Add event in firewall / guard

Controller/AuthorizationController.php

@@ -7,14 +7,14 @@
 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use Psr\Http\Message\ResponseFactoryInterface;
-use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Trikoder\Bundle\OAuth2Bundle\Converter\UserConverterInterface;
 use Trikoder\Bundle\OAuth2Bundle\Event\AuthorizationRequestResolveEvent;
 use Trikoder\Bundle\OAuth2Bundle\Event\AuthorizationRequestResolveEventFactory;
 use Trikoder\Bundle\OAuth2Bundle\Manager\ClientManagerInterface;
 use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
+use Trikoder\Bundle\OAuth2Bundle\Security\Exception\ExceptionEventFactory;
 
 final class AuthorizationController
 {
@@ -43,21 +43,28 @@ final class AuthorizationController
      */
     private $clientManager;
 
+    /**
+     * @var ExceptionEventFactory
+     */
+    private $exceptionEventFactory;
+
     public function __construct(
         AuthorizationServer $server,
         EventDispatcherInterface $eventDispatcher,
         AuthorizationRequestResolveEventFactory $eventFactory,
         UserConverterInterface $userConverter,
-        ClientManagerInterface $clientManager
+        ClientManagerInterface $clientManager,
+        ExceptionEventFactory $exceptionEventFactory
     ) {
         $this->server = $server;
         $this->eventDispatcher = $eventDispatcher;
         $this->eventFactory = $eventFactory;
         $this->userConverter = $userConverter;
         $this->clientManager = $clientManager;
+        $this->exceptionEventFactory = $exceptionEventFactory;
     }
 
-    public function indexAction(ServerRequestInterface $serverRequest, ResponseFactoryInterface $responseFactory): ResponseInterface
+    public function indexAction(ServerRequestInterface $serverRequest, ResponseFactoryInterface $responseFactory)
     {
         $serverResponse = $responseFactory->createResponse();
 
@@ -90,7 +97,8 @@ public function indexAction(ServerRequestInterface $serverRequest, ResponseFacto
 
             return $this->server->completeAuthorizationRequest($authRequest, $serverResponse);
         } catch (OAuthServerException $e) {
-            return $e->generateHttpResponse($serverResponse);
+            $event = $this->exceptionEventFactory->handleLeagueException($e);
+            return $event->getResponse();
         }
     }
 }

Controller/TokenController.php

@@ -7,8 +7,8 @@
 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use Psr\Http\Message\ResponseFactoryInterface;
-use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use Trikoder\Bundle\OAuth2Bundle\Security\Exception\ExceptionEventFactory;
 
 final class TokenController
 {
@@ -17,21 +17,28 @@ final class TokenController
      */
     private $server;
 
-    public function __construct(AuthorizationServer $server)
+    /**
+     * @var ExceptionEventFactory
+     */
+    private $exceptionEventFactory;
+
+    public function __construct(AuthorizationServer $server, ExceptionEventFactory $exceptionEventFactory)
     {
         $this->server = $server;
+        $this->exceptionEventFactory = $exceptionEventFactory;
     }
 
     public function indexAction(
         ServerRequestInterface $serverRequest,
         ResponseFactoryInterface $responseFactory
-    ): ResponseInterface {
+    ) {
         $serverResponse = $responseFactory->createResponse();
 
         try {
             return $this->server->respondToAccessTokenRequest($serverRequest, $serverResponse);
         } catch (OAuthServerException $e) {
-            return $e->generateHttpResponse($serverResponse);
+            $event = $this->exceptionEventFactory->handleLeagueException($e);
+            return $event->getResponse();
         }
     }
 }

DependencyInjection/Configuration.php

@@ -27,10 +27,6 @@ public function getConfigTreeBuilder(): TreeBuilder
 
         $rootNode
             ->children()
-                ->scalarNode('exception_event_listener_priority')
-                    ->info('The priority of the event listener that converts an Exception to a Response.')
-                    ->defaultValue(10)
-                ->end()
                 ->scalarNode('role_prefix')
                     ->info('Set a custom prefix that replaces the default "ROLE_OAUTH2_" role prefix.')
                     ->defaultValue('ROLE_OAUTH2_')

