OXDEV-9889 Login or create user with facebook

NikolaIvanovski · NikolaIvanovski · commit 95da753c20b7 · 2025-11-10T15:32:02.000+02:00
diff --git a/metadata.php b/metadata.php
@@ -40,7 +40,9 @@
     ],
     'controllers' => [
         'captcha' => \OxidEsales\SecurityModule\Captcha\Controller\CaptchaController::class,
-        'password' => \OxidEsales\SecurityModule\PasswordPolicy\Controller\PasswordAjaxController::class
+        'password' => \OxidEsales\SecurityModule\PasswordPolicy\Controller\PasswordAjaxController::class,
+
+        'oauth' => \OxidEsales\SecurityModule\Authentication\OAuth2\Controller\OAuthController::class
     ],
     'templates'   => [
     ],
@@ -122,19 +124,19 @@
         [
             'group' => 'oauth',
             'name'  => ModuleSettingsService::FACEBOOK_CLIENT_ID,
-            'type'  => 'string',
+            'type'  => 'str',
             'value' => ''
         ],
         [
             'group' => 'oauth',
             'name'  => ModuleSettingsService::FACEBOOK_CLIENT_SECRET,
-            'type'  => 'string',
+            'type'  => 'str',
             'value' => ''
         ],
         [
             'group' => 'oauth',
             'name'  => ModuleSettingsService::FACEBOOK_REDIRECT_URL,
-            'type'  => 'string',
+            'type'  => 'str',
             'value' => ''
         ],
     ],
diff --git a/src/Authentication/OAuth2/Controller/OAuthController.php b/src/Authentication/OAuth2/Controller/OAuthController.php
@@ -4,71 +4,40 @@
 
 use OxidEsales\Eshop\Application\Controller\FrontendController;
 use OxidEsales\Eshop\Core\Registry;
-use League\OAuth2\Client\Token\AccessTokenInterface;
 use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderCollectorInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\UserServiceInterface;
 
 class OAuthController extends FrontendController
 {
-    public function redirect()
+    public function render()
     {
-        $providerName = Registry::getRequest()->getRequestEscapedParameter('provider');
-        $collector = $this->getService(ProviderCollectorInterface::class);
-        $provider = $collector->getProvider($providerName);
+        $providerCollector = $this->getService(ProviderCollectorInterface::class);
 
-        if (!$provider) {
-            Registry::getUtilsView()->addErrorToDisplay("Unknown provider: $providerName");
-            return;
-        }
+        $provider = $providerCollector
+            ->getProvider($_GET['provider'])
+            ->getClient();
 
-        $state = bin2hex(random_bytes(16));
-        $_SESSION['oauth_state'] = $state;
+        Registry::getUtils()->redirect($provider->getAuthorizationUrl(), 302);
 
-        $authUrl = $provider->getAuthorizationUrl($state);
-        Registry::getUtils()->redirect($authUrl);
+        exit;
     }
 
-    public function callback()
+    public function redirect()
     {
-        $providerName = Registry::getRequest()->getRequestEscapedParameter('provider');
-        $collector = $this->getService(ProviderCollectorInterface::class);
-        $provider = $collector->getProvider($providerName);
-
-        if (!$provider) {
-            Registry::getUtilsView()->addErrorToDisplay("Unknown provider: $providerName");
-            return;
-        }
-
-        $state = Registry::getRequest()->getRequestEscapedParameter('state');
-        if ($state !== ($_SESSION['oauth_state'] ?? null)) {
-            Registry::getUtilsView()->addErrorToDisplay('Invalid OAuth state');
-            return;
-        }
+        $provider = $this
+            ->getService(ProviderCollectorInterface::class)
+            ->getProvider('facebook');
 
-        try {
-            $code = Registry::getRequest()->getRequestEscapedParameter('code');
-            $token = $provider->getAccessToken($code);
+        $provider->getClient();
 
-            if (!$provider->validateToken($token)) {
-                throw new \RuntimeException('Token invalid or expired');
-            }
+        $accessToken = $provider->getAccessToken($_GET['code']);
 
