Merge tag 'v2.1.21' into develop

v2.1.21
roadiz · Jun 28, 2023 · 02bc78f · 02bc78f
2 parents 701cbf3 + 9be3f07
commit 02bc78f
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 35 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## [v2.1.21](https://github.com/roadiz/core-bundle-dev-app/compare/v2.1.20...v2.1.21) (2023-06-28)
+
+
+### Bug Fixes
+
+* **OpenID:** Do not register `roadiz_rozier.open_id.discovery` if `discovery_url` is not valid ([120b6a9](https://github.com/roadiz/core-bundle-dev-app/commit/120b6a999b6635d120ce5c7ee7225b61328692b1))
+
 ## [v2.1.20](https://github.com/roadiz/core-bundle-dev-app/compare/v2.1.19...v2.1.20) (2023-06-23)
 
 

diff --git a/lib/RoadizCoreBundle/config/services.yaml b/lib/RoadizCoreBundle/config/services.yaml
@@ -1,6 +1,6 @@
 ---
 parameters:
-    roadiz_core.cms_version: '2.1.20'
+    roadiz_core.cms_version: '2.1.21'
     roadiz_core.cms_version_prefix: 'main'
     env(APP_NAMESPACE): "roadiz"
     env(APP_VERSION): "0.1.0"

diff --git a/lib/RoadizRozierBundle/src/DependencyInjection/RoadizRozierExtension.php b/lib/RoadizRozierBundle/src/DependencyInjection/RoadizRozierExtension.php
@@ -52,7 +52,14 @@ private function registerOpenId(array $config, ContainerBuilder $container): voi
         $container->setParameter('roadiz_rozier.open_id.scopes', $config['open_id']['scopes'] ?? []);
         $container->setParameter('roadiz_rozier.open_id.granted_roles', $config['open_id']['granted_roles'] ?? []);
 
-        if (!empty($config['open_id']['discovery_url'])) {
+        if (
+            \is_string($config['open_id']['discovery_url']) &&
+            !empty($config['open_id']['discovery_url']) &&
+            filter_var($config['open_id']['discovery_url'], FILTER_VALIDATE_URL)
+        ) {
+            /*
+             * Register OpenID discovery service only when discovery URL is set.
+             */
             $container->setDefinition(
                 'roadiz_rozier.open_id.discovery',
                 (new Definition())
@@ -63,40 +70,43 @@ private function registerOpenId(array $config, ContainerBuilder $container): voi
                         new Reference(\Psr\Cache\CacheItemPoolInterface::class)
                     ])
             );
+        }
 
-            $container->setDefinition(
-                'roadiz_rozier.open_id.jwt_configuration_factory',
-                (new Definition())
-                    ->setClass(\RZ\Roadiz\OpenId\OpenIdJwtConfigurationFactory::class)
-                    ->setPublic(true)
-                    ->setArguments([
-                        new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE),
-                        $config['open_id']['hosted_domain'],
-                        $config['open_id']['oauth_client_id'],
-                        $config['open_id']['verify_user_info'],
-                    ])
-            );
+        $container->setDefinition(
+            'roadiz_rozier.open_id.jwt_configuration_factory',
+            (new Definition())
+                ->setClass(\RZ\Roadiz\OpenId\OpenIdJwtConfigurationFactory::class)
+                ->setPublic(true)
+                ->setArguments([
+                    new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE),
+                    $config['open_id']['hosted_domain'],
+                    $config['open_id']['oauth_client_id'],
+                    $config['open_id']['verify_user_info'],
+                ])
+        );
 
-            $container->setDefinition(
-                'roadiz_rozier.open_id.authenticator',
-                (new Definition())
-                    ->setClass(\RZ\Roadiz\OpenId\Authentication\OpenIdAuthenticator::class)
-                    ->setPublic(true)
-                    ->setArguments([
-                        new Reference('security.http_utils'),
-                        new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE),
-                        new Reference(\RZ\Roadiz\OpenId\Authentication\Provider\ChainJwtRoleStrategy::class),
-                        new Reference('roadiz_rozier.open_id.jwt_configuration_factory'),
-                        new Reference(\Symfony\Component\Routing\Generator\UrlGeneratorInterface::class),
-                        'loginPage',
-                        'adminHomePage',
-                        $config['open_id']['oauth_client_id'],
-                        $config['open_id']['oauth_client_secret'],
-                        $config['open_id']['openid_username_claim'],
-                        '_target_path',
-                        $config['open_id']['granted_roles'],
-                    ])
-            );
-        }
+        /*
+         * Always register OpenID authenticator to be able to use it in firewall.
+         */
+        $container->setDefinition(
+            'roadiz_rozier.open_id.authenticator',
+            (new Definition())
+                ->setClass(\RZ\Roadiz\OpenId\Authentication\OpenIdAuthenticator::class)
+                ->setPublic(true)
+                ->setArguments([
+                    new Reference('security.http_utils'),
+                    new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE),
+                    new Reference(\RZ\Roadiz\OpenId\Authentication\Provider\ChainJwtRoleStrategy::class),
+                    new Reference('roadiz_rozier.open_id.jwt_configuration_factory'),
+                    new Reference(\Symfony\Component\Routing\Generator\UrlGeneratorInterface::class),
+                    'loginPage',
+                    'adminHomePage',
+                    $config['open_id']['oauth_client_id'],
+                    $config['open_id']['oauth_client_secret'],
+                    $config['open_id']['openid_username_claim'],
+                    '_target_path',
+                    $config['open_id']['granted_roles'],
+                ])
+        );
     }
 }