Merge pull request #419 from magento-performance/cabpi-332-revoke-ims-token-on-force-sign-in

Cabpi 332 revoke ims token on force sign in

Author: slopukhov

app/code/Magento/AdminAdobeIms/Api/ImsLogOutInterface.php

@@ -19,7 +19,8 @@ interface ImsLogOutInterface
      * LogOut User from Adobe IMS Account
      *
      * @param string|null $accessToken
+     * @param int|null $adminUserId
      * @return bool
      */
-    public function execute(?string $accessToken = null) : bool;
+    public function execute(?string $accessToken = null, ?int $adminUserId = null) : bool;
 }

app/code/Magento/AdminAdobeIms/Model/Authorization/AdobeImsTokenUserContext.php

@@ -8,16 +8,12 @@
 
 namespace Magento\AdminAdobeIms\Model\Authorization;
 
-use Magento\AdminAdobeIms\Api\TokenReaderInterface;
-use Magento\AdminAdobeIms\Model\ImsConnection;
-use Magento\AdminAdobeIms\Model\User;
 use Magento\AdminAdobeIms\Service\ImsConfig;
-use Magento\AdobeImsApi\Api\Data\UserProfileInterface;
-use Magento\AdobeImsApi\Api\Data\UserProfileInterfaceFactory;
-use Magento\AdobeImsApi\Api\UserProfileRepositoryInterface;
 use Magento\Authorization\Model\UserContextInterface;
 use Magento\Framework\Exception\AuthenticationException;
-use Magento\Framework\Exception\NoSuchEntityException;
+use Magento\Framework\Exception\AuthorizationException;
+use Magento\Framework\Exception\CouldNotSaveException;
+use Magento\Framework\Exception\InvalidArgumentException;
 use Magento\Framework\Webapi\Request;
 
 /**
@@ -28,81 +24,49 @@ class AdobeImsTokenUserContext implements UserContextInterface
     private const AUTHORIZATION_METHOD_HEADER_BEARER = 'bearer';
 
     /**
-     * @var int
+     * @var int|null
      */
-    private $userId;
+    private ?int $userId = null;
 
     /**
      * @var bool
      */
-    private $isRequestProcessed;
+    private bool $isRequestProcessed = false;
 
     /**
      * @var Request
      */
     private Request $request;
 
-    /**
-     * @var TokenReaderInterface
-     */
-    private TokenReaderInterface $tokenReader;
-
-    /**
-     * @var ImsConnection
-     */
-    private ImsConnection $imsConnection;
-
     /**
      * @var ImsConfig
      */
     private ImsConfig $imsConfig;
 
     /**
-     * @var UserProfileRepositoryInterface
+     * @var AdobeImsTokenUserService
      */
-    private UserProfileRepositoryInterface $userProfileRepository;
-
-    /**
-     * @var UserProfileInterfaceFactory
-     */
-    private UserProfileInterfaceFactory $userProfileFactory;
-
-    /**
-     * @var User
-     */
-    private User $adminUser;
+    private AdobeImsTokenUserService $tokenUserService;
 
     /**
      * @param Request $request
-     * @param TokenReaderInterface $tokenReader
-     * @param ImsConnection $imsConnection
      * @param ImsConfig $imsConfig
-     * @param UserProfileRepositoryInterface $userProfileRepository
-     * @param UserProfileInterfaceFactory $userProfileFactory
-     * @param User $adminUser
+     * @param AdobeImsTokenUserService $tokenUserService
      */
     public function __construct(
         Request $request,
-        TokenReaderInterface $tokenReader,
-        ImsConnection $imsConnection,
         ImsConfig $imsConfig,
-        UserProfileRepositoryInterface $userProfileRepository,
-        UserProfileInterfaceFactory $userProfileFactory,
-        User $adminUser
+        AdobeImsTokenUserService $tokenUserService
     ) {
         $this->request = $request;
-        $this->tokenReader = $tokenReader;
-        $this->imsConnection = $imsConnection;
         $this->imsConfig = $imsConfig;
-        $this->userProfileRepository = $userProfileRepository;
-        $this->userProfileFactory = $userProfileFactory;
-        $this->adminUser = $adminUser;
+        $this->tokenUserService = $tokenUserService;
     }
 
     /**
      * @inheritdoc
      */
-    public function getUserId()
+    public function getUserId(): ?int
     {
         $this->processRequest();
         return $this->userId;
@@ -111,7 +75,7 @@ public function getUserId()
     /**
      * @inheritdoc
      */
-    public function getUserType()
+    public function getUserType(): ?int
     {
         return UserContextInterface::USER_TYPE_ADMIN;
     }
@@ -120,6 +84,9 @@ public function getUserType()
      * Finds the bearer token and looks up the value.
      *
      * @return void
+     * @throws AuthorizationException
+     * @throws CouldNotSaveException
+     * @throws InvalidArgumentException
      */
     private function processRequest()
     {
@@ -132,28 +99,7 @@ private function processRequest()
         }
 
         try {
-            $tokenData = $this->tokenReader->read($bearerToken);
-            $adobeUserId = $tokenData['adobe_user_id'] ?? '';
-            $userProfile = $this->userProfileRepository->getByAdobeUserId($adobeUserId);
-
-            if ($userProfile->getId()) {
-                $adminUserId = (int) $userProfile->getData('admin_user_id');
-            } else {
-                $profile = $this->imsConnection->getProfile($bearerToken);
-                if (empty($profile['email'])) {
-                    throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
-                }
-                $adminUser = $this->adminUser->loadByEmail($profile['email']);
-                if (empty($adminUser['user_id'])) {
-                    throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
-                }
-
-                $adminUserId = (int) $adminUser['user_id'];
-                $profile['adobe_user_id'] = $adobeUserId;
-
-                $userProfileInterface = $this->getUserProfileInterface($adminUserId);
-                $this->userProfileRepository->save($this->updateUserProfile($userProfileInterface, $profile));
-            }
+            $adminUserId = $this->tokenUserService->getAdminUserIdByToken($bearerToken);
         } catch (AuthenticationException $e) {
             $this->isRequestProcessed = true;
             return;
@@ -190,43 +136,4 @@ private function getRequestedToken()
 
         return $headerPieces[1];
     }
-
-    /**
-     * Get user profile entity
-     *
-     * @param int $adminUserId
-     * @return UserProfileInterface
-     */
-    private function getUserProfileInterface(int $adminUserId): UserProfileInterface
-    {
-        try {
-            return $this->userProfileRepository->getByUserId($adminUserId);
-        } catch (NoSuchEntityException $exception) {
-            return $this->userProfileFactory->create(
-                [
-                    'data' => [
-                        'admin_user_id' => $adminUserId
-                    ]
-                ]
-            );
-        }
-    }
-
-    /**
-     * Update user profile with the data from token
-     *
-     * @param UserProfileInterface $userProfileInterface
-     * @param array $profile
-     * @return UserProfileInterface
-     */
-    private function updateUserProfile(
-        UserProfileInterface $userProfileInterface,
-        array $profile
-    ): UserProfileInterface {
-        $userProfileInterface->setName($profile['name'] ?? '');
-        $userProfileInterface->setEmail($profile['email'] ?? '');
-        $userProfileInterface->setAdobeUserId($profile['adobe_user_id']);
-
-        return $userProfileInterface;
-    }
 }

