remove the otconnect be_users sync

ot_connect/Classes/Service/OtAuthenticationService.php

@@ -74,14 +74,14 @@ class OtAuthenticationService extends AbstractAuthenticationService
      * @see http://docs.guzzlephp.org/en/stable/
      * @var Client
      */
-    private $client;
+    private Client $client;
 
     /**
      * Guzzle Cookie Jar
      *
      * @var CookieJar
      */
-    private $jar;
+    private CookieJar $jar;
 
     /**
      * @var \TYPO3\CMS\Core\Database\ConnectionPool
@@ -171,8 +171,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
      * @return string|null
      * @throws GuzzleException
      */
-    protected function getAuthenticatedUsername() {
-
+    protected function getAuthenticatedUsername(): ?string
+    {
         $this->fillCookieJar();
         try {
             $response = $this->client->request('GET', self::ISAUTH_URI, ['cookies' => $this->jar]);
@@ -215,7 +215,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
      * @return bool     Returns true if the api accepted the login request
      * @throws GuzzleException
      */
-    protected function logUser($username, $password) {
+    protected function logUser(string $username, string $password): bool
+    {
 
         try {
             $response = $this->client->request(
@@ -268,7 +269,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
      * @param string $username
      * @return bool
      */
-    protected function shouldUserBeUpdated($username) {
+    protected function shouldUserBeUpdated(string $username): bool
+    {
 
         $cnn = $this->connectionPool->getConnectionForTable('fe_users');
         $q = $cnn->select(['tx_opentalent_generationDate'], 'fe_users', ['username' => $username]);
@@ -286,12 +288,12 @@ class OtAuthenticationService extends AbstractAuthenticationService
 
     /**
      * Create or update the Frontend-user record in the typo3 database (table 'fe_users')
-     * and the Backend-user (table 'be_users', only if is admin)
      * with the data fetched from the Api
      *
      * @return bool
      */
-    protected function createOrUpdateUser() {
+    protected function createOrUpdateUser(): bool
+    {
 
         // Get user's data from the API
         $userApiData = $this->getUserData();
@@ -341,73 +343,6 @@ class OtAuthenticationService extends AbstractAuthenticationService
             $connection->update('fe_users', $fe_row, ['uid' => $uid]);
         }
 
-        // Back-end user: only if admin
-        foreach ($userApiData['accesses'] as $access) {
-
-            if ($access['admin_access'] == 'true') {
-
-                // get the site root of the user
-                $q = $connection->select(
-                    ['uid'],
-                    'pages',
-                    ['tx_opentalent_structure_id' => $access['organizationId'], 'is_siteroot' => 1]
-                );
-                $rootUid = $q->fetch(3)[0];
-
-                if (!$rootUid) {
-                    $this->writeLogMessage('ERROR: Unable to find the root page for user ' . $userApiData['username']);
-                }
-
-                // get the filemounts uids
-                $q = $connection->createQueryBuilder();
-                $q->select('uid')
-                    ->from('sys_filemounts')
-                    ->where("path LIKE '%user_upload/" . $access['organizationId'] . "/%'");
-                $res = $q->execute();
-                $rows = $res->fetchAll(3) ?: [];
-                $files = [];
-                foreach ($rows as $row) {
-                    $files[] = $row[0];
-                }
-
-                $be_row = [
-                    'username' => $userApiData['username'],
-                    'password' => $randomStr,
-                    'description' => '[Warning: auto-generated record, do not modify] BE Admin for ' . $access['subDomain'] . ' (id: ' . $access['id'] . ')',
-                    'deleted' => 0,
-                    'lang' => 'fr',
-                    'usergroup' => isset(self::PRODUCT_MAPPING[$access['product']]) ? self::PRODUCT_MAPPING[$access['product']] : 1,
-                    'db_mountpoints' => $rootUid,
-                    'file_mountPoints' => join(',', $files),
-                    'options' => 2,
-                    'file_permissions' => 'readFolder,writeFolder,addFolder,renameFolder,moveFolder,deleteFolder,readFile,writeFile,addFile,renameFile,replaceFile,moveFile,copyFile,deleteFile',
-                    'tx_opentalent_opentalentId' => $userApiData['id'],
-                    'tx_opentalent_organizationId' => $access['organizationId'],
-                    'tx_opentalent_generationDate' => date('Y/m/d H:i:s')
-                ];
-
-                $q = $connection->select(
-                    ['uid'],
-                    'be_users',
-                    ['username' => $userApiData['username']]
-                );
-                $row = $q->fetch(3);
-                $uid = $row[0];
-                $tx_opentalent_opentalentId = $row[1];
-
-                if (!$uid) {
-                    // No existing user: create
-                    $connection->insert('be_users', $be_row);
-                } else {
-                    // User exists: update
-                    if (!$tx_opentalent_opentalentId > 0) {
-                        $this->writeLogMessage('WARNING: BE user ' . $userApiData['username'] . ' has been replaced by an auto-generated version.');
-                    }
-                    $connection->update('be_users', $be_row, ['uid' => $uid]);
-                }
-            }
-        }
-
         return true;
     }
 
@@ -416,7 +351,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
      *
      * @return array
      */
-    protected function getUserData() {
+    protected function getUserData(): array
+    {
         $this->fillCookieJar();
         try {
             $response = $this->client->request('GET', self::GET_USER_DATA_URI, ['cookies' => $this->jar]);
@@ -437,7 +373,7 @@ class OtAuthenticationService extends AbstractAuthenticationService
      * @return int        Code that shows if user is really authenticated.
      * @throws GuzzleException
      */
-    public function authUser(array $user)
+    public function authUser(array $user): int
     {
         if ($user['username'] == $this->getAuthenticatedUsername()) {
             // Tha API just validated this user's auth
@@ -460,7 +396,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
      * Send a logout request to the API, remove the sessions cookies then logout
      * /!\ Frontend only
      */
-    public function logout() {
+    public function logout(): bool
+    {
         try {
             $response = $this->client->request(
                 'GET',
@@ -499,7 +436,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
      * @param string $name
      * @return bool
      */
-    protected function unset_cookie(string $name) {
+    protected function unset_cookie(string $name): bool
+    {
         $res = setcookie($name, '', time() - 1, '/', self::COOKIE_DOMAIN);
         if (!$res) {
             $this->writeLogMessage('Error while unsetting ' . $name . ' cookie');

ot_connect/Readme.md

@@ -9,8 +9,8 @@ Extension d'authentification typo3.
 | Nom | OtConnect |
 
 Le rôle de cette extension est de fournir une authentification et une session unique pour les utilisateurs Opentalent, 
-qu'ils se rendent sur l'application Opentalent, sur le frontend du site de leur(s) structure(s), ou sur le backend TYPO3 
-(s'ils sont administrateurs du site de la structure).
+qu'ils se rendent sur l'application Opentalent ou sur le frontend du site de leur(s) structure(s).
+**L'authentification backend n'est pour l'instant pas concernée.**
 OtConnect se positionne en amont des services d'authentification Typo3 et utilise l'API Opentalent.
 En somme, un utilisateur connecté sur Opentalent.fr le sera aussi sur le ou les autres sous-domaines TYPO3 
 (correspondant à ses structures et à ses droits)