Skip to content

Commit

Permalink
fix(OpenID): Do not register roadiz_rozier.open_id.discovery if `di…
Browse files Browse the repository at this point in the history 
…scovery_url` is not valid
  • Loading branch information
@ambroisemaupate
ambroisemaupate committed Jun 28, 2023
1 parent 6193a31 commit 120b6a9
Showing 1 changed file with 44 additions and 34 deletions.
78 changes: 44 additions & 34 deletions lib/RoadizRozierBundle/src/DependencyInjection/RoadizRozierExtension.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,14 @@ private function registerOpenId(array $config, ContainerBuilder $container): voi
$container->setParameter('roadiz_rozier.open_id.scopes', $config['open_id']['scopes'] ?? []);
$container->setParameter('roadiz_rozier.open_id.granted_roles', $config['open_id']['granted_roles'] ?? []);

if (!empty($config['open_id']['discovery_url'])) {
if (
\is_string($config['open_id']['discovery_url']) &&
!empty($config['open_id']['discovery_url']) &&
filter_var($config['open_id']['discovery_url'], FILTER_VALIDATE_URL)
) {
/*
* Register OpenID discovery service only when discovery URL is set.
*/
$container->setDefinition(
'roadiz_rozier.open_id.discovery',
(new Definition())
Expand All @@ -59,40 +66,43 @@ private function registerOpenId(array $config, ContainerBuilder $container): voi
new Reference(\Psr\Cache\CacheItemPoolInterface::class)
])
);
}

$container->setDefinition(
'roadiz_rozier.open_id.jwt_configuration_factory',
(new Definition())
->setClass(\RZ\Roadiz\OpenId\OpenIdJwtConfigurationFactory::class)
->setPublic(true)
->setArguments([
new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE),
$config['open_id']['hosted_domain'],
$config['open_id']['oauth_client_id'],
$config['open_id']['verify_user_info'],
])
);
$container->setDefinition(
'roadiz_rozier.open_id.jwt_configuration_factory',
(new Definition())
->setClass(\RZ\Roadiz\OpenId\OpenIdJwtConfigurationFactory::class)
->setPublic(true)
->setArguments([
new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE),
$config['open_id']['hosted_domain'],
$config['open_id']['oauth_client_id'],
$config['open_id']['verify_user_info'],
])
);

$container->setDefinition(
'roadiz_rozier.open_id.authenticator',
(new Definition())
->setClass(\RZ\Roadiz\OpenId\Authentication\OpenIdAuthenticator::class)
->setPublic(true)
->setArguments([
new Reference('security.http_utils'),
new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE),
new Reference(\RZ\Roadiz\OpenId\Authentication\Provider\ChainJwtRoleStrategy::class),
new Reference('roadiz_rozier.open_id.jwt_configuration_factory'),
new Reference(\Symfony\Component\Routing\Generator\UrlGeneratorInterface::class),
'loginPage',
'adminHomePage',
$config['open_id']['oauth_client_id'],
$config['open_id']['oauth_client_secret'],
$config['open_id']['openid_username_claim'],
'_target_path',
$config['open_id']['granted_roles'],
])
);
}
/*
* Always register OpenID authenticator to be able to use it in firewall.
*/
$container->setDefinition(
'roadiz_rozier.open_id.authenticator',
(new Definition())
->setClass(\RZ\Roadiz\OpenId\Authentication\OpenIdAuthenticator::class)
->setPublic(true)
->setArguments([
new Reference('security.http_utils'),
new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE),
new Reference(\RZ\Roadiz\OpenId\Authentication\Provider\ChainJwtRoleStrategy::class),
new Reference('roadiz_rozier.open_id.jwt_configuration_factory'),
new Reference(\Symfony\Component\Routing\Generator\UrlGeneratorInterface::class),
'loginPage',
'adminHomePage',
$config['open_id']['oauth_client_id'],
$config['open_id']['oauth_client_secret'],
$config['open_id']['openid_username_claim'],
'_target_path',
$config['open_id']['granted_roles'],
])
);
}
}

0 comments on commit 120b6a9

Please sign in to comment.