initial openID

Author: symfonyluxury

app/AppKernel.php

@@ -5,37 +5,41 @@
 
 class AppKernel extends Kernel
 {
-    public function registerBundles()
-    {
-        $bundles = array(
-            new Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
-            new Symfony\Bundle\SecurityBundle\SecurityBundle(),
-            new Symfony\Bundle\TwigBundle\TwigBundle(),
-            new Symfony\Bundle\MonologBundle\MonologBundle(),
-            new Symfony\Bundle\SwiftmailerBundle\SwiftmailerBundle(),
-            new Symfony\Bundle\AsseticBundle\AsseticBundle(),
-            new Doctrine\Bundle\DoctrineBundle\DoctrineBundle(),
-            new Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle(),
-            new JMS\AopBundle\JMSAopBundle(),
-            new JMS\DiExtraBundle\JMSDiExtraBundle($this),
-            new JMS\SecurityExtraBundle\JMSSecurityExtraBundle(),
-            new Google\OauthBundle\GoogleOauthBundle(),
-            new Knp\Bundle\OAuthBundle\KnpOAuthBundle(),
-            new Sensio\Bundle\BuzzBundle\SensioBuzzBundle(),
-        );
 
-        if (in_array($this->getEnvironment(), array('dev', 'test'))) {
-            $bundles[] = new Acme\DemoBundle\AcmeDemoBundle();
-            $bundles[] = new Symfony\Bundle\WebProfilerBundle\WebProfilerBundle();
-            $bundles[] = new Sensio\Bundle\DistributionBundle\SensioDistributionBundle();
-            $bundles[] = new Sensio\Bundle\GeneratorBundle\SensioGeneratorBundle();
-        }
+      public function registerBundles()
+      {
+            $bundles = array(
+                    new Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
+                    new Symfony\Bundle\SecurityBundle\SecurityBundle(),
+                    new Symfony\Bundle\TwigBundle\TwigBundle(),
+                    new Symfony\Bundle\MonologBundle\MonologBundle(),
+                    new Symfony\Bundle\SwiftmailerBundle\SwiftmailerBundle(),
+                    new Symfony\Bundle\AsseticBundle\AsseticBundle(),
+                    new Doctrine\Bundle\DoctrineBundle\DoctrineBundle(),
+                    new Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle(),
+                    new JMS\AopBundle\JMSAopBundle(),
+                    new JMS\DiExtraBundle\JMSDiExtraBundle( $this ),
+                    new JMS\SecurityExtraBundle\JMSSecurityExtraBundle(),
+                    new Google\OauthBundle\GoogleOauthBundle(),
+                    new Knp\Bundle\OAuthBundle\KnpOAuthBundle(),
+                    new Sensio\Bundle\BuzzBundle\SensioBuzzBundle(),
+                    new Fp\OpenIdBundle\FpOpenIdBundle(),
+            );
 
-        return $bundles;
-    }
+            if (in_array( $this->getEnvironment(), array('dev', 'test') ))
+            {
+                  $bundles[] = new Acme\DemoBundle\AcmeDemoBundle();
+                  $bundles[] = new Symfony\Bundle\WebProfilerBundle\WebProfilerBundle();
+                  $bundles[] = new Sensio\Bundle\DistributionBundle\SensioDistributionBundle();
+                  $bundles[] = new Sensio\Bundle\GeneratorBundle\SensioGeneratorBundle();
+            }
+
+            return $bundles;
+      }
+
+      public function registerContainerConfiguration(LoaderInterface $loader)
+      {
+            $loader->load( __DIR__ . '/config/config_' . $this->getEnvironment() . '.yml' );
+      }
 
-    public function registerContainerConfiguration(LoaderInterface $loader)
-    {
-        $loader->load(__DIR__.'/config/config_'.$this->getEnvironment().'.yml');
-    }
 }

app/config/config.yml

@@ -1,6 +1,7 @@
 imports:
     - { resource: parameters.yml }
     - { resource: security.yml }
+#    - { resource: @GoogleOauthBundle/Resources/config/services.yml }
 
 framework:
     #esi:             ~
@@ -56,3 +57,7 @@ swiftmailer:
     username:  %mailer_user%
     password:  %mailer_password%
     spool:     { type: memory }
+
+fp_open_id:
+    db_driver: orm
+    identity_class: Google\OauthBundle\Entity\OpenIdIdentity

