From 3a95608cd5af9e7797e3115848b62c2efe38186c Mon Sep 17 00:00:00 2001
From: Simon Baese <simon@youvo.org>
Date: Mon, 6 Dec 2021 17:40:38 +0100
Subject: [PATCH] Activate userinfo endpoint for OAuth authentication

---
 .../UserInfoOverwriteController.php           | 96 +++++++++++++++++++
 .../src/Routing/RouteSubscriber.php           |  5 +
 .../youvo/blocker_mode/src/BlockerMode.php    |  1 +
 3 files changed, 102 insertions(+)
 create mode 100644 web/modules/interfaces/oauth_grant_remote/src/Controller/UserInfoOverwriteController.php

diff --git a/web/modules/interfaces/oauth_grant_remote/src/Controller/UserInfoOverwriteController.php b/web/modules/interfaces/oauth_grant_remote/src/Controller/UserInfoOverwriteController.php
new file mode 100644
index 00000000..2c24956a
--- /dev/null
+++ b/web/modules/interfaces/oauth_grant_remote/src/Controller/UserInfoOverwriteController.php
@@ -0,0 +1,96 @@
+<?php
+
+namespace Drupal\oauth_grant_remote\Controller;
+
+use Drupal\Core\Config\ConfigFactoryInterface;
+use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
+use Drupal\Core\Session\AccountProxyInterface;
+use Drupal\simple_oauth\Authentication\TokenAuthUser;
+use Drupal\simple_oauth\Entities\UserEntityWithClaims;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
+use Symfony\Component\Serializer\SerializerInterface;
+
+/**
+ * Controller for the User Info endpoint.
+ */
+class UserInfoOverwriteController implements ContainerInjectionInterface {
+
+  /**
+   * The authenticated user.
+   *
+   * @var \Drupal\Core\Session\AccountInterface
+   */
+  private $user;
+
+  /**
+   * The serializer.
+   *
+   * @var \Symfony\Component\Serializer\SerializerInterface
+   */
+  private $serializer;
+
+  /**
+   * The configuration object.
+   *
+   * @var \Drupal\Core\Config\ImmutableConfig
+   */
+  private $config;
+
+  /**
+   * UserInfo constructor.
+   *
+   * @param \Drupal\Core\Session\AccountProxyInterface $user
+   *   The user.
+   * @param \Symfony\Component\Serializer\SerializerInterface $serializer
+   *   The serializer service.
+   * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
+   *   The configuration factory.
+   */
+  private function __construct(AccountProxyInterface $user, SerializerInterface $serializer, ConfigFactoryInterface $config_factory) {
+    $this->user = $user->getAccount();
+    $this->serializer = $serializer;
+    $this->config = $config_factory
+      ->get('simple_oauth.settings');
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    return new static(
+      $container->get('current_user'),
+      $container->get('serializer'),
+      $container->get('config.factory')
+    );
+  }
+
+  /**
+   * The controller.
+   *
+   * @return \Symfony\Component\HttpFoundation\Response
+   *   The response.
+   *
+   * @throws \Symfony\Component\Serializer\Exception\ExceptionInterface
+   */
+  public function handle() {
+    if (!$this->user instanceof TokenAuthUser) {
+      throw new AccessDeniedHttpException('This route is only available for authenticated requests using OAuth2.');
+    }
+    assert($this->serializer instanceof NormalizerInterface);
+    $identifier = $this->user->id();
+    $user_entity = new UserEntityWithClaims();
+    $user_entity->setIdentifier($identifier);
+    $data = $this->serializer
+      ->normalize($user_entity, 'json', [$identifier => $this->user]);
+    $data['profile'] = 'https://www.youvo.org/kreative/' . $identifier;
+    if ($this->user->hasField('fullname')) {
+      $data['name'] = $this->user->get('fullname')->value;
+    }
+    $data['preferred_username'] = $data['name'];
+    return JsonResponse::create($data);
+  }
+
+}
diff --git a/web/modules/interfaces/oauth_grant_remote/src/Routing/RouteSubscriber.php b/web/modules/interfaces/oauth_grant_remote/src/Routing/RouteSubscriber.php
index f73ee8b2..4feb672c 100644
--- a/web/modules/interfaces/oauth_grant_remote/src/Routing/RouteSubscriber.php
+++ b/web/modules/interfaces/oauth_grant_remote/src/Routing/RouteSubscriber.php
@@ -19,6 +19,11 @@ public function alterRoutes(RouteCollection $collection) {
         '_controller' => '\Drupal\oauth_grant_remote\Controller\Oauth2AuthorizeRemoteController::authorize',
       ]);
     }
+    if ($route = $collection->get('simple_oauth.userinfo')) {
+      $route->setDefaults([
+        '_controller' => '\Drupal\oauth_grant_remote\Controller\UserInfoOverwriteController::handle',
+      ]);
+    }
   }
 
 }
diff --git a/web/modules/youvo/blocker_mode/src/BlockerMode.php b/web/modules/youvo/blocker_mode/src/BlockerMode.php
index e7070e56..185df2c6 100644
--- a/web/modules/youvo/blocker_mode/src/BlockerMode.php
+++ b/web/modules/youvo/blocker_mode/src/BlockerMode.php
@@ -61,6 +61,7 @@ public function applies(Request $request, AccountInterface $account) {
       $route_name = $route_match->getRouteName();
       $allowed_routes[] = 'oauth2_token.authorize';
       $allowed_routes[] = 'oauth2_token.token';
+      $allowed_routes[] = 'simple_oauth.userinfo';
       $allowed_routes[] = 'user.login';
       $allowed_routes[] = 'user.logout';
       $allowed_routes[] = 'oauth_grant_remote.expire';