custom/static-plugins/WabsAuth/src/Controller/OAuthController.php line 219

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace WabsAuth\Controller;
  5. use Exception;
  6. use Shopware\Core\Checkout\Customer\Event\CustomerLoginEvent;
  7. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLogoutRoute;
  8. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  9. use Shopware\Core\Framework\Validation\DataBag\RequestDataBag;
  10. use Shopware\Core\Framework\Validation\Exception\ConstraintViolationException;
  11. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextRestorer;
  12. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  13. use Shopware\Core\System\SystemConfig\SystemConfigService;
  14. use Shopware\Storefront\Controller\StorefrontController;
  15. use Shopware\Storefront\Framework\Captcha\Annotation\Captcha;
  16. use Symfony\Component\HttpFoundation\RedirectResponse;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpFoundation\Response;
  19. use Symfony\Component\HttpFoundation\Session\Session;
  20. use Symfony\Component\Routing\Annotation\Route;
  21. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  22. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  23. use WabsAuth\Helper\AuthHelper;
  24. use WabsAuth\Helper\DebugHelper;
  27. /**
  28.  * @RouteScope(scopes={"storefront"})
  29.  */
  30. class OAuthController extends StorefrontController
  31. {
  32.     /**
  33.      * @var Session
  34.      */
  35.     private $session;
  36.     /**
  37.      * @var EventDispatcherInterface
  38.      */
  39.     private $eventDispatcher;
  40.     /**
  41.      * @var AuthHelper
  42.      */
  43.     private $authHelper;
  44.     /**
  45.      * @var SalesChannelContextRestorer
  46.      */
  47.     private $contextRestorer;
  48.     /**
  49.      * @var DebugHelper
  50.      */
  51.     private $logger;
  52.     /**
  53.      * @var SystemConfigService
  54.      */
  55.     private $systemConfig;
  56.     /**
  57.      * @var AbstractLogoutRoute
  58.      */
  59.     private $logoutRoute;
  61.     /**
  62.      * OAuthController constructor.
  63.      * @param Session $session
  64.      * @param SalesChannelContextRestorer $contextRestorer
  65.      * @param EventDispatcherInterface $eventDispatcher
  66.      * @param AuthHelper $authHelper
  67.      * @param SystemConfigService $systemConfig
  68.      * @param AbstractLogoutRoute $logoutRoute
  69.      * @param DebugHelper $logger
  70.      */
  71.     public function __construct(
  72.         Session $session,
  73.         SalesChannelContextRestorer $contextRestorer,
  74.         EventDispatcherInterface $eventDispatcher,
  75.         AuthHelper $authHelper,
  76.         SystemConfigService $systemConfig,
  77.         AbstractLogoutRoute $logoutRoute,
  78.         DebugHelper $logger
  79.     ) {
  80.         $this->session $session;
  81.         $this->eventDispatcher $eventDispatcher;
  82.         $this->authHelper $authHelper;
  83.         $this->contextRestorer $contextRestorer;
  84.         $this->logger $logger;
  85.         $this->systemConfig $systemConfig;
  86.         $this->logoutRoute $logoutRoute;
  87.     }
  89.     /**
  90.      * @Route("/account/oauth/callback", name="frontend.account.oauth.callback", options={"seo"="false"}, methods={"GET"})
  91.      */
  92.     public function callback(Request $requestSalesChannelContext $context): Response
  93.     {
  94.         $receivedValidationCode $request->query->get('code');
  95.         $receivedState $request->query->get('state');
  97.         $redirectRoute $this->session->get('oauth_redirect_to');
  98.         $responseType $this->session->get('oauth_reponse_type');
  99.         $currentState $this->session->get('oauthState');
  101.         $this->session->remove('oauthState');
  102.         $this->session->remove('oauth_redirect_to');
  103.         $this->session->remove('oauth_reponse_type');
  105.         $this->logger->debug('OAuthController | Callback Function Begin.');
  107.         if (!isset($currentState)) {
  108.             $this->logger->debug('OAuthController | No currentState was set.');
  109.             if( $redirectRoute ) {
  110.                 return $this->redirect($redirectRoute . (preg_match("/\?/"$redirectRoute) ? '&' '?') . http_build_query(['error' => 'No state']) );
  111.             } else {
  112.                 return $this->redirectToRoute('frontend.account.login.page');
