vendor/hslavich/oneloginsaml-bundle/DependencyInjection/Security/Factory/SamlFactory.php line 82

Open in your IDE?
  1. <?php
  3. namespace Hslavich\OneloginSamlBundle\DependencyInjection\Security\Factory;
  5. use Hslavich\OneloginSamlBundle\Event\UserCreatedEvent;
  6. use Hslavich\OneloginSamlBundle\Event\UserModifiedEvent;
  7. use Hslavich\OneloginSamlBundle\EventListener\User\UserCreatedListener;
  8. use Hslavich\OneloginSamlBundle\EventListener\User\UserModifiedListener;
  9. use Hslavich\OneloginSamlBundle\Security\Authentication\Provider\SamlProvider;
  10. use Hslavich\OneloginSamlBundle\Security\Authentication\Token\SamlTokenFactoryInterface;
  11. use Hslavich\OneloginSamlBundle\Security\Firewall\SamlListener;
  12. use Hslavich\OneloginSamlBundle\Security\Http\Authentication\SamlAuthenticationSuccessHandler;
  13. use Hslavich\OneloginSamlBundle\Security\Http\Authenticator\SamlAuthenticator;
  14. use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
  15. use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
  16. use Symfony\Component\Config\Definition\Builder\NodeDefinition;
  17. use Symfony\Component\DependencyInjection\ChildDefinition;
  18. use Symfony\Component\DependencyInjection\ContainerBuilder;
  19. use Symfony\Component\DependencyInjection\ContainerInterface;
  20. use Symfony\Component\DependencyInjection\Reference;
  21. use Symfony\Component\Security\Http\HttpUtils;
  22. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  24. class SamlFactory implements SecurityFactoryInterface, AuthenticatorFactoryInterface
  25. {
  26. protected $options = [
  27. 'check_path' => 'saml_acs',
  28. 'use_forward' => false,
  29. 'require_previous_session' => false,
  30. 'login_path' => 'saml_login',
  32. 'username_attribute' => null,
  33. 'use_attribute_friendly_name' => false,
  34. 'user_factory' => null,
  35. 'token_factory' => null,
  36. 'persist_user' => false,
  37. 'success_handler' => SamlAuthenticationSuccessHandler::class,
  38. ];
  40. protected $defaultSuccessHandlerOptions = [
  41. 'always_use_default_target_path' => false,
  42. 'default_target_path' => '/',
  43. 'login_path' => 'saml_login',
  44. 'target_path_parameter' => '_target_path',
  45. 'use_referer' => false,
  46. ];
  48. protected $defaultFailureHandlerOptions = [
  49. 'failure_path' => null,
  50. 'failure_forward' => false,
  51. 'login_path' => 'saml_login',
  52. 'failure_path_parameter' => '_failure_path',
  53. ];
  55. public function addConfiguration(NodeDefinition $node): void
  56. {
  57. $builder = $node->children();
  59. $builder
  60. ->scalarNode('provider')->end()
  61. ->booleanNode('remember_me')->defaultTrue()->end()
  62. ->scalarNode('success_handler')->end()
  63. ->scalarNode('failure_handler')->end()
  64. ;
  66. foreach (array_merge($this->options, $this->defaultSuccessHandlerOptions, $this->defaultFailureHandlerOptions) as $name => $default) {
  67. if (\is_bool($default)) {
  68. $builder->booleanNode($name)->defaultValue($default);
  69. } else {
  70. $builder->scalarNode($name)->defaultValue($default);
  71. }
  72. }
  73. }
  75. final public function addOption(string $name, $default = null): void
  76. {
  77. $this->options[$name] = $default;
  78. }
  80. public function create(ContainerBuilder $container, string $id, array $config, string $userProviderId, ?string $defaultEntryPointId): array
  81. {
  82. trigger_deprecation('hslavich/oneloginsaml-bundle', '2.1', 'Usage of security authentication listener is deprecated, option "security.enable_authenticator_manager" should be set to true.');
  84. $authProviderId = $this->createAuthProvider($container, $id, $config, $userProviderId);
  85. $listenerId = $this->createListener($container, $id, $config);
  87. $this->createUserListeners($container, $id, $config);
  89. // add remember-me aware tag if requested
  90. if ($config['remember_me']) {
  91. $listenerDefinition = $container->getDefinition($listenerId);
  92. $listenerDefinition->addTag('security.remember_me_aware', ['id' => $id, 'provider' => $userProviderId]);
  93. }
  95. $entryPointId = $this->createEntryPoint($container, $id, $config);
  97. return [$authProviderId, $listenerId, $entryPointId];
  98. }
  100. public function getPosition(): string
  101. {
  102. return 'pre_auth';
  103. }
  105. public function getPriority(): int
  106. {
  107. return -10;
  108. }
  110. public function getKey(): string
  111. {
  112. return 'saml';
  113. }
  115. public function createAuthenticator(ContainerBuilder $container, string $firewallName, array $config, string $userProviderId): string
  116. {
  117. $authenticatorId = 'security.authenticator.saml.'.$firewallName;
  118. $authenticator = (new ChildDefinition(SamlAuthenticator::class))
  119. ->replaceArgument(0, new Reference(HttpUtils::class))
  120. ->replaceArgument(1, new Reference($userProviderId))
  121. ->replaceArgument(3, new Reference($this->createAuthenticationSuccessHandler($container, $firewallName, $config)))
  122. ->replaceArgument(4, new Reference($this->createAuthenticationFailureHandler($container, $firewallName, $config)))
