From 7b3172c29da5b45006b756ece44e941099e7e3a5 Mon Sep 17 00:00:00 2001
From: Ambroise Maupate <ambroise@rezo-zero.com>
Date: Tue, 28 Jun 2022 18:32:24 +0200
Subject: [PATCH] feat: Moved open_id configuration from core to rozier bundle

---
 composer.json                      | 28 ++++++++++++++--------------
 config/packages/roadiz_core.yaml   | 15 ---------------
 config/packages/roadiz_rozier.yaml | 16 ++++++++++++++++
 config/packages/security.yaml      |  2 +-
 4 files changed, 31 insertions(+), 30 deletions(-)

diff --git a/composer.json b/composer.json
index a62aa20e..8cc42afa 100644
--- a/composer.json
+++ b/composer.json
@@ -86,21 +86,21 @@
         "symfony/phpunit-bridge": "5.4.*",
         "symfony/web-profiler-bundle": "5.4.*",
         "roadiz/doc-generator": "~2.0.0",
-        "roadiz/rozier":                           "dev-develop",
+        "roadiz/rozier": "dev-develop",
         "roadiz/dts-generator": "~2.0.0",
-        "roadiz/openid":                           "dev-develop",
-        "roadiz/documents":                        "dev-develop",
-        "roadiz/entity-generator":                 "dev-main",
-        "roadiz/markdown":                         "dev-develop",
-        "roadiz/models":                           "dev-develop",
-        "roadiz/random":                           "dev-main",
-        "roadiz/jwt":                              "dev-main",
-        "roadiz/nodetype-contracts":               "~1.1.0 || dev-main",
-        "rezozero/crypto":                         "^1.0.0",
-        "phpoffice/phpspreadsheet":                "^1.15",
-        "rezozero/intervention-request-bundle":    "~2.0.0",
-        "symfony/rate-limiter":                    "5.4.*",
-        "rezozero/tree-walker":                    "^1.1.0",
+        "roadiz/openid": "dev-develop",
+        "roadiz/documents": "dev-develop",
+        "roadiz/entity-generator": "~2.0.1",
+        "roadiz/markdown": "dev-develop",
+        "roadiz/models": "dev-develop",
+        "roadiz/random": "dev-main",
+        "roadiz/jwt": "~2.0.0",
+        "roadiz/nodetype-contracts": "~1.1.2",
+        "rezozero/crypto": "^1.0.0",
+        "phpoffice/phpspreadsheet": "^1.15",
+        "rezozero/intervention-request-bundle": "~2.0.0",
+        "symfony/rate-limiter": "5.4.*",
+        "rezozero/tree-walker": "^1.1.0",
         "pimple/pimple": "*"
     },
     "config": {
diff --git a/config/packages/roadiz_core.yaml b/config/packages/roadiz_core.yaml
index 27842fab..be9982d5 100644
--- a/config/packages/roadiz_core.yaml
+++ b/config/packages/roadiz_core.yaml
@@ -23,20 +23,5 @@ roadiz_core:
                 core: '%env(string:SOLR_CORE_NAME)%'
                 port: '%env(string:SOLR_PORT)%'
                 path: /
-    open_id:
-        # Verify User info in JWT at each login
-        verify_user_info: true
-        # Standard OpenID autodiscovery URL, required to enable OpenId login in Roadiz CMS.
-        discovery_url: '%env(string:OPEN_ID_DISCOVERY_URL)%'
-        # For public identity providers (such as Google), restrict users emails by their domain.
-        hosted_domain: '%env(string:OPEN_ID_HOSTED_DOMAIN)%'
-        # OpenID identity provider OAuth2 client ID
-        oauth_client_id: '%env(string:OPEN_ID_CLIENT_ID)%'
-        # OpenID identity provider OAuth2 client secret
-        oauth_client_secret: '%env(string:OPEN_ID_CLIENT_SECRET)%'
-        granted_roles:
-            - ROLE_USER
-            - ROLE_BACKEND_USER
-            - ROLE_SUPERADMIN
 
 
diff --git a/config/packages/roadiz_rozier.yaml b/config/packages/roadiz_rozier.yaml
index 0d45ca4f..5f91f4ae 100644
--- a/config/packages/roadiz_rozier.yaml
+++ b/config/packages/roadiz_rozier.yaml
@@ -1,5 +1,21 @@
 ---
 roadiz_rozier:
+    open_id:
+        # Verify User info in JWT at each login
+        verify_user_info: false
+        # Standard OpenID autodiscovery URL, required to enable OpenId login in Roadiz CMS.
+        discovery_url: '%env(string:OPEN_ID_DISCOVERY_URL)%'
+        # For public identity providers (such as Google), restrict users emails by their domain.
+        hosted_domain: '%env(string:OPEN_ID_HOSTED_DOMAIN)%'
+        # OpenID identity provider OAuth2 client ID
+        oauth_client_id: '%env(string:OPEN_ID_CLIENT_ID)%'
+        # OpenID identity provider OAuth2 client secret
+        oauth_client_secret: '%env(string:OPEN_ID_CLIENT_SECRET)%'
+        granted_roles:
+            - ROLE_USER
+            - ROLE_BACKEND_USER
+            - ROLE_SUPERADMIN
+
     entries:
         dashboard:
             name: dashboard
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index ce06f4f5..a7cfdd61 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -68,7 +68,7 @@ security:
                     - lexik_jwt_authentication.jwt_token_authenticator
             custom_authenticator:
                 - RZ\Roadiz\RozierBundle\Security\RozierAuthenticator
-                - roadiz_rozier.authenticator.open_id
+                - roadiz_rozier.open_id.authenticator
 
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used