Skip to content

Commit

Permalink
Merge pull request #394 from magento-performance/cabpi-81-user-authen…
Browse files Browse the repository at this point in the history 
…tication

CABPI-81 user authentication
  • Loading branch information
@andimov
andimov authored Mar 8, 2022
2 parents d58940c + 22ac84b commit 3db739c
Show file tree
Hide file tree
Showing 29 changed files with 1,163 additions and 20 deletions.
60 changes: 60 additions & 0 deletions app/code/Magento/AdminAdobeIms/App/Action/Plugin/Authentication.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

declare(strict_types=1);

namespace Magento\AdminAdobeIms\App\Action\Plugin;

use Magento\AdminAdobeIms\Controller\Adminhtml\OAuth\ImsCallback;
use Magento\Backend\App\Action\Plugin\Authentication as CoreAuthentication;
use Magento\Backend\App\BackendAppList;
use Magento\Backend\Model\Auth;
use Magento\Backend\Model\UrlInterface;
use Magento\Framework\App\ActionFlag;
use Magento\Framework\App\ResponseInterface;
use Magento\Framework\Controller\Result\RedirectFactory;
use Magento\Framework\Data\Form\FormKey\Validator;
use Magento\Framework\Message\ManagerInterface;

class Authentication extends CoreAuthentication
{
/**
* @param Auth $auth
* @param UrlInterface $url
* @param ResponseInterface $response
* @param ActionFlag $actionFlag
* @param ManagerInterface $messageManager
* @param UrlInterface $backendUrl
* @param RedirectFactory $resultRedirectFactory
* @param BackendAppList $backendAppList
* @param Validator $formKeyValidator
*/
public function __construct(
Auth $auth,
UrlInterface $url,
ResponseInterface $response,
ActionFlag $actionFlag,
ManagerInterface $messageManager,
UrlInterface $backendUrl,
RedirectFactory $resultRedirectFactory,
BackendAppList $backendAppList,
Validator $formKeyValidator
) {
parent::__construct(
$auth,
$url,
$response,
$actionFlag,
$messageManager,
$backendUrl,
$resultRedirectFactory,
$backendAppList,
$formKeyValidator
);

$this->_openActions[] = ImsCallback::ACTION_NAME;
}
}
153 changes: 153 additions & 0 deletions app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsCallback.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

declare(strict_types=1);

namespace Magento\AdminAdobeIms\Controller\Adminhtml\OAuth;

use Exception;
use Magento\AdminAdobeIms\Exception\AdobeImsOrganizationAuthorizationException;
use Magento\AdminAdobeIms\Exception\AdobeImsTokenAuthorizationException;
use Magento\AdminAdobeIms\Service\AdminLoginProcessService;
use Magento\AdminAdobeIms\Service\ImsConfig;
use Magento\AdminAdobeIms\Service\ImsOrganizationService;
use Magento\Backend\App\Action\Context;
use Magento\AdminAdobeIms\Model\ImsConnection;
use Magento\Backend\Controller\Adminhtml\Auth;
use Magento\Backend\Model\View\Result\Redirect;
use Magento\Framework\App\Action\HttpGetActionInterface;
use Magento\Framework\Exception\AuthenticationException;
use Psr\Log\LoggerInterface;

class ImsCallback extends Auth implements HttpGetActionInterface
{
public const ACTION_NAME = 'imscallback';

/**
* @var ImsConnection
*/
private ImsConnection $imsConnection;

/**
* @var ImsConfig
*/
private ImsConfig $imsConfig;

/**
* @var ImsOrganizationService
*/
private ImsOrganizationService $organizationService;

/**
* @var AdminLoginProcessService
*/
private AdminLoginProcessService $adminLoginProcessService;

/**
* @var LoggerInterface
*/
private LoggerInterface $logger;

/**
* @param Context $context
* @param ImsConnection $imsConnection
* @param ImsConfig $imsConfig
* @param ImsOrganizationService $organizationService
* @param AdminLoginProcessService $adminLoginProcessService
* @param LoggerInterface $logger
*/
public function __construct(
Context $context,
ImsConnection $imsConnection,
ImsConfig $imsConfig,
ImsOrganizationService $organizationService,
AdminLoginProcessService $adminLoginProcessService,
LoggerInterface $logger
) {
parent::__construct($context);
$this->imsConnection = $imsConnection;
$this->imsConfig = $imsConfig;
$this->organizationService = $organizationService;
$this->adminLoginProcessService = $adminLoginProcessService;
$this->logger = $logger;
}

/**
* Execute AdobeIMS callback
*
* @return Redirect
*/
public function execute(): Redirect
{
/** @var Redirect $resultRedirect */
$resultRedirect = $this->resultRedirectFactory->create();
$resultRedirect->setPath($this->_helper->getHomePageUrl());

if (!$this->imsConfig->enabled()) {
$this->getMessageManager()->addErrorMessage('Adobe Sign-In is disabled.');
return $resultRedirect;
}

try {
$code = $this->getRequest()->getParam('code');

if ($code === null) {
throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
}

