iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add support for oauth scopes 

As defined in RFC6749:
* https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1
* https://www.rfc-editor.org/rfc/rfc6749#section-3.3

Scopes can be configured per-provider in engelsystem config.
This commit is contained in:
Joshua Bachmeier 2022-05-01 00:01:14 +02:00 committed by Igor Scheller
parent 44821019b6
commit 6917f7805b
3 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/config.default.php
View File

@ -88,6 +88,8 @@ return [
'url_token' => '[generated by provider]', 'url_token' => '[generated by provider]',
// User info URL which provides userdata // User info URL which provides userdata
'url_info' => '[generated by provider]', 'url_info' => '[generated by provider]',
// OAuth Scopes
// 'scope' => ['openid'],
// Info unique user id field // Info unique user id field
'id' => 'uuid', 'id' => 'uuid',
// The following fields are used for registration // The following fields are used for registration

10
src/Controllers/OAuthController.php
View File

@ -88,6 +88,7 @@ class OAuthController extends BaseController
{ {
$providerName = $request->getAttribute('provider'); $providerName = $request->getAttribute('provider');
$provider = $this->getProvider($providerName); $provider = $this->getProvider($providerName);
$config = $this->config->get('oauth')[$providerName];
// Handle OAuth error response according to https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1 // Handle OAuth error response according to https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1
if ($request->has('error')) { if ($request->has('error')) {
@ -95,7 +96,13 @@ class OAuthController extends BaseController
} }
if (!$request->has('code')) { if (!$request->has('code')) {
$authorizationUrl = $provider->getAuthorizationUrl(); $authorizationUrl = $provider->getAuthorizationUrl(
[
// Leauge separates scopes by comma, which is wrong, so we do it
// here properly by spaces. See https://www.rfc-editor.org/rfc/rfc6749#section-3.3
'scope' => join(' ', $config['scope'] ?? [])
]
);
$this->session->set('oauth2_state', $provider->getState()); $this->session->set('oauth2_state', $provider->getState());
return $this->redirector->to($authorizationUrl); return $this->redirector->to($authorizationUrl);
@ -178,7 +185,6 @@ class OAuthController extends BaseController
$this->addNotification('oauth.connected'); $this->addNotification('oauth.connected');
} }
$config = $this->config->get('oauth')[$providerName];
$resourceData = $resourceOwner->toArray(); $resourceData = $resourceOwner->toArray();
if (!empty($config['nested_info'])) { if (!empty($config['nested_info'])) {
$resourceData = Arr::dot($resourceData); $resourceData = Arr::dot($resourceData);

2
tests/Unit/Controllers/OAuthControllerTest.php
View File

@ -76,6 +76,7 @@ class OAuthControllerTest extends TestCase
'first_name' => 'given-name', 'first_name' => 'given-name',
'last_name' => 'last-name', 'last_name' => 'last-name',
'url' => 'http://localhost/', 'url' => 'http://localhost/',
'scope' => ['foo', 'bar'],
], ],
]; ];
@ -197,6 +198,7 @@ class OAuthControllerTest extends TestCase
$this->assertStringStartsWith('http://localhost/auth', $url); $this->assertStringStartsWith('http://localhost/auth', $url);
$this->assertStringContainsString('testsystem', $url); $this->assertStringContainsString('testsystem', $url);
$this->assertStringContainsString('code', $url); $this->assertStringContainsString('code', $url);
$this->assertStringContainsString('scope=foo%20bar', $url);
return new Response(); return new Response();
}); });