Merge pull request #1962 from malteschlueter/feature/add-resource-own…

…er-passage

README.md

@@ -61,6 +61,7 @@ This bundle contains support for 58 different providers:
 * Mail.ru
 * Odnoklassniki,
 * Office365,
+* Passage,
 * PayPal,
 * QQ,
 * RunKeeper,

docs/2-configuring_resource_owners.md

@@ -62,6 +62,7 @@ hwi_oauth:
 - [Linkedin](resource_owners/linkedin.md)
 - [Mail.ru](resource_owners/mailru.md)
 - [Odnoklassniki](resource_owners/odnoklassniki.md)
+- [Passage](resource_owners/passage.md)
 - [PayPal](resource_owners/paypal.md)
 - [QQ](resource_owners/qq.md)
 - [Reddit](resource_owners/reddit.md)

docs/resource_owners/passage.md

@@ -0,0 +1,27 @@
+Step 2x: Setup Passage
+=====================
+First you will have to register your application on Passage. Check out the 
+documentation for more information: https://docs.passage.id/hosted-login/creating-a-new-app.
+
+Next configure a resource owner of type `passage` with appropriate
+`client_id`, `client_secret` & `options.sub_domain`. For the available scopes (default: `openid email`) you should
+check official Passage documentation: https://docs.passage.id/hosted-login/oidc-client-configuration
+
+```yaml
+# config/packages/hwi_oauth.yaml
+
+hwi_oauth:
+    resource_owners:
+        any_name:
+            type:           passage
+            client_id:      <client_id>
+            client_secret:  <client_secret>
+            options:
+                sub_domain: <sub_domain>
+```
+
+When you're done. Continue by configuring the security layer or go back to
+setup more resource owners.
+
+- [Step 2: Configuring resource owners (Facebook, GitHub, Google, Windows Live and others](../2-configuring_resource_owners.md)
+- [Step 3: Configuring the security layer](../3-configuring_the_security_layer.md).

src/OAuth/ResourceOwner/PassageResourceOwner.php

@@ -0,0 +1,85 @@
+<?php
+
+/*
+ * This file is part of the HWIOAuthBundle package.
+ *
+ * (c) Hardware Info <opensource@hardware.info>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace HWI\Bundle\OAuthBundle\OAuth\ResourceOwner;
+
+use Symfony\Component\OptionsResolver\Options;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+
+final class PassageResourceOwner extends GenericOAuth2ResourceOwner
+{
+    public const TYPE = 'passage';
+
+    /**
+     * {@inheritdoc}
+     */
+    protected array $paths = [
+        'identifier' => 'sub',
+        'email' => 'email',
+        'phone_number' => 'phone_number',
+        'email_verified' => 'email_verified',
+        'phone_number_verified' => 'phone_number_verified',
+    ];
+
+    /**
+     * {@inheritdoc}
+     */
+    public function revokeToken($token)
+    {
+        if (!isset($this->options['revoke_token_url'])) {
+            throw new AuthenticationException('OAuth error: "Method unsupported."');
+        }
+
+        $parameters = [
+            'client_id' => $this->options['client_id'],
+            'client_secret' => $this->options['client_secret'],
+            'token' => $token,
+        ];
+
+        $response = $this->httpRequest($this->normalizeUrl($this->options['revoke_token_url']), $parameters, [], 'POST');
+
+        return 200 === $response->getStatusCode();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function configureOptions(OptionsResolver $resolver)
+    {
+        parent::configureOptions($resolver);
+
+        $resolver->setDefaults([
+            'authorization_url' => 'https://{sub_domain}.withpassage.com/authorize',
+            'access_token_url' => 'https://{sub_domain}.withpassage.com/token',
+            'revoke_token_url' => 'https://{sub_domain}.withpassage.com/revoke',
+            'infos_url' => 'https://{sub_domain}.withpassage.com/userinfo',
+
+            'use_commas_in_scope' => false,
+            'scope' => 'openid email',
+        ]);
+
+        $resolver->setRequired([
+            'sub_domain',
+        ]);
+
+        $normalizer = function (Options $options, $value) {
+            return str_replace('{sub_domain}', $options['sub_domain'], $value);
+        };
+
+        $resolver
+            ->setNormalizer('authorization_url', $normalizer)
+            ->setNormalizer('access_token_url', $normalizer)
+            ->setNormalizer('revoke_token_url', $normalizer)
+            ->setNormalizer('infos_url', $normalizer)
+        ;
+    }
+}

tests/OAuth/ResourceOwner/PassageResourceOwnerTest.php

@@ -0,0 +1,78 @@
+<?php
+
+/*
+ * This file is part of the HWIOAuthBundle package.
+ *
+ * (c) Hardware Info <opensource@hardware.info>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace HWI\Bundle\OAuthBundle\Tests\OAuth\ResourceOwner;
+
+use HWI\Bundle\OAuthBundle\OAuth\ResourceOwner\PassageResourceOwner;
+use HWI\Bundle\OAuthBundle\OAuth\Response\AbstractUserResponse;
+use HWI\Bundle\OAuthBundle\Test\OAuth\ResourceOwner\GenericOAuth2ResourceOwnerTestCase;
+
+final class PassageResourceOwnerTest extends GenericOAuth2ResourceOwnerTestCase
+{
+    protected string $resourceOwnerClass = PassageResourceOwner::class;
+
+    protected array $options = [
+        'client_id' => 'clientid',
+        'client_secret' => 'clientsecret',
+        'sub_domain' => 'subdomain',
+    ];
+
+    protected string $userResponse = <<<json
+{
+    "sub": "cIouEYQZIxZkz69XlAGvQDeN",
+    "email": "foo@example.com",
+    "email_verified": true,
+    "phone_number_verified": false
+}
+json;
+
+    protected array $paths = [
+        'identifier' => 'sub',
+        'email' => 'email',
+        'phone_number' => 'phone_number',
+        'email_verified' => 'email_verified',
+        'phone_number_verified' => 'phone_number_verified',
+    ];
+
+    protected string $authorizationUrlBasePart = 'https://subdomain.withpassage.com/authorize?response_type=code&client_id=clientid&scope=openid+email';
+
+    public function testGetUserInformation(): void
+    {
+        $resourceOwner = $this->createResourceOwner(
+            [],
+            [],
+            [
+                $this->createMockResponse($this->userResponse),
+            ]
+        );
+
+        /** @var AbstractUserResponse $userResponse */
+        $userResponse = $resourceOwner->getUserInformation($this->tokenData);
+
+        $this->assertSame('cIouEYQZIxZkz69XlAGvQDeN', $userResponse->getUsername());
+        $this->assertEquals('token', $userResponse->getAccessToken());
+        $this->assertNull($userResponse->getRefreshToken());
+        $this->assertNull($userResponse->getExpiresIn());
+    }
+
+    public function testRevokeToken(): void
+    {
+        $resourceOwner = $this->createResourceOwner(
+            [],
+            [],
+            [
+                $this->createMockResponse($this->userResponse, 'application/json'),
+            ]
+        );
+
+        $this->assertTrue($resourceOwner->revokeToken('token'));
+    }
+}