From 57c09c6f8f59daed1809134d74f662220346013a Mon Sep 17 00:00:00 2001 From: Diogo Peralta Cordeiro Date: Sat, 15 Jan 2022 18:03:07 +0000 Subject: [PATCH] wip --- composer.lock | 92 ++++++++++++++++++++++++++++++----- config/bundles.php | 1 + config/packages/security.yaml | 30 +++++++++--- plugins/OAuth2/composer.json | 2 +- src/Core/GNUsocial.php | 24 ++++++++- src/Entity/LocalUser.php | 1 - symfony.lock | 3 ++ 7 files changed, 129 insertions(+), 24 deletions(-) diff --git a/composer.lock b/composer.lock index c083547263..be0eb1e1b7 100644 --- a/composer.lock +++ b/composer.lock @@ -6,6 +6,72 @@ ], "content-hash": "9c0a2f7b8e803cba4400571f9a087948", "packages": [ + { + "name": "ajgarlag/psr-http-message-bundle", + "version": "1.2.1", + "source": { + "type": "git", + "url": "https://github.com/ajgarlag/psr-http-message-bundle.git", + "reference": "7f7e82f8a70b54c0c48a797b1b537421c9049e65" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ajgarlag/psr-http-message-bundle/zipball/7f7e82f8a70b54c0c48a797b1b537421c9049e65", + "reference": "7f7e82f8a70b54c0c48a797b1b537421c9049e65", + "shasum": "" + }, + "require": { + "psr/http-factory": "^1.0", + "symfony/dependency-injection": "^4.4.8|^5.2.4", + "symfony/framework-bundle": "^4.4|^5.0", + "symfony/psr-http-message-bridge": "^1.1|^2.0" + }, + "conflict": { + "sensio/framework-extra-bundle": "<5.3" + }, + "require-dev": { + "friendsofphp/php-cs-fixer": "^2.18", + "nyholm/psr7": "^1.1", + "sensio/framework-extra-bundle": "^5.3|^6.0", + "symfony/browser-kit": "^4.4|^5.0", + "symfony/monolog-bridge": "^4.0|^5.0", + "symfony/monolog-bundle": "^3.2", + "symfony/phpunit-bridge": "^4.4.11|^5.0.11", + "symfony/yaml": "^4.4|^5.0" + }, + "suggest": { + "nyholm/psr7": "Provides autowiring aliases for PSR-17" + }, + "type": "symfony-bundle", + "extra": { + "branch-alias": { + "dev-main": "1.1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Ajgarlag\\Bundle\\PsrHttpMessageBundle\\": "src/" + }, + "exclude-from-classmap": [ + "/tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Antonio J. GarcĂ­a Lagar", + "email": "aj@garcialagar.es" + } + ], + "support": { + "issues": "https://github.com/ajgarlag/psr-http-message-bundle/issues", + "source": "https://github.com/ajgarlag/psr-http-message-bundle/tree/1.2.1" + }, + "time": "2021-03-10T18:29:27+00:00" + }, { "name": "alchemy/binary-driver", "version": "v5.2.0", @@ -11001,25 +11067,25 @@ }, { "name": "trikoder/oauth2-bundle", - "version": "v3.2.0", + "version": "v3.x-dev", "source": { "type": "git", "url": "https://github.com/trikoder/oauth2-bundle.git", - "reference": "58788136d3856a3e0c7fb41364943af8bc89101c" + "reference": "f970a9c6f4275960d77f24b851563ce99e70ba8d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/trikoder/oauth2-bundle/zipball/58788136d3856a3e0c7fb41364943af8bc89101c", - "reference": "58788136d3856a3e0c7fb41364943af8bc89101c", + "url": "https://api.github.com/repos/trikoder/oauth2-bundle/zipball/f970a9c6f4275960d77f24b851563ce99e70ba8d", + "reference": "f970a9c6f4275960d77f24b851563ce99e70ba8d", "shasum": "" }, "require": { + "ajgarlag/psr-http-message-bundle": "^1.1", "doctrine/doctrine-bundle": "^1.8|^2.0", "doctrine/orm": "^2.7", "league/oauth2-server": "^8.0", "php": ">=7.2", "psr/http-factory": "^1.0", - "sensio/framework-extra-bundle": "^5.5", "symfony/framework-bundle": "^4.4|^5.0", "symfony/psr-http-message-bridge": "^2.0", "symfony/security-bundle": "^4.4|^5.0" @@ -11038,6 +11104,7 @@ "nelmio/cors-bundle": "For handling CORS requests", "nyholm/psr7": "For a super lightweight PSR-7/17 implementation" }, + "default-branch": true, "type": "symfony-bundle", "extra": { "branch-alias": { @@ -11077,9 +11144,9 @@ ], "support": { "issues": "https://github.com/trikoder/oauth2-bundle/issues", - "source": "https://github.com/trikoder/oauth2-bundle/tree/v3.2.0" + "source": "https://github.com/trikoder/oauth2-bundle/tree/v3.x" }, - "time": "2020-10-26T15:54:32+00:00" + "time": "2021-03-09T14:59:54+00:00" }, { "name": "twig/extra-bundle", @@ -12957,12 +13024,12 @@ "source": { "type": "git", "url": "https://github.com/phpstan/phpstan.git", - "reference": "15bcf0390f49f393d20e21c16672d732356ba692" + "reference": "e0b23a37d83b7d1bbfdb8c0b8aa4dcd702266a65" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpstan/zipball/15bcf0390f49f393d20e21c16672d732356ba692", - "reference": "15bcf0390f49f393d20e21c16672d732356ba692", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/e0b23a37d83b7d1bbfdb8c0b8aa4dcd702266a65", + "reference": "e0b23a37d83b7d1bbfdb8c0b8aa4dcd702266a65", "shasum": "" }, "require": { @@ -13014,7 +13081,7 @@ "type": "tidelift" } ], - "time": "2022-01-14T12:36:03+00:00" + "time": "2022-01-15T15:04:05+00:00" }, { "name": "phpunit/php-code-coverage", @@ -14993,7 +15060,8 @@ "minimum-stability": "stable", "stability-flags": { "someonewithpc/redis-polyfill": 