5124: Refactored settings

Author: rimi-itk

web/profiles/custom/os2loop/modules/os2loop_cura_login/README.md

@@ -45,7 +45,7 @@ drush --uri='http://nginx:8080' os2loop-cura-login:get-login-url [email protected]
 
 ``` php
 # settings.local.php
-$config['os2loop_cura_login.settings']['log_level'] = \Drupal\Core\Logger\RfcLogLevel::DEBUG;
+$config['os2loop_cura_login.settings']['general']['log_level'] = \Drupal\Core\Logger\RfcLogLevel::DEBUG;
 ```
 
 Run

web/profiles/custom/os2loop/modules/os2loop_cura_login/os2loop_cura_login.routing.yml

@@ -17,7 +17,7 @@ os2loop_cura_login.start_get_jwt:
     _role: "anonymous"
 
 os2loop_cura_login.authenticate:
-  path: "/os2loop-cura-login/authenticate"
+  path: "/os2loop-cura-login/authenticate/{jwt}"
   defaults:
     _title: "Authenticate with Cura login"
     _controller: '\Drupal\os2loop_cura_login\Controller\Os2loopCuraLoginController::authenticate'

web/profiles/custom/os2loop/modules/os2loop_cura_login/os2loop_cura_login.services.yml

@@ -7,3 +7,9 @@ services:
     arguments: ["os2loop_cura_login"]
 
   Drupal\os2loop_cura_login\Settings:
+
+  Drupal\os2loop_cura_login\CuraHelper:
+
+  Drupal\os2loop_cura_login\IdPHelper:
+
+  Drupal\os2loop_cura_login\UserHelper:

web/profiles/custom/os2loop/modules/os2loop_cura_login/src/Controller/Os2loopCuraLoginController.php

@@ -8,11 +8,12 @@
 use Drupal\Core\Controller\ControllerBase;
 use Drupal\Core\Logger\RfcLogLevel;
 use Drupal\Core\Url;
+use Drupal\os2loop_cura_login\CuraHelper;
+use Drupal\os2loop_cura_login\IdPHelper;
 use Drupal\os2loop_cura_login\Settings;
+use Drupal\os2loop_cura_login\UserHelper;
 use Drupal\user\UserInterface;
-use Drupal\user\UserStorageInterface;
 use Firebase\JWT\JWT;
-use Firebase\JWT\Key;
 use Psr\Log\LoggerInterface;
 use Psr\Log\LoggerTrait;
 use Psr\Log\LogLevel;
@@ -30,21 +31,18 @@ final class Os2loopCuraLoginController extends ControllerBase {
 
   private const JWT_KEY = 'os2loop_cura_login';
 
-  /**
-   * The user storage.
-   */
-  private readonly UserStorageInterface $userStorage;
-
   /**
    * Constructor.
    */
   public function __construct(
+    private readonly CuraHelper $curaHelper,
+    private readonly IdPHelper $idPHelper,
+    private readonly UserHelper $userHelper,
     private readonly Settings $settings,
     private readonly TimeInterface $time,
     #[Autowire(service: 'logger.channel.os2loop_cura_login')]
     private readonly LoggerInterface $logger,
   ) {
-    $this->userStorage = $this->entityTypeManager()->getStorage('user');
   }
 
   /**
@@ -68,7 +66,7 @@ public function start(Request $request, ?string $jwt): Response {
       ]);
 
       if (empty($jwt)) {
-        $name = $this->settings->getPayloadName();
+        $name = $this->settings->getCuraSettings()->getPayloadName();
         $jwt = Request::METHOD_POST === $request->getMethod()
           ? $request->request->getString($name)
           : $request->query->getString($name);
@@ -84,21 +82,14 @@ public function start(Request $request, ?string $jwt): Response {
         throw new BadRequestHttpException('Missing or empty JWT');
       }
 
