Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update PersonifyAuthController.php to not grant access to Cancelled/Expired members (master) #279

Merged
merged 9 commits into from
Mar 1, 2021
Merged

Update PersonifyAuthController.php to not grant access to Cancelled/Expired members (master) #279

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
2f38fcd
Update PersonifyAuthController.php
TomScarboroughYMCA Feb 16, 2021
321f52f
Changes according to coding standards CI check
TomScarboroughYMCA Feb 16, 2021
adbfcc6
Additional style fixes
TomScarboroughYMCA Feb 16, 2021
f2951ff
Fixed else statement, inserted blank line at end
TomScarboroughYMCA Feb 16, 2021
5497b37
logout on personify before try again
retif Mar 1, 2021
34b5d26
Merge remote-tracking branch 'fj/master' into personify-fix
retif Mar 1, 2021
adc7d26
move personify http client code from logout event
retif Mar 1, 2021
5b1eaa9
added user_cookie_delete
retif Mar 1, 2021
c539c6a
rename client to logout client
retif Mar 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion modules/openy_gc_auth/modules/openy_gc_auth_personify/openy_gc_auth_personify.services.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
services:
gated_content_events_user_logout:
class: '\Drupal\openy_gc_auth_personify\EventSubscriber\PersonifyUserLogoutSubscriber'
arguments: ['@request_stack', '@config.factory', '@logger.factory', '@http_client']
arguments: ['@request_stack', '@config.factory', '@openy_gc_auth_personify.client']
tags:
- { name: 'event_subscriber' }
openy_gc_auth_personify.client:
class: '\Drupal\openy_gc_auth_personify\Client'
arguments: ['@config.factory', '@logger.factory', '@http_client']
128 changes: 128 additions & 0 deletions modules/openy_gc_auth/modules/openy_gc_auth_personify/src/Client.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
<?php

namespace Drupal\openy_gc_auth_personify;

use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Logger\LoggerChannelFactory;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use GuzzleHttp\Client as HttpClient;

/**
* Personify provider client.
*/
class Client {

use StringTranslationTrait;

/**
* Logger interface.
*
* @var \Drupal\Core\Logger\LoggerChannelInterface
*/
protected $logger;

/**
* Personify Config.
*
* @var \Drupal\Core\Config\Config|\Drupal\Core\Config\ImmutableConfig
*/
protected $config;

/**
* Provider Config.
*
* @var \Drupal\Core\Config\Config|\Drupal\Core\Config\ImmutableConfig
*/
protected $providerConfig;

/**
* The Http client.
*
* @var \GuzzleHttp\Client
*/
protected $client;

/**
* Personify Client.
*
* @param \Drupal\Core\Config\ConfigFactoryInterface $configFactory
* Config factory.
* @param \Drupal\Core\Logger\LoggerChannelFactory $loggerChannelFactory
* Logger factory.
* @param \GuzzleHttp\Client $client
* The Http client.
*/
public function __construct(
ConfigFactoryInterface $configFactory,
LoggerChannelFactory $loggerChannelFactory,
HttpClient $client
) {
$this->config = $configFactory->get('personify.settings');
$this->providerConfig = $configFactory->get('openy_gc_auth_personify.settings');
$this->logger = $loggerChannelFactory->get('openy_gc_auth_personify');
$this->client = $client;
}

/**
* Personify Config.
*/
public function getConfig() {
return $this->config;
}

/**
* Provider Config.
*/
public function getProviderConfig() {
return $this->providerConfig;
}

/**
* Logout user from Personify.
*
* @param string $customerToken
* Personify customer's token.
*
* @return bool
* Returs TRUE when successfully logged out.
*
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function logout($customerToken) {
$env = $this->getConfig()->get('environment');

$options = [
'headers' => [
'Content-Type' => 'application/x-www-form-urlencoded;charset=utf-8',
'User-Agent' => '',
],
'auth' => [
$this->getConfig()->get($env . 'username'),
$this->getConfig()->get($env . 'password'),
],
'verify' => FALSE,
'form_params' => [
'vendorUsername' => $this->getConfig()->get('vendor_username'),
'vendorPassword' => $this->getConfig()->get('vendor_password'),
'customerToken' => $customerToken,
],
];

try {
$endpoint = $this->getProviderConfig()->get($env . '_url_logout');
$response = $this->client->request('POST', $endpoint, $options);

if ($response->getStatusCode() != '200') {
$this->logger->error($this->t('Failed attempt to logout a user from Personify'));
return FALSE;
}

return TRUE;
}
catch (\Exception $e) {
$this->logger->error($e->getMessage());
}
return FALSE;
}

