wip4

2022-01-15 20:05:28 +00:00 · 2022-01-15 20:05:28 +00:00 · 19dd4ba368
parent 53a1a3fad1
commit 19dd4ba368
2 changed files with 12 additions and 20 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -21,24 +21,8 @@ security:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        oauth_token:
-            pattern: ^/oauth/token$
+            pattern: ^/oauth/(token|authorize)$
            security: false
-        oauth_authorize:
-            pattern: ^/oauth/authorize$
-            security: true
-            entry_point: App\Security\Authenticator
-            guard:
-                authenticators:
-                    - App\Security\Authenticator
-            provider: local_user
-        oauth:
-            guard:
-                authenticators:
-                    - Trikoder\Bundle\OAuth2Bundle\Security\Guard\Authenticator\OAuth2Authenticator
-            provider: local_user
-            pattern: ^/oauth/
-            security: true
-            stateless: true
        api_apps:
            pattern: ^/api/v1/apps$
            security: false
--- a/src/Core/GNUsocial.php
+++ b/src/Core/GNUsocial.php
@ -80,6 +80,7 @@ use Symfony\Contracts\HttpClient\HttpClientInterface;
 use Symfony\Contracts\Translation\TranslatorInterface;
 use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
 use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
+use Trikoder\Bundle\OAuth2Bundle\Event\AuthorizationRequestResolveEvent;
 use Trikoder\Bundle\OAuth2Bundle\Event\UserResolveEvent;
 use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
 use Twig\Environment;
@ -286,6 +287,12 @@ class GNUsocial implements EventSubscriberInterface
        $event->setUser($user);
    }

+    public function authRequestResolve(AuthorizationRequestResolveEvent $event): void
+    {
+        // TODO: if using 3rd party clients, make sure the user approves access
+        $event->resolveAuthorization(true);
+    }
+
    /**
     * Tell Symfony which events we want to listen to, which Symfony detects and auto-wires
     * due to this implementing the `EventSubscriberInterface`
@ -293,9 +300,10 @@ class GNUsocial implements EventSubscriberInterface
    public static function getSubscribedEvents(): array
    {
        return [
-            KernelEvents::REQUEST      => 'onKernelRequest',
-            'console.command'          => 'onCommand',
-            OAuth2Events::USER_RESOLVE => 'userResolve',
+            KernelEvents::REQUEST                       => 'onKernelRequest',
+            'console.command'                           => 'onCommand',
+            OAuth2Events::USER_RESOLVE                  => 'userResolve',
+            OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE => 'authRequestResolve',
        ];
    }
 }