-            $userInfo = $provider->getUserInfo($token);
+        $userDataType = $provider->getUserInfo($accessToken);
 
-            // Now handle login or registration (customize this part)
-            $this->handleUserLogin($providerName, $userInfo);
+        $this
+            ->getService(UserServiceInterface::class)
+            ->login($userDataType);
 
-            Registry::getUtils()->redirect('index.php?cl=account');
-
-        } catch (\Throwable $e) {
-            Registry::getLogger()->error('OAuth callback error: ' . $e->getMessage());
-            Registry::getUtilsView()->addErrorToDisplay('OAuth login failed. Please try again.');
-            Registry::getUtils()->redirect('index.php?cl=login');
-        }
-    }
-
-    protected function handleUserLogin(string $providerName, array $userInfo): void
-    {
-        // TODO: check if user exists by provider ID or email, then log in or create
-        // Example: $userService->loginOrRegisterViaOAuth($providerName, $userInfo);
+        Registry::getUtils()->redirect('', 302);
     }
 }
diff --git a/src/Authentication/OAuth2/Factory/UserFactory.php b/src/Authentication/OAuth2/Factory/UserFactory.php
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Factory;
+
+use OxidEsales\Eshop\Application\Model\User;
+
+class UserFactory implements UserFactoryInterface
+{
+    /**
+     * @inheritDoc
+     */
+    public function create(): User
+    {
+        return oxNew(User::class);
+    }
+}
diff --git a/src/Authentication/OAuth2/Factory/UserFactoryInterface.php b/src/Authentication/OAuth2/Factory/UserFactoryInterface.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Factory;
+
+use OxidEsales\Eshop\Application\Model\User;
+
+interface UserFactoryInterface
+{
+    public function create(): User;
+}
diff --git a/src/Authentication/OAuth2/Infrastructure/UserRepository.php b/src/Authentication/OAuth2/Infrastructure/UserRepository.php
@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Infrastructure;
+
+use Doctrine\DBAL\Result;
+use OxidEsales\EshopCommunity\Internal\Framework\Database\QueryBuilderFactoryInterface;
+
+readonly class UserRepository implements UserRepositoryInterface
+{
+    public function __construct(
+        private QueryBuilderFactoryInterface $queryBuilderFactory,
+    ) {
+    }
+
+    public function getUserByEmail(string $username): string|bool
+    {
+        $queryBuilder = $this->queryBuilderFactory->create();
+
+        $queryBuilder
+            ->select('u.oxid')
+            ->from('oxuser', 'u')
+            ->where('u.oxusername = :oxusername')
+            ->setParameter('oxusername', $username);
+
+        /** @var Result<array> $result */
+        $result = $queryBuilder->execute();
+
+        return $result->fetchOne();
+    }
+}
diff --git a/src/Authentication/OAuth2/Infrastructure/UserRepositoryInterface.php b/src/Authentication/OAuth2/Infrastructure/UserRepositoryInterface.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Infrastructure;
+
+interface UserRepositoryInterface
+{
+    public function getUserByEmail(string $username): string|bool;
+}
diff --git a/src/Authentication/OAuth2/Service/Provider/Facebook/Facebook.php b/src/Authentication/OAuth2/Service/Provider/Facebook/Facebook.php
@@ -43,9 +43,9 @@ public function getClient(): AbstractProvider
         return $this->facebookProvider;
     }
 
-    public function getAuthorizationUrl(string $state): string
+    public function getAuthorizationUrl(): string
     {
-        return $this->facebookProvider->getAuthorizationUrl(['state' => $state]);
+        return $this->facebookProvider->getAuthorizationUrl();
     }
 
     public function getAccessToken(string $code): AccessTokenInterface
@@ -55,7 +55,6 @@ public function getAccessToken(string $code): AccessTokenInterface
 
     public function getUserInfo(AccessTokenInterface $token): UserDataTypeInterface
     {
-        //todo: move to service
         $user = $this->facebookProvider->getResourceOwner($token);
 
         return new UserDataType(
@@ -67,5 +66,6 @@ public function getUserInfo(AccessTokenInterface $token): UserDataTypeInterface
 
