Update PersonifyAuthController.php to not grant access to Cancelled/Expired members (master)

modules/openy_gc_auth/modules/openy_gc_auth_personify/openy_gc_auth_personify.services.yml

@@ -1,6 +1,9 @@
 services:
   gated_content_events_user_logout:
     class: '\Drupal\openy_gc_auth_personify\EventSubscriber\PersonifyUserLogoutSubscriber'
-    arguments: ['@request_stack', '@config.factory', '@logger.factory', '@http_client']
+    arguments: ['@request_stack', '@config.factory', '@openy_gc_auth_personify.logout_client']
     tags:
       - { name: 'event_subscriber' }
+  openy_gc_auth_personify.logout_client:
+    class: '\Drupal\openy_gc_auth_personify\LogoutClient'
+    arguments: ['@config.factory', '@logger.factory', '@http_client']

modules/openy_gc_auth/modules/openy_gc_auth_personify/src/Controller/PersonifyAuthController.php

@@ -2,6 +2,7 @@
 
 namespace Drupal\openy_gc_auth_personify\Controller;
 
+use Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher;
 use Drupal\Core\Controller\ControllerBase;
 use Drupal\Core\Logger\LoggerChannelFactory;
 use Drupal\Core\Routing\TrustedRedirectResponse;
@@ -15,6 +16,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Drupal\Core\Messenger\MessengerInterface;
 use Drupal\openy_gc_auth\GCUserAuthorizer;
+use Drupal\openy_gc_auth_personify\LogoutClient;
 
 /**
  * Personify controller to handle Personify SSO authentication.
@@ -63,6 +65,20 @@ class PersonifyAuthController extends ControllerBase {
    */
   protected $gcUserAuthorizer;
 
+  /**
+   * Event Dispatcher.
+   *
+   * @var \Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher
+   */
+  protected $eventDispatcher;
+
+  /**
+   * Provider client.
+   *
+   * @var \Drupal\openy_gc_auth_personify\LogoutClient
+   */
+  protected $logoutClient;
+
   /**
    * PersonifyAuthController constructor.
    *
@@ -78,21 +94,29 @@ class PersonifyAuthController extends ControllerBase {
    *   The messenger.
    * @param \Drupal\openy_gc_auth\GCUserAuthorizer $gcUserAuthorizer
    *   The Gated User Authorizer.
+   * @param \Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher $eventDispatcher
+   *   Event Dispatcher.
+   * @param \Drupal\openy_gc_auth_personify\LogoutClient $logoutClient
+   *   Logout client.
    */
   public function __construct(
     PersonifySSO $personifySSO,
     PersonifyClient $personifyClient,
     ConfigFactoryInterface $configFactory,
     LoggerChannelFactory $loggerChannelFactory,
     MessengerInterface $messenger,
-    GCUserAuthorizer $gcUserAuthorizer
+    GCUserAuthorizer $gcUserAuthorizer,
+    ContainerAwareEventDispatcher $eventDispatcher,
+    LogoutClient $logoutClient
   ) {
     $this->personifySSO = $personifySSO;
     $this->personifyClient = $personifyClient;
     $this->configFactory = $configFactory;
     $this->logger = $loggerChannelFactory->get('openy_gc_auth_personify');
     $this->messenger = $messenger;
     $this->gcUserAuthorizer = $gcUserAuthorizer;
+    $this->eventDispatcher = $eventDispatcher;
+    $this->logoutClient = $logoutClient;
   }
 
   /**
@@ -105,7 +129,9 @@ public static function create(ContainerInterface $container) {
       $container->get('config.factory'),
       $container->get('logger.factory'),
       $container->get('messenger'),
-      $container->get('openy_gc_auth.user_authorizer')
+      $container->get('openy_gc_auth.user_authorizer'),
+      $container->get('event_dispatcher'),
+      $container->get('openy_gc_auth_personify.logout_client')
     );
   }
 
@@ -126,12 +152,27 @@ public function auth(Request $request) {
 
       $decrypted_token = $this->personifySSO->decryptCustomerToken($query['ct']);
       if ($token = $this->personifySSO->validateCustomerToken($decrypted_token)) {
-        $userInfo = $this->personifySSO->getCustomerInfo($token);
-        $errorMessage = NULL;
-        user_cookie_save([
-          'personify_authorized' => $token,
-          'personify_time' => REQUEST_TIME,
-        ]);
+        if ($this->userHasActiveMembership($token)) {
+          $userInfo = $this->personifySSO->getCustomerInfo($token);
+          $errorMessage = NULL;
+          user_cookie_save([
+            'personify_authorized' => $token,
+            'personify_time' => REQUEST_TIME,
+          ]);
+        }
+        else {
+          $isUserSuccessfullyLogout = $this->logoutClient->logout($token);
+          if ($isUserSuccessfullyLogout) {
+            user_cookie_delete('personify_authorized');
+            user_cookie_delete('personify_time');
+          }
+
+          $path = URL::fromUserInput(
+            $this->configFactory->get('openy_gated_content.settings')->get('virtual_y_login_url'),
+            ['query' => ['personify-error' => '1']]
+          )->toString();
+          return new RedirectResponse($path);
+        }
       }
     }
 
@@ -247,7 +288,6 @@ public function signOutUrl(Request $request) {
    * @throws \GuzzleHttp\Exception\GuzzleException
    */
   private function userHasActiveMembership($token) {
-
     $personifyID = $this->personifySSO->getCustomerIdentifier($token);
     if (empty($personifyID)) {
       return FALSE;
@@ -286,16 +326,15 @@ private function userHasActiveMembership($token) {
 
