diff --git a/CHANGELOG.md b/CHANGELOG.md index fa64d234..3ba33416 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## [v2.1.21](https://github.com/roadiz/core-bundle-dev-app/compare/v2.1.20...v2.1.21) (2023-06-28) + + +### Bug Fixes + +* **OpenID:** Do not register `roadiz_rozier.open_id.discovery` if `discovery_url` is not valid ([120b6a9](https://github.com/roadiz/core-bundle-dev-app/commit/120b6a999b6635d120ce5c7ee7225b61328692b1)) + ## [v2.1.20](https://github.com/roadiz/core-bundle-dev-app/compare/v2.1.19...v2.1.20) (2023-06-23) diff --git a/lib/RoadizCoreBundle/config/services.yaml b/lib/RoadizCoreBundle/config/services.yaml index 70791e18..88546c2f 100644 --- a/lib/RoadizCoreBundle/config/services.yaml +++ b/lib/RoadizCoreBundle/config/services.yaml @@ -1,6 +1,6 @@ --- parameters: - roadiz_core.cms_version: '2.1.20' + roadiz_core.cms_version: '2.1.21' roadiz_core.cms_version_prefix: 'main' env(APP_NAMESPACE): "roadiz" env(APP_VERSION): "0.1.0" diff --git a/lib/RoadizRozierBundle/src/DependencyInjection/RoadizRozierExtension.php b/lib/RoadizRozierBundle/src/DependencyInjection/RoadizRozierExtension.php index 0a8ac1e1..b999fb5a 100644 --- a/lib/RoadizRozierBundle/src/DependencyInjection/RoadizRozierExtension.php +++ b/lib/RoadizRozierBundle/src/DependencyInjection/RoadizRozierExtension.php @@ -52,7 +52,14 @@ private function registerOpenId(array $config, ContainerBuilder $container): voi $container->setParameter('roadiz_rozier.open_id.scopes', $config['open_id']['scopes'] ?? []); $container->setParameter('roadiz_rozier.open_id.granted_roles', $config['open_id']['granted_roles'] ?? []); - if (!empty($config['open_id']['discovery_url'])) { + if ( + \is_string($config['open_id']['discovery_url']) && + !empty($config['open_id']['discovery_url']) && + filter_var($config['open_id']['discovery_url'], FILTER_VALIDATE_URL) + ) { + /* + * Register OpenID discovery service only when discovery URL is set. + */ $container->setDefinition( 'roadiz_rozier.open_id.discovery', (new Definition()) @@ -63,40 +70,43 @@ private function registerOpenId(array $config, ContainerBuilder $container): voi new Reference(\Psr\Cache\CacheItemPoolInterface::class) ]) ); + } - $container->setDefinition( - 'roadiz_rozier.open_id.jwt_configuration_factory', - (new Definition()) - ->setClass(\RZ\Roadiz\OpenId\OpenIdJwtConfigurationFactory::class) - ->setPublic(true) - ->setArguments([ - new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE), - $config['open_id']['hosted_domain'], - $config['open_id']['oauth_client_id'], - $config['open_id']['verify_user_info'], - ]) - ); + $container->setDefinition( + 'roadiz_rozier.open_id.jwt_configuration_factory', + (new Definition()) + ->setClass(\RZ\Roadiz\OpenId\OpenIdJwtConfigurationFactory::class) + ->setPublic(true) + ->setArguments([ + new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE), + $config['open_id']['hosted_domain'], + $config['open_id']['oauth_client_id'], + $config['open_id']['verify_user_info'], + ]) + ); - $container->setDefinition( - 'roadiz_rozier.open_id.authenticator', - (new Definition()) - ->setClass(\RZ\Roadiz\OpenId\Authentication\OpenIdAuthenticator::class) - ->setPublic(true) - ->setArguments([ - new Reference('security.http_utils'), - new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE), - new Reference(\RZ\Roadiz\OpenId\Authentication\Provider\ChainJwtRoleStrategy::class), - new Reference('roadiz_rozier.open_id.jwt_configuration_factory'), - new Reference(\Symfony\Component\Routing\Generator\UrlGeneratorInterface::class), - 'loginPage', - 'adminHomePage', - $config['open_id']['oauth_client_id'], - $config['open_id']['oauth_client_secret'], - $config['open_id']['openid_username_claim'], - '_target_path', - $config['open_id']['granted_roles'], - ]) - ); - } + /* + * Always register OpenID authenticator to be able to use it in firewall. + */ + $container->setDefinition( + 'roadiz_rozier.open_id.authenticator', + (new Definition()) + ->setClass(\RZ\Roadiz\OpenId\Authentication\OpenIdAuthenticator::class) + ->setPublic(true) + ->setArguments([ + new Reference('security.http_utils'), + new Reference('roadiz_rozier.open_id.discovery', ContainerInterface::NULL_ON_INVALID_REFERENCE), + new Reference(\RZ\Roadiz\OpenId\Authentication\Provider\ChainJwtRoleStrategy::class), + new Reference('roadiz_rozier.open_id.jwt_configuration_factory'), + new Reference(\Symfony\Component\Routing\Generator\UrlGeneratorInterface::class), + 'loginPage', + 'adminHomePage', + $config['open_id']['oauth_client_id'], + $config['open_id']['oauth_client_secret'], + $config['open_id']['openid_username_claim'], + '_target_path', + $config['open_id']['granted_roles'], + ]) + ); } }