Merge pull request #1 from slowcheetah/lms

Sync & Create Users

Author: slowcheetah

.gitignore

@@ -1 +1,2 @@
 vendor/
+.idea/

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 All notable changes to this project will be documented in this file.
 
+### [3.1.0] 2022-11-07
+
+* User auto sync interface integration
+* User auto create interface integration
+
 ### [3.0.1] - 2022-09-28
 
 * Fix #79 (looping on KeycloakCan error). (props: @andrex47)

README.md

@@ -3,6 +3,8 @@
     <img src="https://img.shields.io/packagist/dt/vizir/laravel-keycloak-web-guard.svg" />
 </p>
 
+Fork of [https://github.com/mariovalney/laravel-keycloak-web-guard](https://github.com/mariovalney/laravel-keycloak-web-guard)
+
 # Keycloak Web Guard for Laravel
 
 This packages allow you authenticate users with [Keycloak Server](https://www.keycloak.org).
@@ -19,7 +21,7 @@ It works on front. For APIs we recommend [laravel-keycloak-guard](https://github
 This package was tested with:
 
 * Laravel: 5.8 / 7 / 8 / 9
-* Keycloak: 18.0.0
+* Keycloak: 11.0.3 / 18.0.0
 
 Any other version is not guaranteed to work.
 
@@ -45,7 +47,7 @@ composer require vizir/laravel-keycloak-web-guard
 If you want to change routes or the default values for Keycloak, publish the config file:
 
 ```
-php artisan vendor:publish  --provider="Vizir\KeycloakWebGuard\KeycloakWebGuardServiceProvider"
+php artisan vendor:publish  --provider="SlowCheetah\KeycloakWebGuard\KeycloakWebGuardServiceProvider"
 
 ```
 
@@ -127,15 +129,17 @@ And change your provider config too:
 'providers' => [
     'users' => [
         'driver' => 'keycloak-users',
-        'model' => Vizir\KeycloakWebGuard\Models\KeycloakUser::class,
+        'model' => App\User::class,
+        'modelSearchField' => 'email',  // field in User model for searching
+        'keyCloakSearchField' => 'id',
+        'userCreator' => App\KeyCloak\UserCreator::class,  // class mast implement SlowCheetah\KeycloakWebGuard\Contracts\CreateUserInterface
+        'syncUser' => App\KeyCloak\SyncUser::class,  // class mast implement SlowCheetah\KeycloakWebGuard\Contracts\SyncUserInterface
     ],
 
