banquise/pelican-panel-mirror
8
0
Fork 1
mirror of https://github.com/pelican-dev/panel.git synced 2025-09-09 01:38:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

Auto create missing users when using oauth (#1573)

Browse Source
This commit is contained in:
Boy132 2025-08-07 11:22:30 +02:00 committed by GitHub
parent 49e9440e0f
commit 7c315ac995
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 78 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Extensions/OAuth/OAuthSchemaInterface.php
View File

@ -32,4 +32,6 @@ interface OAuthSchemaInterface
public function getHexColor(): ?string; public function getHexColor(): ?string;
public function isEnabled(): bool; public function isEnabled(): bool;
public function shouldCreateMissingUsers(): bool;
} }

20
app/Extensions/OAuth/Schemas/OAuthSchema.php
View File

@ -5,7 +5,9 @@ namespace App\Extensions\OAuth\Schemas;
use App\Extensions\OAuth\OAuthSchemaInterface; use App\Extensions\OAuth\OAuthSchemaInterface;
use Filament\Forms\Components\Component; use Filament\Forms\Components\Component;
use Filament\Forms\Components\TextInput; use Filament\Forms\Components\TextInput;
use Filament\Forms\Components\Toggle;
use Filament\Forms\Components\Wizard\Step; use Filament\Forms\Components\Wizard\Step;
use Filament\Forms\Set;
use Illuminate\Support\Str; use Illuminate\Support\Str;
abstract class OAuthSchema implements OAuthSchemaInterface abstract class OAuthSchema implements OAuthSchemaInterface
@ -53,6 +55,17 @@ abstract class OAuthSchema implements OAuthSchemaInterface
->revealable() ->revealable()
->autocomplete(false) ->autocomplete(false)
->default(env("OAUTH_{$id}_CLIENT_SECRET")), ->default(env("OAUTH_{$id}_CLIENT_SECRET")),
Toggle::make("OAUTH_{$id}_SHOULD_CREATE_MISSING_USERS")
->label(trans('admin/setting.oauth.create_missing_users'))
->columnSpanFull()
->inline(false)
->onIcon('tabler-check')
->offIcon('tabler-x')
->onColor('success')
->offColor('danger')
->formatStateUsing(fn ($state): bool => (bool) $state)
->afterStateUpdated(fn ($state, Set $set) => $set("OAUTH_{$id}_SHOULD_CREATE_MISSING_USERS", (bool) $state))
->default(env("OAUTH_{$id}_SHOULD_CREATE_MISSING_USERS")),
]; ];
} }
@ -96,4 +109,11 @@ abstract class OAuthSchema implements OAuthSchemaInterface
return env("OAUTH_{$id}_ENABLED", false); return env("OAUTH_{$id}_ENABLED", false);
} }
public function shouldCreateMissingUsers(): bool
{
$id = Str::upper($this->getId());
return env("OAUTH_{$id}_SHOULD_CREATE_MISSING_USERS", false);
}
} }

49
app/Http/Controllers/Auth/OAuthController.php
View File

@ -6,8 +6,8 @@ use App\Extensions\OAuth\OAuthService;
use App\Filament\Pages\Auth\EditProfile; use App\Filament\Pages\Auth\EditProfile;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Models\User; use App\Models\User;
use App\Services\Users\UserCreationService;
use App\Services\Users\UserUpdateService; use App\Services\Users\UserUpdateService;
use Exception;
use Filament\Notifications\Notification; use Filament\Notifications\Notification;
use Illuminate\Auth\AuthManager; use Illuminate\Auth\AuthManager;
use Illuminate\Http\RedirectResponse; use Illuminate\Http\RedirectResponse;
@ -18,8 +18,9 @@ class OAuthController extends Controller
{ {
public function __construct( public function __construct(
private readonly AuthManager $auth, private readonly AuthManager $auth,
private UserCreationService $userCreation,
private readonly UserUpdateService $updateService, private readonly UserUpdateService $updateService,
private readonly OAuthService $oauthService private readonly OAuthService $oauthService,
) {} ) {}
/** /**
@ -40,8 +41,10 @@ class OAuthController extends Controller
*/ */
public function callback(Request $request, string $driver): RedirectResponse public function callback(Request $request, string $driver): RedirectResponse
{ {
// Driver is disabled - redirect to normal login $driver = $this->oauthService->get($driver);
if (!$this->oauthService->get($driver)?->isEnabled()) {
// Unknown driver or driver is disabled - redirect to normal login
if (!$driver || !$driver->isEnabled()) {
return redirect()->route('auth.login'); return redirect()->route('auth.login');
} }
@ -59,24 +62,23 @@ class OAuthController extends Controller
return redirect()->route('auth.login'); return redirect()->route('auth.login');
} }
$oauthUser = Socialite::driver($driver)->user(); $oauthUser = Socialite::driver($driver->getId())->user();
// User is already logged in and wants to link a new OAuth Provider // User is already logged in and wants to link a new OAuth Provider
if ($request->user()) { if ($request->user()) {
$oauth = $request->user()->oauth; $oauth = $request->user()->oauth;
$oauth[$driver] = $oauthUser->getId(); $oauth[$driver->getId()] = $oauthUser->getId();
$this->updateService->handle($request->user(), ['oauth' => $oauth]); $this->updateService->handle($request->user(), ['oauth' => $oauth]);
return redirect(EditProfile::getUrl(['tab' => '-oauth-tab'], panel: 'app')); return redirect(EditProfile::getUrl(['tab' => '-oauth-tab'], panel: 'app'));
} }
try { $user = User::whereJsonContains('oauth->'. $driver->getId(), $oauthUser->getId())->first();
$user = User::query()->whereJsonContains('oauth->'. $driver, $oauthUser->getId())->firstOrFail();
$this->auth->guard()->login($user, true); if (!$user) {
} catch (Exception) { // No user found and auto creation is disabled - redirect to normal login
// No user found - redirect to normal login if (!$driver->shouldCreateMissingUsers()) {
Notification::make() Notification::make()
->title('No linked User found') ->title('No linked User found')
->danger() ->danger()
@ -86,6 +88,31 @@ class OAuthController extends Controller
return redirect()->route('auth.login'); return redirect()->route('auth.login');
} }
$username = $oauthUser->getNickname();
$email = $oauthUser->getEmail();
// Incomplete data, can't create user - redirect to normal login
if (!$email) {
Notification::make()
->title('No linked User found')
->danger()
->persistent()
->send();
return redirect()->route('auth.login');
}
$user = $this->userCreation->handle([
'username' => $username,
'email' => $email,
'oauth' => [
$driver->getId() => $oauthUser->getId(),
],
]);
}
$this->auth->guard()->login($user, true);
return redirect('/'); return redirect('/');
} }
} }

