Skip to content

Commit 52c8455

Browse files
committed
Merge branch 'release/3.1.0'
2 parents 7eae7ad + 8ab0b9c commit 52c8455

13 files changed

Lines changed: 100 additions & 49 deletions

CHANGELOG.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
77

88
## [Unreleased]
99

10+
## [3.1.0] - 2023-08-03
11+
12+
### Added
13+
14+
- Added support for `authorization code flow`.
15+
16+
### Removed
17+
18+
- Removed support for `openid connect implicit`.
19+
1020
## [3.0.3] - 2023-03-01
1121

1222
- Fixed return annotation.
@@ -65,3 +75,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
6575
- ITK OpenID Connect: Upgraded from
6676
`itk-dev/openid-connect` 1.0.0 to 2.1.0
6777
- OpenId Connect Bundle: Added CLI login feature.
78+
79+
[unreleased]: https://github.com/itk-dev/openid-connect-bundle/compare/3.1.0...HEAD
80+
[3.1.0]: https://github.com/itk-dev/openid-connect-bundle/compare/3.0.3...3.1.0
81+
[3.0.3]: https://github.com/itk-dev/openid-connect-bundle/compare/3.0.2...3.0.3
82+
[3.0.2]: https://github.com/itk-dev/openid-connect-bundle/compare/3.0.1...3.0.2
83+
[3.0.1]: https://github.com/itk-dev/openid-connect-bundle/compare/3.0.0...3.0.1
84+
[3.0.0]: https://github.com/itk-dev/openid-connect-bundle/compare/2.0.0...3.0.0
85+
[2.0.0]: https://github.com/itk-dev/openid-connect-bundle/compare/1.1.0...2.0.0
86+
[1.1.0]: https://github.com/itk-dev/openid-connect-bundle/compare/1.0.1...1.1.0
87+
[1.0.1]: https://github.com/itk-dev/openid-connect-bundle/compare/1.0.0...1.0.1
88+
[1.0.0]: https://github.com/itk-dev/openid-connect-bundle/releases/tag/1.0.0

README.md

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
[![Github](https://img.shields.io/badge/source-itk--dev/openid--connect--bundle-blue?style=flat-square)](https://github.com/itk-dev/openid-connect-bundle)
44
[![Release](https://img.shields.io/packagist/v/itk-dev/openid-connect-bundle.svg?style=flat-square&label=release)](https://packagist.org/packages/itk-dev/openid-connect-bundle)
55
[![PHP Version](https://img.shields.io/packagist/php-v/itk-dev/openid-connect-bundle.svg?style=flat-square&colorB=%238892BF)](https://www.php.net/downloads)
6-
[![Build Status](https://img.shields.io/github/workflow/status/itk-dev/openid-connect-bundle/Test%20%26%20Code%20Style%20Review?label=CI&logo=github&style=flat-square)](https://github.com/itk-dev/openid-connect-bundle/actions?query=workflow%3A%22Test+%26+Code+Style+Review%22)
6+
[![Build Status](https://img.shields.io/github/actions/workflow/status/itk-dev/openid-connect-bundle/pr.yaml?label=CI&logo=github&style=flat-square)](https://github.com/itk-dev/openid-connect-bundle/actions?query=workflow%3A%22Test+%26+Code+Style+Review%22)
77
[![Codecov Code Coverage](https://img.shields.io/codecov/c/gh/itk-dev/openid-connect-bundle?label=codecov&logo=codecov&style=flat-square)](https://codecov.io/gh/itk-dev/openid-connect-bundle)
88
[![Read License](https://img.shields.io/packagist/l/itk-dev/openid-connect-bundle.svg?style=flat-square&colorB=darkcyan)](https://github.com/itk-dev/openid-connect-bundle/blob/master/LICENSE.md)
99
[![Package downloads on Packagist](https://img.shields.io/packagist/dt/itk-dev/openid-connect-bundle.svg?style=flat-square&colorB=darkmagenta)](https://packagist.org/packages/itk-dev/openid-connect-bundle/stats)
@@ -58,6 +58,9 @@ itkdev_openid_connect:
5858
# Optional: Specify leeway (seconds) to account for clock skew between provider and hosting
5959
# Defaults to 10
6060
leeway: '%env(int:ADMIN_OIDC_LEEWAY)%'
61+
# Optional: Allow http requests (used for mocking a IdP)
62+
# Defaults to false
63+
allow_http: '%env(bool:ADMIN_OIDC_ALLOW_HTTP)%'
6164
user:
6265
options:
6366
metadata_url: '%env(string:USER_OIDC_METADATA_URL)%'
@@ -80,6 +83,7 @@ ADMIN_OIDC_CLIENT_ID=ADMIN_APP_CLIENT_ID
8083
ADMIN_OIDC_CLIENT_SECRET=ADMIN_APP_CLIENT_SECRET
8184
ADMIN_OIDC_REDIRECT_URI=ADMIN_APP_REDIRECT_URI
8285
ADMIN_OIDC_LEEWAY=30
86+
ADMIN_OIDC_ALLOW_HTTP=true
8387
8488
# "user" open id connect configuration variables
8589
USER_OIDC_METADATA_URL=USER_APP_METADATA_URL
@@ -319,7 +323,8 @@ class AzureOIDCAuthenticator extends OpenIdLoginAuthenticator
319323
## Sign in from command line
320324

