DigitalInfinity/filament-oauth2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactored some code

Browse Source
This commit is contained in:
Alexander Gabriel 2025-11-11 17:55:30 +00:00
parent 0df43fefcb
commit cd80efe1e3
1 changed files with 68 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
src/Http/Controllers/Oauth2Controller.php
View File

@ -10,14 +10,17 @@ use Exception;
use Filament\Facades\Filament; use Filament\Facades\Filament;
use Filament\Http\Responses\Auth\LoginResponse; use Filament\Http\Responses\Auth\LoginResponse;
use Filament\Models\Contracts\FilamentUser; use Filament\Models\Contracts\FilamentUser;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException; use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use League\OAuth2\Client\Provider\GenericProvider; use League\OAuth2\Client\Provider\GenericProvider;
use League\OAuth2\Client\Token\AccessToken;
class Oauth2Controller extends Controller class Oauth2Controller extends Controller
{ {
private GenericProvider $oauth2Provider; private GenericProvider $oauth2Provider;
private Model $user;
private $accessToken;
private $oauth2User;
public function __construct() public function __construct()
{ {
@ -41,79 +44,41 @@ class Oauth2Controller extends Controller
public function handleCallback(Request $request) public function handleCallback(Request $request)
{ {
try { try {
$accessToken = $this->oauth2Provider->getAccessToken('authorization_code', ['code' => $request->input('code')]); $this->accessToken = $this->oauth2Provider->getAccessToken('authorization_code', ['code' => $request->input('code')]);
$oauth2User = $this->oauth2Provider->getResourceOwner($accessToken)->toArray(); $this->oauth2User = $this->oauth2Provider->getResourceOwner($this->accessToken)->toArray();
$user = User::firstOrCreate([ // Create the user if it does not exist
'email' => $oauth2User['email'], $this->user = User::firstOrCreate([
'email' => $this->oauth2User['email'],
],[ ],[
'name' => $oauth2User['name'], 'name' => $this->oauth2User['name'],
// Todo -> is there a better way?
'password' => 'nonsense' 'password' => 'nonsense'
]); ]);
if($user->name != $oauth2User['name'])
// Update user data if different from Oauth2-Server
if($this->user->name != $this->oauth2User['name'])
{ {
$user->name = $oauth2User['name']; $this->user->name = $this->oauth2User['name'];
$user->save(); $this->user->save();
} }
Filament::auth()->loginUsingId($user->id, false); // Login User by id
Filament::auth()->loginUsingId($this->user->id, false);
// Taken from original LoginClass...
if ( if (
($user instanceof FilamentUser) && ($this->user instanceof FilamentUser) &&
(! $user->canAccessPanel(Filament::getCurrentPanel())) (! $this->user->canAccessPanel(Filament::getCurrentPanel()))
) { ) {
Filament::auth()->logout(); Filament::auth()->logout();
$this->throwFailureValidationException(); $this->throwFailureValidationException();
} }
session()->regenerate(); session()->regenerate();
//Should i update Roles and are there roles? // Handle Role Mapping
$hasRoles = false; $this->handleRoleMapping();
try {
$roles = $user->roles();
if($roles) $hasRoles = true;
}
catch (Exception $e) {
//No Roles. Nothing to do
}
if($hasRoles && config('filament-oauth2.updateRoles') != false) {
//Are there roles in the Token?
$accessToken = explode(".", $accessToken);
if(isset($accessToken[1])) {
$accessToken = json_decode(base64_decode($accessToken[1]));
$clientId = config('filament-oauth2.clientId');
if(isset($accessToken->resource_access) && isset($accessToken->resource_access->$clientId)) {
// Roles are defined. Maybe empty to remove all Roles from user
// TODO: test
if(!isset($accessToken->resource_access->$clientId->roles)) $roles = [];
else $roles = $accessToken->resource_access->$clientId->roles;
$userRoles = $user->roles();
//disconnect roles
foreach ($userRoles as $userRole) {
if(!in_array($userRole, $roles)) {
$user->roles()->detach($userRole);
}
}
// connect or create roles
foreach($roles as $role) {
$existingRole = Role::first('name', '=', $role);
if($existingRole) {
$user->roles()->attach($existingRole->id);
} else {
$newRole = Role::create(['name' => $role]);
$newRole->save();
$user->roles()->attach($newRole);
}
}
}
}
}
return app(LoginResponse::class); return app(LoginResponse::class);
@ -122,6 +87,51 @@ class Oauth2Controller extends Controller
} }
} }
protected function handleRoleMapping(): void
{
if(config('filament-oauth2.updateRoles') != false) {
try {
$roles = $this->user->roles();
if($roles) {
// Are there roles in the Token?
$this->accessToken = explode(".", $this->accessToken);
if(isset($this->accessToken[1])) {
$this->accessToken = json_decode(base64_decode($this->accessToken[1]));
$clientId = config('filament-oauth2.clientId');
if(isset($this->accessToken->resource_access) && isset($this->accessToken->resource_access->$clientId)) {
// Roles are defined. Maybe empty to remove all Roles from user
// TODO: test this without roles
if(!isset($this->accessToken->resource_access->$clientId->roles)) $roles = [];
else $roles = $this->accessToken->resource_access->$clientId->roles;
$userRoles = $this->user->roles();
// Disconnect roles not in the access token any more
foreach ($userRoles as $userRole) {
if(!in_array($userRole, $roles)) {
$this->user->roles()->detach($userRole);
}
}
// Connect or create roles
foreach($roles as $role) {
$existingRole = Role::first('name', '=', $role);
if($existingRole) {
$this->user->roles()->attach($existingRole->id);
} else {
$newRole = Role::create(['name' => $role]);
// needed?
$newRole->save();
$this->user->roles()->attach($newRole);
}
}
}
}
}
}
catch (Exception $e) {
// No Roles. Nothing to do
}
}
}
protected function throwFailureValidationException(): never protected function throwFailureValidationException(): never
{ {
throw ValidationException::withMessages([ throw ValidationException::withMessages([