-      $payload = $this->decodeJwt($jwt);
-
-      $this->debug('@debug', [
-        '@debug' => json_encode([
-          'payload' => $payload,
-        ]),
-      ]);
+      [$payload, $username] = $this->curaHelper->decodeJwt($jwt);
 
-      $username = $payload['username'] ?? $payload['brugerId'] ?? NULL;
       if (empty($username)) {
         throw new BadRequestHttpException('Missing username');
       }
 
       // Check that we can get userinfo.
-      $userinfo = $this->fetchUserinfo($username);
+      $userinfo = $this->idPHelper->fetchUserInfo($username);
 
       $this->debug('@debug', [
         '@debug' => json_encode([
@@ -111,7 +102,7 @@ public function start(Request $request, ?string $jwt): Response {
         throw new BadRequestHttpException();
       }
 
-      $user = $this->ensureUser($username, $userinfo);
+      $user = $this->userHelper->ensureUser($username, $userinfo);
 
       $this->debug('@debug', [
         '@debug' => json_encode([
@@ -134,44 +125,22 @@ public function start(Request $request, ?string $jwt): Response {
     }
   }
 
-  /**
-   * Create authenticate response.
-   */
-  private function createAuthenticateResponse(UserInterface $user): Response {
-    // https://github.com/firebase/php-jwt?tab=readme-ov-file#example
-    $payload = [
-      // Issued at.
-      'iat' => $this->time->getRequestTime(),
-      // Expire af 60 seconds.
-      'exp' => $this->time->getRequestTime() + 60,
-      'username' => $user->getAccountName(),
-    ];
-    $jwt = $this->encodeJwt($payload);
-
-    $url = Url::fromRoute('os2loop_cura_login.authenticate', [
-      'jwt' => $jwt,
-    ])->setAbsolute()->toString(TRUE)->getGeneratedUrl();
-
-    return new Response($url);
-  }
-
   /**
    * Authenticate action.
    */
-  public function authenticate(Request $request): Response {
+  public function authenticate(Request $request, string $jwt): Response {
     try {
-      $jwt = $request->get('jwt');
       if (empty($jwt)) {
         throw new BadRequestHttpException();
       }
 
-      $payload = $this->decodeJwt($jwt);
+      [$payload, $_] = $this->curaHelper->decodeJwt($jwt);
       $username = $payload['username'] ?? NULL;
       if (empty($username)) {
         throw new BadRequestHttpException();
       }
 
-      $user = $this->loadUser($username);
+      $user = $this->userHelper->loadUser($username);
       if (empty($user)) {
         // Don't disclose whether or not the user exists.
         throw new BadRequestHttpException();
@@ -185,6 +154,27 @@ public function authenticate(Request $request): Response {
     }
   }
 