}
62 changes: 49 additions & 13 deletions .../openy_gc_auth/modules/openy_gc_auth_personify/src/Controller/PersonifyAuthController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

namespace Drupal\openy_gc_auth_personify\Controller;

use Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Logger\LoggerChannelFactory;
use Drupal\Core\Routing\TrustedRedirectResponse;
Expand All @@ -15,6 +16,7 @@
use Symfony\Component\HttpFoundation\Request;
use Drupal\Core\Messenger\MessengerInterface;
use Drupal\openy_gc_auth\GCUserAuthorizer;
use Drupal\openy_gc_auth_personify\Client as ProviderClient;

/**
* Personify controller to handle Personify SSO authentication.
Expand Down Expand Up @@ -63,6 +65,20 @@ class PersonifyAuthController extends ControllerBase {
*/
protected $gcUserAuthorizer;

/**
* Event Dispatcher.
*
* @var \Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher
*/
protected $eventDispatcher;

/**
* Provider client.
*
* @var \Drupal\openy_gc_auth_personify\Client
*/
protected $providerClient;

/**
* PersonifyAuthController constructor.
*
Expand All @@ -78,21 +94,29 @@ class PersonifyAuthController extends ControllerBase {
* The messenger.
* @param \Drupal\openy_gc_auth\GCUserAuthorizer $gcUserAuthorizer
* The Gated User Authorizer.
* @param \Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher $eventDispatcher
* Event Dispatcher.
* @param \Drupal\openy_gc_auth_personify\Client $providerClient
* Provider client.
*/
public function __construct(
PersonifySSO $personifySSO,
PersonifyClient $personifyClient,
ConfigFactoryInterface $configFactory,
LoggerChannelFactory $loggerChannelFactory,
MessengerInterface $messenger,
GCUserAuthorizer $gcUserAuthorizer
GCUserAuthorizer $gcUserAuthorizer,
ContainerAwareEventDispatcher $eventDispatcher,
ProviderClient $providerClient
) {
$this->personifySSO = $personifySSO;
$this->personifyClient = $personifyClient;
$this->configFactory = $configFactory;
$this->logger = $loggerChannelFactory->get('openy_gc_auth_personify');
$this->messenger = $messenger;
$this->gcUserAuthorizer = $gcUserAuthorizer;
$this->eventDispatcher = $eventDispatcher;
$this->providerClient = $providerClient;
}

/**
Expand All @@ -105,7 +129,9 @@ public static function create(ContainerInterface $container) {
$container->get('config.factory'),
$container->get('logger.factory'),
$container->get('messenger'),
$container->get('openy_gc_auth.user_authorizer')
$container->get('openy_gc_auth.user_authorizer'),
$container->get('event_dispatcher'),
$container->get('openy_gc_auth_personify.client')
);
}

Expand All @@ -126,12 +152,23 @@ public function auth(Request $request) {

$decrypted_token = $this->personifySSO->decryptCustomerToken($query['ct']);
if ($token = $this->personifySSO->validateCustomerToken($decrypted_token)) {
$userInfo = $this->personifySSO->getCustomerInfo($token);
$errorMessage = NULL;
user_cookie_save([
'personify_authorized' => $token,
'personify_time' => REQUEST_TIME,
]);
if ($this->userHasActiveMembership($token)) {
$userInfo = $this->personifySSO->getCustomerInfo($token);
$errorMessage = NULL;
user_cookie_save([
'personify_authorized' => $token,
'personify_time' => REQUEST_TIME,
]);
}
else {
$this->providerClient->logout($token);

$path = URL::fromUserInput(
$this->configFactory->get('openy_gated_content.settings')->get('virtual_y_login_url'),
['query' => ['personify-error' => '1']]
)->toString();
return new RedirectResponse($path);
}
}
}

Expand Down Expand Up @@ -247,7 +284,6 @@ public function signOutUrl(Request $request) {
* @throws \GuzzleHttp\Exception\GuzzleException
*/
private function userHasActiveMembership($token) {

$personifyID = $this->personifySSO->getCustomerIdentifier($token);
if (empty($personifyID)) {
return FALSE;
Expand Down Expand Up @@ -286,16 +322,15 @@ private function userHasActiveMembership($token) {

$data = $this->personifyClient->doAPIcall('POST', 'GetStoredProcedureDataJSON?$format=json', $body, 'xml');

$isActive = FALSE;

if ($data) {
$results = json_decode($data['Data'], TRUE);

if (isset($results['Table'][0]['Access']) && (strtolower($results['Table'][0]['Access']) === 'approved')) {
$isActive = TRUE;
return TRUE;
}
}

return $isActive;
return FALSE;
}

/**
Expand Down Expand Up @@ -327,6 +362,7 @@ public function apiLogin(Request $request) {

$env = $this->configFactory->get('personify.settings')->get('environment');
$configLoginUrl = $this->configFactory->get('openy_gc_auth_personify.settings')->get($env . '_url_login');

if (empty($configLoginUrl)) {
$this->messenger->addWarning('Please, check Personify configs in settings.php.');
return NULL;
Expand Down
Loading