Skip to content

Commit

Permalink
Merge pull request #279 from retif/personify-fix
Browse files Browse the repository at this point in the history 
Update PersonifyAuthController.php to not grant access to Cancelled/Expired members (master)
  • Loading branch information
@anpolimus
anpolimus authored Mar 1, 2021
2 parents 80e2416 + c539c6a commit a551d58
Show file tree
Hide file tree
Showing 4 changed files with 194 additions and 86 deletions.
5 changes: 4 additions & 1 deletion modules/openy_gc_auth/modules/openy_gc_auth_personify/openy_gc_auth_personify.services.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
services:
gated_content_events_user_logout:
class: '\Drupal\openy_gc_auth_personify\EventSubscriber\PersonifyUserLogoutSubscriber'
arguments: ['@request_stack', '@config.factory', '@logger.factory', '@http_client']
arguments: ['@request_stack', '@config.factory', '@openy_gc_auth_personify.logout_client']
tags:
- { name: 'event_subscriber' }
openy_gc_auth_personify.logout_client:
class: '\Drupal\openy_gc_auth_personify\LogoutClient'
arguments: ['@config.factory', '@logger.factory', '@http_client']
66 changes: 53 additions & 13 deletions .../openy_gc_auth/modules/openy_gc_auth_personify/src/Controller/PersonifyAuthController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

namespace Drupal\openy_gc_auth_personify\Controller;

use Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Logger\LoggerChannelFactory;
use Drupal\Core\Routing\TrustedRedirectResponse;
Expand All @@ -15,6 +16,7 @@
use Symfony\Component\HttpFoundation\Request;
use Drupal\Core\Messenger\MessengerInterface;
use Drupal\openy_gc_auth\GCUserAuthorizer;
use Drupal\openy_gc_auth_personify\LogoutClient;

/**
* Personify controller to handle Personify SSO authentication.
Expand Down Expand Up @@ -63,6 +65,20 @@ class PersonifyAuthController extends ControllerBase {
*/
protected $gcUserAuthorizer;

/**
* Event Dispatcher.
*
* @var \Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher
*/
protected $eventDispatcher;

/**
* Provider client.
*
* @var \Drupal\openy_gc_auth_personify\LogoutClient
*/
protected $logoutClient;

/**
* PersonifyAuthController constructor.
*
Expand All @@ -78,21 +94,29 @@ class PersonifyAuthController extends ControllerBase {
* The messenger.
* @param \Drupal\openy_gc_auth\GCUserAuthorizer $gcUserAuthorizer
* The Gated User Authorizer.
* @param \Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher $eventDispatcher
* Event Dispatcher.
* @param \Drupal\openy_gc_auth_personify\LogoutClient $logoutClient
* Logout client.
*/
public function __construct(
PersonifySSO $personifySSO,
PersonifyClient $personifyClient,
ConfigFactoryInterface $configFactory,
LoggerChannelFactory $loggerChannelFactory,
MessengerInterface $messenger,
GCUserAuthorizer $gcUserAuthorizer
GCUserAuthorizer $gcUserAuthorizer,
ContainerAwareEventDispatcher $eventDispatcher,
LogoutClient $logoutClient
) {
$this->personifySSO = $personifySSO;
$this->personifyClient = $personifyClient;
$this->configFactory = $configFactory;
$this->logger = $loggerChannelFactory->get('openy_gc_auth_personify');
$this->messenger = $messenger;
$this->gcUserAuthorizer = $gcUserAuthorizer;
$this->eventDispatcher = $eventDispatcher;
$this->logoutClient = $logoutClient;
}

/**
Expand All @@ -105,7 +129,9 @@ public static function create(ContainerInterface $container) {
$container->get('config.factory'),
$container->get('logger.factory'),
$container->get('messenger'),
$container->get('openy_gc_auth.user_authorizer')
$container->get('openy_gc_auth.user_authorizer'),
$container->get('event_dispatcher'),
$container->get('openy_gc_auth_personify.logout_client')
);
}

Expand All @@ -126,12 +152,27 @@ public function auth(Request $request) {

$decrypted_token = $this->personifySSO->decryptCustomerToken($query['ct']);
if ($token = $this->personifySSO->validateCustomerToken($decrypted_token)) {
$userInfo = $this->personifySSO->getCustomerInfo($token);
$errorMessage = NULL;
user_cookie_save([
'personify_authorized' => $token,
'personify_time' => REQUEST_TIME,
]);
if ($this->userHasActiveMembership($token)) {
$userInfo = $this->personifySSO->getCustomerInfo($token);
$errorMessage = NULL;
user_cookie_save([
'personify_authorized' => $token,
'personify_time' => REQUEST_TIME,
]);
}
else {
$isUserSuccessfullyLogout = $this->logoutClient->logout($token);
if ($isUserSuccessfullyLogout) {
user_cookie_delete('personify_authorized');
user_cookie_delete('personify_time');
}

$path = URL::fromUserInput(
$this->configFactory->get('openy_gated_content.settings')->get('virtual_y_login_url'),
['query' => ['personify-error' => '1']]
)->toString();
return new RedirectResponse($path);
}
}
}

Expand Down Expand Up @@ -247,7 +288,6 @@ public function signOutUrl(Request $request) {
* @throws \GuzzleHttp\Exception\GuzzleException
*/
private function userHasActiveMembership($token) {