+  /**
+   * Create authenticate response.
+   */
+  private function createAuthenticateResponse(UserInterface $user): Response {
+    // https://github.com/firebase/php-jwt?tab=readme-ov-file#example
+    $payload = [
+      // Issued at.
+      'iat' => $this->time->getRequestTime(),
+      // Expire af 60 seconds.
+      'exp' => $this->time->getRequestTime() + 60,
+      'username' => $user->getAccountName(),
+    ];
+    $jwt = $this->encodeJwt($payload);
+
+    $url = Url::fromRoute('os2loop_cura_login.authenticate', [
+      'jwt' => $jwt,
+    ])->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+
+    return new Response($url);
+  }
+
   /**
    * Authenticate user.
    */
@@ -200,99 +190,9 @@ private function authenticateUser($user): Response {
    * Encode JWT.
    */
   private function encodeJwt(array $payload): string {
-    $secret = $this->settings->getSigningSecret();
-    // @todo Get rid of the double base64 encoding.
-    $secret = base64_decode($secret);
-
-    return JWT::encode($payload, $secret, $this->settings->getSigningAlgorithm());
-  }
-
-  /**
-   * Decode JWT.
-   */
-  private function decodeJwt(string $jwt): array {
-    $secret = $this->settings->getSigningSecret();
-    // @todo Get rid of the double base64 encoding.
-    $secret = base64_decode($secret);
-
-    $originalLeeway = JWT::$leeway;
-    $leeway = $this->settings->getJwtLeeway();
-    if ($leeway > 0) {
-      JWT::$leeway = $leeway;
-    }
-    $payload = (array) JWT::decode($jwt, new Key($secret, $this->settings->getSigningAlgorithm()));
-    JWT::$leeway = $originalLeeway;
-
-    return $payload;
-  }
-
-  /**
-   * Get user info from userinfo endpoint.
-   */
-  private function fetchUserinfo(string $username): array {
-    return [
-      // Drupal user fields.
-      'name' => $username,
-      'mail' => $username . '@cura.example.com',
-
-      // OS2Lloop fields
-      // 'os2loop_user_address' => '',
-      // 'os2loop_user_areas_of_expertise' => '',
-      // 'os2loop_user_biography' => '',
-      // 'os2loop_user_city' => '',
-      // 'os2loop_user_external_list' => '',.
-      'os2loop_user_family_name' => 'Cura',
-      'os2loop_user_given_name' => 'User',
-      // 'os2loop_user_image' => '',
-      // 'os2loop_user_internal_list' => '',
-      // 'os2loop_user_job_title' => '',
-      // 'os2loop_user_phone_number' => '',
-      // 'os2loop_user_place' => '',
-      // 'os2loop_user_postal_code' => '',
-      // 'os2loop_user_professions' => '',
-    ];
-  }
-
-  /**
-   * Ensure user exists.
-   *
-   * @param string $username
-   *   The username.
-   * @param array $userinfo
-   *   The user info to set on the user.
-   *
-   * @return \Drupal\user\Entity\UserInterface
-   *   The newly created or updated user.
-   */
-  private function ensureUser(string $username, array $userinfo): UserInterface {
-    $user = $this->loadUser($username);
-
-    if (NULL === $user) {
-      $user = $this->userStorage->create();
-    }
-
-    foreach ($userinfo as $field => $value) {
-      $currentValue = $user->get($field);
-      if ($currentValue !== $value) {
-        $user->set($field, $value);
-      }
-    }
-
-    // Make sure that the user is active.
-    $user
-      ->activate()
-      ->save();
-
-    return $user;
-  }
-
-  /**
-   * Load user by username.
-   */
-  private function loadUser(string $username) : ?UserInterface {
-    $users = $this->userStorage->loadByProperties(['name' => $username]);
+    $settings = $this->settings->getCuraSettings();
 
-    return reset($users) ?: NULL;
+    return JWT::encode($payload, $settings->getSigningSecret(), $settings->getSigningAlgorithm());
   }
 
   /**

web/profiles/custom/os2loop/modules/os2loop_cura_login/src/CuraHelper.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace Drupal\os2loop_cura_login;
+
+use Drupal\os2loop_cura_login\Settings\Cura;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+/**
+ * Cura helper.
+ */
+final class CuraHelper {
+  /**
+   * The settings.
+   */
+  private Cura $settings;
+
+  public function __construct(
+    Settings $settings,
+  ) {
+    $this->settings = $settings->getCuraSettings();
+  }
+
+  /**
+   * Decode JWT.
+   */
+  public function decodeJwt(string $jwt): array {
+    $secret = $this->settings->getSigningSecret();
+
+    $originalLeeway = JWT::$leeway;
+    $leeway = $this->settings->getJwtLeeway();
+    if ($leeway > 0) {
+      JWT::$leeway = $leeway;
+    }
+    $payload = (array) JWT::decode($jwt, new Key($secret, $this->settings->getSigningAlgorithm()));
+    JWT::$leeway = $originalLeeway;
+
+    return [$payload, $payload['username'] ?? $payload['brugerId'] ?? NULL];
+  }
+
+}