|
|
@@ -74,14 +74,14 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
* @see http://docs.guzzlephp.org/en/stable/
|
|
|
* @var Client
|
|
|
*/
|
|
|
- private $client;
|
|
|
+ private Client $client;
|
|
|
|
|
|
/**
|
|
|
* Guzzle Cookie Jar
|
|
|
*
|
|
|
* @var CookieJar
|
|
|
*/
|
|
|
- private $jar;
|
|
|
+ private CookieJar $jar;
|
|
|
|
|
|
/**
|
|
|
* @var \TYPO3\CMS\Core\Database\ConnectionPool
|
|
|
@@ -171,8 +171,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
* @return string|null
|
|
|
* @throws GuzzleException
|
|
|
*/
|
|
|
- protected function getAuthenticatedUsername() {
|
|
|
-
|
|
|
+ protected function getAuthenticatedUsername(): ?string
|
|
|
+ {
|
|
|
$this->fillCookieJar();
|
|
|
try {
|
|
|
$response = $this->client->request('GET', self::ISAUTH_URI, ['cookies' => $this->jar]);
|
|
|
@@ -215,7 +215,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
* @return bool Returns true if the api accepted the login request
|
|
|
* @throws GuzzleException
|
|
|
*/
|
|
|
- protected function logUser($username, $password) {
|
|
|
+ protected function logUser(string $username, string $password): bool
|
|
|
+ {
|
|
|
|
|
|
try {
|
|
|
$response = $this->client->request(
|
|
|
@@ -268,7 +269,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
* @param string $username
|
|
|
* @return bool
|
|
|
*/
|
|
|
- protected function shouldUserBeUpdated($username) {
|
|
|
+ protected function shouldUserBeUpdated(string $username): bool
|
|
|
+ {
|
|
|
|
|
|
$cnn = $this->connectionPool->getConnectionForTable('fe_users');
|
|
|
$q = $cnn->select(['tx_opentalent_generationDate'], 'fe_users', ['username' => $username]);
|
|
|
@@ -286,12 +288,12 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
|
|
|
/**
|
|
|
* Create or update the Frontend-user record in the typo3 database (table 'fe_users')
|
|
|
- * and the Backend-user (table 'be_users', only if is admin)
|
|
|
* with the data fetched from the Api
|
|
|
*
|
|
|
* @return bool
|
|
|
*/
|
|
|
- protected function createOrUpdateUser() {
|
|
|
+ protected function createOrUpdateUser(): bool
|
|
|
+ {
|
|
|
|
|
|
// Get user's data from the API
|
|
|
$userApiData = $this->getUserData();
|
|
|
@@ -341,73 +343,6 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
$connection->update('fe_users', $fe_row, ['uid' => $uid]);
|
|
|
}
|
|
|
|
|
|
- // Back-end user: only if admin
|
|
|
- foreach ($userApiData['accesses'] as $access) {
|
|
|
-
|
|
|
- if ($access['admin_access'] == 'true') {
|
|
|
-
|
|
|
- // get the site root of the user
|
|
|
- $q = $connection->select(
|
|
|
- ['uid'],
|
|
|
- 'pages',
|
|
|
- ['tx_opentalent_structure_id' => $access['organizationId'], 'is_siteroot' => 1]
|
|
|
- );
|
|
|
- $rootUid = $q->fetch(3)[0];
|
|
|
-
|
|
|
- if (!$rootUid) {
|
|
|
- $this->writeLogMessage('ERROR: Unable to find the root page for user ' . $userApiData['username']);
|
|
|
- }
|
|
|
-
|
|
|
- // get the filemounts uids
|
|
|
- $q = $connection->createQueryBuilder();
|
|
|
- $q->select('uid')
|
|
|
- ->from('sys_filemounts')
|
|
|
- ->where("path LIKE '%user_upload/" . $access['organizationId'] . "/%'");
|
|
|
- $res = $q->execute();
|
|
|
- $rows = $res->fetchAll(3) ?: [];
|
|
|
- $files = [];
|
|
|
