WIP adjust sso handling with multiple providers (#174 #194)

Kovah · Sep 18, 2024 · 96be6ca · 96be6ca
1 parent b9c78b5
commit 96be6ca
Show file tree

Hide file tree

Showing 7 changed files with 358 additions and 399 deletions.
diff --git a/app/Http/Controllers/SocialiteController.php b/app/Http/Controllers/SocialiteController.php
@@ -23,31 +23,36 @@ public function callback(string $provider)
         $authUser = Socialite::driver($provider)->user();
 
         // If a user with the provided email address already exists, register the oauth login
-        // @TODO what about users who try to login to a different OAuth provider?
-        if (User::where('email', $authUser->getEmail())->exists()) {
-            $user = User::where('email', $authUser->getEmail())->first();
+        if ($user = User::where('email', $authUser->getEmail())->first()) {
+            if ($user->sso_provider !== $provider) {
+                abort(403, trans('auth.sso_wrong_provider', [
+                    'currentProvider' => $provider,
+                    'userProvider' => $user->sso_provider,
+                ]));
+            }
+
             $user->update([
                 'name' => $authUser->getNickname(),
-                'oauth_id' => $authUser->id,
-                'oauth_provider' => $provider,
-                'oauth_token' => $authUser->token ?? null,
-                'oauth_token_secret' => $authUser->tokenSecret ?? null,
-                'oauth_refresh_token' => $authUser->refreshToken ?? null,
+                'sso_id' => $authUser->id,
+                'sso_provider' => $provider,
+                'sso_token' => $authUser->token ?? null,
+                'sso_token_secret' => $authUser->tokenSecret ?? null,
+                'sso_refresh_token' => $authUser->refreshToken ?? null,
             ]);
         } else {
             // otherwise, either update an existing oauth user or register a new user
             $user = User::updateOrCreate([
                 'email' => $authUser->getEmail(),
-                'oauth_id' => $authUser->getId(),
-                'oauth_provider' => $provider,
+                'sso_id' => $authUser->getId(),
+                'sso_provider' => $provider,
             ], [
                 'name' => $authUser->getNickname(),
                 'email' => $authUser->getEmail(),
-                'oauth_id' => $authUser->getId(),
-                'oauth_provider' => $provider,
-                'oauth_token' => $authUser->token ?? null,
-                'oauth_token_secret' => $authUser->tokenSecret ?? null,
-                'oauth_refresh_token' => $authUser->refreshToken ?? null,
+                'sso_id' => $authUser->getId(),
+                'sso_provider' => $provider,
+                'sso_token' => $authUser->token ?? null,
+                'sso_token_secret' => $authUser->tokenSecret ?? null,
+                'sso_refresh_token' => $authUser->refreshToken ?? null,
             ]);
 
             if ($user->wasRecentlyCreated) {

diff --git a/app/Models/User.php b/app/Models/User.php
@@ -23,11 +23,11 @@
  * @property string      $email
  * @property string      $password
  * @property string|null $remember_token
- * @property string|null $oauth_id
- * @property string|null $oauth_provider
- * @property string|null $oauth_token
- * @property string|null $oauth_token_secret
- * @property string|null $oauth_refresh_token
+ * @property string|null $sso_id
+ * @property string|null $sso_provider
+ * @property string|null $sso_token
+ * @property string|null $sso_token_secret
+ * @property string|null $sso_refresh_token
  * @property string|null $two_factor_recovery_codes
  * @property string|null $two_factor_secret
  * @property Carbon|null $created_at
@@ -48,19 +48,19 @@ class User extends Authenticatable implements Auditable
         'email',
         'password',
         'blocked_at',
-        'oauth_id',
-        'oauth_provider',
-        'oauth_token',
-        'oauth_token_secret',
-        'oauth_refresh_token',
+        'sso_id',
+        'sso_provider',
+        'sso_token',
+        'sso_token_secret',
+        'sso_refresh_token',
     ];
 
     protected $hidden = [
         'password',
         'remember_token',
-        'oauth_token',
-        'oauth_token_secret',
-        'oauth_refresh_token',
+        'sso_token',
+        'sso_token_secret',
+        'sso_refresh_token',
     ];
 
     protected $casts = [

diff --git a/composer.json b/composer.json
@@ -41,7 +41,7 @@
     "spatie/laravel-settings": "^3.2.3",
     "symfony/http-client": "^6.0",
     "symfony/mailgun-mailer": "^6.0",
-    "kovah/laravel-socialite-oidc": "dev-main"
+    "kovah/laravel-socialite-oidc": "^0.1"
   },
   "require-dev": {
     "barryvdh/laravel-debugbar": "^3.2",
@@ -59,10 +59,6 @@
     {
       "type": "git",
       "url": "https://github.com/Kovah/netscape-bookmark-parser"
-    },
-    {
-      "type": "git",
-      "url": "https://github.com/Kovah/laravel-socialite-oidc"
     }
   ],
   "autoload": {