init commit

Author: ghermans

.gitignore

@@ -0,0 +1,3 @@
+composer.lock
+node_modules
+vendor

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Bagisto Europe
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,27 @@
+<div align="center">
+    <img src="https://bagisto.com/wp-content/themes/bagisto/images/logo.png" alt="Bagisto Logo" />
+    <h2>Azure single sign-on (SSO)</h2>
+</div>
+
+<div align="center">
+    <img alt="GitHub version" src="http://poser.pugx.org/bagisto-eu/azure-auth/v">
+    <img alt="GitHub license" src="https://img.shields.io/github/license/bagisto-europe/admin-azure-auth">
+</div>
+
+Integrate Microsoft Azure Single Sign On and benefit from a secure login experience in the Bagisto admin panel.
+
+![example](docs/bagisto-signin.png)
+
+## Installation
+
+1. Install the package using Composer:
+
+```bash
+    composer require bagisto-eu/azure-auth
+```
+
+2. Run the following command
+
+```bash
+    php artisan azure:configure
+```

composer.json

@@ -0,0 +1,36 @@
+{
+    "name": "bagisto-eu/azure-auth",
+    "type": "library",
+    "description": "Bagisto Azure Authentication Package",
+    "keywords": ["bagisto", "admin", "azure", "authentication", "sso"],
+    "homepage": "https://github.com/bagisto-europe/multisafepay",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Bagisto Europe",
+            "email": "info@bagisto.eu"
+        }
+    ],
+    "require": {
+        "laravel/prompts": "^0.1.13",
+        "laravel/socialite": "^5.10",
+        "socialiteproviders/microsoft-azure": "^5.1"
+    },
+    "autoload": {
+        "psr-4": {
+            "Bagisto\\AzureAuth\\": "src/"
+        }
+    },
+    "config": {
+        "sort-packages": true
+    },
+    "extra": {
+        "laravel": {
+            "providers": [
+                "Bagisto\\AzureAuth\\Providers\\AzureAuthServiceProvider"
+            ]
+        }
+    },
+    "minimum-stability": "dev",
+    "prefer-stable": true
+}

docs/bagisto-signin.png

@@ -0,0 +1,11 @@
+<?php
+
+
+return [
+    'azure' => [    
+        'client_id' => env('AZURE_CLIENT_ID'),
+        'client_secret' => env('AZURE_CLIENT_SECRET'),
+        'redirect' => route('azure.callback'),
+        'tenant' => env('AZURE_TENANT_ID')
+      ]
+];

src/Config/services.php

@@ -0,0 +1,85 @@
+<?php
+
+namespace Bagisto\AzureAuth\Console\Commands;
+
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Artisan;
+use Illuminate\Support\Facades\File;
+use Illuminate\Support\Str;
+
+use function Laravel\Prompts\text;
+use function Laravel\Prompts\info;
+use function Laravel\Prompts\confirm;
+
+class ConfigureAzure extends Command
+{
+    protected $signature = 'azure:configure';
+    protected $description = 'Configure Azure environment variables';
+
+    public function handle()
+    {
+        info('Welcome to the Microsoft Azure SSO setup wizard');
+
+        if ($this->keysExist()) {
+            $overwrite = confirm('Azure configuration keys already exist. This wizard will overwrite existing settings. Continue?', false);
+
+            if (!$overwrite) {
+                return;
+            }
+        }
+
+        $clientId = text(
+            label: 'Please enter your Client ID',
+            required: true
+        );
+
+        $this->updateEnvFile('AZURE_CLIENT_ID', $clientId);
+
+        $clientSecret = text(
+            label: 'Please enter your client Secret',
+            required: true
+        );
+
+        $this->updateEnvFile('AZURE_CLIENT_SECRET', $clientSecret);
+
+        $tenantId = text(
+            label: 'Please enter your Tenant ID',
+            required: true
+        );
+
+        $this->updateEnvFile('AZURE_TENANT_ID', $tenantId);
+
+        Artisan::call('optimize', [], $this->getOutput());
+        
+        Artisan::call('vendor:publish', [
+            '--provider' => "Bagisto\AzureAuth\Providers\AzureAuthServiceProvider",
+            '--force'    => true
+        ], $this->getOutput());
+
+        info('Azure SSO setup completed successfully.');
+    }
+
+    protected function keysExist()
+    {
+        return env('AZURE_CLIENT_ID') !== null
+            && env('AZURE_CLIENT_SECRET') !== null
+            && env('AZURE_TENANT_ID') !== null;
+    }
+
+    protected function updateEnvFile($key, $value)
+    {
+        $envFilePath = base_path('.env');
+
+        if (File::exists($envFilePath)) {
+            $envContent = File::get($envFilePath);
+
+            if (Str::contains($envContent, "{$key}=")) {
+                $envContent = preg_replace("/{$key}=.*/", "{$key}=\"{$value}\"", $envContent);
+            } else {
+                $envContent .= PHP_EOL . "{$key}=\"{$value}\"";
+            }
+
+            File::put($envFilePath, $envContent);
+        }
+    }
+}

src/Console/Commands/ConfigureAzure.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace Bagisto\AzureAuth\Helpers;
+
+class AzureConfigHelper
+{
+    public static function isConfigured()
+    {
+        return (
+            config('services.azure.client_id') &&
+            config('services.azure.client_secret') &&
+            config('services.azure.redirect') &&
+            config('services.azure.tenant')
+        );
+    }
+}

src/Helpers/AzureConfigHelper.php

@@ -0,0 +1,100 @@
+<?php
+
+namespace Bagisto\AzureAuth\Http\Controllers;
+
+use App\Http\Controllers\Controller;
+use Bagisto\AzureAuth\Helpers\AzureConfigHelper;
+
+use Illuminate\Support\Str;
+use Illuminate\Support\Facades\Log;
+use Laravel\Socialite\Facades\Socialite;
+
+use Webkul\User\Repositories\AdminRepository;
+
+class SessionController extends Controller
+{
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct(
+        protected AdminRepository $adminRepository
+    ) {
+    }
+
+    /**
+     * Redirect the user to the Azure authentication page.
+     *
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function redirectToAzure()
+    {
+        if (!AzureConfigHelper::isConfigured()) {
+            return view('azure-auth::errors.config');
+        }
+
+        return Socialite::driver('azure')->redirect();
+    }
+
+    /**
+     * Handle the callback from Azure.
+     *
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function handleCallback()
+    {
+        try {
+            $user = Socialite::driver('azure')->user();
+
+            $localUser = $this->adminRepository->where('email', $user->getEmail())->first();
+
+            if (!$localUser) {
+                $randomPass = Str::random(80);
+
+                $userData = [
+                    'name' => $user->getName(),
+                    'email' => $user->getEmail(),
+                    'password' => bcrypt($randomPass),
+                    'role_id' => 1,
+                    'status' => true
+                ];
+                
+                $adminUser = $this->adminRepository->create($userData);
+
+                if ($adminUser) {
+                    Log::info('Local user created for ', ['user_email' => $user->getEmail()]);
+                }
+            }
+
+            auth()->guard('admin')->login($userData);
+
+            if (! auth()->guard('admin')->user()->status) {
+                session()->flash('warning', trans('admin::app.settings.users.activate-warning'));
+    
+                auth()->guard('admin')->logout();
+    
+                return redirect()->route('admin.session.create');
+            }
+
+            Log::info('Azure Authentication Successful', ['user_email' => $user->getEmail()]);
+
+            return redirect()->route('admin.dashboard.index');
+        } catch (\Exception $e) {
+            Log::error('Azure Authentication Error: ' . $e->getMessage());
+
+            return redirect()->route('admin.session.create')->with('warning', 'Unable to authenticate with your Microsoft account. Please try again.');
+        }
+    }
+
+    /**
+     * Show the error view for missing or invalid Azure configuration.
+     *
+     * @return \Illuminate\View\View
+     */
+    public function showConfigError()
+    {
+        return view('azure-auth::errors.config');
+    }
+
+}

src/Http/Controllers/SessionController.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace Bagisto\AzureAuth\Providers;
+
+use Bagisto\AzureAuth\Console\Commands\ConfigureAzure;
+use Bagisto\AzureAuth\Providers\EventServiceProvider;
+
+use Illuminate\Support\ServiceProvider;
+use Illuminate\Contracts\Http\Kernel;
+
+class AzureAuthServiceProvider extends ServiceProvider
+{
+    /**
+     * Register services.
+     *
+     * @return void
+     */
+    public function register()
+    {
+        $this->app->register(EventServiceProvider::class);
+
+        $this->commands([
+            ConfigureAzure::class,
+        ]);
+    }
+
+    /**
+     * Bootstrap services.
+     *
+     * @return void
+     */
+    public function boot()
+    {
+        $this->loadRoutesFrom(__DIR__.'/../Routes/web.php');
+                
+        $this->loadTranslationsFrom(__DIR__.'/../Resources/lang', 'azure-auth');
+
+        $this->loadViewsFrom(__DIR__.'/../Resources/views', 'azure-auth');
+
+        $this->app->booted(function () {
+            $this->loadConfig();
+        });
+
+        $this->publishes([
+            __DIR__.'/../Resources/img' => public_path('vendor/azure-auth'),
+        ], 'public');
+
+        $this->publishes([
+            __DIR__.'/../Resources/views/users' => resource_path('admin-themes/default/views'),
+        ], 'azure-auth');
+    }
+
+    protected function loadConfig()
+    {
+        $this->mergeConfigFrom(
+            __DIR__ . '/../Config/services.php',
+            'services'
+        );
+    }
+}