SymfonyでLineログイン

gistfile1.txt

security:
    encoders:
        App\Entity\User:
            algorithm: bcrypt
            cost: 12

    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        user_provider:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        user:
            anonymous: true
            guard:
                authenticators:
                    - App\Security\LineAuthenticator
                entry_point: App\Security\LoginFormAuthenticator

            # activate different ways to authenticate

            # http_basic: true
            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate

            # form_login: true
            # https://symfony.com/doc/current/security/form_login_setup.html

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        # - { path: ^/admin, roles: ROLE_ADMIN }

knpu_oauth2_client.yaml

knpu_oauth2_client:
    clients:
        # configure your clients as described here: https://github.com/knpuniversity/oauth2-client-bundle#configuration
        line:
            type: generic
            provider_class: Osapon\OAuth2\Client\Provider\Line
            client_id: "%env(LINE_CLIENT_ID)%"
            client_secret: "%env(LINE_CLIENT_SECRET)%"
            redirect_route: line_callback

LineAuthenticator.php

<?php

namespace App\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use KnpU\OAuth2ClientBundle\Security\Authenticator\SocialAuthenticator;
use Doctrine\ORM\EntityManagerInterface;
use App\Repository\UserRepository;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\RouterInterface;
use App\Entity\User;

class LineAuthenticator extends SocialAuthenticator {

    private $clientRegistry;
    private $entityManager;
    private $router;
    private $userRepository;
    
    public function __construct(ClientRegistry $clientRegistry, EntityManagerInterface $entityManager, RouterInterface $router, UserRepository $userRepository) {
        $this->clientRegistry = $clientRegistry;
        $this->entityManager = $entityManager;
        $this->router = $router;
        $this->userRepository = $userRepository;
    }
    
    public function getCredentials(Request $request) {
        return $this->fetchAccessToken($this->getLineClient());
    }

    public function getUser($credentials, UserProviderInterface $userProvider) {
        $lineUser = $this->getLineClient()
                ->fetchUserFromToken($credentials);
        
        $email = $lineUser->getEmail();
        
        $user = $this->entityManager->getRepository(User::class)->findOneBy([
            'email' => $email,
            'line_id' => $lineUser->getId(),
            'status' => true
        ]);
        
        if(!$user) {
            $secretKey = $this->userRepository->getUniqueSecretKey();
            
            $user = new User();
            $user->setEmail($email);
            $user->setLineId($lineUser->getId());
            $user->setSecretKey($secretKey);
            $user->setStatus(true);
            $this->entityManager->persist($user);
            $this->entityManager->flush($user);
        }
        
        return $user;
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception) {
        $message = strtr($exception->getMessageKey(), $exception->getMessageData());
        
        return new Response($message, Response::HTTP_FORBIDDEN);
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) {
        return null;
    }

    public function start(Request $request, AuthenticationException $authException = null): \Symfony\Component\HttpFoundation\Response {
        return new RedirectResponse($this->router->generate('mypage_login'));
    }

    public function supports(Request $request): bool {
        return 'line_callback' === $request->attributes->get('_route')
            && $request->isMethod('GET');
    }
    
    private function getLineClient() {
        return $this->clientRegistry->getClient('line');
    }

}

LineController.php

<?php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Osapon\OAuth2\Client\Provider\Line;
use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;

/**
 * @Route("/line")
 */
class LineController extends AbstractController
{
    /**
     * @Route("/", name="line")
     */
    public function index(ClientRegistry $clientRegistry)
    {
        return $clientRegistry->getClient("line")->redirect();
    }
    
    /**
     * @Route("/callback", name="line_callback")
     */
    public function callback(Request $request, ClientRegistry $clientRegistry)
    {
        if($this->isGranted("IS_AUTHENTICATED_FULLY")) {
            return $this->redirectToRoute("home");
        }else{
            return $this->redirectToRoute("line");
        }

    }
}