Merge pull request #32 from kurozumi/fix-email-verified

Auth0のDatabase Connections対応
kurozumi · Oct 1, 2024 · 386baea · 386baea
2 parents c704d57 + 7567360
commit 386baea
Show file tree

Hide file tree

Showing 8 changed files with 105 additions and 21 deletions.
diff --git a/Controller/Auth0Controller.php b/Controller/Auth0Controller.php
@@ -15,8 +15,12 @@
 
 use Eccube\Controller\AbstractController;
 use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
+use KnpU\OAuth2ClientBundle\Security\Helper\FinishRegistrationBehavior;
 use Plugin\Auth0\Repository\ConfigRepository;
 use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\Routing\Annotation\Route;
 
@@ -25,6 +29,8 @@
  */
 class Auth0Controller extends AbstractController
 {
+    use FinishRegistrationBehavior;
+
     /**
      * @param ClientRegistry $clientRegistry
      * @param ConfigRepository $configRepository
@@ -55,4 +61,20 @@ public function connect(ClientRegistry $clientRegistry, ConfigRepository $config
     public function callback()
     {
     }
+
+    /**
+     * @param Request $request
+     * @return Response
+     *
+     * @Route("/connect/email_veridied", name="auth0_connect_email_verified")
+     */
+    public function emailVerified(Request $request): Response
+    {
+        $userInfo = $this->getUserInfoFromSession($request);
+        if (!$userInfo) {
+            throw new BadRequestHttpException();
+        }
+
+        return new Response(trans('plugin.social_login.front.email_verified'));
+    }
 }
diff --git a/Nav.php b/Nav.php
@@ -26,7 +26,7 @@ public static function getNav(): array
             'customer' => [
                 'children' => [
                     'auth0_config' => [
-                        'name' => 'plguin.social_login.admin.setting.title',
+                        'name' => 'plugin.social_login.admin.setting.title',
                         'url' => 'social_login_admin_config',
                     ],
                 ],

diff --git a/Resource/locale/messages.ja.yaml b/Resource/locale/messages.ja.yaml
@@ -1,6 +1,19 @@
-plguin.social_login.admin.config.title: 'ソーシャルログイン'
-plguin.social_login.admin.config.sub_title: '設定'
-plguin.social_login.admin.setting.title: 'Auth0設定'
-plguin.social_login.admin.client_id.label: 'Client ID'
-plguin.social_login.admin.client_secret.label: 'Client Secret'
-plguin.social_login.admin.custom_domain.label: 'Domain'
+plugin:
+  social_login:
+    admin:
+      config:
+        title: 'ソーシャルログイン'
+        sub_title: '設定'
+      setting:
+        title: 'Auth0設定'
+      client_id:
+        label: 'Client ID'
+      client_secret:
+        label: 'Client Secret'
+      custom_domain:
+        label: 'Domain'
+
+    front:
+      email_verified: 'メールを送信しました。アカウントを認証してください。'
+
+
diff --git a/Resource/template/admin/config.twig b/Resource/template/admin/config.twig
@@ -20,26 +20,26 @@
             <div class="c-contentsArea__primaryCol">
                 <div class="c-primaryCol">
                     <div class="card rounded border-0 mb-4">
-                        <div class="card-header"><span>{{ 'plguin.social_login.admin.setting.title'|trans }}</span></div>
+                        <div class="card-header"><span>{{ 'plugin.social_login.admin.setting.title'|trans }}</span></div>
                         <div class="card-body">
                             <div class="row">
-                                <div class="col-3"><span>{{ 'plguin.social_login.admin.client_id.label'|trans }}</span><span
+                                <div class="col-3"><span>{{ 'plugin.social_login.admin.client_id.label'|trans }}</span><span
                                         class="badge badge-primary ml-1">{{ 'admin.common.required'|trans }}</span></div>
                                 <div class="col mb-2">
                                     {{ form_widget(form.client_id) }}
                                     {{ form_errors(form.client_id) }}
                                 </div>
                             </div>
                             <div class="row">
-                                <div class="col-3"><span>{{ 'plguin.social_login.admin.client_secret.label'|trans }}</span><span
+                                <div class="col-3"><span>{{ 'plugin.social_login.admin.client_secret.label'|trans }}</span><span
                                         class="badge badge-primary ml-1">{{ 'admin.common.required'|trans }}</span></div>
                                 <div class="col mb-2">
                                     {{ form_widget(form.client_secret) }}
                                     {{ form_errors(form.client_secret) }}
                                 </div>
                             </div>
                             <div class="row">
-                                <div class="col-3"><span>{{ 'plguin.social_login.admin.custom_domain.label'|trans }}</span><span
+                                <div class="col-3"><span>{{ 'plugin.social_login.admin.custom_domain.label'|trans }}</span><span
                                         class="badge badge-primary ml-1">{{ 'admin.common.required'|trans }}</span></div>
                                 <div class="col mb-2">
                                     {{ form_widget(form.custom_domain) }}

diff --git a/Security/Authenticator/Auth0Authenticator.php b/Security/Authenticator/Auth0Authenticator.php
@@ -20,6 +20,7 @@
 use KnpU\OAuth2ClientBundle\Security\Authenticator\OAuth2Authenticator;
 use KnpU\OAuth2ClientBundle\Security\Exception\FinishRegistrationException;
 use Plugin\Auth0\Entity\Connection;
+use Plugin\Auth0\Security\Exception\EmailVerifiedException;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
@@ -104,14 +105,15 @@ public function authenticate(Request $request): Passport
         return new SelfValidatingPassport(
             new UserBadge($accessToken->getToken(), function () use ($accessToken, $client) {
                 $user = $client->fetchUserFromToken($accessToken);
+                $user = $user->toArray();
 