     public function validateToken(AccessTokenInterface $token): bool
     {
+        return true;
     }
 }
diff --git a/src/Authentication/OAuth2/Service/Provider/ProviderInterface.php b/src/Authentication/OAuth2/Service/Provider/ProviderInterface.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service\Provider;
 
 use League\OAuth2\Client\Provider\AbstractProvider;
 use League\OAuth2\Client\Token\AccessTokenInterface;
diff --git a/src/Authentication/OAuth2/Service/ProviderCollector.php b/src/Authentication/OAuth2/Service/ProviderCollector.php
@@ -9,6 +9,8 @@
 
 namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
 
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\Provider\ProviderInterface;
+
 class ProviderCollector implements ProviderCollectorInterface
 {
     public function __construct(
diff --git a/src/Authentication/OAuth2/Service/ProviderCollectorInterface.php b/src/Authentication/OAuth2/Service/ProviderCollectorInterface.php
@@ -7,6 +7,8 @@
 
 namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
 
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\Provider\ProviderInterface;
+
 interface ProviderCollectorInterface
 {
     public function getProviders(): array;
diff --git a/src/Authentication/OAuth2/Service/UserService.php b/src/Authentication/OAuth2/Service/UserService.php
@@ -0,0 +1,68 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
+
+use OxidEsales\Eshop\Application\Model\User;
+use OxidEsales\EshopCommunity\Internal\Framework\Session\SessionInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\DataType\UserDataTypeInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Factory\UserFactoryInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Infrastructure\UserRepositoryInterface;
+
+readonly class UserService implements UserServiceInterface
+{
+    public function __construct(
+        private UserFactoryInterface $userFactory,
+        private SessionInterface $session,
+        private UserRepositoryInterface $userRepository,
+    ) {
+    }
+
+    public function login(UserDataTypeInterface $userDataType): void
+    {
+        $userModel = $this->getUserByUserId($userDataType->getEmail());
+        if (!$userModel instanceof User) {
+            $userModel = $this->createUser($userDataType);
+        }
+
+        if ($userModel->inGroup('oxidblocked')) {
+            throw new \Exception('Blocked');
+        }
+
+        $this->session->set('usr', $userModel->getId());
+    }
+
+    public function getUserByUserId(string $username): User|bool
+    {
+        $userId = $this->userRepository->getUserByEmail($username);
+        if ($userId) {
+            $user = $this->userFactory->create();
+            $user->load($userId);
+
+            return $user;
+        }
+
+        return false;
+    }
+
+    public function createUser(userDataTypeInterface $userDataType): User
+    {
+        $user = $this->userFactory->create();
+        $user->assign([
+            'OXUSERNAME' => $userDataType->getEmail(),
+            'OXFNAME'    => $userDataType->getFirstName(),
+            'OXLNAME'    => $userDataType->getLastName(),
+            'OXREGISTER' => time()
+        ]);
+        $user->setPassword(bin2hex(random_bytes(20)));
+        $user->createUser();
+
+        return $user;
+    }
+}
diff --git a/src/Authentication/OAuth2/Service/UserServiceInterface.php b/src/Authentication/OAuth2/Service/UserServiceInterface.php
@@ -0,0 +1,20 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
+
+use OxidEsales\Eshop\Application\Model\User;
+use OxidEsales\SecurityModule\Authentication\OAuth2\DataType\UserDataTypeInterface;
+
+interface UserServiceInterface
+{
+    public function login(UserDataTypeInterface $userDataType): void;
+
+    public function getUserByUserId(string $username): User|bool;
+
+    public function createUser(UserDataTypeInterface $userDataType): User;
+}
diff --git a/src/Authentication/OAuth2/services.yaml b/src/Authentication/OAuth2/services.yaml
@@ -7,6 +7,18 @@ services:
     class: OxidEsales\SecurityModule\Authentication\OAuth2\Service\ModuleSettingsService
     public: true
 