- foreach ($rows as $row) {
|
|
|
- $files[] = $row[0];
|
|
|
- }
|
|
|
-
|
|
|
- $be_row = [
|
|
|
- 'username' => $userApiData['username'],
|
|
|
- 'password' => $randomStr,
|
|
|
- 'description' => '[Warning: auto-generated record, do not modify] BE Admin for ' . $access['subDomain'] . ' (id: ' . $access['id'] . ')',
|
|
|
- 'deleted' => 0,
|
|
|
- 'lang' => 'fr',
|
|
|
- 'usergroup' => isset(self::PRODUCT_MAPPING[$access['product']]) ? self::PRODUCT_MAPPING[$access['product']] : 1,
|
|
|
- 'db_mountpoints' => $rootUid,
|
|
|
- 'file_mountPoints' => join(',', $files),
|
|
|
- 'options' => 2,
|
|
|
- 'file_permissions' => 'readFolder,writeFolder,addFolder,renameFolder,moveFolder,deleteFolder,readFile,writeFile,addFile,renameFile,replaceFile,moveFile,copyFile,deleteFile',
|
|
|
- 'tx_opentalent_opentalentId' => $userApiData['id'],
|
|
|
- 'tx_opentalent_organizationId' => $access['organizationId'],
|
|
|
- 'tx_opentalent_generationDate' => date('Y/m/d H:i:s')
|
|
|
- ];
|
|
|
-
|
|
|
- $q = $connection->select(
|
|
|
- ['uid'],
|
|
|
- 'be_users',
|
|
|
- ['username' => $userApiData['username']]
|
|
|
- );
|
|
|
- $row = $q->fetch(3);
|
|
|
- $uid = $row[0];
|
|
|
- $tx_opentalent_opentalentId = $row[1];
|
|
|
-
|
|
|
- if (!$uid) {
|
|
|
- // No existing user: create
|
|
|
- $connection->insert('be_users', $be_row);
|
|
|
- } else {
|
|
|
- // User exists: update
|
|
|
- if (!$tx_opentalent_opentalentId > 0) {
|
|
|
- $this->writeLogMessage('WARNING: BE user ' . $userApiData['username'] . ' has been replaced by an auto-generated version.');
|
|
|
- }
|
|
|
- $connection->update('be_users', $be_row, ['uid' => $uid]);
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
@@ -416,7 +351,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
*
|
|
|
* @return array
|
|
|
*/
|
|
|
- protected function getUserData() {
|
|
|
+ protected function getUserData(): array
|
|
|
+ {
|
|
|
$this->fillCookieJar();
|
|
|
try {
|
|
|
$response = $this->client->request('GET', self::GET_USER_DATA_URI, ['cookies' => $this->jar]);
|
|
|
@@ -437,7 +373,7 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
* @return int Code that shows if user is really authenticated.
|
|
|
* @throws GuzzleException
|
|
|
*/
|
|
|
- public function authUser(array $user)
|
|
|
+ public function authUser(array $user): int
|
|
|
{
|
|
|
if ($user['username'] == $this->getAuthenticatedUsername()) {
|
|
|
// Tha API just validated this user's auth
|
|
|
@@ -460,7 +396,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
* Send a logout request to the API, remove the sessions cookies then logout
|
|
|
* /!\ Frontend only
|
|
|
*/
|
|
|
- public function logout() {
|
|
|
+ public function logout(): bool
|
|
|
+ {
|
|
|
try {
|
|
|
$response = $this->client->request(
|
|
|
'GET',
|
|
|
@@ -499,7 +436,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
* @param string $name
|
|
|
* @return bool
|
|
|
*/
|
|
|
- protected function unset_cookie(string $name) {
|
|
|
+ protected function unset_cookie(string $name): bool
|
|
|
+ {
|
|
|
$res = setcookie($name, '', time() - 1, '/', self::COOKIE_DOMAIN);
|
|
|
if (!$res) {
|
|
|
$this->writeLogMessage('Error while unsetting ' . $name . ' cookie');
|
Olivier Massot