientManager = $clientManager;
+            $this->security = $security;
+        }
+    }
+} else {
+    final class AuthorizationRequestResolveEventFactory
     {
-        $scopes = $this->scopeConverter->toDomainArray(array_values($authorizationRequest->getScopes()));
-
-        $client = $this->clientManager->find($authorizationRequest->getClient()->getIdentifier());
+        use AuthorizationRequestResolveEventFactoryTrait;
 
-        if (null === $client) {
-            throw new \RuntimeException(\sprintf('No client found for the given identifier \'%s\'.', $authorizationRequest->getClient()->getIdentifier()));
+        public function __construct(ScopeConverterInterface $scopeConverter, ClientManagerInterface $clientManager, LegacySecurity $security)
+        {
+            $this->scopeConverter = $scopeConverter;
+            $this->clientManager = $clientManager;
+            $this->security = $security;
         }
-
-        return new AuthorizationRequestResolveEvent($authorizationRequest, $scopes, $client);
     }
 }
diff --git a/src/Event/AuthorizationRequestResolveEventFactoryTrait.php b/src/Event/AuthorizationRequestResolveEventFactoryTrait.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace League\Bundle\OAuth2ServerBundle\Event;
+
+use League\Bundle\OAuth2ServerBundle\Converter\ScopeConverterInterface;
+use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
+use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\Security\Core\Security as LegacySecurity;
+
+/**
+ * @internal
+ */
+trait AuthorizationRequestResolveEventFactoryTrait
+{
+    /**
+     * @var ScopeConverterInterface
+     */
+    private $scopeConverter;
+
+    /**
+     * @var ClientManagerInterface
+     */
+    private $clientManager;
+
+    /**
+     * @var Security|LegacySecurity
+     */
+    private $security;
+
+    public function fromAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest): AuthorizationRequestResolveEvent
+    {
+        $scopes = $this->scopeConverter->toDomainArray(array_values($authorizationRequest->getScopes()));
+
+        $client = $this->clientManager->find($authorizationRequest->getClient()->getIdentifier());
+
+        if (null === $client) {
+            throw new \RuntimeException(\sprintf('No client found for the given identifier \'%s\'.', $authorizationRequest->getClient()->getIdentifier()));
+        }
+
+        $user = $this->security->getUser();
+        if (null === $user) {
+            throw new \RuntimeException('A logged in user is required to resolve the request authorization.');
+        }
+
+        return new AuthorizationRequestResolveEvent($authorizationRequest, $scopes, $client, $user);
+    }
+}
diff --git a/src/EventListener/AuthorizationRequestUserResolvingListener.php b/src/EventListener/AuthorizationRequestUserResolvingListener.php
diff --git a/src/EventListener/AuthorizationRequestUserResolvingListenerTrait.php b/src/EventListener/AuthorizationRequestUserResolvingListenerTrait.php
diff --git a/src/Resources/config/services.php b/src/Resources/config/services.php
@@ -22,7 +22,6 @@
 use League\Bundle\OAuth2ServerBundle\Converter\UserConverterInterface;
 use League\Bundle\OAuth2ServerBundle\Event\AuthorizationRequestResolveEventFactory;
 use League\Bundle\OAuth2ServerBundle\EventListener\AddClientDefaultScopesListener;
-use League\Bundle\OAuth2ServerBundle\EventListener\AuthorizationRequestUserResolvingListener;
 use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\AuthorizationCodeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
@@ -55,9 +54,11 @@
 use Nyholm\Psr7\Factory\Psr17Factory;
 use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
 use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
+use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Security\Core\Security as LegacySecurity;
 
 return static function (ContainerConfigurator $container): void {
     $container->services()
@@ -206,18 +207,6 @@
             ->tag('controller.service_arguments')
         ->alias(AuthorizationController::class, 'league.oauth2_server.controller.authorization')
 
-        // Authorization listeners
-        ->set('league.oauth2_server.listener.authorization_request_user_resolving', AuthorizationRequestUserResolvingListener::class)
-            ->args([
-                service('security.helper'),
-            ])
-            ->tag('kernel.event_listener', [
-                'event' => OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE,
-                'method' => 'onAuthorizationRequest',
-                'priority' => 1024,
-            ])
-        ->alias(AuthorizationRequestUserResolvingListener::class, 'league.oauth2_server.listener.authorization_request_user_resolving')
-
         // Token controller
         ->set('league.oauth2_server.controller.token', TokenController::class)
             ->args([
@@ -292,6 +281,7 @@
             ->args([
                 service(ScopeConverterInterface::class),
                 service(ClientManagerInterface::class),
+                service(class_exists(Security::class) ? Security::class : LegacySecurity::class),
             ])
         ->alias(AuthorizationRequestResolveEventFactory::class, 'league.oauth2_server.factory.authorization_request_resolve_event')