|
|
@@ -31,6 +31,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
CONST ISAUTH_URI = 'api/user/isauthenticated';
|
|
|
CONST LOGOUT_URI = 'logout';
|
|
|
CONST GROUP_FE_ALL_UID = 18076;
|
|
|
+ CONST GROUP_ADMIN_STANDARD_UID = 1;
|
|
|
+ CONST GROUP_ADMIN_PREMIUM_UID = 3;
|
|
|
|
|
|
// Cookies' domain needs to be the same that the api's cookies, or guzzle will ignore them.
|
|
|
CONST COOKIE_DOMAIN = 'opentalent.fr';
|
|
|
@@ -118,7 +120,9 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
// Does the user already have a session on the Opentalent API?
|
|
|
$username = $this->getAuthenticatedUsername();
|
|
|
|
|
|
- if ($username != null && $this->authInfo['loginType'] === 'FE' && $this->login['status'] === 'logout') {
|
|
|
+ $isBackend = $this->authInfo['loginType'] === 'BE';
|
|
|
+
|
|
|
+ if ($username != null && !$isBackend && $this->login['status'] === 'logout') {
|
|
|
// This is a logout request
|
|
|
$this->logout();
|
|
|
return false;
|
|
|
@@ -154,8 +158,10 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
// Request the latest data for the user and write it in the Typo3 DB
|
|
|
// * The shouldUserBeUpdated() method checks if the user was already
|
|
|
// generated in the last minutes, to avoid unnecessary operations *
|
|
|
- if ($this->shouldUserBeUpdated($username)) {
|
|
|
- $wasUpdated = $this->createOrUpdateUser();
|
|
|
+
|
|
|
+ if ($this->shouldUserBeUpdated($username, $isBackend)) {
|
|
|
+ $wasUpdated = $this->createOrUpdateUser($isBackend);
|
|
|
+
|
|
|
if (!$wasUpdated) {
|
|
|
// An error happened during the update of the user's data
|
|
|
// since its data may have changed (credentials, rights, rôles...)
|
|
|
@@ -293,12 +299,12 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
* @param string $username
|
|
|
* @return bool
|
|
|
*/
|
|
|
- protected function shouldUserBeUpdated(string $username): bool
|
|
|
+ protected function shouldUserBeUpdated(string $username, bool $isBackend = false): bool
|
|
|
{
|
|
|
-
|
|
|
- $cnn = $this->connectionPool->getConnectionForTable('fe_users');
|
|
|
- $q = $cnn->select(['tx_opentalent_generationDate'], 'fe_users', ['username' => $username]);
|
|
|
- $strGenDate = $q->fetch(3)[0];
|
|
|
+ $table = $isBackend ? 'be_users' : 'fe_users';
|
|
|
+ $cnn = $this->connectionPool->getConnectionForTable($table);
|
|
|
+ $q = $cnn->select(['tx_opentalent_generationDate'], $table, ['username' => $username]);
|
|
|
+ $strGenDate = $q->fetch(3)[0] ?? '1970-01-01 00:00:00';
|
|
|
|
|
|
$genDate = DateTime::createFromFormat("Y-m-d H:i:s", $strGenDate);
|
|
|
if ($genDate == null) {
|
|
|
@@ -316,8 +322,12 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
*
|
|
|
* @return bool
|
|
|
*/
|
|
|
- protected function createOrUpdateUser(): bool
|
|
|
+ protected function createOrUpdateUser(bool $isBackend = false): bool
|
|
|
{
|
|
|
+ $table = $isBackend ? 'be_users' : 'fe_users';
|
|
|
+ $group_table = $isBackend ? 'be_groups' : 'fe_groups';
|
|
|
+ $prefix = $isBackend ? 'BE' : 'FE';
|
|
|
+
|
|
|
// Get user's data from the API
|
|
|
$userApiData = $this->getUserData();
|
|
|
|
|
|
@@ -327,34 +337,60 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- $connection = $this->connectionPool->getConnectionForTable('fe_users');
|
|
|
+ $connection = $this->connectionPool->getConnectionForTable($table);
|
|
|
|
|
|
// Since we don't want to store the password in the TYPO3 DB, we store a random string instead
|
|
|
- $randomStr = (new Random)->generateRandomHexString(20);
|
|
|
+ $randomStr = (new Random)->generateRandomHexString(30);
|
|
|
|
|
|
// Front-end user
|
|
|
- $fe_row = [
|
|
|
+ $user_row = [
|
|
|
'username' => $userApiData['username'],
|
|
|
'password' => $randomStr,
|
|
|
- 'name' => $userApiData['name'],
|
|
|
- 'first_name' => $userApiData['first_name'],
|
|
|
- 'description' => '[Warning: auto-generated record, do not modify] FE User',
|
|
|
+ 'description' => "[Warning: auto-generated record, do not modify] $prefix User",
|
|
|
'deleted' => 0,
|
|
|
'tx_opentalent_opentalentId' => $userApiData['id'],
|
|
|
'tx_opentalent_generationDate' => date('Y/m/d H:i:s')
|
|
|
];
|
|
|
|
|
|
- $groupsUid = [self::GROUP_FE_ALL_UID];
|
|
|
+ if ($isBackend) {
|
|
|
+ $user_row['lang'] = 'fr';
|
|
|
+ $user_row['options'] = "3";
|
|
|
+ $user_row['TSconfig'] = "options.uploadFieldsInTopOfEB = 1";
|
|
|
+ } else {
|
|
|
+ $user_row['name'] = $userApiData['name'];
|
|
|
+ $user_row['first_name'] = $userApiData['first_name'];
|
|
|
+ }
|
|
|
+
|
|
|
+ $groupsUid = [];
|
|
|
+
|
|
|
+ if (!$isBackend) {
|
|
|
+ $groupsUid[] = self::GROUP_FE_ALL_UID;
|
|
|
+ }
|
|
|
+
|
|
|
+ // Loop over the accesses of the user to list the matching organization groups
|
|
|
if ($userApiData['accesses']) {
|
|
|
foreach ($userApiData['accesses'] as $accessData) {
|
|
|
+ if ($isBackend && !$accessData['isEditor'] && !$accessData['admin_access']) {
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+
|
|
|
+ if ($isBackend && $accessData['admin_access']) {
|
|
|
+ $adminGroupUid = $accessData['product'] === 'artist_premium' ?
