From 5ba93cdad353acea30eb7119f91cf7f8cd5e80dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Wed, 8 Oct 2014 17:15:50 +0200 Subject: [PATCH] draft for oAuth --- app/AppKernel.php | 2 + app/SymfonyRequirements.php | 58 +++++++++---------- app/config/config.yml | 27 +++++++-- app/config/routing.yml | 19 +++++- app/config/security.yml | 34 +++++++++++ composer.json | 4 +- .../CoreBundle/Document/AccessToken.php | 22 +++++++ .../Bundle/CoreBundle/Document/AuthCode.php | 22 +++++++ .../Bundle/CoreBundle/Document/Client.php | 15 +++++ .../CoreBundle/Document/RefreshToken.php | 22 +++++++ .../config/doctrine/AccessToken.mongodb.xml | 11 ++++ .../config/doctrine/AuthCode.mongodb.xml | 11 ++++ .../config/doctrine/Client.mongodb.xml | 10 ++++ .../config/doctrine/RefreshToken.mongodb.xml | 11 ++++ 14 files changed, 232 insertions(+), 36 deletions(-) create mode 100644 src/Wallabag/Bundle/CoreBundle/Document/AccessToken.php create mode 100644 src/Wallabag/Bundle/CoreBundle/Document/AuthCode.php create mode 100644 src/Wallabag/Bundle/CoreBundle/Document/Client.php create mode 100644 src/Wallabag/Bundle/CoreBundle/Document/RefreshToken.php create mode 100644 src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/AccessToken.mongodb.xml create mode 100644 src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/AuthCode.mongodb.xml create mode 100644 src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/Client.mongodb.xml create mode 100644 src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/RefreshToken.mongodb.xml diff --git a/app/AppKernel.php b/app/AppKernel.php index a46b78b..83103a1 100644 --- a/app/AppKernel.php +++ b/app/AppKernel.php @@ -32,6 +32,8 @@ class AppKernel extends Kernel new Wallabag\Bundle\ApiBundle\WallabagApiBundle(), new Wallabag\Bundle\CliBundle\WallabagCliBundle(), new Wallabag\Bundle\FullTextRssBundle\WallabagFullTextRssBundle(), + new HWI\Bundle\OAuthBundle\HWIOAuthBundle(), + new FOS\OAuthServerBundle\FOSOAuthServerBundle(), ); if (in_array($this->getEnvironment(), array('dev', 'test'))) { diff --git a/app/SymfonyRequirements.php b/app/SymfonyRequirements.php index 25bc938..56bd35d 100644 --- a/app/SymfonyRequirements.php +++ b/app/SymfonyRequirements.php @@ -41,25 +41,25 @@ class Requirement /** * Constructor that initializes the requirement. * - * @param Boolean $fulfilled Whether the requirement is fulfilled + * @param bool $fulfilled Whether the requirement is fulfilled * @param string $testMessage The message for testing the requirement * @param string $helpHtml The help text formatted in HTML for resolving the problem * @param string|null $helpText The help text (when null, it will be inferred from $helpHtml, i.e. stripped from HTML tags) - * @param Boolean $optional Whether this is only an optional recommendation not a mandatory requirement + * @param bool $optional Whether this is only an optional recommendation not a mandatory requirement */ public function __construct($fulfilled, $testMessage, $helpHtml, $helpText = null, $optional = false) { - $this->fulfilled = (Boolean) $fulfilled; + $this->fulfilled = (bool) $fulfilled; $this->testMessage = (string) $testMessage; $this->helpHtml = (string) $helpHtml; $this->helpText = null === $helpText ? strip_tags($this->helpHtml) : (string) $helpText; - $this->optional = (Boolean) $optional; + $this->optional = (bool) $optional; } /** * Returns whether the requirement is fulfilled. * - * @return Boolean true if fulfilled, otherwise false + * @return bool true if fulfilled, otherwise false */ public function isFulfilled() { @@ -99,7 +99,7 @@ class Requirement /** * Returns whether this is only an optional recommendation and not a mandatory requirement. * - * @return Boolean true if optional, false if mandatory + * @return bool true if optional, false if mandatory */ public function isOptional() { @@ -117,16 +117,16 @@ class PhpIniRequirement extends Requirement /** * Constructor that initializes the requirement. * - * @param string $cfgName The configuration name used for ini_get() - * @param Boolean|callback $evaluation Either a Boolean indicating whether the configuration should evaluate to true or false, + * @param string $cfgName The configuration name used for ini_get() + * @param bool|callback $evaluation Either a boolean indicating whether the configuration should evaluate to true or false, or a callback function receiving the configuration value as parameter to determine the fulfillment of the requirement - * @param Boolean $approveCfgAbsence If true the Requirement will be fulfilled even if the configuration option does not exist, i.e. ini_get() returns false. + * @param bool $approveCfgAbsence If true the Requirement will