From 54f96b8d0b81a94a2e96247735458645ed661388 Mon Sep 17 00:00:00 2001 From: Stefan Hagspiel Date: Mon, 12 Feb 2024 18:48:17 +0100 Subject: [PATCH] configurable firewall name via container parameter --- UPGRADE.md | 1 + docs/SSO/20_Installation.md | 8 ++++++++ .../DependencyInjection/MembersExtension.php | 10 ++++++++-- .../config/packages/security_auth_manager.yaml | 4 ++++ src/MembersBundle/Resources/config/services/event.yml | 2 ++ 5 files changed, 23 insertions(+), 2 deletions(-) diff --git a/UPGRADE.md b/UPGRADE.md index 47830a1d..375f4678 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -2,6 +2,7 @@ ### 4.1.2 - **[IMPROVEMENT]**: Introduce `OAUTH_RESOURCE_MAPPING_REFRESH` Event +- **[IMPROVEMENT]**: Configurable Firewall Name via container parameter `members.firewall_name` ### 4.1.1 - **[BUGFIX]**: Also respect original asset paths in protected env diff --git a/docs/SSO/20_Installation.md b/docs/SSO/20_Installation.md index edd45a46..fdaa9a57 100644 --- a/docs/SSO/20_Installation.md +++ b/docs/SSO/20_Installation.md @@ -105,6 +105,14 @@ members: activation_type: 'complete_profile' # choose between "complete_profile" and "instant" ``` +## Configure Firewall +If your using a different name for your firewall than `members_fe` you need to configure the container parameter: + +```yaml +parameters: + members.firewall_name: your_fw_name +``` + ## Configure Client Every provider comes with its own configuration. In this example, we're going to setup the google client: diff --git a/src/MembersBundle/DependencyInjection/MembersExtension.php b/src/MembersBundle/DependencyInjection/MembersExtension.php index 43dcff07..e83349ee 100644 --- a/src/MembersBundle/DependencyInjection/MembersExtension.php +++ b/src/MembersBundle/DependencyInjection/MembersExtension.php @@ -24,6 +24,10 @@ public function prepend(ContainerBuilder $container): void $configs = $container->getExtensionConfig($this->getAlias()); $config = $this->processConfiguration($this->getConfiguration([], $container), $configs); + if (!$container->hasParameter('members.firewall_name')) { + $container->setParameter('members.firewall_name', 'members_fe'); + } + $oauthEnabled = false; if ($container->hasExtension('security') === true && $config['oauth']['enabled'] === true) { $oauthEnabled = true; @@ -116,6 +120,8 @@ protected function enableOauth(ContainerBuilder $container, array $config): void protected function extendPimcoreSecurityConfiguration(ContainerBuilder $container, bool $oauthEnabled): void { + $firewallName = $container->getParameter('members.firewall_name'); + if ($this->authenticatorIsEnabled($container) === false) { $container->loadFromExtension('pimcore', [ @@ -129,7 +135,7 @@ protected function extendPimcoreSecurityConfiguration(ContainerBuilder $containe if ($oauthEnabled === true) { $container->loadFromExtension('security', [ 'firewalls' => [ - 'members_fe' => [ + $firewallName => [ 'guard' => [ 'authenticators' => [ \MembersBundle\Security\OAuthIdentityAuthenticator::class @@ -154,7 +160,7 @@ protected function extendPimcoreSecurityConfiguration(ContainerBuilder $containe if ($oauthEnabled === true) { $container->loadFromExtension('security', [ 'firewalls' => [ - 'members_fe' => [ + $firewallName => [ 'custom_authenticators' => [ OAuthIdentityAuthenticator::class ] diff --git a/src/MembersBundle/Resources/config/packages/security_auth_manager.yaml b/src/MembersBundle/Resources/config/packages/security_auth_manager.yaml index 67ae1030..a655e3bb 100644 --- a/src/MembersBundle/Resources/config/packages/security_auth_manager.yaml +++ b/src/MembersBundle/Resources/config/packages/security_auth_manager.yaml @@ -1,3 +1,7 @@ +# if you're using a different firewall name, you need to enable this parameter +# parameters: +# members.firewall_name: 'your_fw_name' + security: enable_authenticator_manager: true diff --git a/src/MembersBundle/Resources/config/services/event.yml b/src/MembersBundle/Resources/config/services/event.yml index 0c391013..002a12d1 100644 --- a/src/MembersBundle/Resources/config/services/event.yml +++ b/src/MembersBundle/Resources/config/services/event.yml @@ -7,6 +7,8 @@ services: # event: check auth MembersBundle\EventListener\AuthenticationListener: + arguments: + $firewallName: '%members.firewall_name%' tags: - { name: kernel.event_subscriber }