5124: Updated controller actions

Author: rimi-itk

web/profiles/custom/os2loop/modules/os2loop_cura_login/os2loop_cura_login.routing.yml

@@ -17,7 +17,7 @@ os2loop_cura_login.start_get_jwt:
     _role: "anonymous"
 
 os2loop_cura_login.authenticate:
-  path: "/os2loop-login-hack/authenticate"
+  path: "/os2loop-cura-login/authenticate"
   defaults:
     _title: "Authenticate with Cura login"
     _controller: '\Drupal\os2loop_cura_login\Controller\Os2loopCuraLoginController::authenticate'

web/profiles/custom/os2loop/modules/os2loop_cura_login/src/Controller/Os2loopCuraLoginController.php

@@ -7,10 +7,9 @@
 use Drupal\Component\Datetime\TimeInterface;
 use Drupal\Core\Controller\ControllerBase;
 use Drupal\Core\Logger\RfcLogLevel;
-use Drupal\Core\Routing\TrustedRedirectResponse;
 use Drupal\Core\Url;
 use Drupal\os2loop_cura_login\Settings;
-use Drupal\user\Entity\User;
+use Drupal\user\UserInterface;
 use Drupal\user\UserStorageInterface;
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
@@ -19,7 +18,6 @@
 use Psr\Log\LogLevel;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\HttpFoundation\Exception\BadRequestException;
-use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
@@ -86,17 +84,7 @@ public function start(Request $request, ?string $jwt): Response {
         throw new BadRequestHttpException('Missing or empty JWT');
       }
 
-      $secret = $this->settings->getSigningSecret();
-      // @todo Get rid of the double base64 encoding.
-      $secret = base64_decode($secret);
-
-      $originalLeeway = JWT::$leeway;
-      $leeway = $this->settings->getJwtLeeway();
-      if ($leeway > 0) {
-        JWT::$leeway = $leeway;
-      }
-      $payload = (array) JWT::decode($jwt, new Key($secret, $this->settings->getSigningAlgorithm()));
-      JWT::$leeway = $originalLeeway;
+      $payload = $this->decodeJwt($jwt);
 
       $this->debug('@debug', [
         '@debug' => json_encode([
@@ -109,51 +97,36 @@ public function start(Request $request, ?string $jwt): Response {
         throw new BadRequestHttpException('Missing username');
       }
 
-      $user = $this->loadUser($username);
+      // Check that we can get userinfo.
+      $userinfo = $this->fetchUserinfo($username);
 
       $this->debug('@debug', [
         '@debug' => json_encode([
-          'user' => $user,
+          'userinfo' => $userinfo,
         ]),
       ]);
 
-      if (empty($user)) {
+      if (empty($userinfo)) {
         // Don't disclose whether or not the user exists.
         throw new BadRequestHttpException();
       }
 
-      // Check that we can get userinfo.
-      $userinfo = $this->getUserinfo($user);
+      $user = $this->ensureUser($username, $userinfo);
 
       $this->debug('@debug', [
         '@debug' => json_encode([
-          'userinfo' => $userinfo,
+          'user' => $user,
         ]),
       ]);
 
-      if (empty($userinfo)) {
+      if (empty($user)) {
+        // Don't disclose whether or not the user exists.
         throw new BadRequestHttpException();
       }
 
-      // https://github.com/firebase/php-jwt?tab=readme-ov-file#example
-      $payload = [
-        // Issued at.
-        'iat' => $this->time->getRequestTime(),
-        // Expire af 60 seconds.
-        'exp' => $this->time->getRequestTime() + 60,
-        'username' => $username,
-      ];
-      $jwt = JWT::encode($payload, self::JWT_KEY, 'HS256');
-
-      $url = Url::fromRoute('os2loop_cura_login.authenticate', [
-        'username' => $username,
-        'jwt' => $jwt,
-      ])->setAbsolute()->toString(TRUE)->getGeneratedUrl();
-
-      return new JsonResponse([
-        'authenticate_url' => $url,
-        'jwt' => $jwt,
-      ]);
+      return Request::METHOD_POST === $request->getMethod()
+        ? $this->createAuthenticateResponse($user)
+        : $this->authenticateUser($user);
     }
     catch (\Exception $exception) {
       $this->error('start: @message', ['@message' => $exception->getMessage(), $exception]);
@@ -162,17 +135,37 @@ public function start(Request $request, ?string $jwt): Response {
   }
 
   /**
-   * Authenticate user.
+   * Create authenticate response.
+   */
+  private function createAuthenticateResponse(UserInterface $user): Response {
+    // https://github.com/firebase/php-jwt?tab=readme-ov-file#example
+    $payload = [
+      // Issued at.
+      'iat' => $this->time->getRequestTime(),
+      // Expire af 60 seconds.
+      'exp' => $this->time->getRequestTime() + 60,
+      'username' => $user->getAccountName(),
+    ];
+    $jwt = $this->encodeJwt($payload);
+
+    $url = Url::fromRoute('os2loop_cura_login.authenticate', [
+      'jwt' => $jwt,
+    ])->setAbsolute()->toString(TRUE)->getGeneratedUrl();
+
+    return new Response($url);
+  }
+
+  /**
+   * Authenticate action.
    */
   public function authenticate(Request $request): Response {
     try {
-      $username = $request->get('username');
       $jwt = $request->get('jwt');
-      if (empty($username) || empty($jwt)) {
+      if (empty($jwt)) {
         throw new BadRequestHttpException();
       }
 
