Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 35
0.00% covered (danger)
0.00%
0 / 6
 CRAP
0.00% covered (danger)
0.00%
0 / 1
Provider
0.00% covered (danger)
0.00%
0 / 35
0.00% covered (danger)
0.00%
0 / 6
 182
0.00% covered (danger)
0.00%
0 / 1
 __construct
0.00% covered (danger)
0.00%
0 / 4
0.00% covered (danger)
0.00%
0 / 1
 12
 setHttpClient
0.00% covered (danger)
0.00%
0 / 2
0.00% covered (danger)
0.00%
0 / 1
 2
 createResourceOwner
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 2
 getResourceOwnerData
0.00% covered (danger)
0.00%
0 / 9
0.00% covered (danger)
0.00%
0 / 1
 20
 getOptionsFromJsonFile
0.00% covered (danger)
0.00%
0 / 8
0.00% covered (danger)
0.00%
0 / 1
 6
 getBasicOptionsFromJsonFile
0.00% covered (danger)
0.00%
0 / 11
0.00% covered (danger)
0.00%
0 / 1
 6
1<?php
2
3namespace BO\Slim\Middleware\OAuth\Keycloak;
4
5use Stevenmaguire\OAuth2\Client\Provider\Keycloak;
6use BO\Zmsclient\PSR7\Client;
7use League\OAuth2\Client\Token\AccessToken;
8use BO\Zmsentities\Useraccount;
9
10/**
11 * @SuppressWarnings(PHPMD)
12 */
13
14class Provider extends Keycloak
15{
16    const PROVIDERNAME = 'keycloak';
17
18    /**
19     * @var \BO\Zmsclient\OAuthService
20     */
21    protected $oauthService;
22
23    /**
24     * Sets the config options for keycloak access from json file.
25     *
26     * @param array $options An array of options to set on this provider.
27     *     Options include `clientId`, `clientSecret`, `redirectUri`, `authServerurl` and `realm`.
28     *     Individual providers may introduce more options, as needed.
29     * @return parent
30     */
31    public function __construct($client = null, ?\BO\Zmsclient\OAuthService $oauthService = null)
32    {
33        $this->oauthService = $oauthService ?: new \BO\Zmsclient\OAuthService(\App::$http, \App::CONFIG_SECURE_TOKEN);
34        $client = ((null === $client)) ? new Client() : $client;
35        $options = $this->getOptionsFromJsonFile();
36        return parent::__construct($options, ['httpClient' => $client]);
37    }
38
39    /**
40     * Sets the HTTP client instance.
41     *
42     * @param  \BO\Zmsclient\PSR7\ClientInterface $client
43     * @return self
44     */
45    public function setHttpClient($client)
46    {
47        $this->httpClient = $client;
48        return $this;
49    }
50
51    /**
52     * Generate a user object from a successful user details request.
53     *
54     * @param array $response
55     * @param AccessToken $token
56     * @return ResourceOwner
57     */
58    protected function createResourceOwner(array $response, AccessToken $token): ResourceOwner
59    {
60        return new ResourceOwner($response);
61    }
62
63    /**
64     * Requests and returns the resource owner data of given access token.
65     *
66     * @param  AccessToken $token
67     * @return array
68     */
69    public function getResourceOwnerData(AccessToken $token): Useraccount
70    {
71        $resourceOwner = $this->getResourceOwner($token);
72        $config = $this->oauthService->readConfig();
73        $ownerData['username'] = $resourceOwner->getName() . '@' . static::PROVIDERNAME;
74        if (1 == $config->getPreference('oidc', 'onlyVerifiedMail')) {
75            $email = $resourceOwner->getEmail();
76            if ($email && $resourceOwner->toArray()['email_verified'] ?? false) {
77                $ownerData['email'] = $email;
78            }
79        } else {
80            $ownerData['email'] = $resourceOwner->getEmail();
81        }
82        return new Useraccount($ownerData);
83    }
84
85    private function getOptionsFromJsonFile(): array
86    {
87        $config_data = file_get_contents(\App::APP_PATH . '/' . static::PROVIDERNAME . '.json');
88        if (gettype($config_data) === 'string') {
89            $config_data = json_decode($config_data, true);
90        }
91        $realmData = $this->getBasicOptionsFromJsonFile();
92        $realmData['clientSecret'] = $config_data['credentials']['secret'];
93        $realmData['authServerUrl'] = $config_data['auth-server-url'];
94        $realmData['verify'] = $config_data['ssl-verify'] ?? true;
95        return $realmData;
96    }
97
98    public function getBasicOptionsFromJsonFile(): array
99    {
100        $config_data = file_get_contents(\App::APP_PATH . '/' . static::PROVIDERNAME . '.json');
101        if (gettype($config_data) === 'string') {
102            $config_data = json_decode($config_data, true);
103        }
104        $realmData['realm'] = $config_data['realm'];
105        $realmData['clientId'] = $config_data['clientId'];
106        $realmData['clientName'] = $config_data['clientName'];
107        $realmData['redirectUri'] = $config_data['auth-redirect-url'];
108        $realmData['logoutUri'] = $config_data['logout-redirect-url'];
109        $realmData['version'] = $config_data['version'];
110        $realmData['accessRole'] = $config_data['access-role'];
111        return $realmData;
112    }
113}