DependencyInjection/TrikoderOAuth2Extension.php

@@ -33,7 +33,7 @@
 use Trikoder\Bundle\OAuth2Bundle\DBAL\Type\Grant as GrantType;
 use Trikoder\Bundle\OAuth2Bundle\DBAL\Type\RedirectUri as RedirectUriType;
 use Trikoder\Bundle\OAuth2Bundle\DBAL\Type\Scope as ScopeType;
-use Trikoder\Bundle\OAuth2Bundle\EventListener\ConvertExceptionToResponseListener;
+use Trikoder\Bundle\OAuth2Bundle\EventListener\ExceptionToOauthResponseListener;
 use Trikoder\Bundle\OAuth2Bundle\League\AuthorizationServer\GrantTypeInterface;
 use Trikoder\Bundle\OAuth2Bundle\Manager\Doctrine\AccessTokenManager;
 use Trikoder\Bundle\OAuth2Bundle\Manager\Doctrine\AuthorizationCodeManager;
@@ -66,15 +66,15 @@ public function load(array $configs, ContainerBuilder $container)
         $container->getDefinition(OAuth2TokenFactory::class)
             ->setArgument(0, $config['role_prefix']);
 
-        $container->getDefinition(ConvertExceptionToResponseListener::class)
+        $container->registerForAutoconfiguration(GrantTypeInterface::class)
+            ->addTag('trikoder.oauth2.authorization_server.grant');
+
+        $container->getDefinition(ExceptionToOauthResponseListener::class)
             ->addTag('kernel.event_listener', [
                 'event' => KernelEvents::EXCEPTION,
                 'method' => 'onKernelException',
-                'priority' => $config['exception_event_listener_priority'],
+                'priority' => 10
             ]);
-
-        $container->registerForAutoconfiguration(GrantTypeInterface::class)
-            ->addTag('trikoder.oauth2.authorization_server.grant');
     }
 
     /**

Event/OauthEvent/AbstractOauthEvent.php

@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\Event\OauthEvent;
+
+use League\OAuth2\Server\Exception\OAuthServerException;
+use Psr\Http\Message\ResponseInterface;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Contracts\EventDispatcher\Event;
+
+/**
+ * @author Benoit VIGNAL <github@benoit-vignal.fr>
+ */
+abstract class AbstractOauthEvent extends Event
+{
+    /**
+     * @var OAuthServerException
+     */
+    protected $exception;
+
+    /**
+     * @var ResponseInterface
+     */
+    protected $response;
+
+    public function __construct(OAuthServerException $exception, ResponseInterface $response)
+    {
+        $this->exception = $exception;
+        $this->response = $response;
+    }
+
+    /**
+     * @return string The event name that will be use with the eventDispatcher
+     */
+    abstract function getEventName(): string;
+
+    public function getException(): OAuthServerException
+    {
+        return $this->exception;
+    }
+
+    public function getResponse(): ResponseInterface
+    {
+        return $this->response;
+    }
+
+    /**
+     * @param ResponseInterface $response
+     * @return $this
+     */
+    public function setResponse(ResponseInterface $response): AbstractOauthEvent
+    {
+        $this->response = $response;
+        return $this;
+    }
+}

Event/OauthEvent/AuthenticationFailureEvent.php

@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\Event\OauthEvent;
+
+use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
+
+/**
+ * @author Benoit VIGNAL <github@benoit-vignal.fr>
+ */
+class AuthenticationFailureEvent extends AbstractOauthEvent
+{
+    function getEventName(): string
+    {
+        return OAuth2Events::AUTHENTICATION_FAILURE;
+    }
+}

