[PRODDEV-111] Implement verification checks for the ReClique auth pro…

…vider
fivejars · Feb 9, 2021 · b53f466 · b53f466
1 parent edfe48b
commit b53f466
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 7 deletions.
diff --git a/modules/openy_gc_auth/modules/openy_gc_auth_reclique/src/Controller/UserController.php b/modules/openy_gc_auth/modules/openy_gc_auth_reclique/src/Controller/UserController.php
@@ -6,10 +6,14 @@
 use Drupal\Core\Controller\ControllerBase;
 use Drupal\Core\Flood\FloodInterface;
 use Drupal\openy_gc_auth\GCUserAuthorizer;
+use Drupal\openy_gc_auth\GCVerificationTrait;
 use Drupal\openy_gc_auth_reclique\RecliqueClientService;
+use Drupal\user\Entity\User;
+use Drupal\user\UserDataInterface;
 use Drupal\user\UserStorageInterface;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
@@ -19,6 +23,8 @@
  */
 class UserController extends ControllerBase {
 
+  use GCVerificationTrait;
+
   /**
    * The user storage.
    *
@@ -54,6 +60,13 @@ class UserController extends ControllerBase {
    */
   protected $gcUserAuthorizer;
 
+  /**
+   * The user data service.
+   *
+   * @var \Drupal\user\UserDataInterface
+   */
+  protected $userData;
+
   /**
    * RecliqueClientService client service.
    *
@@ -74,6 +87,8 @@ class UserController extends ControllerBase {
    *   The time service.
    * @param \Drupal\openy_gc_auth\GCUserAuthorizer $gcUserAuthorizer
    *   The GCUserAuthorizer service.
+   * @param \Drupal\user\UserDataInterface $user_data
+   *   The user data service.
    * @param \Drupal\openy_gc_auth_reclique\RecliqueClientService $recliqueClientService
    *   Reclique service.
    */
@@ -83,13 +98,15 @@ public function __construct(
     FloodInterface $flood,
     TimeInterface $datetime,
     GCUserAuthorizer $gcUserAuthorizer,
+    UserDataInterface $user_data,
     RecliqueClientService $recliqueClientService
   ) {
     $this->userStorage = $user_storage;
     $this->logger = $logger;
     $this->flood = $flood;
     $this->datetime = $datetime;
     $this->gcUserAuthorizer = $gcUserAuthorizer;
+    $this->userData = $user_data;
     $this->recliqueClientService = $recliqueClientService;
   }
 
@@ -103,6 +120,7 @@ public static function create(ContainerInterface $container) {
       $container->get('flood'),
       $container->get('datetime.time'),
       $container->get('openy_gc_auth.user_authorizer'),
+      $container->get('user.data'),
       $container->get('openy_gc_auth_reclique_client')
     );
   }
@@ -156,7 +174,15 @@ public function verifyAccount(Request $request, $uid, $timestamp, $hash) {
         ->addError($this->t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
       return new RedirectResponse($vy_settings->get('virtual_y_login_url'), 302);
     }
-    elseif ($user->isAuthenticated() && ($timestamp >= $user->getLastLoginTime()) && ($timestamp <= $current) && hash_equals($hash, user_pass_rehash($user, $timestamp))) {
+
+    if (($user instanceof User) &&
+      $user->isAuthenticated() &&
+      ($timestamp >= $user->getLastLoginTime()) &&
+      ($timestamp <= $current) &&
+      hash_equals($hash, user_pass_rehash($user, $timestamp))
+    ) {
+      $token = $this->saveVerification($request, $user, $current);
+
       $this
         ->gcUserAuthorizer
         ->authorizeUser(
@@ -166,7 +192,9 @@ public function verifyAccount(Request $request, $uid, $timestamp, $hash) {
         );
       // Clear any flood events for this IP.
       $this->flood->clear('openy_gc_auth_reclique.login');
-      return new RedirectResponse($vy_settings->get('virtual_y_url'), 302);
+      $response = new RedirectResponse($vy_settings->get('virtual_y_url'), 302);
+      $response->headers->setCookie(new Cookie('Drupal_visitor_gc_auth_authorized', $token));
+      return $response;
     }
     $this
       ->messenger()

diff --git a/modules/openy_gc_auth/modules/openy_gc_auth_reclique/src/Form/VirtualYReCliqueLoginForm.php b/modules/openy_gc_auth/modules/openy_gc_auth_reclique/src/Form/VirtualYReCliqueLoginForm.php
@@ -11,8 +11,10 @@
 use Drupal\Core\TempStore\PrivateTempStoreFactory;
 use Drupal\Core\Url;
 use Drupal\openy_gc_auth\GCUserAuthorizer;
+use Drupal\openy_gc_auth\GCVerificationTrait;
 use Drupal\openy_gc_auth_reclique\RecliqueClientService;
 use Drupal\user\Entity\User;
+use Drupal\user\UserDataInterface;
 use GuzzleHttp\Client;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
@@ -24,6 +26,8 @@
  */
 class VirtualYReCliqueLoginForm extends FormBase {
 
+  use GCVerificationTrait;
+
   /**
    * The current request.
    *
@@ -80,6 +84,13 @@ class VirtualYReCliqueLoginForm extends FormBase {
    */
   protected $gcUserAuthorizer;
 
+  /**
+   * The user data service.
+   *
+   * @var \Drupal\user\UserDataInterface
+   */
+  protected $userData;
+
   /**
    * RecliqueClientService client service.
    *
@@ -99,6 +110,7 @@ public function __construct(
     PrivateTempStoreFactory $private_temp_store,
     Client $client,
     GCUserAuthorizer $gcUserAuthorizer,
+    UserDataInterface $user_data,
     RecliqueClientService $recliqueClientService
   ) {
     $this->currentRequest = $requestStack->getCurrentRequest();
@@ -109,6 +121,7 @@ public function __construct(
     $this->privateTempStore = $private_temp_store->get('openy_gc_auth.provider.reclique');
     $this->client = $client;
     $this->gcUserAuthorizer = $gcUserAuthorizer;
+    $this->userData = $user_data;
     $this->recliqueClientService = $recliqueClientService;
   }
 
@@ -125,6 +138,7 @@ public static function create(ContainerInterface $container) {
       $container->get('tempstore.private'),
       $container->get('http_client'),
       $container->get('openy_gc_auth.user_authorizer'),
+      $container->get('user.data'),
       $container->get('openy_gc_auth_reclique_client')
     );
   }
@@ -214,16 +228,14 @@ public function submitForm(array &$form, FormStateInterface $form_state) {
       }
 
       if ($user instanceof User) {
-        if ($provider_config->get('enable_email_verification')) {
+        if ($provider_config->get('enable_email_verification') && $this->isVerificationNeeded($user)) {
           $this->sendEmailVerification($user, $provider_config, $email);
           $form_state->setValue('verified', TRUE);
           $form_state->setRebuild(TRUE);
           return;
         }
-        else {
-          // Authorize user (register, login, log, etc).
-          $this->gcUserAuthorizer->authorizeUser($name, $email, $result);
-        }
+        // Authorize user (register, login, log, etc).
+        $this->gcUserAuthorizer->authorizeUser($name, $email, $result);
       }
     }
     else {