OXDEV-9889 Implement provider collector, datatype

Author: NikolaIvanovski

metadata.php

@@ -9,6 +9,7 @@
  * Metadata version
  */
 
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ModuleSettingsService;
 use OxidEsales\SecurityModule\PasswordPolicy\Service\ModuleSettingsService as PasswordPolicyModuleSettings;
 use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsService as CaptchaModuleSettings;
 use OxidEsales\SecurityModule\Core\Module;
@@ -109,6 +110,32 @@
             'type'  => 'select',
             'constraints' => '5min|15min|30min',
             'value' => '15min'
-        ]
+        ],
+
+        //OAuth2 settings
+        [
+            'group' => 'oauth',
+            'name'  => ModuleSettingsService::FACEBOOK_ACTIVE,
+            'type'  => 'bool',
+            'value' => false
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => ModuleSettingsService::FACEBOOK_CLIENT_ID,
+            'type'  => 'string',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => ModuleSettingsService::FACEBOOK_CLIENT_SECRET,
+            'type'  => 'string',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => ModuleSettingsService::FACEBOOK_REDIRECT_URL,
+            'type'  => 'string',
+            'value' => ''
+        ],
     ],
 ];

services.yaml

@@ -1,6 +1,7 @@
 imports:
   - { resource: src/Captcha/services.yaml }
   - { resource: src/PasswordPolicy/services.yaml }
+  - { resource: src/Authentication/services.yaml }
 
 services:
   _defaults:

src/Authentication/OAuth2/DataType/UserDataType.php

@@ -0,0 +1,35 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\DataType;
+
+class UserDataType implements UserDataTypeInterface
+{
+    public function __construct(
+        private readonly string $firstName,
+        private readonly string $lastName,
+        private readonly string $email,
+    ) {
+    }
+
+    public function getFirstName(): string
+    {
+        return $this->firstName;
+    }
+
+    public function getLastName(): string
+    {
+        return $this->lastName;
+    }
+
+    public function getEmail(): string
+    {
+        return $this->email;
+    }
+}

src/Authentication/OAuth2/DataType/UserDataTypeInterface.php

@@ -0,0 +1,17 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\DataType;
+
+interface UserDataTypeInterface
+{
+    public function getFirstName(): string;
+
+    public function getLastName(): string;
+
+    public function getEmail(): string;
+}

src/Authentication/OAuth2/Service/ModuleSettingsService.php

@@ -0,0 +1,56 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
+
+use OxidEsales\EshopCommunity\Internal\Framework\Module\Facade\ModuleSettingServiceInterface;
+use OxidEsales\SecurityModule\Core\Module;
+
+class ModuleSettingsService implements ModuleSettingsServiceInterface
+{
+    public const FACEBOOK_ACTIVE = 'oeSecurityFacebookEnable';
+    public const FACEBOOK_CLIENT_ID = 'oeSecurityFacebookClientId';
+    public const FACEBOOK_CLIENT_SECRET = 'oeSecurityFacebookSecret';
+    public const FACEBOOK_REDIRECT_URL = 'oeSecurityFacebookRedirectUrl';
+
+    public function __construct(
+        private readonly ModuleSettingServiceInterface $moduleSettingService
+    ) {
+    }
+
+    public function isFacebookActive(): bool
+    {
+        return $this->moduleSettingService->getBoolean(self::FACEBOOK_ACTIVE, Module::MODULE_ID);
+    }
+
+    public function getFacebookClientId(): string
+    {
+        return $this->getStringValue(self::FACEBOOK_CLIENT_ID);
+    }
+
+    public function getFacebookClientSecret(): string
+    {
+        return $this->getStringValue(self::FACEBOOK_CLIENT_SECRET);
+    }
+
+    public function getFacebookRedirectUrl(): string
+    {
+        return $this->getStringValue(self::FACEBOOK_REDIRECT_URL);
+    }
+
+    private function getStringValue(string $key): string
+    {
+        return $this->moduleSettingService->getString(
+            $key,
+            Module::MODULE_ID
+        )
+        ->trim()
+        ->toString();
+    }
+}

