[TASK][DEV-455] Add email and fullname to users (#5)

* [TASK] Get name and email from header * [TASK] Get name and email from header
TYPO3GmbH · Jun 9, 2020 · 86dd0ab · 86dd0ab
1 parent cf391cd
commit 86dd0ab
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 14 deletions.
diff --git a/src/Security/KeyCloakAuthenticator.php b/src/Security/KeyCloakAuthenticator.php
@@ -61,7 +61,7 @@ public function getCredentials(Request $request): Request
 
     /**
      * @param Request $credentials
-     * @param UserProviderInterface $userProvider
+     * @param UserProviderInterface|KeyCloakUserProvider $userProvider
      * @return KeyCloakUser|null
      */
     public function getUser($credentials, UserProviderInterface $userProvider): ?KeyCloakUser
@@ -73,7 +73,9 @@ public function getUser($credentials, UserProviderInterface $userProvider): ?Key
         return $userProvider->loadUserByUsername(
             $credentials->headers->get('X-Auth-Username'),
             $roles,
-            $scopes
+            $scopes,
+            $this->getEmailFromToken($credentials->headers->get('X-Auth-Token')),
+            $this->getFullNameFromToken($credentials->headers->get('X-Auth-Token'))
         );
     }
 
@@ -119,17 +121,36 @@ public function supportsRememberMe(): bool
         return false;
     }
 
+    private function decodeJwtToken(string $token): array
+    {
+        $this->JWTService->verify($token);
+
+        return json_decode($this->JWTService->getPayload(), true, 512, JSON_THROW_ON_ERROR);
+    }
+
     private function getRolesFromToken(string $token): array
     {
         $roles= [];
-        $this->JWTService->verify($token);
-        $payload = json_decode($this->JWTService->getPayload(), true, 512, JSON_THROW_ON_ERROR);
-        $scopes = explode(' ', $payload['scope']);
+        $scopes = explode(' ', $this->decodeJwtToken($token)['scope']);
 
         foreach ($scopes as $scope) {
             $roles[] = 'ROLE_SCOPE_' . strtoupper(str_replace('.', '_', $scope));
         }
 
         return $roles;
     }
+
+    public function getFullNameFromToken(string $token): ?string
+    {
+        $data = $this->decodeJwtToken($token);
+
+        return $data['name'] ?? null;
+    }
+
+    public function getEmailFromToken(string $token): ?string
+    {
+        $data = $this->decodeJwtToken($token);
+
+        return $data['email'] ?? null;
+    }
 }
diff --git a/src/Security/KeyCloakUser.php b/src/Security/KeyCloakUser.php
@@ -14,11 +14,15 @@ class KeyCloakUser implements UserInterface
 {
     private string $username;
     private array $roles;
+    private ?string $fullName = null;
+    private ?string $email = null;
 
-    public function __construct(string $username, array $roles)
+    public function __construct(string $username, array $roles, ?string $email, ?string $fullName = null)
     {
         $this->username = $username;
         $this->roles = $roles;
+        $this->email = $email;
+        $this->fullName = $fullName;
     }
 
     public function getRoles(): array
@@ -45,4 +49,22 @@ public function eraseCredentials(): void
     {
         // Do nothing.
     }
+
+    public function getFullName(): ?string
+    {
+        return $this->fullName;
+    }
+
+    public function getEmail(): ?string
+    {
+        return $this->email;
+    }
+
+    /**
+     * @return string The full name of the user. When not present, the username
+     */
+    public function getDisplayName(): string
+    {
+        return $this->fullName ?? $this->username;
+    }
 }
diff --git a/src/Security/KeyCloakUserProvider.php b/src/Security/KeyCloakUserProvider.php
@@ -9,10 +9,6 @@
 
 namespace T3G\Bundle\Keycloak\Security;
 
-use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
-use Symfony\Component\HttpFoundation\RedirectResponse;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
@@ -33,16 +29,23 @@ public function __construct(array $roleMapping, array $defaultRoles = ['ROLE_USE
      * @param string $username
      * @param array $keycloakGroups
      * @param array $scopes
+     * @param string|null $email
+     * @param string|null $fullName
      * @return KeyCloakUser
      */
-    public function loadUserByUsername($username, array $keycloakGroups = [], array $scopes = []): KeyCloakUser
-    {
+    public function loadUserByUsername(
+        $username,
+        array $keycloakGroups = [],
+        array $scopes = [],
+        ?string $email = null,
+        ?string $fullName = null
+    ): KeyCloakUser {
         $roles = array_intersect_key($this->roleMapping, array_flip(array_map(static function ($v) {
             return str_replace('-', '_', $v);
         }, $keycloakGroups)));
         $roles = array_merge($roles, $scopes, $this->defaultRoles);
 
-        return new KeyCloakUser($username, array_values($roles));
+        return new KeyCloakUser($username, array_values($roles), $email, $fullName);
     }
 
     /**
@@ -55,7 +58,7 @@ public function refreshUser(UserInterface $user): KeyCloakUser
             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', \get_class($user)));
         }
 
-        return new KeyCloakUser($user->getUsername(), $user->getRoles());
+        return new KeyCloakUser($user->getUsername(), $user->getRoles(), $user->getEmail(), $user->getFullName());
     }
 
     /**