Plugin: Azure: Add script to sync users from Azure - refs BT#21930

Author: AngelFQC

plugin/azure_active_directory/lang/dutch.php

@@ -42,3 +42,5 @@
 $strings['group_id_teacher'] = 'Groeps-ID voor docenten';
 $strings['group_id_teacher_help'] = 'De groeps-ID voor docenten. Indien leeg, wordt er automatisch geen gebruiker aangemaakt als docent.';
 $strings['additional_interaction_required'] = 'Er is aanvullende interactie vereist om u te authenticeren. Log rechtstreeks in via <a href="https://login.microsoftonline.com" target="_blank">uw authenticatiesysteem</a> en kom dan terug naar deze pagina om in te loggen.';
+$strings['tenant_id'] = 'Mandanten-ID';
+$strings['tenant_id_help'] = 'Required to run scripts.';

plugin/azure_active_directory/lang/english.php

@@ -42,3 +42,5 @@
 $strings['group_id_teacher'] = 'Group ID for teachers';
 $strings['group_id_teacher_help'] = 'The group ID for teachers. If empty, no user will be automatically created as teacher.';
 $strings['additional_interaction_required'] = 'Some additional interaction is required to authenticate you. Please login directly through <a href="https://login.microsoftonline.com" target="_blank">your authentication system</a>, then come back to this page to login.';
+$strings['tenant_id'] = 'Tenant ID';
+$strings['tenant_id_help'] = 'Required to run scripts.';

plugin/azure_active_directory/lang/french.php

@@ -42,3 +42,5 @@
 $strings['group_id_teacher'] = 'ID du groupe enseignant';
 $strings['group_id_teacher_help'] = 'The group ID for teachers. Si ce champ est laissé vide, aucun utilisateur ne sera créé en tant qu\'enseignant.';
 $strings['additional_interaction_required'] = 'Une interaction supplémentaire est nécessaire pour vous authentifier. Veuillez vous connecter directement auprès de <a href="https://login.microsoftonline.com" target="_blank">votre système d\'authentification</a>, puis revenir ici pour vous connecter.';
+$strings['tenant_id'] = 'ID du client';
+$strings['tenant_id_help'] = 'Nécessaire pour exécuter des scripts.';

plugin/azure_active_directory/lang/spanish.php

@@ -42,3 +42,5 @@
 $strings['group_id_teacher'] = 'ID de grupo profesor';
 $strings['group_id_teacher_help'] = 'El ID de grupo para profesores. Si deja este campo vacío, ningún usuario será creado como profesor.';
 $strings['additional_interaction_required'] = 'Alguna interacción adicional es necesaria para identificarlo/a. Por favor conéctese primero a través de su <a href="https://login.microsoftonline.com" target="_blank">sistema de autenticación</a>, luego regrese aquí para logearse.';
+$strings['tenant_id'] = 'Id. del inquilino';
+$strings['tenant_id_help'] = 'Necesario para ejecutar scripts.';

plugin/azure_active_directory/src/AzureActiveDirectory.php

@@ -26,6 +26,7 @@ class AzureActiveDirectory extends Plugin
     public const SETTING_GROUP_ID_SESSION_ADMIN = 'group_id_session_admin';
     public const SETTING_GROUP_ID_TEACHER = 'group_id_teacher';
     public const SETTING_EXISTING_USER_VERIFICATION_ORDER = 'existing_user_verification_order';
+    public const SETTING_TENANT_ID = 'tenant_id';
 
     public const URL_TYPE_AUTHORIZE = 'login';
     public const URL_TYPE_LOGOUT = 'logout';
@@ -53,6 +54,7 @@ protected function __construct()
             self::SETTING_GROUP_ID_SESSION_ADMIN => 'text',
             self::SETTING_GROUP_ID_TEACHER => 'text',
             self::SETTING_EXISTING_USER_VERIFICATION_ORDER => 'text',
+            self::SETTING_TENANT_ID => 'text',
         ];
 
         parent::__construct('2.3', 'Angel Fernando Quiroz Campos, Yannick Warnier', $settings);

plugin/azure_active_directory/src/scripts/sync_users.php

@@ -0,0 +1,69 @@
+<?php
+/* For license terms, see /license.txt */
+
+require __DIR__ . '/../../../../main/inc/global.inc.php';
+
+if (PHP_SAPI !== 'cli') {
+    exit('Run this script through the command line or comment this line in the code');
+}
+
+$plugin = AzureActiveDirectory::create();
+
+$provider = $plugin->getProvider();
+$provider->urlAPI = "https://graph.microsoft.com/v1.0/";
+$provider->resource = "https://graph.microsoft.com/";
+$provider->tenant = $plugin->get(AzureActiveDirectory::SETTING_TENANT_ID);
+$provider->authWithResource = false;
+
+echo 'Synchronizing users from Azure.'.PHP_EOL;
+
+try {
+    $token = $provider->getAccessToken(
+        'client_credentials',
+        ['resource' => $provider->resource]
+    );
+
+    $userFields = [
+        'givenName',
+        'surname',
+        'mail',
+        'userPrincipalName',
+        'businessPhones',
+        'mobilePhone',
+        'accountEnabled',
+        'mailNickname',
+        'id'
+    ];
+
+    $azureUsersInfo = $provider->get(
+        'users?$select='.implode(',', $userFields),
+        $token
+    );
+} catch (Exception $e) {
+    printf("%s - %s".PHP_EOL, time(), $e->getMessage());
+    die;
+}
+
+printf("%s - Number of users obtained %d".PHP_EOL, time(), count($azureUsersInfo));
+
+/** @var array $user */
+foreach ($azureUsersInfo as $azureUserInfo) {
+    try {
+        $userId = $plugin->registerUser(
+            $token,
+            $provider,
+            $azureUserInfo,
+            'users/' . $azureUserInfo['id'] . '/memberOf',
+            'id',
+            'id'
+        );
+
+        $userInfo = api_get_user_info($userId);
+
+        printf("%s - UserInfo %s".PHP_EOL, time(), serialize($userInfo));
+    } catch (Exception $e) {
+        printf("%s - %s".PHP_EOL, time(), $e->getMessage());
+
+        continue;
+    }
+}