$tokenResponse = $this->imsConnection->getTokenResponse($code);

$profile = $this->imsConnection->getProfile($tokenResponse->getAccessToken());
if (empty($profile['email'])) {
throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
}
$this->organizationService->checkOrganizationAllocation($profile);
$this->adminLoginProcessService->execute($profile, $tokenResponse);
} catch (AdobeImsTokenAuthorizationException $e) {
$this->logger->error($e->getMessage());

$this->imsErrorMessage(
'Unable to sign in with the Adobe ID',
AdobeImsTokenAuthorizationException::ERROR_MESSAGE
);
} catch (AdobeImsOrganizationAuthorizationException $e) {
$this->logger->error($e->getMessage());

$this->imsErrorMessage(
'You don\'t have access to this Commerce instance',
AdobeImsOrganizationAuthorizationException::ERROR_MESSAGE
);
} catch (Exception $e) {
$this->logger->error($e->getMessage());

$this->imsErrorMessage(
'Error signing in',
'Something went wrong and we could not sign you in. ' .
'Please try again or contact your administrator.'
);
}

return $resultRedirect;
}

/**
* Add AdminAdobeIMS Error Message
*
* @param string $headline
* @param string $message
* @return void
*/
private function imsErrorMessage(string $headline, string $message): void
{
$this->messageManager->addComplexErrorMessage(
'adminAdobeImsMessage',
[
'headline' => __($headline)->getText(),
'message' => __($message)->getText()
]
);
}
}
21 changes: 21 additions & 0 deletions app/code/Magento/AdminAdobeIms/Exception/AdobeImsOrganizationAuthorizationException.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

declare(strict_types=1);

namespace Magento\AdminAdobeIms\Exception;

use Magento\Framework\Exception\AuthorizationException;

/**
* @api
*/
class AdobeImsOrganizationAuthorizationException extends AuthorizationException
{
public const ERROR_MESSAGE = 'The Adobe ID you\'re using does not belong to the organization ' .
'that controlling this Commerce instance. Contact your administrator so he can add your Adobe ID ' .
'to the organization.';
}
21 changes: 21 additions & 0 deletions app/code/Magento/AdminAdobeIms/Exception/AdobeImsTokenAuthorizationException.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

declare(strict_types=1);

namespace Magento\AdminAdobeIms\Exception;

use Magento\Framework\Exception\AuthorizationException;

/**
* @api
*/
class AdobeImsTokenAuthorizationException extends AuthorizationException
{
public const ERROR_MESSAGE = 'The Adobe ID you\'re using does not belong to the ' .
'organization that controlling this Commerce instance. Contact your administrator so he can add ' .
'your Adobe ID to the organization.';
}
76 changes: 76 additions & 0 deletions app/code/Magento/AdminAdobeIms/Model/Auth.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

declare(strict_types=1);

namespace Magento\AdminAdobeIms\Model;

use Magento\Backend\Model\Auth as BackendAuth;
use Magento\Framework\Exception\AuthenticationException;
use Magento\Framework\Exception\Plugin\AuthenticationException as PluginAuthenticationException;

class Auth extends BackendAuth
{
/**
* Perform login process without password
*
* @param string $username
* @return void
* @throws AuthenticationException
* @SuppressWarnings(PHPCPD)
*/
public function loginByUsername(string $username): void
{
if (empty($username)) {
self::throwException(
__(
'The account sign-in was incorrect or your account is disabled temporarily. '
. 'Please wait and try again later.'
)
);
}

try {
$this->_initCredentialStorage();
$this->getCredentialStorage()->loginByUsername($username);
if ($this->getCredentialStorage()->getId()) {
$this->getAuthStorage()->setUser($this->getCredentialStorage());
$this->getAuthStorage()->processLogin();

$this->_eventManager->dispatch(
'backend_auth_user_login_success',
['user' => $this->getCredentialStorage()]
);
}

if (!$this->getAuthStorage()->getUser()) {
self::throwException(
__(
'The account sign-in was incorrect or your account is disabled temporarily. '
. 'Please wait and try again later.'
)
);
}
} catch (PluginAuthenticationException $e) {
$this->_eventManager->dispatch(
'backend_auth_user_login_failed',
['user_name' => $username, 'exception' => $e]
);
throw $e;
} catch (\Magento\Framework\Exception\LocalizedException $e) {
$this->_eventManager->dispatch(
'backend_auth_user_login_failed',
['user_name' => $username, 'exception' => $e]
);
self::throwException(
__(
$e->getMessage()? : 'The account sign-in was incorrect or your account is disabled temporarily. '
. 'Please wait and try again later.'
)
);
}
}
}
Loading

0 comments on commit 3db739c

Please sign in to comment.