vendor/hslavich/oneloginsaml-bundle/DependencyInjection/Security/Factory/SamlFactory.php line 82

Open in your IDE?
  1. <?php
  3. namespace Hslavich\OneloginSamlBundle\DependencyInjection\Security\Factory;
  5. use Hslavich\OneloginSamlBundle\Event\UserCreatedEvent;
  6. use Hslavich\OneloginSamlBundle\Event\UserModifiedEvent;
  7. use Hslavich\OneloginSamlBundle\EventListener\User\UserCreatedListener;
  8. use Hslavich\OneloginSamlBundle\EventListener\User\UserModifiedListener;
  9. use Hslavich\OneloginSamlBundle\Security\Authentication\Provider\SamlProvider;
  10. use Hslavich\OneloginSamlBundle\Security\Authentication\Token\SamlTokenFactoryInterface;
  11. use Hslavich\OneloginSamlBundle\Security\Firewall\SamlListener;
  12. use Hslavich\OneloginSamlBundle\Security\Http\Authentication\SamlAuthenticationSuccessHandler;
  13. use Hslavich\OneloginSamlBundle\Security\Http\Authenticator\SamlAuthenticator;
  14. use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
  15. use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
  16. use Symfony\Component\Config\Definition\Builder\NodeDefinition;
  17. use Symfony\Component\DependencyInjection\ChildDefinition;
  18. use Symfony\Component\DependencyInjection\ContainerBuilder;
  19. use Symfony\Component\DependencyInjection\ContainerInterface;
  20. use Symfony\Component\DependencyInjection\Reference;
  21. use Symfony\Component\Security\Http\HttpUtils;
  22. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  24. class SamlFactory implements SecurityFactoryInterfaceAuthenticatorFactoryInterface
  25. {
  26.     protected $options = [
  27.         'check_path' => 'saml_acs',
  28.         'use_forward' => false,
  29.         'require_previous_session' => false,
  30.         'login_path' => 'saml_login',
  32.         'username_attribute' => null,
  33.         'use_attribute_friendly_name' => false,
  34.         'user_factory' => null,
  35.         'token_factory' => null,
  36.         'persist_user' => false,
  37.         'success_handler' => SamlAuthenticationSuccessHandler::class,
  38.     ];
  40.     protected $defaultSuccessHandlerOptions = [
  41.         'always_use_default_target_path' => false,
  42.         'default_target_path' => '/',
  43.         'login_path' => 'saml_login',
  44.         'target_path_parameter' => '_target_path',
  45.         'use_referer' => false,
  46.     ];
  48.     protected $defaultFailureHandlerOptions = [
  49.         'failure_path' => null,
  50.         'failure_forward' => false,
  51.         'login_path' => 'saml_login',
  52.         'failure_path_parameter' => '_failure_path',
  53.     ];
  55.     public function addConfiguration(NodeDefinition $node): void
  56.     {
  57.         $builder $node->children();
  59.         $builder
  60.             ->scalarNode('provider')->end()
  61.             ->booleanNode('remember_me')->defaultTrue()->end()
  62.             ->scalarNode('success_handler')->end()
  63.             ->scalarNode('failure_handler')->end()
  64.         ;
  66.         foreach (array_merge($this->options$this->defaultSuccessHandlerOptions$this->defaultFailureHandlerOptions) as $name => $default) {
  67.             if (\is_bool($default)) {
  68.                 $builder->booleanNode($name)->defaultValue($default);
  69.             } else {
  70.                 $builder->scalarNode($name)->defaultValue($default);
  71.             }
  72.         }
  73.     }
  75.     final public function addOption(string $name$default null): void
  76.     {
  77.         $this->options[$name] = $default;
  78.     }
  80.     public function create(ContainerBuilder $containerstring $id, array $configstring $userProviderId, ?string $defaultEntryPointId): array
  81.     {
  82.         trigger_deprecation('hslavich/oneloginsaml-bundle''2.1''Usage of security authentication listener is deprecated, option "security.enable_authenticator_manager" should be set to true.');
  84.         $authProviderId $this->createAuthProvider($container$id$config$userProviderId);
  85.         $listenerId $this->createListener($container$id$config);
  87.         $this->createUserListeners($container$id$config);
  89.         // add remember-me aware tag if requested
  90.         if ($config['remember_me']) {
  91.             $listenerDefinition $container->getDefinition($listenerId);
  92.             $listenerDefinition->addTag('security.remember_me_aware', ['id' => $id'provider' => $userProviderId]);
  93.         }
  95.         $entryPointId $this->createEntryPoint($container$id$config);
  97.         return [$authProviderId$listenerId$entryPointId];
  98.     }
  100.     public function getPosition(): string
  101.     {
  102.         return 'pre_auth';
  103.     }
  105.     public function getPriority(): int
  106.     {
  107.         return -10;
  108.     }
  110.     public function getKey(): string
  111.     {
  112.         return 'saml';
  113.     }
  115.     public function createAuthenticator(ContainerBuilder $containerstring $firewallName, array $configstring $userProviderId): string
  116.     {
  117.         $authenticatorId 'security.authenticator.saml.'.$firewallName;
  118.         $authenticator = (new ChildDefinition(SamlAuthenticator::class))
  119.             ->replaceArgument(0, new Reference(HttpUtils::class))
  120.             ->replaceArgument(1, new Reference($userProviderId))
  121.             ->replaceArgument(3, new Reference($this->createAuthenticationSuccessHandler($container$firewallName$config)))
  122.             ->replaceArgument(4, new Reference($this->createAuthenticationFailureHandler($container$firewallName$config)))
  123.             ->replaceArgument(5array_intersect_key($config$this->options))
