authentication provider provisioning

2025-12-22 17:06:40 -05:00
parent 658a319ded
commit 81822498c8
6 changed files with 268 additions and 831 deletions
--- a/core/lib/Security/AuthenticationManager.php
+++ b/core/lib/Security/AuthenticationManager.php
@@ -10,7 +10,6 @@ use KTXC\Security\Authentication\AuthenticationRequest;
 use KTXC\Security\Authentication\AuthenticationResponse;
 use KTXC\Service\TokenService;
 use KTXC\Service\UserService;
-use KTXC\Service\UserProvisioningService;
 use KTXC\SessionTenant;
 use KTXF\Cache\CacheScope;
 use KTXF\Cache\EphemeralCacheInterface;
@@ -32,7 +31,6 @@ class AuthenticationManager
        private readonly ProviderManager $providerManager,
        private readonly TokenService $tokenService,
        private readonly UserService $userService,
-        private readonly UserProvisioningService $provisioningService,
    ) {
        $this->securityCode = $this->tenant->configuration()->security()->code();
    }
@@ -392,19 +390,32 @@ class AuthenticationManager
            );
        }

-        // Find or provision user from external identity
-        $providerConfig = $this->getProviderConfig($method);
-        $user = $this->findOrProvisionUser($method, $result->identity, $providerConfig);
+        // Provider has already provisioned the user - just get user identifier
+        $userIdentifier = $result->identity['user_identifier'] ?? null;
+        
+        if (!$userIdentifier) {
+            $this->deleteSession($session->id);
+            return AuthenticationResponse::failed(
+                AuthenticationResponse::ERROR_INTERNAL,
+                'User provisioning failed',
+                500
+            );
+        }

-        if ($user === null) {
+        // Load user
+        $userData = $this->userService->fetchByIdentifier($userIdentifier);
+        if (!$userData) {
            $this->deleteSession($session->id);
            return AuthenticationResponse::failed(
                AuthenticationResponse::ERROR_USER_NOT_FOUND,
-                'User not found and auto-provisioning is disabled',
+                'User not found after provisioning',
                401
            );
        }

+        $user = new User();
+        $user->populate($userData, 'users');
+
        // Set user in session
        $session->userIdentifier = $user->getId();
        $session->userIdentity = $user->getIdentity();
@@ -688,6 +699,7 @@ class AuthenticationManager
        $attributes['identity'] = $userIdentity;
        $attributes['external_subject'] = $externalSubject;

+        /*
        // Try to find by external subject first
        if ($externalSubject) {
            $user = $this->provisioningService->findByExternalIdentity($providerId, $externalSubject);
@@ -733,6 +745,7 @@ class AuthenticationManager
                $providerConfig
            );
        }
+        */

        return null;
    }