  123. ->replaceArgument(5, array_intersect_key($config, $this->options))
  124. ;
  126. if ($config['user_factory']) {
  127. $authenticator->replaceArgument(6, new Reference($config['user_factory']));
  128. }
  130. $container->setDefinition($authenticatorId, $authenticator);
  132. $this->createUserListeners($container, $firewallName, $config);
  134. return $authenticatorId;
  135. }
  137. protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId): string
  138. {
  139. $providerId = 'security.authentication.provider.saml.'.$id;
  140. $definition = $container->setDefinition($providerId, new ChildDefinition(SamlProvider::class))
  141. ->setArguments([
  142. new Reference($userProviderId),
  143. new Reference(EventDispatcherInterface::class, ContainerInterface::NULL_ON_INVALID_REFERENCE),
  144. ])
  145. ;
  147. if ($config['user_factory']) {
  148. $definition->addMethodCall('setUserFactory', [new Reference($config['user_factory'])]);
  149. }
  151. $factoryId = $config['token_factory'] ?: SamlTokenFactoryInterface::class;
  152. $definition->addMethodCall('setTokenFactory', [new Reference($factoryId)]);
  154. return $providerId;
  155. }
  157. protected function createListener(ContainerBuilder $container, string $id, array $config): string
  158. {
  159. $listenerId = $this->getListenerId();
  160. $listener = (new ChildDefinition($listenerId))
  161. ->replaceArgument(4, $id)
  162. ->replaceArgument(5, new Reference($this->createAuthenticationSuccessHandler($container, $id, $config)))
  163. ->replaceArgument(6, new Reference($this->createAuthenticationFailureHandler($container, $id, $config)))
  164. ->replaceArgument(7, array_intersect_key($config, $this->options))
  165. ;
  167. $listenerId .= '.'.$id;
  168. $container->setDefinition($listenerId, $listener);
  170. return $listenerId;
  171. }
  173. protected function getListenerId(): string
  174. {
  175. return SamlListener::class;
  176. }
  178. protected function createEntryPoint(ContainerBuilder $container, string $id, array $config): ?string
  179. {
  180. $entryPointId = 'security.authentication.form_entry_point.'.$id;
  181. $container
  182. ->setDefinition($entryPointId, new ChildDefinition('security.authentication.form_entry_point'))
  183. ->addArgument(new Reference(HttpUtils::class))
  184. ->addArgument($config['login_path'])
  185. ->addArgument($config['use_forward'])
  186. ;
  188. return $entryPointId;
  189. }
  191. protected function createAuthenticationSuccessHandler(ContainerBuilder $container, string $id, array $config): string
  192. {
  193. $successHandlerId = $this->getSuccessHandlerId($id);
  194. $options = array_intersect_key($config, $this->defaultSuccessHandlerOptions);
  196. $successHandler = $container->setDefinition($successHandlerId, new ChildDefinition('security.authentication.custom_success_handler'));
  197. $successHandler->replaceArgument(0, new Reference($config['success_handler']));
  198. $successHandler->replaceArgument(1, $options);
  199. $successHandler->replaceArgument(2, $id);
  201. return $successHandlerId;
  202. }
  204. protected function createAuthenticationFailureHandler(ContainerBuilder $container, string $id, array $config): string
  205. {
  206. $id = $this->getFailureHandlerId($id);
  207. $options = array_intersect_key($config, $this->defaultFailureHandlerOptions);
  209. if (isset($config['failure_handler'])) {
  210. $failureHandler = $container->setDefinition($id, new ChildDefinition('security.authentication.custom_failure_handler'));
  211. $failureHandler->replaceArgument(0, new Reference($config['failure_handler']));
  212. $failureHandler->replaceArgument(1, $options);
  213. } else {
  214. $failureHandler = $container->setDefinition($id, new ChildDefinition('security.authentication.failure_handler'));
  215. $failureHandler->addMethodCall('setOptions', [$options]);
  216. }
  218. return $id;
  219. }
  221. protected function getSuccessHandlerId(string $id): string
  222. {
  223. return 'security.authentication.success_handler.'.$id.'.'.str_replace('-', '_', $this->getKey());
  224. }
  226. protected function getFailureHandlerId(string $id): string
  227. {
  228. return 'security.authentication.failure_handler.'.$id.'.'.str_replace('-', '_', $this->getKey());
  229. }
  231. protected function createUserListeners(ContainerBuilder $container, string $firewallName, array $config): void
  232. {
  233. $container->setDefinition('hslavich_onelogin_saml.user_created_listener.'.$firewallName, new ChildDefinition(UserCreatedListener::class))
  234. ->replaceArgument(1, $config['persist_user'])
  235. ->addTag('hslavich.saml_user_listener')
  236. ->addTag('kernel.event_listener', ['event' => UserCreatedEvent::class])
  237. ;
  239. $container->setDefinition('hslavich_onelogin_saml.user_modified_listener.'.$firewallName, new ChildDefinition(UserModifiedListener::class))
  240. ->replaceArgument(1, $config['persist_user'])
  241. ->addTag('hslavich.saml_user_listener')
  242. ->addTag('kernel.event_listener', ['event' => UserModifiedEvent::class])
  243. ;
  244. }
  245. }