  124.         ;
  126.         if ($config['user_factory']) {
  127.             $authenticator->replaceArgument(6, new Reference($config['user_factory']));
  128.         }
  130.         $container->setDefinition($authenticatorId$authenticator);
  132.         $this->createUserListeners($container$firewallName$config);
  134.         return $authenticatorId;
  135.     }
  137.     protected function createAuthProvider(ContainerBuilder $container$id$config$userProviderId): string
  138.     {
  139.         $providerId 'security.authentication.provider.saml.'.$id;
  140.         $definition $container->setDefinition($providerId, new ChildDefinition(SamlProvider::class))
  141.             ->setArguments([
  142.                 new Reference($userProviderId),
  143.                 new Reference(EventDispatcherInterface::class, ContainerInterface::NULL_ON_INVALID_REFERENCE),
  144.             ])
  145.         ;
  147.         if ($config['user_factory']) {
  148.             $definition->addMethodCall('setUserFactory', [new Reference($config['user_factory'])]);
  149.         }
  151.         $factoryId $config['token_factory'] ?: SamlTokenFactoryInterface::class;
  152.         $definition->addMethodCall('setTokenFactory', [new Reference($factoryId)]);
  154.         return $providerId;
  155.     }
  157.     protected function createListener(ContainerBuilder $containerstring $id, array $config): string
  158.     {
  159.         $listenerId $this->getListenerId();
  160.         $listener = (new ChildDefinition($listenerId))
  161.             ->replaceArgument(4$id)
  162.             ->replaceArgument(5, new Reference($this->createAuthenticationSuccessHandler($container$id$config)))
  163.             ->replaceArgument(6, new Reference($this->createAuthenticationFailureHandler($container$id$config)))
  164.             ->replaceArgument(7array_intersect_key($config$this->options))
  165.         ;
  167.         $listenerId .= '.'.$id;
  168.         $container->setDefinition($listenerId$listener);
  170.         return $listenerId;
  171.     }
  173.     protected function getListenerId(): string
  174.     {
  175.         return SamlListener::class;
  176.     }
  178.     protected function createEntryPoint(ContainerBuilder $containerstring $id, array $config): ?string
  179.     {
  180.         $entryPointId 'security.authentication.form_entry_point.'.$id;
  181.         $container
  182.             ->setDefinition($entryPointId, new ChildDefinition('security.authentication.form_entry_point'))
  183.             ->addArgument(new Reference(HttpUtils::class))
  184.             ->addArgument($config['login_path'])
  185.             ->addArgument($config['use_forward'])
  186.         ;
  188.         return $entryPointId;
  189.     }
  191.     protected function createAuthenticationSuccessHandler(ContainerBuilder $containerstring $id, array $config): string
  192.     {
  193.         $successHandlerId $this->getSuccessHandlerId($id);
  194.         $options array_intersect_key($config$this->defaultSuccessHandlerOptions);
  196.         $successHandler $container->setDefinition($successHandlerId, new ChildDefinition('security.authentication.custom_success_handler'));
  197.         $successHandler->replaceArgument(0, new Reference($config['success_handler']));
  198.         $successHandler->replaceArgument(1$options);
  199.         $successHandler->replaceArgument(2$id);
  201.         return $successHandlerId;
  202.     }
  204.     protected function createAuthenticationFailureHandler(ContainerBuilder $containerstring $id, array $config): string
  205.     {
  206.         $id $this->getFailureHandlerId($id);
  207.         $options array_intersect_key($config$this->defaultFailureHandlerOptions);
  209.         if (isset($config['failure_handler'])) {
  210.             $failureHandler $container->setDefinition($id, new ChildDefinition('security.authentication.custom_failure_handler'));
  211.             $failureHandler->replaceArgument(0, new Reference($config['failure_handler']));
  212.             $failureHandler->replaceArgument(1$options);
  213.         } else {
  214.             $failureHandler $container->setDefinition($id, new ChildDefinition('security.authentication.failure_handler'));
  215.             $failureHandler->addMethodCall('setOptions', [$options]);
  216.         }
  218.         return $id;
  219.     }
  221.     protected function getSuccessHandlerId(string $id): string
  222.     {
  223.         return 'security.authentication.success_handler.'.$id.'.'.str_replace('-''_'$this->getKey());
  224.     }
  226.     protected function getFailureHandlerId(string $id): string
  227.     {
  228.         return 'security.authentication.failure_handler.'.$id.'.'.str_replace('-''_'$this->getKey());
  229.     }
  231.     protected function createUserListeners(ContainerBuilder $containerstring $firewallName, array $config): void
  232.     {
  233.         $container->setDefinition('hslavich_onelogin_saml.user_created_listener.'.$firewallName, new ChildDefinition(UserCreatedListener::class))
  234.             ->replaceArgument(1$config['persist_user'])
  235.             ->addTag('hslavich.saml_user_listener')
  236.             ->addTag('kernel.event_listener', ['event' => UserCreatedEvent::class])
  237.         ;
  239.         $container->setDefinition('hslavich_onelogin_saml.user_modified_listener.'.$firewallName, new ChildDefinition(UserModifiedListener::class))
  240.             ->replaceArgument(1$config['persist_user'])
  241.             ->addTag('hslavich.saml_user_listener')
  242.             ->addTag('kernel.event_listener', ['event' => UserModifiedEvent::class])
  243.         ;
  244.     }
  245. }