app/config/routing.yml

@@ -3,6 +3,9 @@ GoogleOauthBundle:
     type:     annotation
     prefix:   /
 
+fp_openid_security:
+    resource: "@FpOpenIdBundle/Resources/config/routing/security.xml"
+    
 # Internal routing configuration to handle ESI
 #_internal:
 #    resource: "@FrameworkBundle/Resources/config/routing/internal.xml"

app/config/security.yml

@@ -4,58 +4,88 @@ jms_security_extra:
 
 security:
     encoders:
-        Symfony\Component\Security\Core\User\User: plaintext
+#        Symfony\Component\Security\Core\User\User: plaintext
+        Google\OauthBundle\Entity\User: md5
 
     role_hierarchy:
         ROLE_ADMIN:       ROLE_USER
         ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
 
     providers:
-        main:
-            oauth_entity:
-                class: Google\OauthBundle\Entity:User
-                property: name
+#        secured_area:
+#            oauth_entity:
+#                class: GoogleOauthBundle:User
+#                property: name
+         administrators:
+             entity: {class: GoogleOauthBundle:User, property: username}
+         openid_user_manager:
+             id:  google.oauth.openid_user_manager
 
-        in_memory:
-            memory:
-                users:
-                    user:  { password: userpass, roles: [ 'ROLE_USER' ] }
-                    admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
+#        in_memory:
+#            memory:
+#                users:
+#                    user:  { password: userpass, roles: [ 'ROLE_USER' ] }
+#                    admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }             
 
     firewalls:
-        dev:
-            pattern:  ^/(_(profiler|wdt)|css|images|js)/
-            security: false
+        main:
+            pattern: ^/
+            logout:       true
+            anonymous:    true
+            
+            fp_openid: 
+                create_user_if_not_exists: true
+                required_attributes:          [namePerson/friendly,contact/email,namePerson,birthDate,pref/language,contact/country/home,person/gender]
+                optional_attributes:          []
+                # options come with abstract listener
+                check_path:                   /login_check
+                default_target_path:          /hello/wtf
+                provider: openid_user_manager
 
-        login:
-            pattern:  ^/demo/secured/login$
-            security: false
 
-        secured_area:
-            pattern:    ^/secured/
-            oauth:
-                oauth_provider:    google
-                authorization_url:  ~
-                access_token_url:  ~
-                infos_url:          ~
-                username_path:     user.login
-                client_id:          66772032914.apps.googleusercontent.com
-                secret:            6ITw8qAL--zt34nzAPodEAgW
-                scope:             userinfo.profile
-                check_path:        /secured/login_check
-                login_path:        /secured/login
-                failure_path:      /
-                
-            form_login:
-                check_path: /demo/secured/login_check
-                login_path: /demo/secured/login
-            logout:
-                path:   /secured/logout
-                target: /
+           
+#        dev:
+#            pattern:  ^/(_(profiler|wdt)|css|images|js)/
+#            security: false
+#
+#        login:
+#            pattern:  ^/demo/secured/login$
+#            security: false
+#
+#        secured_area:
+##            pattern:    ^/secured/
+##            oauth:
+##                oauth_provider:    google
+##                authorization_url:  https://accounts.google.com/o/oauth2/auth
+##                access_token_url:  https://accounts.google.com/o/oauth2/token
+##                infos_url:          https://www.googleapis.com/oauth2/v1/userinfo
+##                username_path:    name
+##                client_id:          66772032914.apps.googleusercontent.com
+##                secret:            6ITw8qAL--zt34nzAPodEAgW
+##                scope:             userinfo.profile
+##                check_path:        /secured/login_check
+##                login_path:        /secured/login
+##                failure_path:      /
+#                
+#            pattern:    ^/demo/secured/
+#            
+#            form_login:
+#                check_path: /demo/secured/login_check
+#                login_path: /demo/secured/login
+#            logout:
+#                path:   /secured/logout
+#                target: /
             #anonymous: ~
             #http_basic:
             #    realm: "Secured Demo Area"
 
     access_control:
+        - { path: ^/login_openid$, role: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/hello, role: IS_AUTHENTICATED_OPENID }
+        
         #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
         #- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }
+        
+#fp_open_id:
+#    db_driver: orm
+#    identity_class: Google\OauthBundle\Entity\OpenIdIdentity

composer.json

@@ -20,7 +20,8 @@
         "jms/di-extra-bundle": "1.0.*",
         "doctrine/data-fixtures": "*",
         "zend/gdata": "*",
-        "knplabs/knp-oauth-bundle": "*"
+        "knplabs/knp-oauth-bundle": "*",
+        "fp/openid-bundle": "dev-master"
     },
     "scripts": {
         "post-install-cmd": [