-      $payload = (array) JWT::decode($jwt, new Key(self::JWT_KEY, 'HS256'));
+      $payload = $this->decodeJwt($jwt);
       $username = $payload['username'] ?? NULL;
       if (empty($username)) {
         throw new BadRequestHttpException();
@@ -184,54 +177,124 @@ public function authenticate(Request $request): Response {
         throw new BadRequestHttpException();
       }
 
-      $this->updateUser($user);
-
-      user_login_finalize($user);
-
-      $url = Url::fromRoute('<front>')->setAbsolute()->toString(TRUE)->getGeneratedUrl();
-      $this->messenger()->addStatus($this->t('Welcome @user.', ['@user' => $user->getDisplayName()]));
-
-      return new TrustedRedirectResponse($url);
+      return $this->authenticateUser($user);
     }
     catch (\Exception $exception) {
-      $this->error('start: @message', ['@message' => $exception->getMessage(), $exception]);
+      $this->error('authenticate: @message', ['@message' => $exception->getMessage(), $exception]);
       throw new BadRequestException($exception->getMessage());
     }
   }
 
   /**
-   * Load user by username.
-   *
-   * @param string $username
-   *   The username.
-   *
-   * @return \Drupal\user\Entity\User|null
-   *   The user if any.
+   * Authenticate user.
    */
-  private function loadUser(string $username): ?User {
-    $users = $this->userStorage->loadByProperties(['name' => $username]);
+  private function authenticateUser($user): Response {
+    user_login_finalize($user);
 
-    return reset($users) ?: NULL;
+    $this->messenger()->addStatus($this->t('Welcome Cura user @user.', ['@user' => $user->getDisplayName()]));
+
+    return $this->redirect('<front>');
   }
 
   /**
-   * Update user with info from IdP.
+   * Encode JWT.
    */
-  private function updateUser(User $user): User {
-    // $userinfo = $this->getUserinfo($user);
-    // @todo Update user.
-    return $user;
+  private function encodeJwt(array $payload): string {
+    $secret = $this->settings->getSigningSecret();
+    // @todo Get rid of the double base64 encoding.
+    $secret = base64_decode($secret);
+
+    return JWT::encode($payload, $secret, $this->settings->getSigningAlgorithm());
+  }
+
+  /**
+   * Decode JWT.
+   */
+  private function decodeJwt(string $jwt): array {
+    $secret = $this->settings->getSigningSecret();
+    // @todo Get rid of the double base64 encoding.
+    $secret = base64_decode($secret);
+
+    $originalLeeway = JWT::$leeway;
+    $leeway = $this->settings->getJwtLeeway();
+    if ($leeway > 0) {
+      JWT::$leeway = $leeway;
+    }
+    $payload = (array) JWT::decode($jwt, new Key($secret, $this->settings->getSigningAlgorithm()));
+    JWT::$leeway = $originalLeeway;
+
+    return $payload;
   }
 
   /**
    * Get user info from userinfo endpoint.
    */
-  private function getUserinfo(User $user): array {
+  private function fetchUserinfo(string $username): array {
     return [
-      'name' => $user->getDisplayName(),
+      // Drupal user fields.
+      'name' => $username,
+      'mail' => $username . '@cura.example.com',
+
+      // OS2Lloop fields
+      // 'os2loop_user_address' => '',
+      // 'os2loop_user_areas_of_expertise' => '',
+      // 'os2loop_user_biography' => '',
+      // 'os2loop_user_city' => '',
+      // 'os2loop_user_external_list' => '',.
+      'os2loop_user_family_name' => 'Cura',
+      'os2loop_user_given_name' => 'User',
+      // 'os2loop_user_image' => '',
+      // 'os2loop_user_internal_list' => '',
+      // 'os2loop_user_job_title' => '',
+      // 'os2loop_user_phone_number' => '',
+      // 'os2loop_user_place' => '',
+      // 'os2loop_user_postal_code' => '',
+      // 'os2loop_user_professions' => '',
     ];
   }
 
+  /**
+   * Ensure user exists.
+   *
+   * @param string $username
+   *   The username.
+   * @param array $userinfo
+   *   The user info to set on the user.
+   *
+   * @return \Drupal\user\Entity\UserInterface
+   *   The newly created or updated user.
+   */
+  private function ensureUser(string $username, array $userinfo): UserInterface {
+    $user = $this->loadUser($username);
+
+    if (NULL === $user) {
+      $user = $this->userStorage->create();
+    }
+
+    foreach ($userinfo as $field => $value) {
+      $currentValue = $user->get($field);
+      if ($currentValue !== $value) {
+        $user->set($field, $value);
+      }
+    }
+
+    // Make sure that the user is active.
+    $user
+      ->activate()
+      ->save();
+
+    return $user;
+  }
+
+  /**
+   * Load user by username.
+   */
+  private function loadUser(string $username) : ?UserInterface {
+    $users = $this->userStorage->loadByProperties(['name' => $username]);
+
+    return reset($users) ?: NULL;
+  }
+
   /**
    * {@inheritdoc}
    */