Created
November 21, 2019 12:42
-
-
Save rrcfesc/6ef492f3e06a2eb7d098002b43abb289 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace App\Security; | |
| use GraphQL\Results; | |
| use Symfony\Component\HttpFoundation\Request; | |
| use Symfony\Component\HttpFoundation\RedirectResponse; | |
| use Symfony\Component\HttpFoundation\Response; | |
| use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | |
| use Symfony\Component\Security\Core\Exception\AuthenticationException; | |
| use Symfony\Component\Security\Core\User\UserInterface; | |
| use Symfony\Component\Security\Core\User\UserProviderInterface; | |
| use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; | |
| use App\Service\OauthService; | |
| use Symfony\Component\Security\Core\Exception\BadCredentialsException; | |
| use Symfony\Component\Security\Core\Security; | |
| use GraphQL\Client; | |
| use GraphQL\Query; | |
| class OauthAuthenticator extends AbstractGuardAuthenticator | |
| { | |
| /** | |
| * @var Security | |
| */ | |
| private $security; | |
| /** | |
| * @var OauthService | |
| */ | |
| private $oauthService; | |
| /** | |
| * @var string | |
| */ | |
| private $homeUrl; | |
| /** | |
| * @var Client | |
| */ | |
| private $client; | |
| /** | |
| * OauthAuthenticator constructor. | |
| * @param Security $security | |
| * @param OauthService $oauthService | |
| */ | |
| public function __construct(Security $security, OauthService $oauthService, Client $client, $homeWebsite) | |
| { | |
| $this->security = $security; | |
| $this->oauthService = $oauthService; | |
| $this->homeUrl = $homeWebsite; | |
| $this->client = $client; | |
| } | |
| /** | |
| * {@inheritDoc} | |
| * @param Request $request | |
| * @return bool | |
| */ | |
| public function supports(Request $request): bool | |
| { | |
| $response = true; | |
| if ($this->security->getUser()) { | |
| $apiKey = $request->query->get('token'); | |
| if (!is_null($apiKey)) { | |
| $response = true; | |
| } else { | |
| $response = false; | |
| } | |
| } | |
| return $response; | |
| } | |
| /** | |
| * @param Request $request | |
| * @return mixed|void | |
| */ | |
| public function getCredentials(Request $request) | |
| { | |
| $apiKey = $request->query->get('token'); | |
| if (!$apiKey) { | |
| throw new BadCredentialsException('not aut'); | |
| } | |
| $credentials = $this->oauthService->check($apiKey); | |
| if (is_null($credentials)) { | |
| throw new BadCredentialsException('token fail'); | |
| } | |
| return $credentials; | |
| } | |
| /** | |
| * @param mixed $credentials | |
| * @param UserProviderInterface $userProvider | |
| * @return UserInterface|void|null | |
| */ | |
| public function getUser($credentials, UserProviderInterface $userProvider) | |
| { | |
| //dd($credentials); | |
| $employee = ( | |
| new Query('employee')) | |
| ->setArguments(['id' => '/api/employees/'.$credentials['employee']]) | |
| ->setSelectionSet(['lastName', 'firstName', 'image']); | |
| /** @var Results $results */ | |
| $results = $this->client->runQuery($employee); | |
| $employeeData = get_object_vars($results->getData()->employee); | |
| $usergql = ( | |
| new Query('user')) | |
| ->setArguments(['id' => '/api/users/'.$credentials['id']]) | |
| ->setSelectionSet(['companyId', 'companyUserName', 'userMenus', 'roleName', 'language', 'dashboardType']); | |
| /** @var Results $results */ | |
| $results = $this->client->runQuery($usergql); | |
| $userData = get_object_vars($results->getData()->user); | |
| $credentials['companyUserName'] = $userData['companyUserName']; | |
| $credentials['companyLogo'] = null; | |
| if (!empty($userData['companyId'])) { | |
| $companygql = ( | |
| new Query('company')) | |
| ->setArguments(['id' => '/api/companies/'.$userData['companyId']]) | |
| ->setSelectionSet([ | |
| (new Query('companySetting'))->setSelectionSet(['companyLogo']) | |
| ]); | |
| /** @var Results $results */ | |
| $results = $this->client->runQuery($companygql); | |
| $companyData = get_object_vars($results->getData()->company); | |
| $credentials['companyLogo'] = $companyData['companySetting']->companyLogo; | |
| } | |
| return $userProvider->loadUserByUsername(array_merge(array_merge($employeeData, $userData, array_merge($userData, $credentials)), ['home'=>$this->homeUrl])); | |
| } | |
| /** | |
| * @param mixed $credentials | |
| * @param UserInterface $user | |
| * @return bool | |
| */ | |
| public function checkCredentials($credentials, UserInterface $user) | |
| { | |
| return true; | |
| } | |
| /** | |
| * Redirect | |
| * @param Request $request | |
| * @param AuthenticationException $exception | |
| * @return RedirectResponse|\Symfony\Component\HttpFoundation\Response|null | |
| */ | |
| public function onAuthenticationFailure(Request $request, AuthenticationException $exception) | |
| { | |
| return new RedirectResponse($this->homeUrl."logout", 302); | |
| } | |
| /** | |
| * Allow continue | |
| * @param Request $request | |
| * @param TokenInterface $token | |
| * @param string $providerKey | |
| * @return bool|\Symfony\Component\HttpFoundation\Response|null | |
| */ | |
| public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) | |
| { | |
| return new RedirectResponse($request->getPathInfo(), 302); | |
| } | |
| /** | |
| * Returns a response that directs the user to authenticate. | |
| * | |
| * This is called when an anonymous request accesses a resource that | |
| * requires authentication. The job of this method is to return some | |
| * response that "helps" the user start into the authentication process. | |
| * | |
| * Examples: | |
| * | |
| * - For a form login, you might redirect to the login page | |
| * | |
| * return new RedirectResponse('/login'); | |
| * | |
| * - For an API token authentication system, you return a 401 response | |
| * | |
| * return new Response('Auth header required', 401); | |
| * | |
| * @param Request $request The request that resulted in an AuthenticationException | |
| * @param AuthenticationException $authException The exception that started the authentication process | |
| * | |
| * @return Response | |
| */ | |
| public function start(Request $request, AuthenticationException $authException = null) | |
| { | |
| // TODO: Implement start() method. | |
| } | |
| /** | |
| * Does this method support remember me cookies? | |
| * | |
| * Remember me cookie will be set if *all* of the following are met: | |
| * A) This method returns true | |
| * B) The remember_me key under your firewall is configured | |
| * C) The "remember me" functionality is activated. This is usually | |
| * done by having a _remember_me checkbox in your form, but | |
| * can be configured by the "always_remember_me" and "remember_me_parameter" | |
| * parameters under the "remember_me" firewall key | |
| * D) The onAuthenticationSuccess method returns a Response object | |
| * | |
| * @return bool | |
| */ | |
| public function supportsRememberMe() | |
| { | |
| return false; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment