Dev SSO: Tables, SAML

Core/Objects/DatabaseEntity/Group.class.php

@@ -10,13 +10,13 @@ use Core\Objects\DatabaseEntity\Controller\NMRelation;
 class Group extends DatabaseEntity {
 
   const ADMIN = 1;
-  const MODERATOR = 3;
   const SUPPORT = 2;
+  const MODERATOR = 3;
 
   const GROUPS = [
     self::ADMIN => "Administrator",
-    self::MODERATOR => "Moderator",
     self::SUPPORT => "Support",
+    self::MODERATOR => "Moderator",
   ];
 
   #[MaxLength(32)] public string $name;

Core/Objects/DatabaseEntity/SsoProvider.class.php

@@ -0,0 +1,76 @@
+<?php
+
+namespace Core\Objects\DatabaseEntity;
+
+use Core\Objects\Context;
+use Core\Objects\DatabaseEntity\Attribute\ExtendingEnum;
+use Core\Objects\DatabaseEntity\Attribute\MaxLength;
+use Core\Objects\DatabaseEntity\Attribute\Unique;
+use Core\Objects\DatabaseEntity\Controller\DatabaseEntity;
+use Core\Objects\SSO\SSOProviderOAuth2;
+use Core\Objects\SSO\SSOProviderOIDC;
+use Core\Objects\SSO\SSOProviderSAML;
+
+abstract class SsoProvider extends DatabaseEntity {
+
+  const PROTOCOLS = [
+    "oidc" => SSOProviderOIDC::class,
+    "oauth2" => SSOProviderOAuth2::class,
+    "saml" => SSOProviderSAML::class,
+  ];
+
+  #[MaxLength(64)]
+  private string $name;
+
+  #[MaxLength(36)]
+  #[Unique]
+  private string $identifier;
+
+  private bool $active;
+
+  #[ExtendingEnum(self::PROTOCOLS)]
+  private string $protocol;
+
+  protected string $ssoUrl;
+
+  public function __construct(string $protocol, ?int $id = null) {
+    parent::__construct($id);
+    $this->protocol = $protocol;
+  }
+
+  public static function newInstance(\ReflectionClass $reflectionClass, array $row) {
+    $type = $row["protocol"] ?? null;
+    if ($type === "saml") {
+      return (new \ReflectionClass(SSOProviderSAML::class))->newInstanceWithoutConstructor();
+    } else if ($type === "oauth2") {
+      return (new \ReflectionClass(SSOProviderOAuth2::class))->newInstanceWithoutConstructor();
+    } else if ($type === "oidc") {
+      return (new \ReflectionClass(SSOProviderOIDC::class))->newInstanceWithoutConstructor();
+    } else {
+      return parent::newInstance($reflectionClass, $row);
+    }
+  }
+
+  protected function buildUrl(string $url, array $params): ?string {
+    $parts = parse_url($url);
+    if ($parts === false || !isset($parts["host"])) {
+      return null;
+    }
+
+    if (!isset($parts["query"])) {
+      $parts["query"] = http_build_query($params);
+    } else {
+      $parts["query"] .= "&" . http_build_query($params);
+    }
+
+    $parts["scheme"] = $parts["scheme"] ?? "https";
+    return unparse_url($parts);
+  }
+
+  public function getIdentifier(): string {
+    return $this->identifier;
+  }
+
+  public abstract function login(Context $context, ?string $redirectUrl);
+  public abstract function parseResponse(Context $context, string $response) : ?User;
+}

Core/Objects/DatabaseEntity/User.class.php

@@ -18,11 +18,13 @@ use Core\Objects\DatabaseEntity\Controller\DatabaseEntityHandler;
 
 class User extends DatabaseEntity {
 
-  #[MaxLength(32)] #[Unique] public string $name;
+  #[MaxLength(32)]
+  #[Unique]
+  public string $name;
 
   #[MaxLength(128)]
   #[Visibility(Visibility::NONE)]
-  public string $password;
+  public ?string $password;
 
   #[MaxLength(64)]
   public string $fullName;
@@ -60,8 +62,12 @@ class User extends DatabaseEntity {
   #[Multiple(Group::class)]
   public array $groups;
 
+  public ?SsoProvider $ssoProvider;
+
   public function __construct(?int $id = null) {
     parent::__construct($id);
+    $this->twoFactorToken = null;
+    $this->gpgKey = null;
   }
 
   public function getUsername(): string {
@@ -166,4 +172,8 @@ class User extends DatabaseEntity {
         )->from("User")->whereEq("User.id", new Column($joinColumn)),
       $alias);
   }
+
+  public function isNativeAccount(): bool {
+    return $this->ssoProvider === null;
+  }
 }