|
|
|
+ self::GROUP_ADMIN_PREMIUM_UID :
|
|
|
+ self::GROUP_ADMIN_STANDARD_UID;
|
|
|
+ if (!in_array($adminGroupUid, $groupsUid)) {
|
|
|
+ $groupsUid[] = $adminGroupUid;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
$organizationId = $accessData['organizationId'];
|
|
|
|
|
|
- // get the fe_group for this organization
|
|
|
+ // get the group for this organization
|
|
|
$groupUid = $connection->fetchOne(
|
|
|
"select g.uid
|
|
|
- from typo3.fe_groups g
|
|
|
+ from typo3.$group_table g
|
|
|
inner join (select uid, ot_website_uid from typo3.pages where is_siteroot) p
|
|
|
- on g.pid = p.uid
|
|
|
+ on g." . ($isBackend ? 'db_mountpoints' : 'pid') . " = p.uid
|
|
|
inner join typo3.ot_websites w on p.ot_website_uid = w.uid
|
|
|
where w.organization_id=:organizationId;",
|
|
|
['organizationId' => $organizationId]
|
|
|
@@ -363,31 +399,39 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
if ($groupUid) {
|
|
|
$groupsUid[] = $groupUid;
|
|
|
} else {
|
|
|
- OtLogger::warning("Warning: no fe_group found for organization " . $organizationId);
|
|
|
+ OtLogger::warning("Warning: no " . strtolower($prefix) . "_group found for organization " . $organizationId);
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- $fe_row['usergroup'] = join(',', $groupsUid);
|
|
|
+
|
|
|
+ if ($isBackend && empty($groupsUid)) {
|
|
|
+ throw new \Exception("No BE_group found for user " . $userApiData['username']);
|
|
|
+ }
|
|
|
+
|
|
|
+ $user_row['usergroup'] = join(',', $groupsUid);
|
|
|
|
|
|
// TODO: log a warning if a user with the same opentalentId exists (the user might have changed of username)
|
|
|
$q = $connection->select(
|
|
|
['uid', 'tx_opentalent_opentalentId'],
|
|
|
- 'fe_users',
|
|
|
+ $table,
|
|
|
['username' => $userApiData['username']]
|
|
|
);
|
|
|
$row = $q->fetch(3);
|
|
|
- $uid = $row[0];
|
|
|
- $tx_opentalent_opentalentId = $row[1];
|
|
|
+ $uid = $row[0] ?? null;
|
|
|
+ $tx_opentalent_opentalentId = $row[1] ?? null;
|
|
|
|
|
|
if (!$uid) {
|
|
|
// No existing user: create
|
|
|
- $connection->insert('fe_users', $fe_row);
|
|
|
+ $connection->insert($table, $user_row);
|
|
|
} else {
|
|
|
// User exists: update
|
|
|
if (!$tx_opentalent_opentalentId > 0) {
|
|
|
- OtLogger::warning('WARNING: FE user ' . $userApiData['username'] . ' has been replaced by an auto-generated version.');
|
|
|
+ OtLogger::warning(
|
|
|
+ "WARNING: $prefix user " . $userApiData['username'] .
|
|
|
+ ' has been replaced by an auto-generated version.'
|
|
|
+ );
|
|
|
}
|
|
|
- $connection->update('fe_users', $fe_row, ['uid' => $uid]);
|
|
|
+ $connection->update($table, $user_row, ['uid' => $uid]);
|
|
|
}
|
|
|
|
|
|
return true;
|
Olivier Massot