Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logical authorization bug #85

Open
WagnerPMC opened this issue Mar 15, 2022 · 1 comment
Open

Logical authorization bug #85

WagnerPMC opened this issue Mar 15, 2022 · 1 comment

Comments

@WagnerPMC
Copy link

WagnerPMC commented Mar 15, 2022
edited
Loading

Hello there!

Please see

oauth2-server-bundle/src/Controller/AuthorizationController.php

Line 106 in 7b25756

$authRequest->setUser($this->userConverter->toLeague($event->getUser()));

This is where we convert the Symfony UserInterface into a League UserEntityInterface

I think it would be more correct to remove this transformation, and in the getUser() and setUser() methods of the AuthorizationRequestResolveEvent event we need to pass only League UserEntityInterface, and the task of transforming the current user into League UserEntityInterface should be passed to the programmer

I should also point out that we do not need to use a Symfony user to release an access_token, because we can also have Telegram users as separate entities in addition to them.

So it would be more correct to assign UserEntityInterface directly to the line I specified, instead of redoing the Symfony UserInterface object

upd. Also within this Issue, in my opinion, it is necessary to detach the AuthorizationRequestUserResolvingListener
@ajgarlag
Copy link
Contributor

I think you are proposing an advanced use case that can be implemented by overriding some defaults.

I think it would be more correct to remove this transformation, and in the getUser() and setUser() methods of the AuthorizationRequestResolveEvent event we need to pass only League UserEntityInterface, and the task of transforming the current user into League UserEntityInterface should be passed to the programmer

The programmer can control the transformation from Symfony UserInterface into League UserEntityInterface implementing a custom UserConverterInterface and defining it in the Symfony container.

I should also point out that we do not need to use a Symfony user to release an access_token, because we can also have Telegram users as separate entities in addition to them.

You could transform your Telegram user entity class to implement the Symfony UserInterface and create a custom league.oauth2_server.event.authorization_request_resolve listener that injects your Telegram user entity into the event.

upd. Also within this Issue, in my opinion, it is necessary to detach the AuthorizationRequestUserResolvingListener
You can implement a custom

If the custom event listener is executed after the AuthorizationRequestUserResolvingListener you can overwrite the UserInterface set into the event.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ajgarlag @WagnerPMC