From ecc0e8f924f3e78d58df7c0b715fa49f8d588dca Mon Sep 17 00:00:00 2001 From: Maik Schneider Date: Sun, 7 Jan 2024 11:07:05 +0100 Subject: [PATCH 1/6] feat: add trait for token based resource owner --- .../TokenBasedResourceOwnerDetailsTrait.php | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 Classes/ResourceProvider/TokenBasedResourceOwnerDetailsTrait.php diff --git a/Classes/ResourceProvider/TokenBasedResourceOwnerDetailsTrait.php b/Classes/ResourceProvider/TokenBasedResourceOwnerDetailsTrait.php new file mode 100644 index 0000000..9eb6ab7 --- /dev/null +++ b/Classes/ResourceProvider/TokenBasedResourceOwnerDetailsTrait.php @@ -0,0 +1,29 @@ +getValues(); + return (array)json_decode(base64_decode(str_replace('_', '/', str_replace('-', '+', explode('.', $tokenValues['id_token'])[1])))); + } +} From 3b1e981d1e3259aa650fb008c601d93d2409719b Mon Sep 17 00:00:00 2001 From: Maik Schneider Date: Sun, 7 Jan 2024 11:07:34 +0100 Subject: [PATCH 2/6] feat: add trait for resource owner that uses the sub id --- .../ResourceProvider/SubResourceOwnerIdTrait.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Classes/ResourceProvider/SubResourceOwnerIdTrait.php diff --git a/Classes/ResourceProvider/SubResourceOwnerIdTrait.php b/Classes/ResourceProvider/SubResourceOwnerIdTrait.php new file mode 100644 index 0000000..8cb69a8 --- /dev/null +++ b/Classes/ResourceProvider/SubResourceOwnerIdTrait.php @@ -0,0 +1,14 @@ + Date: Sun, 7 Jan 2024 11:08:18 +0100 Subject: [PATCH 3/6] feat: add AuthentikResourceProvider and AuthentikResourceResolver --- .../AuthentikResourceProvider.php | 12 ++++ .../AuthentikResourceResolver.php | 60 +++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 Classes/ResourceProvider/AuthentikResourceProvider.php create mode 100644 Classes/ResourceResolver/AuthentikResourceResolver.php diff --git a/Classes/ResourceProvider/AuthentikResourceProvider.php b/Classes/ResourceProvider/AuthentikResourceProvider.php new file mode 100644 index 0000000..05c45e2 --- /dev/null +++ b/Classes/ResourceProvider/AuthentikResourceProvider.php @@ -0,0 +1,12 @@ +getRemoteUser()->toArray(); + + if (!$beUser['username'] && $remoteUser['email']) { + $beUser['username'] = strtolower($remoteUser['email']); + } + + if ($remoteUser['email']) { + $beUser['email'] = strtolower($remoteUser['email']); + } + + $beUser['disable'] = 0; + + if (!$beUser['realName']) { + $beUser['realName'] = $remoteUser['name']; + } + } + + public function resolveProfileImage(): ?string + { + $remoteUser = $this->getRemoteUser()->toArray(); + + if (!isset($remoteUser['avatar']) || !$remoteUser['avatar']) { + return null; + } + + $base64Parts = GeneralUtility::trimExplode(',', $remoteUser['avatar']); + + return base64_decode($base64Parts[1]) ?: null; + } + + public function updateFrontendUser(array &$feUser): void + { + $remoteUser = $this->getRemoteUser()->toArray(); + + if (!$feUser['username'] && $remoteUser['email']) { + $feUser['username'] = strtolower($remoteUser['email']); + } + + if ($remoteUser['email']) { + $feUser['email'] = strtolower($remoteUser['email']); + } + + $feUser['disable'] = 0; + + if (!$feUser['name']) { + $feUser['name'] = $remoteUser['name']; + } + } +} From fdcc27f4ece82b2bafecaafeb0a564eebd2e73a4 Mon Sep 17 00:00:00 2001 From: Maik Schneider Date: Sun, 7 Jan 2024 11:08:37 +0100 Subject: [PATCH 4/6] feat: use trait in MicrosoftResourceProvider --- Classes/ResourceProvider/MicrosoftResourceProvider.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/Classes/ResourceProvider/MicrosoftResourceProvider.php b/Classes/ResourceProvider/MicrosoftResourceProvider.php index 58f25ca..0ccc313 100644 --- a/Classes/ResourceProvider/MicrosoftResourceProvider.php +++ b/Classes/ResourceProvider/MicrosoftResourceProvider.php @@ -3,13 +3,8 @@ namespace Xima\XimaOauth2Extended\ResourceProvider; use League\OAuth2\Client\Provider\GenericProvider; -use League\OAuth2\Client\Provider\GenericResourceOwner; -use League\OAuth2\Client\Token\AccessToken; class MicrosoftResourceProvider extends GenericProvider { - protected function createResourceOwner(array $response, AccessToken $token) - { - return new GenericResourceOwner($response, 'sub'); - } + use SubResourceOwnerIdTrait; } From 600947eee7f6435fd77b0303d317ec64db5cc63e Mon Sep 17 00:00:00 2001 From: Maik Schneider Date: Sun, 7 Jan 2024 11:21:38 +0100 Subject: [PATCH 5/6] fix: phpstan & phpfixer --- .../AuthentikResourceResolver.php | 1 - phpstan-baseline.neon | 20 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/Classes/ResourceResolver/AuthentikResourceResolver.php b/Classes/ResourceResolver/AuthentikResourceResolver.php index 4772eee..7add03b 100644 --- a/Classes/ResourceResolver/AuthentikResourceResolver.php +++ b/Classes/ResourceResolver/AuthentikResourceResolver.php @@ -2,7 +2,6 @@ namespace Xima\XimaOauth2Extended\ResourceResolver; -use TYPO3\CMS\Core\Http\RequestFactory; use TYPO3\CMS\Core\Utility\GeneralUtility; class AuthentikResourceResolver extends GenericResourceResolver implements ProfileImageResolverInterface diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon index f46ff42..014505a 100644 --- a/phpstan-baseline.neon +++ b/phpstan-baseline.neon @@ -1,10 +1,30 @@ parameters: ignoreErrors: + - + message: "#^Method Xima\\\\XimaOauth2Extended\\\\ResourceProvider\\\\AuthentikResourceProvider\\:\\:createResourceOwner\\(\\) has parameter \\$response with no value type specified in iterable type array\\.$#" + count: 1 + path: Classes/ResourceProvider/AuthentikResourceProvider.php + + - + message: "#^Method Xima\\\\XimaOauth2Extended\\\\ResourceProvider\\\\AuthentikResourceProvider\\:\\:fetchResourceOwnerDetails\\(\\) return type has no value type specified in iterable type array\\.$#" + count: 1 + path: Classes/ResourceProvider/AuthentikResourceProvider.php + - message: "#^Method Xima\\\\XimaOauth2Extended\\\\ResourceProvider\\\\MicrosoftResourceProvider\\:\\:createResourceOwner\\(\\) has parameter \\$response with no value type specified in iterable type array\\.$#" count: 1 path: Classes/ResourceProvider/MicrosoftResourceProvider.php + - + message: "#^Method Xima\\\\XimaOauth2Extended\\\\ResourceResolver\\\\AuthentikResourceResolver\\:\\:updateBackendUser\\(\\) has parameter \\$beUser with no value type specified in iterable type array\\.$#" + count: 1 + path: Classes/ResourceResolver/AuthentikResourceResolver.php + + - + message: "#^Method Xima\\\\XimaOauth2Extended\\\\ResourceResolver\\\\AuthentikResourceResolver\\:\\:updateFrontendUser\\(\\) has parameter \\$feUser with no value type specified in iterable type array\\.$#" + count: 1 + path: Classes/ResourceResolver/AuthentikResourceResolver.php + - message: "#^Method Xima\\\\XimaOauth2Extended\\\\ResourceResolver\\\\GenericResourceResolver\\:\\:updateBackendUser\\(\\) has parameter \\$beUser with no value type specified in iterable type array\\.$#" count: 1 From 77445eef5a6291f0325e2dc8d80b0a377d76c7f7 Mon Sep 17 00:00:00 2001 From: Maik Schneider Date: Sun, 7 Jan 2024 14:53:12 +0100 Subject: [PATCH 6/6] docs: add infos about authentik --- README.md | 45 +++++++++++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index d16b55f..b90a7c5 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ for on-the-fly user creation. ## New resource provider * `MicrosoftResourceProvider` +* `AuthentikResourceProvider` ## TYPO3 user creation @@ -70,6 +71,7 @@ variations in features. |---------------------------|:-------------:|:---------------:|:--------------:| | GenericResourceResolver | ✅ | 🚫 | 🚫 | | MicrosoftResourceResolver | ✅ | ✅ (BE only) | ✅ (BE only) | +| AuthentikResourceResolver | ✅ | ✅ (BE only) | 🚫 | | GitlabResourceResolver | ✅ | 🚫 | 🚫 | ## Extended resource resolver options @@ -94,7 +96,10 @@ The extension provides customizable options to tailor the resolver's behavior: ## FAQ -### Register Return-URLs +
+ +Register Return-URLs + For the backend login the return url looks like this: @@ -103,8 +108,12 @@ https://domain.de/typo3/login?loginProvider=1616569531&oauth2-provider=yourProvi ``` Replace `domain.de` and `yourProviderId` with your data! +
-### Login not working +
+ +Login not working + Make sure `cookieSameSite` is set to `lax`. @@ -113,7 +122,12 @@ $GLOBALS['TYPO3_CONF_VARS']['BE']['cookieSameSite'] = 'lax'; $GLOBALS['TYPO3_CONF_VARS']['FE']['cookieSameSite'] = 'lax'; ``` -### Order of login provider +
+ +
+ +Order of login provider + To change the order of provider displayed at the `/typo3` login page (OAuth login over classic username/password), use the following snippet: @@ -122,7 +136,12 @@ login over classic username/password), use the following snippet: $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['backend']['loginProviders']['1616569531']['sorting'] = 75; ``` -### Usage in TYPO3v12 +
+ +
+ +Usage in TYPO3v12 + The TYPO3 extension [waldhacker/ext-oauth2-client](https://github.com/waldhacker/ext-oauth2-client) @@ -132,14 +151,16 @@ makes the trick. To use it, adjust your `composer.json`: ```json { - "repositories": [ - { - "url": "https://github.com/maikschneider/ext-oauth2-client.git", - "type": "git" - } - ], - "require": { - "waldhacker/typo3-oauth2-client": "dev-feature/v12-compatibility-1" + "repositories": [ + { + "url": "https://github.com/maikschneider/ext-oauth2-client.git", + "type": "git" } + ], + "require": { + "waldhacker/typo3-oauth2-client": "dev-feature/v12-compatibility-1" + } } ``` + +
\ No newline at end of file