  113.             }
  114.         }
  116.         if (!isset($receivedState) || $currentState != $receivedState) {
  117.             $this->logger->debug('OAuthController | The current state and the received state do not match.');
  118.             if( $redirectRoute ) {
  119.                 return $this->redirect($redirectRoute . (preg_match("/\?/"$redirectRoute) ? '&' '?') . http_build_query(['error' => 'State does not match']) );
  120.             } else {
  121.                 $this->addFlash('danger''Ihr Authentifizierungsstatus stimmt nicht mit dem gelieferten Status überein!');
  122.                 return $this->redirectToRoute('frontend.home.page');
  123.             }
  124.         }
  126.         $provider $this->authHelper->getProvider();
  127.         try {
  128.             // Make the token request
  129.             $this->logger->debug('OAuthController | Try to get Token.');
  130.             $accessToken $provider->getAccessToken('authorization_code', [
  131.                 'code' => $receivedValidationCode
  132.             ]);
  133.             $this->logger->debug('OAuthController | Token success: ' json_encode($accessToken));
  135.             $this->logger->debug('OAuthController | Try to get owner data.');
  136.             $owner $provider->getResourceOwner($accessToken);
  137.             $ownerData $owner->toArray();
  138.             $this->logger->debug('OAuthController | OwnerData: ' json_encode($ownerData));
  140.             // Make user register if not already registered
  141.             // Save users API ID to check for existence
  142.             $customer $this->authHelper->getCustomer($ownerData$accessToken->getToken(), $context);
  143.             if (!$customer) {
  144.                 $this->logger->debug('OAuthController | No customer returned.');
  145.                 if( $redirectRoute ) {
  146.                     return $this->redirect($redirectRoute . (preg_match("/\?/"$redirectRoute) ? '&' '?') . http_build_query(['error' => 'No customer']) );
  147.                 } else {
  148.                     $this->addFlash('danger',
  149.                         'Wir konnten Sie leider nicht einloggen. Bitte versuchen Sie es zu einem späteren Zeitpunkt erneut.');
  150.                     return $this->redirectToRoute('frontend.home.page');
  151.                 }
  152.             }
  154.             $this->session->set('oauth_access_token'$accessToken);
  155.             $this->session->set('oauth_data'$ownerData);
  157.             $context $this->contextRestorer->restore($customer->getId(), $context);
  158.             $newToken $context->getToken();
  160.             // Customer is now logged in and has the default channel group!
  161.             $event = new CustomerLoginEvent($context$customer$newToken);
  162.             $this->eventDispatcher->dispatch($event);
  164.             $this->logger->debug('OAuthController | Callback Function End.');
  166.             if ($redirectRoute) {
  167.                 return $this->redirect($redirectRoute . ( $responseType === 'code' ? (preg_match("/\?/"$redirectRoute) ? '&' '?') . http_build_query(['code' => $newToken]) : '' ) );
  168.             }
  170.             if (!($customer->getGroup()->getName() != 'GC')) {
  171.                 $this->addFlash('success''Login erfolgreich!');
  172.             }
  174.             return new RedirectResponse(
  175.                 $this->generateUrl('frontend.home.page', ( $responseType === 'code' ? ['code' => $newToken] : [] )),
  176.                 302,
  177.                 ['Cache-Control' => 'no-cache']);
  178.         } catch (Exception $e) {
  179.             $this->logger->error('[OAuth] Login: ' $e->getMessage());
  180.             $this->logger->error('[OAuth] Login: ' $e->getTraceAsString());
  181.             $request->getSession()->invalidate();
  182.             $this->logger->debug('OAuthController | Callback Function End Exception.');
  183.             if( $redirectRoute ) {
  184.                 return $this->redirect($redirectRoute . (preg_match("/\?/"$redirectRoute) ? '&' '?') . http_build_query(['error' => $e->getMessage()]) );
  185.             } else {
  186.                 $this->addFlash(
  187.                     'danger',
  188.                     'Wir konnten Sie leider nicht einloggen. Bitte versuchen Sie es zu einem späteren Zeitpunkt erneut. Bitte prüfen Sie auch die Vollständigkeit Ihrer Daten Ihres IGM-Accounts.'
