repman-io · MickaelCa · Sep 8, 2023 · Oct 11, 2024
diff --git a/.env b/.env
@@ -68,6 +68,8 @@ OAUTH_BITBUCKET_CLIENT_ID=
 OAUTH_BITBUCKET_CLIENT_SECRET=
 OAUTH_BUDDY_CLIENT_ID=
 OAUTH_BUDDY_CLIENT_SECRET=
+OAUTH_GOOGLE_CLIENT_ID=
+OAUTH_GOOGLE_CLIENT_SECRET=
 ###< oauth ###
 
 ###> google analytics ###

diff --git a/.env.docker b/.env.docker
@@ -72,6 +72,8 @@ OAUTH_BITBUCKET_CLIENT_ID=
 OAUTH_BITBUCKET_CLIENT_SECRET=
 OAUTH_BUDDY_CLIENT_ID=
 OAUTH_BUDDY_CLIENT_SECRET=
+OAUTH_GOOGLE_CLIENT_ID=
+OAUTH_GOOGLE_CLIENT_SECRET=
 ###< oauth ###
 
 ###> google analytics ###

diff --git a/composer.json b/composer.json
@@ -42,6 +42,7 @@
         "league/flysystem-bundle": "^1.5",
         "league/flysystem-cached-adapter": "^1.1",
         "league/oauth2-github": "^3.0",
+        "league/oauth2-google": "^4.0",
         "m4tthumphrey/php-gitlab-api": "^11.0",
         "munusphp/munus": "^0.4.0",
         "nelmio/api-doc-bundle": "^4.3",

diff --git a/composer.lock b/composer.lock
diff --git a/config/packages/knpu_oauth2_client.yaml b/config/packages/knpu_oauth2_client.yaml
@@ -30,3 +30,9 @@ knpu_oauth2_client:
             redirect_route: register_buddy_check
             redirect_params: {}
             use_state: true
+        google:
+            type: google
+            client_id: '%env(OAUTH_GOOGLE_CLIENT_ID)%'
+            client_secret: '%env(OAUTH_GOOGLE_CLIENT_SECRET)%'
+            redirect_route: register_google_check
+            redirect_params: {}
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -34,6 +34,7 @@ security:
                 - Buddy\Repman\Security\GitLabAuthenticator
                 - Buddy\Repman\Security\BitbucketAuthenticator
                 - Buddy\Repman\Security\BuddyAuthenticator
+                - Buddy\Repman\Security\GoogleAuthenticator
             entry_point: Buddy\Repman\Security\LoginFormAuthenticator
             logout:
                 path: app_logout

diff --git a/config/routes/annotations.yaml b/config/routes/annotations.yaml
@@ -44,3 +44,7 @@ login_bitbucket_check:
 login_buddy_check:
     path: /auth/buddy/check
     schemes: ['%url_scheme%']
+
+login_google_check:
+    path: /auth/google/check
+    schemes: ['%url_scheme%']
diff --git a/config/services.yaml b/config/services.yaml
@@ -102,6 +102,7 @@ services:
                 gitlab: '%env(OAUTH_GITLAB_CLIENT_ID)%'
                 bitbucket: '%env(OAUTH_BITBUCKET_CLIENT_ID)%'
                 buddy: '%env(OAUTH_BUDDY_CLIENT_ID)%'
+                google: '%env(OAUTH_GOOGLE_CLIENT_ID)%'
 
     Buddy\Repman\Service\Security\SecurityChecker\SensioLabsSecurityChecker:
         arguments:

diff --git a/src/Controller/OAuth/GoogleController.php b/src/Controller/OAuth/GoogleController.php
@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Buddy\Repman\Controller\OAuth;
+
+use KnpU\OAuth2ClientBundle\Client\Provider\GoogleClient;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+
+final class GoogleController extends OAuthController
+{
+    /**
+     * @Route("/register/google", name="register_google_start", methods={"GET"})
+     */
+    public function register(): Response
+    {
+        $this->ensureOAuthRegistrationIsEnabled();
+
+        return $this->oauth->getClient('google')->redirect([
+            'openid',
+            'https://www.googleapis.com/auth/userinfo.email',
+            'https://www.googleapis.com/auth/userinfo.profile',
+        ], []);
+    }
+
+    /**
+     * @Route("/auth/google", name="auth_google_start", methods={"GET"})
+     */
+    public function auth(): Response
+    {
+        return $this->oauth
+            ->getClient('google')
+            ->redirect([
+                'openid',
+                'https://www.googleapis.com/auth/userinfo.email',
+                'https://www.googleapis.com/auth/userinfo.profile',
+            ], ['redirect_uri' => $this->generateUrl('login_google_check', [], UrlGeneratorInterface::ABSOLUTE_URL)])
+        ;
+    }
+
+    /**
+     * @Route("/register/google/check", name="register_google_check", methods={"GET"})
+     */
+    public function registerCheck(Request $request, GoogleClient $api): Response
+    {
+        $this->ensureOAuthRegistrationIsEnabled();
+
+        return $this->createAndAuthenticateUser(
+            'google',
+            fn () => $api->fetchUserFromToken($this->oauth->getClient('google')->getAccessToken()->getToken()),
+            $request
+        );
+    }
+}
diff --git a/src/Security/GoogleAuthenticator.php b/src/Security/GoogleAuthenticator.php
@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Buddy\Repman\Security;
+
+use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
+use KnpU\OAuth2ClientBundle\Client\Provider\GoogleClient;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
+use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
+
+final class GoogleAuthenticator extends OAuthAuthenticator
+{
+    private GoogleClient $googleClient;
+
+    public function __construct(ClientRegistry $clientRegistry, GoogleClient $googleClient, RouterInterface $router, UserProvider $userProvider)
+    {
+        $this->clientRegistry = $clientRegistry;
+        $this->googleClient = $googleClient;
+        $this->userProvider = $userProvider;
+        $this->router = $router;
+    }
+
+    public function supports(Request $request): bool
+    {
+        return $request->attributes->get('_route') === 'login_google_check';
+    }
+
+    public function authenticate(Request $request): PassportInterface
+    {
+        $email = $this->googleClient->fetchUserFromToken($this->fetchAccessToken($this->clientRegistry->getClient('google'), $request->attributes->get('_route')))->getEmail();
+        $user = $this->userProvider->loadUserByIdentifier($email);
+
+        return new SelfValidatingPassport(new UserBadge($email, function () use ($user): UserInterface {
+            return $user;
+        }));
+    }
+}
diff --git a/symfony.lock b/symfony.lock
@@ -281,6 +281,9 @@
     "league/oauth2-github": {
         "version": "2.0.0"
     },
+    "league/oauth2-google": {
+        "version": "4.0.0"
+    },
     "m4tthumphrey/php-gitlab-api": {
         "version": "9.17.0"
     },

diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig
@@ -45,6 +45,12 @@
                         Buddy
                     </a>
                 {% endif %}
+
+                {% if oauth_enabled('google') %}
+                    <a href="{{ url('auth_google_start') }}" class="btn btn-github btn-sm">
+                        {% include 'svg/google-icon.svg' %} Google
+                    </a>
+                {% endif %}
             </div>
 
             <hr />

diff --git a/templates/svg/google-icon.svg b/templates/svg/google-icon.svg