7
app/Services/Subusers/SubuserCreationService.php
View File

@ -4,7 +4,6 @@ namespace App\Services\Subusers;
use App\Events\Server\SubUserAdded; use App\Events\Server\SubUserAdded;
use App\Models\User; use App\Models\User;
use Illuminate\Support\Str;
use App\Models\Server; use App\Models\Server;
use App\Models\Subuser; use App\Models\Subuser;
use Illuminate\Database\ConnectionInterface; use Illuminate\Database\ConnectionInterface;
@ -40,14 +39,8 @@ class SubuserCreationService
return $this->connection->transaction(function () use ($server, $email, $permissions) { return $this->connection->transaction(function () use ($server, $email, $permissions) {
$user = User::query()->where('email', $email)->first(); $user = User::query()->where('email', $email)->first();
if (!$user) { if (!$user) {
// Just cap the username generated at 64 characters at most and then append a random string
// to the end to make it "unique"...
[$beforeDomain] = explode('@', $email, 1);
$username = substr(preg_replace('/([^\w.-]+)/', '', $beforeDomain), 0, 64) . Str::random(3);
$user = $this->userCreationService->handle([ $user = $this->userCreationService->handle([
'email' => $email, 'email' => $email,
'username' => $username,
'root_admin' => false, 'root_admin' => false,
]); ]);
} }

11
app/Services/Users/UserCreationService.php
View File

@ -3,6 +3,7 @@
namespace App\Services\Users; namespace App\Services\Users;
use App\Models\Role; use App\Models\Role;
use Illuminate\Support\Str;
use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Uuid;
use App\Models\User; use App\Models\User;
use Illuminate\Contracts\Hashing\Hasher; use Illuminate\Contracts\Hashing\Hasher;
@ -42,6 +43,16 @@ class UserCreationService
$isRootAdmin = array_key_exists('root_admin', $data) && $data['root_admin']; $isRootAdmin = array_key_exists('root_admin', $data) && $data['root_admin'];
unset($data['root_admin']); unset($data['root_admin']);
if (empty($data['username'])) {
$data['username'] = str($data['email'])->before('@')->toString() . Str::random(3);
}
$data['username'] = str($data['username'])
->replace(['.', '-'], '')
->ascii()
->substr(0, 64)
->toString();
/** @var User $user */ /** @var User $user */
$user = User::query()->forceCreate(array_merge($data, [ $user = User::query()->forceCreate(array_merge($data, [
'uuid' => Uuid::uuid4()->toString(), 'uuid' => Uuid::uuid4()->toString(),

1
lang/en/admin/setting.php
View File

@ -97,6 +97,7 @@ return [
'base_url' => 'Base URL', 'base_url' => 'Base URL',
'display_name' => 'Display Name', 'display_name' => 'Display Name',
'auth_url' => 'Authorization callback URL', 'auth_url' => 'Authorization callback URL',
'create_missing_users' => 'Auto Create Missing Users?',
], ],
'misc' => [ 'misc' => [
'auto_allocation' => [ 'auto_allocation' => [