     $data = $this->personifyClient->doAPIcall('POST', 'GetStoredProcedureDataJSON?$format=json', $body, 'xml');
 
-    $isActive = FALSE;
-
     if ($data) {
       $results = json_decode($data['Data'], TRUE);
+
       if (isset($results['Table'][0]['Access']) && (strtolower($results['Table'][0]['Access']) === 'approved')) {
-        $isActive = TRUE;
+        return TRUE;
       }
     }
 
-    return $isActive;
+    return FALSE;
   }
 
   /**
@@ -327,6 +366,7 @@ public function apiLogin(Request $request) {
 
     $env = $this->configFactory->get('personify.settings')->get('environment');
     $configLoginUrl = $this->configFactory->get('openy_gc_auth_personify.settings')->get($env . '_url_login');
+
     if (empty($configLoginUrl)) {
       $this->messenger->addWarning('Please, check Personify configs in settings.php.');
       return NULL;

modules/openy_gc_auth/modules/openy_gc_auth_personify/src/EventSubscriber/PersonifyUserLogoutSubscriber.php

@@ -3,12 +3,10 @@
 namespace Drupal\openy_gc_auth_personify\EventSubscriber;
 
 use Drupal\Core\Config\ConfigFactoryInterface;
-use Drupal\Core\Logger\LoggerChannelFactory;
 use Drupal\openy_gc_auth\Event\GCUserLogoutEvent;
-use GuzzleHttp\Client;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
-use Drupal\Core\StringTranslation\StringTranslationTrait;
+use Drupal\openy_gc_auth_personify\LogoutClient;
 
 /**
  * Class PersonifyUserLogoutSubscriber Subscriber.
@@ -17,22 +15,13 @@
  */
 class PersonifyUserLogoutSubscriber implements EventSubscriberInterface {
 
-  use StringTranslationTrait;
-
   /**
    * The current request.
    *
    * @var \Symfony\Component\HttpFoundation\Request|null
    */
   protected $currentRequest;
 
-  /**
-   * Logger interface.
-   *
-   * @var \Drupal\Core\Logger\LoggerChannelInterface
-   */
-  protected $logger;
-
   /**
    * Config factory.
    *
@@ -41,11 +30,11 @@ class PersonifyUserLogoutSubscriber implements EventSubscriberInterface {
   protected $configFactory;
 
   /**
-   * The Http client.
+   * Personify Client.
    *
-   * @var \GuzzleHttp\Client
+   * @var \Drupal\openy_gc_auth_personify\LogoutClient
    */
-  protected $client;
+  protected $logoutClient;
 
   /**
    * Constructs a new PersonifyUserLogoutSubscriber.
@@ -54,21 +43,17 @@ class PersonifyUserLogoutSubscriber implements EventSubscriberInterface {
    *   The request stack.
    * @param \Drupal\Core\Config\ConfigFactoryInterface $configFactory
    *   Config factory.
-   * @param \Drupal\Core\Logger\LoggerChannelFactory $loggerChannelFactory
-   *   Logger factory.
-   * @param \GuzzleHttp\Client $client
-   *   The Http client.
+   * @param \Drupal\openy_gc_auth_personify\LogoutClient $logoutClient
+   *   Personify Logout Client.
    */
   public function __construct(
     RequestStack $requestStack,
     ConfigFactoryInterface $configFactory,
-    LoggerChannelFactory $loggerChannelFactory,
-    Client $client
+    LogoutClient $logoutClient
   ) {
     $this->currentRequest = $requestStack->getCurrentRequest();
     $this->configFactory = $configFactory;
-    $this->logger = $loggerChannelFactory->get('openy_gc_auth_personify');
-    $this->client = $client;
+    $this->logoutClient = $logoutClient;
   }
 
   /**
@@ -97,7 +82,7 @@ public function onUserLogout(GCUserLogoutEvent $event) {
         return FALSE;
       }
 
-      $isUserSuccessfullyLogout = $this->apiLogout($token);
+      $isUserSuccessfullyLogout = $this->logoutClient->logout($token);
       if ($isUserSuccessfullyLogout) {
         user_cookie_delete('personify_authorized');
         user_cookie_delete('personify_time');
@@ -107,52 +92,4 @@ public function onUserLogout(GCUserLogoutEvent $event) {
     }
   }
 
-  /**
-   * Logout user from Personify.
-   *
-   * @param string $customerToken
-   *   Personify customer's token.
-   *
-   * @throws \GuzzleHttp\Exception\GuzzleException
-   */
-  public function apiLogout($customerToken) {
-    $settings = $this->configFactory->get('personify.settings');
-    $env = $settings->get('environment');
-
-    $options = [
-      'headers' => [
-        'Content-Type' => 'application/x-www-form-urlencoded;charset=utf-8',
-        'User-Agent' => '',
-      ],
-      'auth' => [
-        $settings->get($env . 'username'),
-        $settings->get($env . 'password'),
-      ],
-      'verify' => FALSE,
-      'form_params' => [
-        'vendorUsername' => $settings->get('vendor_username'),
-        'vendorPassword' => $settings->get('vendor_password'),
-        'customerToken' => $customerToken,
-      ],
-    ];
-
-    try {
-
-      $endpoint = $this->configFactory->get('openy_gc_auth_personify.settings')->get($env . '_url_logout');
-
-      $response = $this->client->request('POST', $endpoint, $options);
-
-      if ($response->getStatusCode() != '200') {
-        $this->logger->error($this->t('Failed attempt to logout a user from Personify'));
-        return FALSE;
-      }
-
-      return TRUE;
-    }
-    catch (\Exception $e) {
-      $this->logger->error($e->getMessage());
-    }
-    return FALSE;
-  }
-
 }