be fulfilled even if the configuration option does not exist, i.e. ini_get() returns false. This is helpful for abandoned configs in later PHP versions or configs of an optional extension, like Suhosin. Example: You require a config to be true but PHP later removes this config and defaults it to true internally. - * @param string|null $testMessage The message for testing the requirement (when null and $evaluation is a Boolean a default message is derived) - * @param string|null $helpHtml The help text formatted in HTML for resolving the problem (when null and $evaluation is a Boolean a default help is derived) - * @param string|null $helpText The help text (when null, it will be inferred from $helpHtml, i.e. stripped from HTML tags) - * @param Boolean $optional Whether this is only an optional recommendation not a mandatory requirement + * @param string|null $testMessage The message for testing the requirement (when null and $evaluation is a boolean a default message is derived) + * @param string|null $helpHtml The help text formatted in HTML for resolving the problem (when null and $evaluation is a boolean a default help is derived) + * @param string|null $helpText The help text (when null, it will be inferred from $helpHtml, i.e. stripped from HTML tags) + * @param bool $optional Whether this is only an optional recommendation not a mandatory requirement */ public function __construct($cfgName, $evaluation, $approveCfgAbsence = false, $testMessage = null, $helpHtml = null, $helpText = null, $optional = false) { @@ -193,7 +193,7 @@ class RequirementCollection implements IteratorAggregate /** * Adds a mandatory requirement. * - * @param Boolean $fulfilled Whether the requirement is fulfilled + * @param bool $fulfilled Whether the requirement is fulfilled * @param string $testMessage The message for testing the requirement * @param string $helpHtml The help text formatted in HTML for resolving the problem * @param string|null $helpText The help text (when null, it will be inferred from $helpHtml, i.e. stripped from HTML tags) @@ -206,7 +206,7 @@ class RequirementCollection implements IteratorAggregate /** * Adds an optional recommendation. * - * @param Boolean $fulfilled Whether the recommendation is fulfilled + * @param bool $fulfilled Whether the recommendation is fulfilled * @param string $testMessage The message for testing the recommendation * @param string $helpHtml The help text formatted in HTML for resolving the problem * @param string|null $helpText The help text (when null, it will be inferred from $helpHtml, i.e. stripped from HTML tags) @@ -219,15 +219,15 @@ class RequirementCollection implements IteratorAggregate /** * Adds a mandatory requirement in form of a php.ini configuration. * - * @param string $cfgName The configuration name used for ini_get() - * @param Boolean|callback $evaluation Either a Boolean indicating whether the configuration should evaluate to true or false, + * @param string $cfgName The configuration name used for ini_get() + * @param bool|callback $evaluation Either a boolean indicating whether the configuration should evaluate to true or false, or a callback function receiving the configuration value as parameter to determine the fulfillment of the requirement - * @param Boolean $approveCfgAbsence If true the Requirement will be fulfilled even if the configuration option does not exist, i.e. ini_get() returns false. + * @param bool $approveCfgAbsence If true the Requirement will be fulfilled even if the configuration option does not exist, i.e. ini_get() returns false. This is helpful for abandoned configs in later PHP versions or configs of an optional extension, like Suhosin. Example: You require a config to be true but PHP later removes this config and defaults it to true internally. - * @param string $testMessage The message for testing the requirement (when null and $evaluation is a Boolean a default message is derived) - * @param string $helpHtml The help text formatted in HTML for resolving the problem (when null and $evaluation is a Boolean a default help is derived) - * @param string|null $helpText The help text (when null, it will be inferred from $helpHtml, i.e. stripped from HTML tags) + * @param string $testMessage The message for testing the requirement (when null and $evaluation is a boolean a default message is derived) + * @param string $helpHtml The help text formatted in HTML for resolving the problem (when null and $evaluation is a boolean a default help is derived) + * @param string|null $helpText The help text (when null, it will be inferred from $helpHtml, i.e. stripped from HTML tags) */ public function addPhpIniRequirement($cfgName, $evaluation, $approveCfgAbsence = false, $testMessage = null, $helpHtml = null, $helpText = null) { @@ -237,15 +237,15 @@ class RequirementCollection implements IteratorAggregate /** * Adds an optional recommendation in form of a php.ini configuration. * - * @param string $cfgName The configuration name used for ini_get() - * @param Boolean|callback $evaluation Either a Boolean indicating whether the configuration should evaluate to true or false, + * @param string $cfgName The configuration name used for ini_get() + * @param bool|callback $evaluation Either a boolean indicating whether the configuration should evaluate to true or false, or a callback function receiving the configuration value as parameter to determine the fulfillment of the requirement - * @param Boolean $approveCfgAbsence If true the Requirement will be fulfilled even if the configuration option does not exist, i.e. ini_get() returns false. + * @param bool $approveCfgAbsence If true the Requirement will be fulfilled even if the configuration option does not exist, i.e. ini_get() returns false. This is helpful for abandoned configs in later PHP versions or configs of an optional extension, like Suhosin. Example: You require a config to be true but PHP later removes this config and defaults it to true internally. - * @param string $testMessage The message for testing the requirement (when null and $evaluation is a Boolean a default message is derived) - * @param string $helpHtml The help text formatted in HTML for resolving the problem (when null and $evaluation is a Boolean a default help is derived) - * @param string|null $helpText The help text (when null, it will be inferred from $helpHtml, i.e. stripped from HTML tags) + * @param string $testMessage The message for testing the requirement (when null and $evaluation is a boolean a default message is derived) + * @param string $helpHtml The help text formatted in HTML for resolving the problem (when null and $evaluation is a boolean a default help is derived) + * @param string|null $helpText The help text (when null, it will be inferred from $helpHtml, i.e. stripped from HTML tags) */ public function addPhpIniRecommendation($cfgName, $evaluation, $approveCfgAbsence = false, $testMessage = null, $helpHtml = null, $helpText = null) { @@ -343,7 +343,7 @@ class RequirementCollection implements IteratorAggregate /** * Returns whether a php.ini configuration is not correct. * - * @return Boolean php.ini configuration problem? + * @return bool php.ini configuration problem? */ public function hasPhpIniConfigIssue() { @@ -405,7 +405,7 @@ class SymfonyRequirements extends RequirementCollection $this->addRequirement( is_dir(__DIR__.'/../vendor/composer'), 'Vendor libraries must be installed', - 'Vendor libraries are missing. Install composer following instructions from http://getcomposer.org/. ' . + 'Vendor libraries are missing. Install composer following instructions from http://getcomposer.org/. '. 'Then run "php composer.phar install" to install them.' ); diff --git a/app/config/config.yml b/app/config/config.yml index b1bd089..af4fb6d 100644 --- a/app/config/config.yml +++ b/app/config/config.yml @@ -60,7 +60,6 @@ doctrine: auto_generate_proxy_classes: "%kernel.debug%" auto_mapping: true -# app/config/config.yml doctrine_mongodb: connections: default: @@ -90,9 +89,8 @@ fos_rest: - { path: '^/api', priorities: ['json'], fallback_format: json, prefer_extension: false } - { path: ^/, priorities: ['html', '*/*'], fallback_format: html, prefer_extension: true } - fos_user: - db_driver: mongodb # other valid values are 'mongodb', 'couchdb' and 'propel' + db_driver: mongodb firewall_name: main user_class: Wallabag\Bundle\CoreBundle\Document\User @@ -111,7 +109,26 @@ nelmio_api_doc: sonata_block: default_contexts: [cms] blocks: - # Enable the SonataAdminBundle block sonata.admin.block.admin_list: contexts: [admin] - # Your other blocks \ No newline at end of file + +hwi_oauth: + firewall_name: secured_area + resource_owners: + any_name: + type: github + client_id: 7d284ea5b2ec33c5bbe8 + client_secret: cc5f803288cd4e48cddf14ce22537ff36127755d + fosub: + username_iterations: 30 + properties: + github: githubID + +fos_oauth_server: + db_driver: mongodb + client_class: Wallabag\Bundle\ApiBundle\Document\Client + access_token_class: Wallabag\Bundle\ApiBundle\Document\AccessToken + refresh_token_class: Wallabag\Bundle\ApiBundle\Document\RefreshToken + auth_code_class: Wallabag\Bundle\ApiBundle\Document\AuthCode + service: + user_provider: fos_user.user_manager \ No newline at end of file diff --git a/app/config/routing.yml b/app/config/routing.yml index 1ed3c6c..b241139 100644 --- a/app/config/routing.yml +++ b/app/config/routing.yml @@ -43,4 +43,21 @@ admin: _sonata_admin: resource: . type: sonata_admin - prefix: /admin \ No newline at end of file + prefix: /admin + +hwi_oauth_redirect: + resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml" + prefix: /connect + +hwi_oauth_login: + resource: "@HWIOAuthBundle/Resources/config/routing/login.xml" + prefix: /login + +github_login: + pattern: /login/check-github + +fos_oauth_server_token: + resource: "@FOSOAuthServerBundle/Resources/config/routing/token.xml" + +fos_oauth_server_authorize: + resource: "@FOSOAuthServerBundle/Resources/config/routing/authorize.xml" \ No newline at end of file diff --git a/app/config/security.yml b/app/config/security.yml index 2bf63f3..1866e9a 100644 --- a/app/config/security.yml +++ b/app/config/security.yml @@ -2,11 +2,45 @@ security: providers: in_memory: memory: ~ + fos_userbundle: + id: fos_user.user_manager firewalls: + oauth_token: + pattern: ^/oauth/v2/token + security: false + + oauth_authorize: + pattern: ^/oauth/v2/auth + form_login: + provider: fos_userbundle + check_path: /oauth/v2/auth_login_check + login_path: /oauth/v2/auth_login + anonymous: true + + api: + pattern: ^/api + fos_oauth: true + stateless: true + anonymous: false + dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false default: anonymous: ~ + secured_area: + anonymous: ~ + oauth: + resource_owners: + my_github: "/login/check-github" + login_path: /login + use_forward: false + failure_path: /login + + oauth_user_provider: + service: hwi_oauth.user.provider.fosub_bridge + + access_control: + - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] } \ No newline at end of file diff --git a/composer.json b/composer.json index 8a26669..c2b97b7 100644 --- a/composer.json +++ b/composer.json @@ -46,7 +46,9 @@ "jms/serializer-bundle": "0.13.*@dev", "fivefilters/full-text-rss": "dev-master", "sonata-project/doctrine-mongodb-admin-bundle": "2.3.*@dev", - "knplabs/knp-menu": "2.0.*@dev" + "knplabs/knp-menu": "2.0.*@dev", + "hwi/oauth-bundle": "0.4.*@dev", + "friendsofsymfony/oauth-server-bundle": "dev-master" }, "require-dev": { "sensio/generator-bundle": "~2.3" diff --git a/src/Wallabag/Bundle/CoreBundle/Document/AccessToken.php b/src/Wallabag/Bundle/CoreBundle/Document/AccessToken.php new file mode 100644 index 0000000..b60a737 --- /dev/null +++ b/src/Wallabag/Bundle/CoreBundle/Document/AccessToken.php @@ -0,0 +1,22 @@ +client; + } + + public function setClient(ClientInterface $client) + { + $this->client = $client; + } +} diff --git a/src/Wallabag/Bundle/CoreBundle/Document/AuthCode.php b/src/Wallabag/Bundle/CoreBundle/Document/AuthCode.php new file mode 100644 index 0000000..069c711 --- /dev/null +++ b/src/Wallabag/Bundle/CoreBundle/Document/AuthCode.php @@ -0,0 +1,22 @@ +client; + } + + public function setClient(ClientInterface $client) + { + $this->client = $client; + } +} diff --git a/src/Wallabag/Bundle/CoreBundle/Document/Client.php b/src/Wallabag/Bundle/CoreBundle/Document/Client.php new file mode 100644 index 0000000..b9fad4b --- /dev/null +++ b/src/Wallabag/Bundle/CoreBundle/Document/Client.php @@ -0,0 +1,15 @@ +client; + } + + public function setClient(ClientInterface $client) + { + $this->client = $client; + } +} diff --git a/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/AccessToken.mongodb.xml b/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/AccessToken.mongodb.xml new file mode 100644 index 0000000..7055d81 --- /dev/null +++ b/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/AccessToken.mongodb.xml @@ -0,0 +1,11 @@ + + + + + + + + \ No newline at end of file diff --git a/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/AuthCode.mongodb.xml b/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/AuthCode.mongodb.xml new file mode 100644 index 0000000..2d2b209 --- /dev/null +++ b/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/AuthCode.mongodb.xml @@ -0,0 +1,11 @@ + + + + + + + + \ No newline at end of file diff --git a/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/Client.mongodb.xml b/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/Client.mongodb.xml new file mode 100644 index 0000000..c95b88b --- /dev/null +++ b/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/Client.mongodb.xml @@ -0,0 +1,10 @@ + + + + + + + \ No newline at end of file diff --git a/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/RefreshToken.mongodb.xml b/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/RefreshToken.mongodb.xml new file mode 100644 index 0000000..c77b9d7 --- /dev/null +++ b/src/Wallabag/Bundle/CoreBundle/Resources/config/doctrine/RefreshToken.mongodb.xml @@ -0,0 +1,11 @@ + + + + + + + + \ No newline at end of file