feat: gestione login OAuth2 con Keycloak

MatteoPistorello · MatteoPistorello · commit 9234b4133915 · 2026-02-11T08:59:21.000+01:00
diff --git a/index.php b/index.php
@@ -28,10 +28,11 @@
 $token = filter('token');
 
 $microsoft = null;
-
+$keycloack = null;
 if ($dbo->isConnected()) {
     try {
         $microsoft = $dbo->selectOne('zz_oauth2', '*', ['name' => 'Microsoft', 'enabled' => 1, 'is_login' => 1]);
+        $keycloack = $dbo->selectOne('zz_oauth2', '*', ['name' => 'Keycloak', 'enabled' => 1, 'is_login' => 1]);
     } catch (QueryException $e) {
     }
 }
@@ -253,14 +254,23 @@ function brute() {
                                     <i class="fa fa-question-circle mr-1"></i>'.tr('Password dimenticata?').'
                                 </a>
                             </div>';
-    if ($microsoft) {
+    if ($microsoft || $keycloack) {
         echo '
                         <div class="social-auth-links text-center mt-4 pt-3 border-top">
-                            <p class="text-muted">'.tr('- oppure -').'</p>
-
+                            <p class="text-muted">'.tr('- oppure -').'</p>';
+                        if ($microsoft) {
+                            echo '
                             <a href="'.base_path_osm().'/oauth2_login.php?id='.$microsoft['id'].'" class="btn btn-block btn-social btn-primary btn-flat shadow-sm">
                                 <i class="fa fa-windows mr-2"></i>'.tr('Accedi con Microsoft').'
-                            </a>
+                            </a>';
+                        }
+                        if ($keycloack) {
+                            echo '
+                            <a href="'.base_path_osm().'/oauth2_login.php?id='.$keycloack['id'].'" class="btn btn-block btn-social btn-info btn-flat shadow-sm">
+                                <i class="fa fa-key mr-2"></i>'.tr('Accedi con Keycloack').'
+                            </a>';
+                        }
+                        echo '
                         </div>';
     }
     echo '
diff --git a/modules/emails/src/OAuth2/KeycloakLogin.php b/modules/emails/src/OAuth2/KeycloakLogin.php
@@ -0,0 +1,60 @@
+<?php
+
+namespace Modules\Emails\OAuth2;
+
+use League\OAuth2\Client\Provider\GenericProvider;
+
+class KeycloakLogin extends GenericProvider implements ProviderInterface
+{
+    /**
+     * Impostazioni native per la connessione.
+     *
+     * @var string[][]
+     */
+    protected static $options = [];
+
+    public function __construct(array $options = [], array $collaborators = [])
+    {
+        // Configurazioni specifiche per il provider Keycloak
+        $config = array_merge($options, [
+            'urlAuthorize' => $options['auth_server_url'].'/realms/'.$options['realm'].'/protocol/openid-connect/auth',
+            'urlAccessToken' => $options['auth_server_url'].'/realms/'.$options['realm'].'/protocol/openid-connect/token',
+            'urlResourceOwnerDetails' => $options['auth_server_url'].'/realms/'.$options['realm'].'/protocol/openid-connect/userinfo',
+            'redirectUri' => base_url().'/oauth2_login.php',
+        ]);
+
+        parent::__construct($config, $collaborators);
+    }
+
+    public function getOptions()
+    {
+        return self::$options;
+    }
+
+    public static function getConfigInputs()
+    {
+        return [
+            'auth_server_url' => [
+                'label' => 'Auth Server URL',
+                'type' => 'text',
+            ],
+            'realm' => [
+                'label' => 'Realm',
+                'type' => 'text',
+            ]
+        ];
+    }
+
+    public function getUser($access_token)
+    {
+        $response = $this->getAuthenticatedRequest(
+            'GET',
+            $this->getResourceOwnerDetailsUrl($access_token),
+            $access_token
+        );
+
+        $user = $this->getParsedResponse($response);
+
+        return $user['email'] ?? null;
+    }
+}
diff --git a/oauth2_login.php b/oauth2_login.php
@@ -29,8 +29,7 @@
 
 // Account individuato via state
 if (!empty($state)) {
-    $account = OAuth2::find($_SESSION['oauth2_id'])
-        ->first();
+    $account = OAuth2::find($_SESSION['oauth2_id']);
 } else {
     $account = OAuth2::find(get('id'));
 
diff --git a/update/2_10.sql b/update/2_10.sql
@@ -506,4 +506,8 @@ CREATE TABLE IF NOT EXISTS `an_automezzi_danni` (
 
 -- Aggiunta colonne minimo e massimo alla tabella mg_listini_articoli per gestire i prezzi per range
 ALTER TABLE `mg_listini_articoli` ADD `minimo` decimal(15,6) DEFAULT NULL;
-ALTER TABLE `mg_listini_articoli` ADD `massimo` decimal(15,6) DEFAULT NULL;
+ALTER TABLE `mg_listini_articoli` ADD `massimo` decimal(15,6) DEFAULT NULL;
+
+-- Aggiunta provider OAuth2 Keycloak
+INSERT INTO `zz_oauth2` (`name`, `class`, `client_id`, `client_secret`, `config`, `state`, `access_token`, `refresh_token`, `after_configuration`, `is_login`, `enabled`) VALUES
+('Keycloak', 'Modules\\Emails\\OAuth2\\KeycloakLogin', '', '', '{\"auth_server_url\":\"\",\"realm\":\"\"}', '', NULL, NULL, '', 1, 0);