+  OxidEsales\SecurityModule\Authentication\OAuth2\Factory\UserFactoryInterface:
+    class: OxidEsales\SecurityModule\Authentication\OAuth2\Factory\UserFactory
+    public: true
+
+  OxidEsales\SecurityModule\Authentication\OAuth2\Infrastructure\UserRepositoryInterface:
+    class: OxidEsales\SecurityModule\Authentication\OAuth2\Infrastructure\UserRepository
+    public: true
+
+  OxidEsales\SecurityModule\Authentication\OAuth2\Service\UserServiceInterface:
+    class: OxidEsales\SecurityModule\Authentication\OAuth2\Service\UserService
+    public: true
+
   OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderCollectorInterface:
     class: OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderCollector
     public: true
diff --git a/tests/Unit/Authentication/OAuth2/Service/ProviderCollectorTest.php b/tests/Unit/Authentication/OAuth2/Service/ProviderCollectorTest.php
@@ -9,7 +9,7 @@
 
 namespace Authentication\OAuth2\Service;
 
-use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\Provider\ProviderInterface;
 use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderNotFound;
 use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderCollector;
 use PHPUnit\Framework\TestCase;
diff --git a/views/admin_twig/de/oesecuritymodule_lang.php b/views/admin_twig/de/oesecuritymodule_lang.php
@@ -26,4 +26,10 @@
     'SHOP_MODULE_oeSecurityCaptchaLifeTime_5min'  => '5 min',
     'SHOP_MODULE_oeSecurityCaptchaLifeTime_15min' => '15 min',
     'SHOP_MODULE_oeSecurityCaptchaLifeTime_30min' => '30 min',
+
+    'SHOP_MODULE_GROUP_oauth'                   => 'OAuth2',
+    'SHOP_MODULE_oeSecurityFacebookEnable'      => 'Enable OAuth2',
+    'SHOP_MODULE_oeSecurityFacebookClientId'    => 'Facebook client id',
+    'SHOP_MODULE_oeSecurityFacebookSecret'      => 'Facebook secret',
+    'SHOP_MODULE_oeSecurityFacebookRedirectUrl' => 'Facebook redirect url',
 ];
diff --git a/views/admin_twig/en/oesecuritymodule_lang.php b/views/admin_twig/en/oesecuritymodule_lang.php

Original file line number	Diff line number	Diff line change
`@@ -43,9 +43,9 @@ public function getClient(): AbstractProvider`
`43`	`43`	`return $this->facebookProvider;`
`44`	`44`	`}`
`45`	`45`
`46`		`- public function getAuthorizationUrl(string $state): string`
	`46`	`+ public function getAuthorizationUrl(): string`
`47`	`47`	`{`
`48`		`- return $this->facebookProvider->getAuthorizationUrl(['state' => $state]);`
	`48`	`+ return $this->facebookProvider->getAuthorizationUrl();`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`public function getAccessToken(string $code): AccessTokenInterface`
`@@ -55,7 +55,6 @@ public function getAccessToken(string $code): AccessTokenInterface`
`55`	`55`
`56`	`56`	`public function getUserInfo(AccessTokenInterface $token): UserDataTypeInterface`
`57`	`57`	`{`
`58`		`- //todo: move to service`
`59`	`58`	`$user = $this->facebookProvider->getResourceOwner($token);`
`60`	`59`
`61`	`60`	`return new UserDataType(`
`@@ -67,5 +66,6 @@ public function getUserInfo(AccessTokenInterface $token): UserDataTypeInterface`
`67`	`66`
`68`	`67`	`public function validateToken(AccessTokenInterface $token): bool`
`69`	`68`	`{`
	`69`	`+ return true;`
`70`	`70`	`}`
`71`	`71`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,8 @@`
`9`	`9`
`10`	`10`	`namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;`
`11`	`11`
	`12`	`+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\Provider\ProviderInterface;`
	`13`	`+`
`12`	`14`	`class ProviderCollector implements ProviderCollectorInterface`
`13`	`15`	`{`
`14`	`16`	`public function __construct(`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,8 @@`
`7`	`7`
`8`	`8`	`namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;`
`9`	`9`
	`10`	`+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\Provider\ProviderInterface;`
	`11`	`+`
`10`	`12`	`interface ProviderCollectorInterface`
`11`	`13`	`{`
`12`	`14`	`public function getProviders(): array;`