321325
Rather than signing in via OpenId Connect, you can get a sign in url from the
322-
command line by providing a username. Make sure to configure `OIDC_CLI_REDIRECT_URL`. Run
326+
command line by providing a username. Make sure to configure
327+
`OIDC_CLI_REDIRECT_URL`. Run
323328

324329
```shell
325330
bin/console itk-dev:openid-connect:login <username>

composer.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"ext-json": "*",
1919
"ext-openssl": "*",
2020
"doctrine/orm": "^2.8",
21-
"itk-dev/openid-connect": "^3.0",
21+
"itk-dev/openid-connect": "^3.1",
2222
"symfony/cache": "^5.4|^6.0",
2323
"symfony/framework-bundle": "^5.4|^6.0",
2424
"symfony/security-bundle": "^5.4|^6.0",
@@ -31,9 +31,9 @@
3131
"friendsofphp/php-cs-fixer": "^3.11",
3232
"kubawerlos/php-cs-fixer-custom-fixers": "^3.11",
3333
"phpunit/phpunit": "^9.5",
34-
"psalm/plugin-symfony": "^3.1",
34+
"psalm/plugin-symfony": "^5.0",
3535
"rector/rector": "^0.14.2",
36-
"vimeo/psalm": "^4.7"
36+
"vimeo/psalm": "^5.0"
3737
},
3838
"autoload": {
3939
"psr-4": {

psalm.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,11 @@
1818
<file name="src/DependencyInjection/Configuration.php"/>
1919
</errorLevel>
2020
</PossiblyNullReference>
21+
<UndefinedInterfaceMethod>
22+
<errorLevel type="suppress">
23+
<file name="src/DependencyInjection/Configuration.php"/>
24+
</errorLevel>
25+
</UndefinedInterfaceMethod>
2126
<PossiblyUndefinedMethod>
2227
<errorLevel type="suppress">
2328
<file name="src/DependencyInjection/Configuration.php"/>

src/Controller/LoginController.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,12 @@ public function login(Request $request, SessionInterface $session, string $provi
3737
$session->set('oauth2state', $state);
3838
$session->set('oauth2nonce', $nonce);
3939

40-
$authUrl = $provider->getAuthorizationUrl(['state' => $state, 'nonce' => $nonce]);
40+
$authUrl = $provider->getAuthorizationUrl([
41+
'state' => $state,
42+
'nonce' => $nonce,
43+
'response_type' => 'code',
44+
'scope' => 'openid email profile',
45+
]);
4146

4247
return new RedirectResponse($authUrl);
4348
}

src/DependencyInjection/Configuration.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,10 @@ public function getConfigTreeBuilder(): TreeBuilder
7979
->arrayNode('redirect_route_parameters')
8080
->info('Redirect route parameters')
8181
->end()
82+
->booleanNode('allow_http')
83+
->info('Whether to allow http or not (default: false)')
84+
->defaultValue(false)
85+
->end()
8286
->end()
8387
->validate()
8488
->always()

src/DependencyInjection/ItkDevOpenIdConnectExtension.php

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22

33
namespace ItkDev\OpenIdConnectBundle\DependencyInjection;
44

5-
use Exception;
65
use ItkDev\OpenIdConnectBundle\Command\UserLoginCommand;
76
use ItkDev\OpenIdConnectBundle\Security\CliLoginTokenAuthenticator;
87
use ItkDev\OpenIdConnectBundle\Security\OpenIdConfigurationProviderManager;
@@ -18,7 +17,7 @@ class ItkDevOpenIdConnectExtension extends Extension
1817
/**
1918
* {@inheritdoc}
2019
*
21-
* @throws Exception
20+
* @throws \Exception
2221
*/
2322
public function load(array $configs, ContainerBuilder $container): void
2423
{

src/Exception/ItkOpenIdConnectBundleException.php

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,6 @@
22

33
namespace ItkDev\OpenIdConnectBundle\Exception;
44

5-
use Exception;
6-
7-
abstract class ItkOpenIdConnectBundleException extends Exception
5+