     // ...
 ]
 ```
 
-**Note:** if you want use another User Model, check the FAQ *How to implement my Model?*.
-
 ## API
 
 We implement the `Illuminate\Contracts\Auth\Guard`. So, all Laravel default methods will be available.
@@ -199,16 +203,6 @@ You can extend it and register your own middleware on Kernel.php or just use `Au
 
 ## FAQ
 
-### How to implement my Model?
-
-We registered a new user provider that you configured on `config/auth.php` called "keycloak-users".
-
-In this same configuration you setted the model. So you can register your own model extending `Vizir\KeycloakWebGuard\Models\KeycloakUser` class and changing this configuration.
-
-You can implement your own [User Provider](https://laravel.com/docs/5.8/authentication#adding-custom-user-providers): just remember to implement the `retrieveByCredentials` method receiving the Keycloak Profile information to retrieve a instance of model.
-
-Eloquent/Database User Provider should work well as they will parse the Keycloak Profile and make a "where" to your database. So your user data must match with Keycloak Profile.
-
 ### I cannot find my login form.
 
 We register a `login` route to redirect to Keycloak Server. After login we'll receive and proccess the token to authenticate your user.

composer.json

@@ -1,7 +1,7 @@
 {
-    "name": "vizir/laravel-keycloak-web-guard",
-    "description": "Simple Keycloak Guard to Laravel Web Routes",
-    "homepage": "https://github.com/Vizir/laravel-keycloak-web-guard",
+    "name": "slowcheetah/laravel-keycloak-web-guard",
+    "description": "Simple Keycloak Guard to Laravel Web Routes With User Sync and User Create Interfaces",
+    "homepage": "https://github.com/slowcheetah/laravel-keycloak-web-guard",
     "license": "MIT",
     "keywords": [
         "laravel",
@@ -13,6 +13,10 @@
         {
             "name": "Mário Valney",
             "email": "mariovalney@gmail.com"
+        },
+        {
+            "name": "Sergey Nechaev",
+            "email": "slow_cheetah@inbox.ru"
         }
     ],
     "minimum-stability": "dev",
@@ -21,16 +25,16 @@
     },
     "autoload": {
         "psr-4": {
-            "Vizir\\KeycloakWebGuard\\": "src/"
+            "SlowCheetah\\KeycloakWebGuard\\": "src/"
         }
     },
     "extra": {
         "laravel": {
             "providers": [
-                "Vizir\\KeycloakWebGuard\\KeycloakWebGuardServiceProvider"
+                "SlowCheetah\\KeycloakWebGuard\\KeycloakWebGuardServiceProvider"
             ],
             "aliases": {
-                "KeycloakWeb": "Vizir\\KeycloakWebGuard\\Facades\\KeycloakWeb"
+                "KeycloakWeb": "SlowCheetah\\KeycloakWebGuard\\Facades\\KeycloakWeb"
             }
         }
     }

config/keycloak-web.php

@@ -47,7 +47,7 @@
     /**
      * Page to redirect after callback if there's no "intent"
      *
-     * @see Vizir\KeycloakWebGuard\Controllers\AuthController::callback()
+     * @see SlowCheetah\KeycloakWebGuard\Controllers\AuthController::callback()
      */
     'redirect_url' => '/admin',
 
@@ -58,7 +58,7 @@
      *
      * The routes will receive the name "keycloak.{route}" and login/callback are required.
      * So, if you make it false, you shoul register a named 'keycloak.login' route and extend
-     * the Vizir\KeycloakWebGuard\Controllers\AuthController controller.
+     * the SlowCheetah\KeycloakWebGuard\Controllers\AuthController controller.
      */
     'routes' => [
         'login' => 'login',

src/Auth/Guard/KeycloakWebGuard.php

@@ -1,15 +1,15 @@
 <?php
 
-namespace Vizir\KeycloakWebGuard\Auth\Guard;
+namespace SlowCheetah\KeycloakWebGuard\Auth\Guard;
 
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\Guard;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Config;
-use Vizir\KeycloakWebGuard\Auth\KeycloakAccessToken;
-use Vizir\KeycloakWebGuard\Exceptions\KeycloakCallbackException;
-use Vizir\KeycloakWebGuard\Models\KeycloakUser;
-use Vizir\KeycloakWebGuard\Facades\KeycloakWeb;
+use SlowCheetah\KeycloakWebGuard\Auth\KeycloakAccessToken;
+use SlowCheetah\KeycloakWebGuard\Exceptions\KeycloakCallbackException;
+use SlowCheetah\KeycloakWebGuard\Models\KeycloakUser;
+use SlowCheetah\KeycloakWebGuard\Facades\KeycloakWeb;
 use Illuminate\Contracts\Auth\UserProvider;
 
 class KeycloakWebGuard implements Guard

src/Auth/KeycloakAccessToken.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Vizir\KeycloakWebGuard\Auth;
+namespace SlowCheetah\KeycloakWebGuard\Auth;
 
 use Exception;
 

src/Auth/KeycloakWebUserProvider.php

@@ -1,48 +1,82 @@
 <?php
 
-namespace Vizir\KeycloakWebGuard\Auth;
+namespace SlowCheetah\KeycloakWebGuard\Auth;
 
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\UserProvider;
-use Vizir\KeycloakWebGuard\Models\KeycloakUser;
 
 class KeycloakWebUserProvider implements UserProvider
 {
     /**
-     * The user model.
-     *
+     * The user model path
      * @var string
      */
