WIP First Symfony route

simplesamlphp · Oct 24, 2023 · 0a97379 · 0a97379
1 parent 290bfdb
commit 0a97379
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 8 deletions.
diff --git a/UPGRADE.md b/UPGRADE.md
@@ -14,6 +14,7 @@
 
 ## Medium impact changes
 - TODO move to SSP (symfony) routing
+  - TODO handle CORS
 - Module config options in file 'module_oidc.php' are now using constants for config keys. The values for constants are
 taken from the previous version of the module, so theoretically you don't have to rewrite your current config file,
 although it is recommended to do so.

diff --git a/routing/routes/routes.yml b/routing/routes/routes.yml
@@ -5,5 +5,5 @@
 #        controllerClassname: SimpleSAML\Module\oidc\Controller\Client\IndexController
 
 openid-configuration:
-  path: openid/configuration
+  path: openid-configuration
   controller: SimpleSAML\Module\oidc\Controller\ConfigurationDiscoveryController
diff --git a/routing/services/services.yml b/routing/services/services.yml
@@ -10,6 +10,7 @@ services:
       League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface: '@SimpleSAML\Module\oidc\Repositories\AccessTokenRepository'
       League\OAuth2\Server\Repositories\ScopeRepositoryInterface: '@SimpleSAML\Module\oidc\Repositories\ScopeRepository'
       League\OAuth2\Server\CryptKey|string $privateKey: '@oidc.key.private'
+      League\OAuth2\Server\CryptKey|string $publicKey: '@oidc.key.public'
 
   SimpleSAML\Module\oidc\Services\:
     resource: '../../src/Services/*'
@@ -25,16 +26,29 @@ services:
   SimpleSAML\Module\oidc\Stores\:
     resource: '../../src/Stores/*'
 
-  League\OAuth2\Server\ResourceServer: ~
-
-  SimpleSAML\Module\oidc\Utils\ClaimTranslatorExtractor: ~
-
   SimpleSAML\Module\oidc\ModuleConfig: ~
 
   oidc.key.private:
     class: League\OAuth2\Server\CryptKey
     factory: ['@SimpleSAML\Module\oidc\Factories\CryptKeyFactory', 'buildPrivateKey']
 
+  oidc.key.public:
+    class: League\OAuth2\Server\CryptKey
+    factory: ['@SimpleSAML\Module\oidc\Factories\CryptKeyFactory', 'buildPublicKey']
+
+  SimpleSAML\Module\oidc\Factories\ResourceServerFactory:
+    arguments:
+      $publicKey: '@oidc.key.public'
+
+  SimpleSAML\Module\oidc\Utils\ClaimTranslatorExtractor:
+    arguments:
+      $userIdAttr: '@=service("SimpleSAML\\Module\\oidc\\ModuleConfig").getUserIdentifierAttribute()'
+
   SimpleSAML\Module\oidc\Server\AuthorizationServer:
     arguments:
       $encryptionKey: '@=service("SimpleSAML\\Module\\oidc\\ModuleConfig").getEncryptionKey()'
+
+  # OAuth2 Server
+  League\OAuth2\Server\ResourceServer:
+    arguments:
+      $publicKey: '@oidc.key.public'
diff --git a/src/Controller/ConfigurationDiscoveryController.php b/src/Controller/ConfigurationDiscoveryController.php
@@ -16,8 +16,8 @@
 
 namespace SimpleSAML\Module\oidc\Controller;
 
-use Laminas\Diactoros\Response\JsonResponse;
 use SimpleSAML\Module\oidc\Services\OpMetadataService;
+use Symfony\Component\HttpFoundation\JsonResponse;
 
 class ConfigurationDiscoveryController
 {

diff --git a/src/Factories/ClaimTranslatorExtractorFactory.php b/src/Factories/ClaimTranslatorExtractorFactory.php
@@ -65,7 +65,7 @@ public function build(): ClaimTranslatorExtractor
             }
         }
 
-        $userIdAttr = $this->moduleConfig->config()->getString(ModuleConfig::OPTION_AUTH_USER_IDENTIFIER_ATTRIBUTE);
+        $userIdAttr = $this->moduleConfig->getUserIdentifierAttribute();
 
         return new ClaimTranslatorExtractor($userIdAttr, $claimSet, $translatorTable, $allowedMultipleValueClaims);
     }

diff --git a/src/ModuleConfig.php b/src/ModuleConfig.php
@@ -340,4 +340,12 @@ public function getForcedAcrValueForCookieAuthentication(): ?string
 
         return (string) $value;
     }
+
+    /**
+     * @throws Exception
+     */
+    public function getUserIdentifierAttribute(): string
+    {
+        return $this->config()->getString(ModuleConfig::OPTION_AUTH_USER_IDENTIFIER_ATTRIBUTE);
+    }
 }
diff --git a/src/Services/AuthContextService.php b/src/Services/AuthContextService.php
@@ -45,7 +45,7 @@ public function isSspAdmin(): bool
     public function getAuthUserId(): string
     {
         $simple = $this->authenticate();
-        $userIdAttr = $this->moduleConfig->config()->getString(ModuleConfig::OPTION_AUTH_USER_IDENTIFIER_ATTRIBUTE);
+        $userIdAttr = $this->moduleConfig->getUserIdentifierAttribute();
         return (string)(new Attributes())->getExpectedAttribute($simple->getAttributes(), $userIdAttr);
     }
-Original file line number
+Diff line change
@@ Expand Up / @@ -65,7 +65,7 @@ public function build(): ClaimTranslatorExtractor @@
                 }
             }
-            $userIdAttr = $this->moduleConfig->config()->getString(ModuleConfig::OPTION_AUTH_USER_IDENTIFIER_ATTRIBUTE);
+            $userIdAttr = $this->moduleConfig->getUserIdentifierAttribute();
             return new ClaimTranslatorExtractor($userIdAttr, $claimSet, $translatorTable, $allowedMultipleValueClaims);
         }
@@ Expand Down @@