abstract class ItkOpenIdConnectBundleException extends \Exception
86
{
97
}

src/Security/OpenIdConfigurationProviderManager.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,10 @@ public function getProvider(string $key): OpenIdConfigurationProvider
5858
$providerOptions['leeway'] = $options['leeway'];
5959
}
6060

61+
if (isset($options['allow_http'])) {
62+
$providerOptions['allowHttp'] = $options['allow_http'];
63+
}
64+
6165
$this->providers[$key] = new OpenIdConfigurationProvider($providerOptions);
6266
}
6367

src/Security/OpenIdLoginAuthenticator.php

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@
66
use ItkDev\OpenIdConnect\Exception\ValidationException;
77
use ItkDev\OpenIdConnectBundle\Exception\InvalidProviderException;
88
use Symfony\Component\HttpFoundation\Request;
9-
use Symfony\Component\HttpFoundation\RequestStack;
109
use Symfony\Component\HttpFoundation\Response;
1110
use Symfony\Component\Security\Core\Exception\AuthenticationException;
1211
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
@@ -21,19 +20,17 @@ abstract class OpenIdLoginAuthenticator extends AbstractAuthenticator implements
2120
* OpenIdLoginAuthenticator constructor.
2221
*
2322
* @param OpenIdConfigurationProviderManager $providerManager
24-
* @param RequestStack $requestStack
2523
*/
2624
public function __construct(
2725
private readonly OpenIdConfigurationProviderManager $providerManager,
28-
private readonly RequestStack $requestStack
2926
) {
3027
}
3128

3229
/** {@inheritDoc} */
3330
public function supports(Request $request): ?bool
3431
{
35-
// Check if request has state and id_token
36-
return $request->query->has('state') && $request->query->has('id_token');
32+
// Check if request has state and code
33+
return $request->query->has('state') && $request->query->has('code');
3734
}
3835

3936
/**
@@ -49,32 +46,34 @@ public function supports(Request $request): ?bool
4946
*/
5047
protected function validateClaims(Request $request): array
5148
{
52-
$providerKey = (string) $this->requestStack->getSession()->remove('oauth2provider');
49+
$session = $request->getSession();
50+
$providerKey = (string) $session->remove('oauth2provider');
5351
$provider = $this->providerManager->getProvider($providerKey);
5452

5553
// Make sure state and oauth2state are the same
56-
$oauth2state = $this->requestStack->getSession()->remove('oauth2state');
54+
$oauth2state = $session->remove('oauth2state');
5755

5856
if ($request->query->get('state') !== $oauth2state) {
5957
throw new ValidationException('Invalid state');
6058
}
6159

62-
$oauth2nonce = $this->requestStack->getSession()->remove('oauth2nonce');
60+
$oauth2nonce = $session->remove('oauth2nonce');
6361
if (empty($oauth2nonce)) {
6462
throw new ValidationException('Nonce empty or not found');
6563
}
6664

6765
try {
68-
$idToken = $request->query->get('id_token');
66+
$code = $request->query->get('code');
6967

70-
if (null === $idToken) {
71-
throw new ValidationException('Id token not found');
68+
if (null === $code) {
69+
throw new ValidationException('Missing code');
7270
}
7371

74-
if (!is_string($idToken)) {
75-
throw new ValidationException('Id token not type string');
72+
if (!is_string($code)) {
73+
throw new ValidationException('Code not type string');
7674
}
7775

76+
$idToken = $provider->getIdToken($code);
7877
$claims = $provider->validateIdToken($idToken, $oauth2nonce);
7978
// Authentication successful
8079
} catch (ItkOpenIdConnectException $exception) {

0 commit comments

Comments
 (0)