$personifyID = $this->personifySSO->getCustomerIdentifier($token);
if (empty($personifyID)) {
return FALSE;
Expand Down Expand Up @@ -286,16 +326,15 @@ private function userHasActiveMembership($token) {

$data = $this->personifyClient->doAPIcall('POST', 'GetStoredProcedureDataJSON?$format=json', $body, 'xml');

$isActive = FALSE;

if ($data) {
$results = json_decode($data['Data'], TRUE);

if (isset($results['Table'][0]['Access']) && (strtolower($results['Table'][0]['Access']) === 'approved')) {
$isActive = TRUE;
return TRUE;
}
}

return $isActive;
return FALSE;
}

/**
Expand Down Expand Up @@ -327,6 +366,7 @@ public function apiLogin(Request $request) {

$env = $this->configFactory->get('personify.settings')->get('environment');
$configLoginUrl = $this->configFactory->get('openy_gc_auth_personify.settings')->get($env . '_url_login');

if (empty($configLoginUrl)) {
$this->messenger->addWarning('Please, check Personify configs in settings.php.');
return NULL;
Expand Down
81 changes: 9 additions & 72 deletions ...uth/modules/openy_gc_auth_personify/src/EventSubscriber/PersonifyUserLogoutSubscriber.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,10 @@
namespace Drupal\openy_gc_auth_personify\EventSubscriber;

use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Logger\LoggerChannelFactory;
use Drupal\openy_gc_auth\Event\GCUserLogoutEvent;
use GuzzleHttp\Client;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\RequestStack;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\openy_gc_auth_personify\LogoutClient;

/**
* Class PersonifyUserLogoutSubscriber Subscriber.
Expand All @@ -17,22 +15,13 @@
*/
class PersonifyUserLogoutSubscriber implements EventSubscriberInterface {

use StringTranslationTrait;

/**
* The current request.
*
* @var \Symfony\Component\HttpFoundation\Request|null
*/
protected $currentRequest;

/**
* Logger interface.
*
* @var \Drupal\Core\Logger\LoggerChannelInterface
*/
protected $logger;

/**
* Config factory.
*
Expand All @@ -41,11 +30,11 @@ class PersonifyUserLogoutSubscriber implements EventSubscriberInterface {
protected $configFactory;

/**
* The Http client.
* Personify Client.
*
* @var \GuzzleHttp\Client
* @var \Drupal\openy_gc_auth_personify\LogoutClient
*/
protected $client;
protected $logoutClient;

/**
* Constructs a new PersonifyUserLogoutSubscriber.
Expand All @@ -54,21 +43,17 @@ class PersonifyUserLogoutSubscriber implements EventSubscriberInterface {
* The request stack.
* @param \Drupal\Core\Config\ConfigFactoryInterface $configFactory
* Config factory.
* @param \Drupal\Core\Logger\LoggerChannelFactory $loggerChannelFactory
* Logger factory.
* @param \GuzzleHttp\Client $client
* The Http client.
* @param \Drupal\openy_gc_auth_personify\LogoutClient $logoutClient
* Personify Logout Client.
*/
public function __construct(
RequestStack $requestStack,
ConfigFactoryInterface $configFactory,
LoggerChannelFactory $loggerChannelFactory,
Client $client
LogoutClient $logoutClient
) {
$this->currentRequest = $requestStack->getCurrentRequest();
$this->configFactory = $configFactory;
$this->logger = $loggerChannelFactory->get('openy_gc_auth_personify');
$this->client = $client;
$this->logoutClient = $logoutClient;
}

/**
Expand Down Expand Up @@ -97,7 +82,7 @@ public function onUserLogout(GCUserLogoutEvent $event) {
return FALSE;
}

$isUserSuccessfullyLogout = $this->apiLogout($token);
$isUserSuccessfullyLogout = $this->logoutClient->logout($token);
if ($isUserSuccessfullyLogout) {
user_cookie_delete('personify_authorized');
user_cookie_delete('personify_time');
Expand All @@ -107,52 +92,4 @@ public function onUserLogout(GCUserLogoutEvent $event) {
}
}

/**
* Logout user from Personify.
*
* @param string $customerToken
* Personify customer's token.
*
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function apiLogout($customerToken) {
$settings = $this->configFactory->get('personify.settings');
$env = $settings->get('environment');

$options = [
'headers' => [
'Content-Type' => 'application/x-www-form-urlencoded;charset=utf-8',
'User-Agent' => '',
],
'auth' => [
$settings->get($env . 'username'),
$settings->get($env . 'password'),
],
'verify' => FALSE,
'form_params' => [
'vendorUsername' => $settings->get('vendor_username'),
'vendorPassword' => $settings->get('vendor_password'),
'customerToken' => $customerToken,
],
];

try {

$endpoint = $this->configFactory->get('openy_gc_auth_personify.settings')->get($env . '_url_logout');

$response = $this->client->request('POST', $endpoint, $options);

if ($response->getStatusCode() != '200') {
$this->logger->error($this->t('Failed attempt to logout a user from Personify'));
return FALSE;
}

return TRUE;
}
catch (\Exception $e) {
$this->logger->error($e->getMessage());
}
return FALSE;
}

}
Loading

0 comments on commit a551d58

Please sign in to comment.