-    protected $model;
+    protected string $model;
 
     /**
-     * The Constructor
+     * User model search field
      *
-     * @param string $model
+     * @var string
      */
-    public function __construct($model)
-    {
+    protected string $userSearchField;
+
+    /**
+     * Key cloak user id field
+     * @var string
+     */
+    protected string $keyCloakSearchField;
+
+    /**
+     * The user creator class path
+     * @var string
+     */
+    protected string $userCreator;
+
+    /**
+     * The user sync class path
+     * @var string
+     */
+    protected string $syncUser;
+
+    public function __construct(
+        string $model,
+        string $userSearchField,
+        string $keyCloakSearchField,
+        string $userCreator,
+        string $syncUser
+    ) {
         $this->model = $model;
+        $this->userSearchField = $userSearchField;
+        $this->keyCloakSearchField = $keyCloakSearchField;
+        $this->userCreator = $userCreator;
+        $this->syncUser = $syncUser;
     }
 
     /**
      * Retrieve a user by the given credentials.
      *
      * @param  array  $credentials
-     * @return \Illuminate\Contracts\Auth\Authenticatable|null
+     * @return Authenticatable|null
      */
-    public function retrieveByCredentials(array $credentials)
+    public function retrieveByCredentials(array $credentials): ?Authenticatable
     {
-        $class = '\\'.ltrim($this->model, '\\');
+        if (!$this->validateCredentialsData($credentials)) {
+            return null;
+        }
 
-        return new $class($credentials);
+        $user = $this->getUser($credentials);
+        if (!$user) {
+            return null;
+        }
+
+        return $this->syncUser($user, $credentials);
     }
 
     /**
      * Retrieve a user by their unique identifier.
      *
      * @param  mixed  $identifier
-     * @return \Illuminate\Contracts\Auth\Authenticatable|null
+     * @return Authenticatable|null
      */
     public function retrieveById($identifier)
     {
@@ -54,7 +88,7 @@ public function retrieveById($identifier)
      *
      * @param  mixed  $identifier
      * @param  string  $token
-     * @return \Illuminate\Contracts\Auth\Authenticatable|null
+     * @return Authenticatable|null
      */
     public function retrieveByToken($identifier, $token)
     {
@@ -64,7 +98,7 @@ public function retrieveByToken($identifier, $token)
     /**
      * Update the "remember me" token for the given user in storage.
      *
-     * @param  \Illuminate\Contracts\Auth\Authenticatable  $user
+     * @param Authenticatable $user
      * @param  string  $token
      * @return void
      */
@@ -76,12 +110,45 @@ public function updateRememberToken(Authenticatable $user, $token)
     /**
      * Validate a user against the given credentials.
      *
-     * @param  \Illuminate\Contracts\Auth\Authenticatable  $user
+     * @param Authenticatable $user
      * @param  array  $credentials
      * @return bool
      */
     public function validateCredentials(Authenticatable $user, array $credentials)
     {
         throw new \BadMethodCallException('Unexpected method [validateCredentials] call');
     }
+
+    private function validateCredentialsData(array $credentials): bool
+    {
+        return isset($credentials[$this->keyCloakSearchField]);
+    }
+
+    private function createUser(array $credentials): ?Authenticatable
+    {
+        /** @var Object $userCreatorClass */
+        $userCreatorClass = '\\' . ltrim($this->userCreator, '\\');
+        $userCreator = new $userCreatorClass();
+
+        return $userCreator::createUser($credentials);
+    }
+
+    private function getUser(array $credentials): ?Authenticatable
+    {
+        $class = '\\' . ltrim($this->model, '\\');
+
+        return $class::where($this->userSearchField, $credentials[$this->keyCloakSearchField])
+            ->firstOr(function () use ($credentials) {
+                return $this->createUser($credentials);
+            });
+    }
+
+    private function syncUser(Authenticatable $user, array $credentials): Authenticatable
+    {
+        /** @var Object $userCreatorClass */
+        $syncUserClass = '\\' . ltrim($this->syncUser, '\\');
+        $syncUser = new $syncUserClass();
+
+        return $syncUser->sync($user, $credentials);
+    }
 }

src/Contracts/CreateUserInterface.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace SlowCheetah\KeycloakWebGuard\Contracts;
+
+use Illuminate\Contracts\Auth\Authenticatable;
+
+interface CreateUserInterface
+{
+    public static function createUser(array $data): Authenticatable;
+}

src/Contracts/SyncUserInterface.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace SlowCheetah\KeycloakWebGuard\Contracts;
+
+use Illuminate\Contracts\Auth\Authenticatable;
+
+interface SyncUserInterface
+{
+    public static function sync(Authenticatable $user, array $data): Authenticatable;
+}