182 lines
6.3 KiB
PHP
182 lines
6.3 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
|
|
* Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
|
|
*
|
|
* Licensed under The MIT License
|
|
* For full copyright and license information, please see the LICENSE.txt
|
|
* Redistributions of files must retain the above copyright notice.
|
|
*
|
|
* @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
|
|
* @link https://cakephp.org CakePHP(tm) Project
|
|
* @since 3.3.0
|
|
* @license https://opensource.org/licenses/mit-license.php MIT License
|
|
*/
|
|
namespace App;
|
|
|
|
use Cake\Core\Configure;
|
|
use Cake\Core\Exception\MissingPluginException;
|
|
use Cake\Error\Middleware\ErrorHandlerMiddleware;
|
|
use Cake\Http\BaseApplication;
|
|
use Cake\Http\MiddlewareQueue;
|
|
use Cake\Http\Middleware\BodyParserMiddleware;
|
|
use Cake\Routing\Middleware\AssetMiddleware;
|
|
use Cake\Routing\Middleware\RoutingMiddleware;
|
|
use Authentication\AuthenticationService;
|
|
use Authentication\AuthenticationServiceInterface;
|
|
use Authentication\AuthenticationServiceProviderInterface;
|
|
use Authentication\Middleware\AuthenticationMiddleware;
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
|
|
use Tags\Plugin as TagsPlugin;
|
|
use App\Event\SocialAuthListener;
|
|
use Cake\Event\EventManager;
|
|
/**
|
|
* Application setup class.
|
|
*
|
|
* This defines the bootstrapping logic and middleware layers you
|
|
* want to use in your application.
|
|
*/
|
|
class Application extends BaseApplication implements AuthenticationServiceProviderInterface
|
|
{
|
|
/**
|
|
* Load all the application configuration and bootstrap logic.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function bootstrap(): void
|
|
{
|
|
$this->addPlugin('ADmad/SocialAuth');
|
|
|
|
// Call parent to load bootstrap from files.
|
|
parent::bootstrap();
|
|
|
|
if (PHP_SAPI === 'cli') {
|
|
$this->bootstrapCli();
|
|
}
|
|
|
|
/*
|
|
* Only try to load DebugKit in development mode
|
|
* Debug Kit should not be installed on a production system
|
|
*/
|
|
if (Configure::read('debug')) {
|
|
$this->addPlugin('DebugKit');
|
|
}
|
|
$this->addPlugin('Authentication');
|
|
$this->addPlugin('Tags', ['routes' => true]);
|
|
EventManager::instance()->on(new SocialAuthListener());
|
|
// Load more plugins here
|
|
}
|
|
|
|
/**
|
|
* Setup the middleware queue your application will use.
|
|
*
|
|
* @param \Cake\Http\MiddlewareQueue $middlewareQueue The middleware queue to setup.
|
|
* @return \Cake\Http\MiddlewareQueue The updated middleware queue.
|
|
*/
|
|
public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
|
|
{
|
|
$middlewareQueue
|
|
// Catch any exceptions in the lower layers,
|
|
// and make an error page/response
|
|
->add(new ErrorHandlerMiddleware(Configure::read('Error')))
|
|
|
|
// Handle plugin/theme assets like CakePHP normally does.
|
|
->add(new AssetMiddleware([
|
|
'cacheTime' => Configure::read('Asset.cacheTime'),
|
|
]))
|
|
|
|
// Add routing middleware.
|
|
// If you have a large number of routes connected, turning on routes
|
|
// caching in production could improve performance. For that when
|
|
// creating the middleware instance specify the cache config name by
|
|
// using it's second constructor argument:
|
|
// `new RoutingMiddleware($this, '_cake_routes_')`
|
|
->add(new RoutingMiddleware($this));
|
|
|
|
if (!empty(Configure::read('keycloak'))) {
|
|
$middlewareQueue->add(new \ADmad\SocialAuth\Middleware\SocialAuthMiddleware([
|
|
'requestMethod' => 'POST',
|
|
'loginUrl' => '/users/login',
|
|
'loginRedirect' => '/',
|
|
'userEntity' => false,
|
|
'userModel' => 'Users',
|
|
'socialProfileModel' => 'ADmad/SocialAuth.SocialProfiles',
|
|
'finder' => 'all',
|
|
'fields' => [
|
|
'password' => 'password',
|
|
],
|
|
'sessionKey' => 'Auth',
|
|
'getUserCallback' => 'getUser',
|
|
'serviceConfig' => [
|
|
'provider' => [
|
|
'keycloak' => Configure::read('keycloak.provider')
|
|
],
|
|
],
|
|
'collectionFactory' => null,
|
|
'logErrors' => true,
|
|
]));
|
|
\SocialConnect\JWX\JWT::$screw = Configure::check('keycloak.screw') ? Configure::read('keycloak.screw') : 0;
|
|
}
|
|
$middlewareQueue
|
|
->add(new BodyParserMiddleware())
|
|
->add(new AuthenticationMiddleware($this));
|
|
return $middlewareQueue;
|
|
}
|
|
|
|
/**
|
|
* Bootrapping for CLI application.
|
|
*
|
|
* That is when running commands.
|
|
*
|
|
* @return void
|
|
*/
|
|
protected function bootstrapCli(): void
|
|
{
|
|
try {
|
|
$this->addPlugin('Bake');
|
|
} catch (MissingPluginException $e) {
|
|
// Do not halt if the plugin is missing
|
|
}
|
|
|
|
$this->addPlugin('Migrations');
|
|
|
|
// Load more plugins here
|
|
}
|
|
|
|
/**
|
|
* Returns a service provider instance.
|
|
*
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request Request
|
|
* @return \Authentication\AuthenticationServiceInterface
|
|
*/
|
|
public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
|
|
{
|
|
$service = new AuthenticationService();
|
|
|
|
// Define where users should be redirected to when they are not authenticated
|
|
$service->setConfig([
|
|
'unauthenticatedRedirect' => '/users/login',
|
|
'queryParam' => 'redirect',
|
|
]);
|
|
|
|
$fields = [
|
|
'username' => 'username',
|
|
'password' => 'password'
|
|
];
|
|
// Load the authenticators. Session should be first.
|
|
$service->loadAuthenticator('Authentication.Session');
|
|
$service->loadAuthenticator('Authentication.Form', [
|
|
'fields' => $fields,
|
|
'loginUrl' => \Cake\Routing\Router::url('/users/login')
|
|
]);
|
|
|
|
// Load identifiers
|
|
$service->loadIdentifier('Authentication.Password', compact('fields'));
|
|
|
|
return $service;
|
|
}
|
|
}
|