Reset client auth source if not valid (#280)

Author: cicnavi

src/Bridges/SspBridge.php

@@ -4,6 +4,7 @@
 
 namespace SimpleSAML\Module\oidc\Bridges;
 
+use SimpleSAML\Module\oidc\Bridges\SspBridge\Auth;
 use SimpleSAML\Module\oidc\Bridges\SspBridge\Module;
 use SimpleSAML\Module\oidc\Bridges\SspBridge\Utils;
 
@@ -13,6 +14,7 @@
  */
 class SspBridge
 {
+    protected static ?Auth $auth = null;
     protected static ?Utils $utils = null;
     protected static ?Module $module = null;
 
@@ -25,4 +27,9 @@ public function module(): Module
     {
         return self::$module ??= new Module();
     }
+
+    public function auth(): Auth
+    {
+        return self::$auth ??= new Auth();
+    }
 }

src/Bridges/SspBridge/Auth.php

@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Bridges\SspBridge;
+
+use SimpleSAML\Module\oidc\Bridges\SspBridge\Auth\Source;
+
+class Auth
+{
+    protected static ?Source $source = null;
+
+    public function source(): Source
+    {
+        return self::$source ??= new Source();
+    }
+}

src/Bridges/SspBridge/Auth/Source.php

@@ -0,0 +1,13 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Bridges\SspBridge\Auth;
+
+class Source
+{
+    public function getSources(): array
+    {
+        return \SimpleSAML\Auth\Source::getSources();
+    }
+}

src/Forms/ClientForm.php

@@ -17,8 +17,8 @@
 namespace SimpleSAML\Module\oidc\Forms;
 
 use Nette\Forms\Form;
-use SimpleSAML\Auth\Source;
 use SimpleSAML\Locale\Translate;
+use SimpleSAML\Module\oidc\Bridges\SspBridge;
 use SimpleSAML\Module\oidc\Forms\Controls\CsrfProtection;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\OpenID\Codebooks\ClientRegistrationTypesEnum;
@@ -58,8 +58,11 @@ class ClientForm extends Form
     /**
      * @throws \Exception
      */
-    public function __construct(private readonly ModuleConfig $moduleConfig, protected CsrfProtection $csrfProtection)
-    {
+    public function __construct(
+        protected readonly ModuleConfig $moduleConfig,
+        protected CsrfProtection $csrfProtection,
+        protected SspBridge $sspBridge,
+    ) {
         parent::__construct();
 
         $this->buildForm();
@@ -315,6 +318,14 @@ public function setDefaults(object|array $data, bool $erase = false): static
 
         $data['jwks'] = is_array($data['jwks']) ? json_encode($data['jwks']) : null;
 
+        if (
+            $data['auth_source'] !== null &&
+            (!in_array($data['auth_source'], $this->sspBridge->auth()->source()->getSources()))
+        ) {
+            // Possible auth source name change without prior update in clients, resetting.
+            $data['auth_source'] = null;
+        }
+
         parent::setDefaults($data, $erase);
 
         return $this;
@@ -355,10 +366,9 @@ protected function buildForm(): void
 
         $this->addCheckbox('is_confidential', '{oidc:client:is_confidential}');
 
-        // TODO mivanci Source::getSource() move to SSP Bridge.
         $this->addSelect('auth_source', '{oidc:client:auth_source}:')
             ->setHtmlAttribute('class', 'full-width')
-            ->setItems(Source::getSources(), false)
+            ->setItems($this->sspBridge->auth()->source()->getSources(), false)
             ->setPrompt(Translate::noop('-'));
 
         $scopes = $this->getScopes();