-                if (!$user->toArray()['email_verified']) {
-                    throw new AuthenticationException();
+                if (!$user['email_verified']) {
+                    throw new EmailVerifiedException($user);
                 }
 
                 /** @var Connection $Connection */
                 $Connection = $this->entityManager->getRepository(Connection::class)
-                    ->findOneBy(['user_id' => $user->toArray()['sub']]);
+                    ->findOneBy(['user_id' => $user['sub']]);
 
                 // 連携済みの場合
                 if ($Connection) {
@@ -126,16 +128,16 @@ public function authenticate(Request $request): Passport
 
                 /** @var Customer $Customer */
                 $Customer = $this->entityManager->getRepository(Customer::class)
-                    ->findOneBy(['email' => $user->getEmail()]);
+                    ->findOneBy(['email' => $user['email']]);
 
                 // 会員登録していない場合、会員登録ページへ
                 if (null === $Customer) {
-                    throw new FinishRegistrationException($user->toArray());
+                    throw new FinishRegistrationException($user);
                 }
 
                 // 会員登録済みの場合はユーザー識別子を保存
                 $Connection = new Connection();
-                $Connection->setUserId($user->toArray()['sub']);
+                $Connection->setUserId($user['sub']);
                 $Connection->setCustomer($Customer);
                 $this->entityManager->persist($Connection);
                 $this->entityManager->flush();
@@ -167,14 +169,20 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token,
      */
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
     {
+        if ($exception instanceof EmailVerifiedException) {
+            $this->saveUserInfoToSession($request, $exception);
+
+            return new RedirectResponse($this->router->generate('auth0_connect_email_verified'));
+        }
+
         if ($exception instanceof FinishRegistrationException) {
             $this->saveUserInfoToSession($request, $exception);
 
             return new RedirectResponse($this->router->generate('entry'));
-        } else {
-            $this->saveAuthenticationErrorToSession($request, $exception);
-
-            return new RedirectResponse($this->router->generate('mypage_login'));
         }
+
+        $this->saveAuthenticationErrorToSession($request, $exception);
+
+        return new RedirectResponse($this->router->generate('mypage_login'));
     }
 }
diff --git a/Security/Exception/EmailVerifiedException.php b/Security/Exception/EmailVerifiedException.php
@@ -0,0 +1,24 @@
+<?php
+
+/*
+ * This file is part of Auth0 for EC-CUBE
+ *
+ * Copyright(c) Akira Kurozumi <info@a-zumi.net>
+ *
+ * https://a-zumi.net
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Plugin\Auth0\Security\Exception;
+
+use KnpU\OAuth2ClientBundle\Security\Exception\FinishRegistrationException;
+
+class EmailVerifiedException extends FinishRegistrationException
+{
+    public function getMessageKey(): string
+    {
+        return 'You need to verify your email address.';
+    }
+}
diff --git a/Tests/Security/Authenticator/Auth0AuthenticatorTest.php b/Tests/Security/Authenticator/Auth0AuthenticatorTest.php
@@ -16,6 +16,7 @@
 use Eccube\Tests\EccubeTestCase;
 use KnpU\OAuth2ClientBundle\Security\Exception\FinishRegistrationException;
 use Plugin\Auth0\Security\Authenticator\Auth0Authenticator;
+use Plugin\Auth0\Security\Exception\EmailVerifiedException;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\HttpFoundation\Session\Session;
@@ -62,6 +63,15 @@ public function testStart()
         self::assertTrue($response->isRedirect($this->router->generate('auth0_connect')));
     }
 
+    public function testOnAuthenticationFailureEmailVerifiedException()
+    {
+        $request = new Request();
+        $request->setSession(new Session(new MockArraySessionStorage()));
+
+        $response = $this->authenticator->onAuthenticationFailure($request, new EmailVerifiedException([]));
+        self::assertTrue($response->isRedirect($this->router->generate('auth0_connect_email_verified')));
+    }
+
     public function testOnAuthenticationFailureFinishRegistrationException()
     {
         $request = new Request();

diff --git a/Tests/Web/Auth0ControllerTest.php b/Tests/Web/Auth0ControllerTest.php
@@ -15,6 +15,7 @@
 
 use Eccube\Tests\Web\AbstractWebTestCase;
 use Plugin\Auth0\Entity\Config;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 class Auth0ControllerTest extends AbstractWebTestCase
 {
@@ -48,4 +49,10 @@ public function testAuth0の設定をしていたらリダイレクト()
         $this->client->request('GET', $this->generateUrl('auth0_connect'));
         self::assertTrue($this->client->getResponse()->isRedirect());
     }
+
+    public function testUserInfoがない場合メールアドレス認証案内ページにアクセスできない()
+    {
+        $this->client->request('GET', $this->generateUrl('auth0_connect_email_verified'));
+        self::assertTrue($this->client->getResponse()->isClientError());
+    }
 }