20, - "phpstan/phpstan": 20 + "phpstan/phpstan": 20, + "trikoder/oauth2-bundle": 20 }, "prefer-stable": false, "prefer-lowest": false, diff --git a/config/bundles.php b/config/bundles.php index 3758a5afff..ad68455dc7 100644 --- a/config/bundles.php +++ b/config/bundles.php @@ -22,4 +22,5 @@ return [ Knp\Bundle\TimeBundle\KnpTimeBundle::class => ['all' => true], Fidry\PsyshBundle\PsyshBundle::class => ['all' => true], Trikoder\Bundle\OAuth2Bundle\TrikoderOAuth2Bundle::class => ['all' => true], + Ajgarlag\Bundle\PsrHttpMessageBundle\AjgarlagPsrHttpMessageBundle::class => ['all' => true], ]; diff --git a/config/packages/security.yaml b/config/packages/security.yaml index 4a520b1fdd..81dc69e442 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -20,6 +20,28 @@ security: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false + oauth_token: + pattern: ^/oauth/token$ + security: false + oauth: + guard: + authenticators: + - Trikoder\Bundle\OAuth2Bundle\Security\Guard\Authenticator\OAuth2Authenticator + provider: local_user + pattern: ^/oauth/ + security: true + stateless: true + api_apps: + pattern: ^/api/v1/apps$ + security: false + api: + guard: + authenticators: + - Trikoder\Bundle\OAuth2Bundle\Security\Guard\Authenticator\OAuth2Authenticator + provider: local_user + pattern: ^/api/ + security: true + stateless: true main: entry_point: App\Security\Authenticator guard: @@ -42,14 +64,6 @@ security: samesite: '%remember_me_samesite%' token_provider: 'Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider' - api_token: - pattern: ^/oauth/token$ - security: false - api: - pattern: ^/api - security: true - stateless: true - # activate different ways to authenticate # https://symfony.com/doc/current/security.html#firewalls-authentication diff --git a/plugins/OAuth2/composer.json b/plugins/OAuth2/composer.json index d5fa4370d5..ac6523f947 100644 --- a/plugins/OAuth2/composer.json +++ b/plugins/OAuth2/composer.json @@ -1,6 +1,6 @@ { "require": { "nyholm/psr7": "*", - "trikoder/oauth2-bundle": "*" + "trikoder/oauth2-bundle": "v3.x-dev" } } diff --git a/src/Core/GNUsocial.php b/src/Core/GNUsocial.php index 667cf63295..ffee5308c1 100644 --- a/src/Core/GNUsocial.php +++ b/src/Core/GNUsocial.php @@ -72,12 +72,15 @@ use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\Mailer\MailerInterface; use Symfony\Component\Messenger\MessageBusInterface; use Symfony\Component\Routing\RouterInterface; +use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; use Symfony\Component\Security\Core\Security as SSecurity; +use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Http\Util\TargetPathTrait; use Symfony\Contracts\HttpClient\HttpClientInterface; use Symfony\Contracts\Translation\TranslatorInterface; use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface; use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface; +use Trikoder\Bundle\OAuth2Bundle\Event\UserResolveEvent; use Twig\Environment; /** @@ -266,6 +269,22 @@ class GNUsocial implements EventSubscriberInterface $container->setParameter('gnusocial_defaults', $defaults); } + public function userResolve(UserResolveEvent $event, UserProviderInterface $userProvider, UserPasswordEncoderInterface $userPasswordEncoder): void + { + Log::debug('cenas: ', [$event, $userProvider, $userPasswordEncoder]); + $user = $userProvider->loadUserByUsername($event->getUsername()); + + if (null === $user) { + return; + } + + if (!$userPasswordEncoder->isPasswordValid($user, $event->getPassword())) { + return; + } + + $event->setUser($user); + } + /** * Tell Symfony which events we want to listen to, which Symfony detects and auto-wires * due to this implementing the `EventSubscriberInterface` @@ -273,8 +292,9 @@ class GNUsocial implements EventSubscriberInterface public static function getSubscribedEvents(): array { return [ - KernelEvents::REQUEST => 'onKernelRequest', - 'console.command' => 'onCommand', + KernelEvents::REQUEST => 'onKernelRequest', + 'console.command' => 'onCommand', + 'trikoder.oauth2.user_resolve' => 'userResolve', ]; } } diff --git a/src/Entity/LocalUser.php b/src/Entity/LocalUser.php index f86a4fe98d..493e9eb632 100644 --- a/src/Entity/LocalUser.php +++ b/src/Entity/LocalUser.php @@ -35,7 +35,6 @@ use App\Util\Exception\NicknameNotAllowedException; use App\Util\Exception\NicknameTakenException; use App\Util\Exception\NicknameTooLongException; use App\Util\Nickname; -use DateTimeInterface; use Exception; use libphonenumber\PhoneNumber; use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface; diff --git a/symfony.lock b/symfony.lock index 7a5cb65160..d626118c69 100644 --- a/symfony.lock +++ b/symfony.lock @@ -1,4 +1,7 @@ { + "ajgarlag/psr-http-message-bundle": { + "version": "1.2.1" + }, "alchemy/binary-driver": { "version": "v5.2.0" },