src/Authentication/OAuth2/Service/ModuleSettingsServiceInterface.php

@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
+
+use Symfony\Component\String\UnicodeString;
+
+interface ModuleSettingsServiceInterface
+{
+    public function isFacebookActive(): bool;
+
+    public function getFacebookClientId(): string;
+
+    public function getFacebookClientSecret(): string;
+
+    public function getFacebookRedirectUrl(): string;
+}

src/Authentication/OAuth2/Service/Provider/Facebook/Facebook.php

@@ -0,0 +1,71 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service\Provider\Facebook;
+
+use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Token\AccessTokenInterface;
+use League\OAuth2\Client\Provider\Facebook as FacebookProvider;
+use OxidEsales\SecurityModule\Authentication\OAuth2\DataType\UserDataType;
+use OxidEsales\SecurityModule\Authentication\OAuth2\DataType\UserDataTypeInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ModuleSettingsServiceInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\Provider\ProviderInterface;
+
+class Facebook implements ProviderInterface
+{
+    private FacebookProvider $facebookProvider;
+
+    public function __construct(
+        private readonly ModuleSettingsServiceInterface $moduleSettings,
+    ) {
+    }
+
+    public function getName(): string
+    {
+        return 'facebook';
+    }
+
+    public function getClient(): AbstractProvider
+    {
+        $this->facebookProvider = new FacebookProvider([
+            'clientId'        => $this->moduleSettings->getFacebookClientId(),
+            'clientSecret'    => $this->moduleSettings->getFacebookClientSecret(),
+            'redirectUri'     => $this->moduleSettings->getFacebookRedirectUrl(),
+            'graphApiVersion' => 'v2.10',
+        ]);
+
+        return $this->facebookProvider;
+    }
+
+    public function getAuthorizationUrl(string $state): string
+    {
+        return $this->facebookProvider->getAuthorizationUrl(['state' => $state]);
+    }
+
+    public function getAccessToken(string $code): AccessTokenInterface
+    {
+        return $this->facebookProvider->getAccessToken('authorization_code', ['code' => $code]);
+    }
+
+    public function getUserInfo(AccessTokenInterface $token): UserDataTypeInterface
+    {
+        //todo: move to service
+        $user = $this->facebookProvider->getResourceOwner($token);
+
+        return new UserDataType(
+            $user->getFirstName(),
+            $user->getLastName(),
+            $user->getEmail(),
+        );
+    }
+
+    public function validateToken(AccessTokenInterface $token): bool
+    {
+    }
+}

src/Authentication/OAuth2/Service/Provider/ProviderInterface.php

@@ -4,6 +4,7 @@
 
 use League\OAuth2\Client\Provider\AbstractProvider;
 use League\OAuth2\Client\Token\AccessTokenInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\DataType\UserDataTypeInterface;
 
 interface ProviderInterface
 {
@@ -33,7 +34,7 @@ public function getAccessToken(string $code): AccessTokenInterface;
      * Fetch user information (claims) from the provider using the access token.
      * Should return standardized data: id, email, name, avatar, etc.
      */
-    public function getUserInfo(AccessTokenInterface $token): array;
+    public function getUserInfo(AccessTokenInterface $token): UserDataTypeInterface;
 
     /**
      * Validate the provider response.

src/Authentication/OAuth2/Service/ProviderCollector.php

@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
+
+class ProviderCollector implements ProviderCollectorInterface
+{
+    public function __construct(
+        protected iterable $providers,
+    ) {
+    }
+
+    public function getProviders(): iterable
+    {
+        return $this->providers;
+    }
+}

src/Authentication/OAuth2/services.yaml

@@ -0,0 +1,17 @@
+services:
+  _defaults:
+    public: false
+    autowire: true
+
+  OxidEsales\SecurityModule\Authentication\OAuth2\Service\ModuleSettingsServiceInterface:
+    class: OxidEsales\SecurityModule\Authentication\OAuth2\Service\ModuleSettingsService
+    public: true
+
+  OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderCollectorInterface:
+    class: OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderCollector
+    public: true
+    arguments:
+      $providers: !tagged 'security.oauth.tag.provider'
+
+  OxidEsales\SecurityModule\Authentication\OAuth2\Service\Provider\Facebook\Facebook:
+    tags: [ 'security.oauth.tag.provider' ]