|
|
@@ -118,7 +118,9 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
// Does the user already have a session on the Opentalent API?
|
|
|
$username = $this->getAuthenticatedUsername();
|
|
|
|
|
|
- if ($username != null && $this->authInfo['loginType'] === 'FE' && $this->login['status'] === 'logout') {
|
|
|
+ $isBackend = $this->authInfo['loginType'] === 'BE';
|
|
|
+
|
|
|
+ if ($username != null && !$isBackend && $this->login['status'] === 'logout') {
|
|
|
// This is a logout request
|
|
|
$this->logout();
|
|
|
return false;
|
|
|
@@ -155,8 +157,8 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
// * The shouldUserBeUpdated() method checks if the user was already
|
|
|
// generated in the last minutes, to avoid unnecessary operations *
|
|
|
|
|
|
- if ($this->shouldUserBeUpdated($username)) {
|
|
|
- $wasUpdated = $this->createOrUpdateUser($this->authInfo['loginType'] === 'BE');
|
|
|
+ if ($this->shouldUserBeUpdated($username, $isBackend)) {
|
|
|
+ $wasUpdated = $this->createOrUpdateUser($isBackend);
|
|
|
|
|
|
if (!$wasUpdated) {
|
|
|
// An error happened during the update of the user's data
|
|
|
@@ -321,11 +323,16 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
protected function createOrUpdateUser(bool $isBackend = false): bool
|
|
|
{
|
|
|
$table = $isBackend ? 'be_users' : 'fe_users';
|
|
|
- $group_table = $isBackend ? 'fe_groups' : 'fe_groups';
|
|
|
+ $group_table = $isBackend ? 'be_groups' : 'fe_groups';
|
|
|
+ $prefix = $isBackend ? 'BE' : 'FE';
|
|
|
|
|
|
// Get user's data from the API
|
|
|
$userApiData = $this->getUserData();
|
|
|
|
|
|
+ // <--- TODO: remove this, for tests only
|
|
|
+ $userApiData['accesses'][0]['typo3_editor'] = true;
|
|
|
+ // --->
|
|
|
+
|
|
|
if (empty($userApiData)) {
|
|
|
// An error happened, and even if the user was logged, we can not continue
|
|
|
// (user's data and rights could have changed)
|
|
|
@@ -335,19 +342,23 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
$connection = $this->connectionPool->getConnectionForTable($table);
|
|
|
|
|
|
// Since we don't want to store the password in the TYPO3 DB, we store a random string instead
|
|
|
- $randomStr = (new Random)->generateRandomHexString(20);
|
|
|
+ $randomStr = (new Random)->generateRandomHexString(30);
|
|
|
|
|
|
// Front-end user
|
|
|
$user_row = [
|
|
|
'username' => $userApiData['username'],
|
|
|
'password' => $randomStr,
|
|
|
- 'description' => '[Warning: auto-generated record, do not modify] FE User',
|
|
|
+ 'description' => "[Warning: auto-generated record, do not modify] $prefix User",
|
|
|
'deleted' => 0,
|
|
|
'tx_opentalent_opentalentId' => $userApiData['id'],
|
|
|
'tx_opentalent_generationDate' => date('Y/m/d H:i:s')
|
|
|
];
|
|
|
|
|
|
- if (!$isBackend) {
|
|
|
+ if ($isBackend) {
|
|
|
+ $user_row['lang'] = 'fr';
|
|
|
+ $user_row['options'] = "3";
|
|
|
+ $user_row['TSconfig'] = "options.uploadFieldsInTopOfEB = 1\noptions.defaultUploadFolder=1:user_upload/90214/";
|
|
|
+ } else {
|
|
|
$user_row['name'] = $userApiData['name'];
|
|
|
$user_row['first_name'] = $userApiData['first_name'];
|
|
|
}
|
|
|
@@ -358,9 +369,13 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
$groupsUid[] = self::GROUP_FE_ALL_UID;
|
|
|
}
|
|
|
|
|
|
- // Loop over the accesses of the user to find the matching organization group
|
|
|
+ // Loop over the accesses of the user to list the matching organization groups
|
|
|
if ($userApiData['accesses']) {
|
|
|
foreach ($userApiData['accesses'] as $accessData) {
|
|
|
+ if ($isBackend && !$accessData['typo3_editor']) {
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+
|
|
|
$organizationId = $accessData['organizationId'];
|
|
|
|
|
|
// get the fe_group for this organization
|
|
|
@@ -368,7 +383,7 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
"select g.uid
|
|
|
from typo3.$group_table g
|
|
|
inner join (select uid, ot_website_uid from typo3.pages where is_siteroot) p
|
|
|
- on g.pid = p.uid
|
|
|
+ on g." . ($isBackend ? 'db_mountpoints' : 'pid') . " = p.uid
|
|
|
inner join typo3.ot_websites w on p.ot_website_uid = w.uid
|
|
|
where w.organization_id=:organizationId;",
|
|
|
['organizationId' => $organizationId]
|
|
|
@@ -377,10 +392,15 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
if ($groupUid) {
|
|
|
$groupsUid[] = $groupUid;
|
|
|
} else {
|
|
|
- OtLogger::warning("Warning: no " . ($isBackend ? 'be' : 'fe') . "_group found for organization " . $organizationId);
|
|
|
+ OtLogger::warning("Warning: no " . strtolower($prefix) . "_group found for organization " . $organizationId);
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
+
|
|
|
+ if ($isBackend && empty($groupsUid)) {
|
|
|
+ throw new \Exception("No BE_group found for user " . $userApiData['username']);
|
|
|
+ }
|
|
|
+
|
|
|
$user_row['usergroup'] = join(',', $groupsUid);
|
|
|
|
|
|
// TODO: log a warning if a user with the same opentalentId exists (the user might have changed of username)
|
|
|
@@ -400,7 +420,7 @@ class OtAuthenticationService extends AbstractAuthenticationService
|
|
|
// User exists: update
|
|
|
if (!$tx_opentalent_opentalentId > 0) {
|
|
|
OtLogger::warning(
|
|
|
- 'WARNING: ' . ($isBackend ? 'BE' : 'FE') .' user ' . $userApiData['username'] .
|
|
|
+ "WARNING: $prefix user " . $userApiData['username'] .
|
|
|
' has been replaced by an auto-generated version.'
|
|
|
);
|
|
|
}
|
Olivier Massot