Prevent empty identifier for user entity

ajgarlag · ajgarlag · commit 88fb5e9b77ae · 2024-08-12T10:20:10.000+02:00
diff --git a/src/Converter/UserConverter.php b/src/Converter/UserConverter.php
@@ -10,6 +10,19 @@
 
 final class UserConverter implements UserConverterInterface
 {
+    public const DEFAULT_ANONYMOUS_USER_IDENTIFIER = 'anonymous';
+
+    /** @var non-empty-string */
+    private string $anonymousUserIdentifier;
+
+    /**
+     * @param non-empty-string $anonymousUserIdentifier
+     */
+    public function __construct(string $anonymousUserIdentifier = self::DEFAULT_ANONYMOUS_USER_IDENTIFIER)
+    {
+        $this->anonymousUserIdentifier = $anonymousUserIdentifier;
+    }
+
     /**
      * @psalm-suppress DeprecatedMethod
      * @psalm-suppress UndefinedInterfaceMethod
@@ -20,11 +33,14 @@ public function toLeague(?UserInterface $user): UserEntityInterface
         if ($user instanceof UserInterface) {
             $identifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
             if ('' === $identifier) {
-                throw new \RuntimeException('Emtpy identifier not allowed');
+                $identifier = $this->anonymousUserIdentifier;
             }
-            $userEntity->setIdentifier($identifier);
+        } else {
+            $identifier = $this->anonymousUserIdentifier;
         }
 
+        $userEntity->setIdentifier($identifier);
+
         return $userEntity;
     }
 }
diff --git a/src/DependencyInjection/Configuration.php b/src/DependencyInjection/Configuration.php
@@ -5,6 +5,7 @@
 namespace League\Bundle\OAuth2ServerBundle\DependencyInjection;
 
 use Defuse\Crypto\Key;
+use League\Bundle\OAuth2ServerBundle\Converter\UserConverter;
 use League\Bundle\OAuth2ServerBundle\Model\AbstractClient;
 use League\Bundle\OAuth2ServerBundle\Model\Client;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
@@ -31,6 +32,11 @@ public function getConfigTreeBuilder(): TreeBuilder
                     ->defaultValue('ROLE_OAUTH2_')
                     ->cannotBeEmpty()
                 ->end()
+                ->scalarNode('anonymous_user_identifier')
+                    ->info('Set a default user identifier for anonymous users')
+                    ->defaultValue(UserConverter::DEFAULT_ANONYMOUS_USER_IDENTIFIER)
+                    ->cannotBeEmpty()
+                ->end()
             ->end();
 
         return $treeBuilder;
diff --git a/src/DependencyInjection/LeagueOAuth2ServerExtension.php b/src/DependencyInjection/LeagueOAuth2ServerExtension.php
@@ -8,6 +8,7 @@
 use League\Bundle\OAuth2ServerBundle\AuthorizationServer\GrantTypeInterface;
 use League\Bundle\OAuth2ServerBundle\Command\CreateClientCommand;
 use League\Bundle\OAuth2ServerBundle\Command\GenerateKeyPairCommand;
+use League\Bundle\OAuth2ServerBundle\Converter\UserConverter;
 use League\Bundle\OAuth2ServerBundle\DBAL\Type\Grant as GrantType;
 use League\Bundle\OAuth2ServerBundle\DBAL\Type\RedirectUri as RedirectUriType;
 use League\Bundle\OAuth2ServerBundle\DBAL\Type\Scope as ScopeType;
@@ -68,6 +69,9 @@ public function load(array $configs, ContainerBuilder $container)
         $container->findDefinition(OAuth2Authenticator::class)
             ->setArgument(3, $config['role_prefix']);
 
+        $container->findDefinition(UserConverter::class)
+            ->setArgument(0, $config['anonymous_user_identifier']);
+
         $container->registerForAutoconfiguration(GrantTypeInterface::class)
             ->addTag('league.oauth2_server.authorization_server.grant');
 
