Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Varied fixes and additions #3

Open
wants to merge 64 commits into
base: main
Choose a base branch
from
Open

Varied fixes and additions #3

wants to merge 64 commits into from

Conversation

mjauvin
Copy link
Member

@mjauvin mjauvin commented May 19, 2024
edited
Loading

Related to wintercms/winter#1133

  • Add access_token to the user metadata
  • Add LinkedIn OpenID provider (supported by socialite)
  • Add Providers controller and model
  • Add events to extend the plugin
  • Move providers button generation into a view
  • Extra scopes added to the provider config are now passed to the provider.
  • Handle callback exception by flashing the error and redirecting back to signin page
  • Signin Page is retrieved from the session, so it can be changed by other plugins with different signin page

@mjauvin mjauvin changed the title Varied fixes Varied fixes and additions May 19, 2024
@mjauvin
Copy link
Member Author

mjauvin commented May 19, 2024

@LukeTowers what did you have in mind exactly with the prevent_native_auth config?

@mjauvin mjauvin self-assigned this May 20, 2024
@mjauvin
Copy link
Member Author

mjauvin commented May 20, 2024
edited by LukeTowers
Loading

@LukeTowers in Handle::callback() you wrote this @TODO comment:

        // Check if the user is allowed to keep a persistent session
        if (is_null($remember = Config::get('cms.backendForceRemember', false))) {
            $remember = false;
            // @TODO: Get this from the request
            // $remember = (bool) post('remember');
        }

But it won't work since callback is a GET request coming from the provider (post values from the signin form are not available here, unless they get saved in some other way?)

@mjauvin
Copy link
Member Author

mjauvin commented May 21, 2024

But it won't work since callback is a GET request coming from the provider (post values from the signin form are not available here, unless they get saved in some other way?)

@mjauvin In order to support that we'd probably need to store a value in the session before redirecting them away and retrieve it when they come back.

So we'd need an ajax handler for the remember checkbox that sets this in the session ?

@mjauvin
Copy link
Member Author

mjauvin commented May 21, 2024
edited
Loading

@LukeTowers For the event I named winter.sso.register, I guess we would add {before/after}Register methods to the AuthManager and call this from the winter.sso plugin ? And the external events (*.user.beforeRegister / *.user.register) would be triggered from those methods ?

Should I submit a PR to add these methods to the backend AuthManager and to another for the Winter.User to add to its AuthManager ?

@mjauvin
Copy link
Member Author

mjauvin commented May 21, 2024

@LukeTowers see latest commit for the new event methods. Is that what you envisioned or similar?

Maybe the {after/before}Register event methods should be called within the AuthManager's register() method itself ?

mjauvin added 24 commits May 21, 2024 15:55
@mjauvin
save the user
9f47d81
@mjauvin
abort signin if handler returns false
f3f809f
@mjauvin
improve events and error handling
8671b14
@mjauvin
use event until we have the event methods
24cc68d
@mjauvin
missed one
3fb536a
@mjauvin
reuse catch bloc to simplify code
79d4de5
@mjauvin
check if event methods are available
03d7568
@mjauvin
do not prevent the actual message to be shown when not in debug mode
47bc39c
@mjauvin
move migration code in event handler
983a293
@mjauvin
get remember config from session, defaults to false
c959f8f
@mjauvin
normalize sso user email
04aa622
@mjauvin
use simpler string concat
b01b917
@mjauvin
verify previous/current ssoId match
38dc10b
@mjauvin
improve localization strings for invalid_ssoid
6945bed
@mjauvin
add some security verifications
cebb6d1
@mjauvin
add config documentation for require_explicit_permission
5c9c086
@mjauvin
move todo comment in the controller
3a6aa4c
@mjauvin
use encryptable trait to encrypt client_secret
f722e2a
@mjauvin
update comment
b8e7036
@mjauvin
improve error handling; add not about InvalidState exception
6b00a30
@mjauvin
force session.same_site to lax for now when session.secure is true
8f0c66c
@mjauvin
use with() method instead of driver()
aa027f2
@mjauvin
fix email variable name
9888eae
@mjauvin
fix issue if metadata is a string
83ba1a8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LukeTowers LukeTowers LukeTowers left review comments

Assignees

@mjauvin mjauvin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mjauvin @LukeTowers