  189.                 );
  190.                 return $this->redirectToRoute('frontend.home.page');
  191.             }
  192.         }
  193.     }
  195.     /**
  196.      * @Route("/account/oauth/redirect", name="frontend.account.oauth.redirect", options={"seo"="false"}, methods={"GET"})
  197.      */
  198.     public function oAuthRedirect(Request $requestSalesChannelContext $context)
  199.     {
  200.         $provider $this->authHelper->getProvider();
  202.         // First get URL to generate the state and then save the state to the session
  203.         $url $provider->getAuthorizationUrl();
  204.         $this->session->set('oauthState'$provider->getState());
  206.         if( $request->query->get('response_type')) {
  207.             $this->session->set('oauth_reponse_type'$request->query->get('response_type') );
  208.         }
  210.         if( $request->query->get('redirect_to')) {
  211.             $this->session->set('oauth_redirect_to'$request->query->get('redirect_to') );
  212.         }
  214.         if( $request->query->get('auto_group') ) {
  215.             $this->session->set('oauth_auto_group'$request->query->get('auto_group') );
  216.         }
  218.         if( $request->query->get('force_auto_group') ) {
  219.             $this->session->set('oauth_force_auto_group', (bool)$request->query->get('force_auto_group')  );
  220.         }
  222.         return $this->redirect($url);
  223.     }
  225.     /**
  226.      * @Route("/account/register", name="frontend.account.register.save", methods={"POST"})
  227.      * @Captcha
  228.      */
  229.     public function register(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  230.     {
  231.         // we don't let ppl register normally! so we don't need this route
  232.         return $this->redirectToRoute('frontend.home.page');
  233.     }
  235.     /**
  236.      * @Route("/account/profile", name="frontend.account.profile.save", methods={"POST"})
  237.      */
  238.     public function saveProfile(RequestDataBag $dataSalesChannelContext $context): Response
  239.     {
  240.         // buttons already removed. there should be no possible way to change profile information from controller
  241.         return $this->redirectToRoute('frontend.home.page');
  242.     }
  244.     /**
  245.      * Route to change
  246.      *
  247.      * @Route("/account/group/change", name="frontend.account.group.change", methods={"GET"})
  248.      */
  249.     public function changeGroup(Request $requestSalesChannelContext $context): Response
  250.     {
  251.         try {
  252.             $this->logger->debug('OAuthController | ChangeGroup Function Begin.');
  253.             $redirectRoute $this->session->get('oauth_redirect_to');
  255.             // Get selected group and load customer group (not yet loaded by default)
  256.             $selectedGroup $request->query->get('group-selection');
  257.             $customer $this->authHelper->loadCustomerGroupToCustomer($context->getCustomer(), $context);
  259.             // Check if user is allowed to change group and to use the transmitted group
  260.             if ($this->authHelper->checkAllowedGroups($selectedGroup$customer)) {
  261.                 $customFields $customer->getCustomFields();
  263.                 // Check if we have all needed Data in customer->customFields
  264.                 if (!array_key_exists('igm_session_token'$customFields) ||
  265.                     !array_key_exists('igm_groups'$customFields) ||
  266.                     !array_key_exists('access_token'$customFields) ||
  267.                     !array_key_exists('igm_account_data'$customFields)) {
  268.                     $this->logger->debug('OAuthController | ChangeGroup | Array keys missing from customFields: ' $customFields);
  269.                     throw new Exception('Not enough data saved to the customer.');
  270.                 }
  272.                 // Replicate the needed data array for the update process
  273.                 $data = [
  274.                     'igm_session_token' => $customFields['igm_session_token'],
  275.                     'igm_account_data' => $customFields['igm_account_data']
  276.                 ];
  277.                 $igmGroups $customFields['igm_groups'];
  278.                 $accessToken $customFields['access_token'];
  280.                 // Check User group
  281.                 $customerGroupId $this->authHelper->loadCustomerGroupId($selectedGroup$context);
  282.                 if (empty($customerGroupId)) {
