Feature: External Login through OIDC #169
Conversation
…ers for /external-users endpoints
…n of openid-connect bundle
src/Dto/EmptyDTO.php
Outdated
|
|
||
| namespace App\Dto; | ||
|
|
||
| class EmptyDTO |
There was a problem hiding this comment.
"EmptyDTO" ??? A short comment to explain use would be nice
.env
Outdated
| OIDC_CLIENT_SECRET=ADMIN_APP_CLIENT_SECRET | ||
| OIDC_REDIRECT_URI=ADMIN_APP_REDIRECT_URI | ||
| OIDC_LEEWAY=30 | ||
| # ad provider |
There was a problem hiding this comment.
ad is specific to our planned use. We should stick to only using internal and external as terms
CHANGELOG.md
Outdated
| @@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file. | |||
|
|
|||
| ## [Unreleased] | |||
|
|
|||
| - [#162](https://github.com/os2display/display-api-service/pull/162) | |||
| - Adds "external" openid-connect provider. | |||
| - Renamed "oidc" openid-connect provider to "ad". | |||
| private ?\DateTimeImmutable $codeExpire; | ||
|
|
||
| #[ORM\Column(type: Types::STRING, nullable: false)] | ||
| private ?string $username; |
There was a problem hiding this comment.
Unique constraint? Would it ever make sense to have two codes for the same user?
There was a problem hiding this comment.
If you have invitations to two different Tenants
|
|
||
| // Check if user exists already - if not create a user | ||
| $user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $email]); | ||
| $user = $this->entityManager->getRepository(User::class)->findOneBy(['providerId' => $providerId]); | ||
|
|
||
| if (null === $user) { | ||
| // Create the new user and persist it | ||
| $user = new User(); | ||
| $user->setCreatedBy('OIDC'); |
There was a problem hiding this comment.
Should 'OIDC' be changed to one of the UserTypeEnum values, or should we have different enum?
src/Command/User/AddUserCommand.php
Outdated
| @@ -216,9 +216,11 @@ protected function execute(InputInterface $input, OutputInterface $output): int | |||
| // create the user and hash its password | |||
| $user = new User(); | |||
| $user->setEmail($email); | |||
| $user->setProviderId($email); | |||
| $user->setFullName($fullName); | |||
| $user->setProvider(self::class); | |||
| $user->setCreatedBy('CLI'); | |||
There was a problem hiding this comment.
Should we have an enum for 'CLI'?
|
|
||
| namespace App\Utils; | ||
|
|
||
| class Roles |
There was a problem hiding this comment.
What we want as output is a string so this is easier to use I think
tests/AbstractBaseApiTestCase.php
Outdated
| @@ -70,6 +74,7 @@ protected function getAuthenticatedClient(string $role = 'ROLE_EDITOR'): Client | |||
|
|
|||
| $user->addUserRoleTenant($userRoleTenant); | |||
|
|
|||
| $manager->persist($userRoleTenant); | |||
There was a problem hiding this comment.
Should not be necessary because User has cascade: ['persist', ... on the relation
#[ORM\OneToMany(targetEntity: UserRoleTenant::class, mappedBy: 'user', cascade: ['persist', 'remove'], orphanRemoval: true)]
private Collection $userRoleTenants;
Link to ticket
https://jira.itkdev.dk/browse/DISPLAY-993
Description
NB! Uses the changes from #163 since support for multiple providers is necessary.
Screenshots
Checklist