Event/OauthEvent/AuthenticationScopeFailureEvent.php

@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\Event\OauthEvent;
+
+use League\OAuth2\Server\Exception\OAuthServerException;
+use Psr\Http\Message\ResponseInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
+
+/**
+ * @author Benoit VIGNAL <github@benoit-vignal.fr>
+ */
+class AuthenticationScopeFailureEvent extends AbstractOauthEvent
+{
+    /**
+     * @var TokenInterface|null
+     */
+    private $token;
+
+    public function __construct(OAuthServerException $exception, ResponseInterface $response, ?TokenInterface $token = null)
+    {
+        parent::__construct($exception, $response);
+        $this->token = $token;
+    }
+
+    function getEventName(): string
+    {
+        return OAuth2Events::AUTHENTICATION_SCOPE_FAILURE;
+    }
+
+    public function getToken(): ?TokenInterface
+    {
+        return $this->token;
+    }
+}

Event/OauthEvent/AuthorizationServerErrorEvent.php

@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\Event\OauthEvent;
+
+use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
+
+/**
+ * @author Benoit VIGNAL <github@benoit-vignal.fr>
+ */
+class AuthorizationServerErrorEvent extends AbstractOauthEvent
+{
+    function getEventName(): string
+    {
+        return OAuth2Events::AUTHORIZATION_SERVER_ERROR;
+    }
+}

Event/OauthEvent/InvalidCredentialsEvent.php

@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\Event\OauthEvent;
+
+use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
+
+/**
+ * @author Benoit VIGNAL <github@benoit-vignal.fr>
+ */
+class InvalidCredentialsEvent extends AbstractOauthEvent
+{
+    function getEventName(): string
+    {
+        return OAuth2Events::INVALID_CREDENTIALS;
+    }
+}

Event/OauthEvent/MissingAuthorizationHeaderEvent.php

@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\Event\OauthEvent;
+
+use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
+
+/**
+ * @author Benoit VIGNAL <github@benoit-vignal.fr>
+ */
+class MissingAuthorizationHeaderEvent extends AbstractOauthEvent
+{
+    function getEventName(): string
+    {
+        return OAuth2Events::AUTHORIZATION_HEADER_FAILURE;
+    }
+}

EventListener/ExceptionToOauthResponseListener.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Trikoder\Bundle\OAuth2Bundle\EventListener;
+
+
+use League\OAuth2\Server\Exception\OAuthServerException;
+use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
+use Symfony\Component\HttpKernel\Event\ExceptionEvent;
+use Trikoder\Bundle\OAuth2Bundle\Security\Exception\ExceptionEventFactory;
+
+class ExceptionToOauthResponseListener
+{
+    /**
+     * @var ExceptionEventFactory
+     */
+    private $exceptionEventFactory;
+
+    public function __construct(ExceptionEventFactory $exceptionEventFactory)
+    {
+        $this->exceptionEventFactory = $exceptionEventFactory;
+    }
+
+    /**
+     * This method will catch and convert all OAuthServerException to a nice ErrorResponse
+     * This will also trigger the event system
+     *
+     * @param ExceptionEvent $event
+     */
+    public function onKernelException(ExceptionEvent $event): void
+    {
+        $exception = $event->getThrowable();
+        if ($exception instanceof OAuthServerException) {
+            $updatedEvent = $this->exceptionEventFactory->handleLeagueException($exception);
+
+            $httpFoundationFactory = new HttpFoundationFactory();
+            $event->setResponse($httpFoundationFactory->createResponse($updatedEvent->getResponse()));
+        }
+    }
+}

League/Repository/UserRepository.php

@@ -5,6 +5,7 @@
 namespace Trikoder\Bundle\OAuth2Bundle\League\Repository;
 
 use League\OAuth2\Server\Entities\ClientEntityInterface;
+use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Repositories\UserRepositoryInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Trikoder\Bundle\OAuth2Bundle\Converter\UserConverterInterface;
@@ -64,7 +65,7 @@ public function getUserEntityByUserCredentials(
         $user = $event->getUser();
 
         if (null === $user) {
-            return null;
+            throw OAuthServerException::invalidCredentials();
         }
 
         return $this->userConverter->toLeague($user);