vendor/uvdesk/core-framework/Controller/GoogleSSO.php line 54

Open in your IDE?
  1. <?php
  3. namespace Webkul\UVDesk\CoreFrameworkBundle\Controller;
  5. use League\OAuth2\Client\Provider\Google;
  6. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  7. use Symfony\Component\HttpFoundation\Request;
  8. use Symfony\Component\HttpFoundation\RedirectResponse;
  9. use Symfony\Component\HttpFoundation\Response;
  10. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  12. class GoogleSSO extends AbstractController
  13. {
  14.     private string $googleClientId;
  15.     private string $googleClientSecret;
  16.     private string $googleRedirectUri;
  17.     private \Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface $tokenStorage;
  18.     private \Symfony\Component\EventDispatcher\EventDispatcherInterface $eventDispatcher;
  19.     private \Doctrine\ORM\EntityManagerInterface $entityManager;
  20.     private \Symfony\Component\Security\Core\User\UserProviderInterface $userProvider;
  22.     public function __construct(
  23.         string $googleClientId,
  24.         string $googleClientSecret,
  25.         string $googleRedirectUri,
  26.         \Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface $tokenStorage,
  27.         \Symfony\Component\EventDispatcher\EventDispatcherInterface $eventDispatcher,
  28.         \Doctrine\ORM\EntityManagerInterface $entityManager,
  29.         \Symfony\Component\Security\Core\User\UserProviderInterface $userProvider
  30.     ) {
  31.         $this->googleClientId     $googleClientId;
  32.         $this->googleClientSecret $googleClientSecret;
  33.         $this->googleRedirectUri  $googleRedirectUri;
  34.         $this->tokenStorage       $tokenStorage;
  35.         $this->eventDispatcher    $eventDispatcher;
  36.         $this->entityManager      $entityManager;
  37.         $this->userProvider       $userProvider;
  38.     }
  40.     private function getGoogleProvider(): Google
  41.     {
  42.         return new Google([
  43.             'clientId'     => $this->googleClientId,
  44.             'clientSecret' => $this->googleClientSecret,
  45.             'redirectUri'  => $this->googleRedirectUri,
  46.             'scopes'       => ['openid''email''profile'],
  47.         ]);
  48.     }
  50.     /**
  51.      * STEP 1: Redirect user to Google
  52.      * Route name example: helpdesk_member_google_login
  53.      */
  54.     public function googlelogin(SessionInterface $session): RedirectResponse
  55.     {
  56.         $provider $this->getGoogleProvider();
  58.         // Generate authorization URL
  59.         $authUrl $provider->getAuthorizationUrl();
  61.         // Save state in session for CSRF protection
  62.         $session->set('oauth2state'$provider->getState());
  64.         // Redirect to Google
  65.         return new RedirectResponse($authUrl);
  66.     }
  68.     /**
  69.      * STEP 2: Google redirects back here with ?code= and ?state=
  70.      * Route name example: helpdesk_member_google_callback
  71.      */
  72.     public function googlecallback(
  73.         Request $request
  74.         SessionInterface $session
  75.     ): Response
  76.     {
  77.         $provider $this->getGoogleProvider();
  79.         // 1) Handle Google error
  80.         if ($request->query->has('error')) {
  81.             $error $request->query->get('error');
  83.             return new Response(
  84.                 'Got error from Google: ' htmlspecialchars($errorENT_QUOTES'UTF-8'),
  85.                 400
  86.             );
  87.         }
  89.         // 2) Ensure we have an authorization code
  90.         if (!$request->query->has('code')) {
  91.             return new Response('No authorization code returned from Google.'400);
  92.         }
  94.         // 3) Validate state (CSRF protection)
  95.         $state        $request->query->get('state');
  96.         $sessionState $session->get('oauth2state');
  98.         if (empty($state) || $state !== $sessionState) {
  99.             $session->remove('oauth2state');
  100.             return new Response('Invalid state – possible CSRF.'400);
  101.         }
  103.         try {
  104.             // 4) Exchange code for access token
  105.             $token $provider->getAccessToken('authorization_code', [
  106.                 'code' => $request->query->get('code'),
  107.             ]);
  109.             // 5) Get user details from Google
  110.             $owner $provider->getResourceOwner($token);
  111.             $googleEmail $owner->getEmail();
  113.             // 6) Load local user via UserProvider (handles roles, instances, validation)
  114.             try {
  115.                 $user $this->userProvider->loadUserByUsername($googleEmail);
  116.             } catch (\Symfony\Component\Security\Core\Exception\UsernameNotFoundException $e) {
  117.                 return new Response("User with email $googleEmail not found or not active."403);
  118.             }
  120.             // 7) Programmatic Login
  121.             $firewallName 'back_support'
  122.             
  123.             // Roles are already set by UserProvider::loadUserByUsername
  124.             $token = new \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken(
  125.                 $user
  126.                 null
  127.                 $firewallName
  128.                 $user->getRoles()
  129.             );
  131.             // Set token in storage
  132.             $this->tokenStorage->setToken($token);
  134.             // Set session attribute for serialization
  135.             $sessionKey '_security_' $firewallName;
  136.             $serializedToken serialize($token);
  137.             $session->set($sessionKey$serializedToken);
  138.             $session->save(); 
  140.             // DEBUG LOGGING
  141.             error_log("GoogleSSO: Logged in user {$user->getEmail()}");
  142.             error_log("GoogleSSO: Roles: " implode(','$user->getRoles()));
  144.             // Dispatch interactive login event
  145.             $event = new \Symfony\Component\Security\Http\Event\InteractiveLoginEvent($request$token);
  146.             $this->eventDispatcher->dispatch($event'security.interactive_login');
  148.             // 8) Redirect
  149.             return $this->redirect('/public/en/member/dashboard');
  151.         } catch (\Exception $e) {
  152.             return new Response('Something went wrong: ' $e->getMessage(), 500);
  153.         }
  154.     }
  155. }