  283.                     $this->logger->debug('AuthHelper | No Valid Group for customer with number: ' $customer->getCustomerNumber());
  284.                     throw new Exception('No valid Group for customer.');
  285.                 }
  287.                 // User is allowed, so try to set the group
  288.                 $this->authHelper->updateCustomer($customer$data$customerGroupId$igmGroups$accessToken,
  289.                     $context);
  291.                 if ($this->authHelper->organizationAddressFlag) {
  292.                     return $this->redirectToRoute('frontend.account.logout.page', ['organizationAddressFlag' => true]);
  293.                 }
  295.                 $this->logger->debug('OAuthController | ChangeGroup Function End.');
  296.                 if ($redirectRoute) {
  297.                     return $this->redirect($redirectRoute);
  298.                 }
  299.                 return $this->redirectToRoute('frontend.home.page');
  300.             }
  301.         } catch (Exception $e) {
  302.             $this->logger->error('[OAuth] Login: ' $e->getMessage());
  303.             $this->logger->error('[OAuth] Login: ' $e->getTraceAsString());
  304.             $request->getSession()->invalidate();
  305.             $this->addFlash(
  306.                 'danger',
  307.                 'Wir konnten Sie leider nicht einloggen. Bitte versuchen Sie es zu einem späteren Zeitpunkt erneut. Bitte prüfen Sie auch die Vollständigkeit Ihrer Daten Ihres IGM-Accounts.'
  308.             );
  309.             $this->logger->debug('OAuthController | ChangeGroup Function Exception.');
  310.             return $this->redirectToRoute('frontend.home.page');
  311.         }
  313.         // User tried to login to a group that he has no permission for
  314.         // Might be wise to add logging for this kind of user, because they try to hack us...
  315.         $this->addFlash('error''Sie haben keine Berechtigung für diese Gruppe.');
  316.         $redirectRoute $this->session->get('oauth_redirect_to');
  317.         $this->logger->debug('OAuthController | ChangeGroup Function Error.');
  318.         return $this->redirectToRoute($redirectRoute ?? 'frontend.home.page');
  319.     }
  321.     /**
  322.      * @Route("/account/logout", name="frontend.account.logout.page", methods={"GET"})
  323.      */
  324.     public function logout(Request $requestSalesChannelContext $context): Response
  325.     {
  326.         $parameters = [];
  327.         $redirectTo $request->query->get('redirect_to') ? $request->query->get('redirect_to') : null;
  329.         if ($context->getCustomer() !== null) {
  331.             try {
  332.                 $this->logoutRoute->logout($context, new RequestDataBag());
  333.                 $salesChannelId $context->getSalesChannel()->getId();
  335.                 if ($request->hasSession() && $this->systemConfig->get(
  336.                         'core.loginRegistration.invalidateSessionOnLogOut',
  337.                         $salesChannelId)) {
  338.                     $request->getSession()->invalidate();
  339.                 }
  341.                 if (!$redirectTo) {
  342.                     if ($request->get('organizationAddressFlag')) {
  343.                         $this->addFlash('danger'$this->systemConfig->get('WabsAuth.config.invalidOrganizationAddressErrorMessage'));
  344.                     }
  346.                     $this->addFlash('success'$this->trans('account.logoutSucceeded'));
  347.                 }
  349.             } catch (ConstraintViolationException $formViolations) {
  350.                 $parameters = ['formViolations' => $formViolations];
  351.             }
  353.         }
  355.         if( $redirectTo $redirectTo .= (preg_match("/\?/"$redirectTo) ? '&' '?') . http_build_query($parameters);
  357.         /** Edit: Changed Redirect URL to KeyCloak Service if set*/
  358.         $logoutUrl $this->systemConfig->get('WabsAuth.config.urlLogout');
  359.         if (!$logoutUrl) {
  360.             if( $redirectTo ) {
  361.                 return $this->redirect($redirectTo);
  362.             } else {
  363.                 return $this->redirectToRoute('frontend.home.page'$parameters);
  364.             }
  365.         }
  367.         return $this->redirect($logoutUrl '?redirect_uri=' . ( $redirectTo $redirectTo $this->generateUrl('frontend.home.page',
  368.                 $parametersUrlGeneratorInterface::ABSOLUTE_URL)));
  369.         /** END EDIT */
  370.     }
  372. }