app/code/Magento/AdminAdobeIms/Model/Authorization/AdobeImsTokenUserService.php

@@ -0,0 +1,165 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Model\Authorization;
+
+use Magento\AdminAdobeIms\Api\TokenReaderInterface;
+use Magento\AdminAdobeIms\Model\ImsConnection;
+use Magento\AdminAdobeIms\Model\User;
+use Magento\AdobeImsApi\Api\Data\UserProfileInterface;
+use Magento\AdobeImsApi\Api\Data\UserProfileInterfaceFactory;
+use Magento\AdobeImsApi\Api\UserProfileRepositoryInterface;
+use Magento\Framework\Exception\AuthenticationException;
+use Magento\Framework\Exception\AuthorizationException;
+use Magento\Framework\Exception\CouldNotSaveException;
+use Magento\Framework\Exception\InvalidArgumentException;
+use Magento\Framework\Exception\NoSuchEntityException;
+
+class AdobeImsTokenUserService
+{
+    /**
+     * @var TokenReaderInterface
+     */
+    private TokenReaderInterface $tokenReader;
+
+    /**
+     * @var UserProfileRepositoryInterface
+     */
+    private UserProfileRepositoryInterface $userProfileRepository;
+
+    /**
+     * @var UserProfileInterfaceFactory
+     */
+    private UserProfileInterfaceFactory $userProfileFactory;
+
+    /**
+     * @var User
+     */
+    private User $adminUser;
+
+    /**
+     * @var ImsConnection
+     */
+    private ImsConnection $imsConnection;
+
+    /**
+     * @param TokenReaderInterface $tokenReader
+     * @param UserProfileRepositoryInterface $userProfileRepository
+     * @param UserProfileInterfaceFactory $userProfileFactory
+     * @param User $adminUser
+     * @param ImsConnection $imsConnection
+     */
+    public function __construct(
+        TokenReaderInterface $tokenReader,
+        UserProfileRepositoryInterface $userProfileRepository,
+        UserProfileInterfaceFactory $userProfileFactory,
+        User $adminUser,
+        ImsConnection $imsConnection
+    ) {
+        $this->tokenReader = $tokenReader;
+        $this->userProfileRepository = $userProfileRepository;
+        $this->userProfileFactory = $userProfileFactory;
+        $this->adminUser = $adminUser;
+        $this->imsConnection = $imsConnection;
+    }
+
+    /**
+     * Get adobe_user_id from token and store it for admin user
+     *
+     * @param string $bearerToken
+     * @return int
+     * @throws AuthenticationException
+     * @throws AuthorizationException
+     * @throws CouldNotSaveException
+     * @throws InvalidArgumentException
+     */
+    public function getAdminUserIdByToken(string $bearerToken): int
+    {
+        $tokenData = $this->tokenReader->read($bearerToken);
+
+        $adobeUserId = $tokenData['adobe_user_id'] ?? '';
+
+        $userProfile = $this->userProfileRepository->getByAdobeUserId($adobeUserId);
+
+        if ($userProfile->getId()) {
+            $adminUserId = (int) $userProfile->getData('admin_user_id');
+        } else {
+            $profile = $this->getUserProfile($bearerToken);
+            if (empty($profile['email'])) {
+                throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+            }
+            $adminUser = $this->adminUser->loadByEmail($profile['email']);
+            if (empty($adminUser['user_id'])) {
+                throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+            }
+
+            $adminUserId = (int) $adminUser['user_id'];
+            $profile['adobe_user_id'] = $adobeUserId;
+
+            $userProfileInterface = $this->getUserProfileInterface($adminUserId);
+            $this->userProfileRepository->save($this->updateUserProfile($userProfileInterface, $profile));
+        }
+
+        return $adminUserId;
+    }
+
+    /**
+     * Get adobe user profile
+     *
+     * @param string $bearerToken
+     * @return array
+     * @throws AuthenticationException
+     */
+    private function getUserProfile(string $bearerToken): array
+    {
+        try {
+            return $this->imsConnection->getProfile($bearerToken);
+        } catch (\Exception $exception) {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+    }
+
+    /**
+     * Get user profile entity
+     *
+     * @param int $adminUserId
+     * @return UserProfileInterface
+     */
+    private function getUserProfileInterface(int $adminUserId): UserProfileInterface
+    {
+        try {
+            return $this->userProfileRepository->getByUserId($adminUserId);
+        } catch (NoSuchEntityException $exception) {
+            return $this->userProfileFactory->create(
+                [
+                    'data' => [
+                        'admin_user_id' => $adminUserId
+                    ]
+                ]
+            );
+        }
+    }
+
+    /**
+     * Update user profile with the data from token
+     *
+     * @param UserProfileInterface $userProfileInterface
+     * @param array $profile
+     * @return UserProfileInterface
+     */
+    private function updateUserProfile(
+        UserProfileInterface $userProfileInterface,
+        array $profile
+    ): UserProfileInterface {
+        $userProfileInterface->setName($profile['name'] ?? '');
+        $userProfileInterface->setEmail($profile['email'] ?? '');
+        $userProfileInterface->setAdobeUserId($profile['adobe_user_id']);
+
+        return $userProfileInterface;
+    }
+}

app/code/Magento/AdminAdobeIms/Model/ImsConnection.php

@@ -208,7 +208,7 @@ public function getTokenResponse(string $code): TokenResponseInterface
      *
      * @param string $code
      * @return array|bool|float|int|mixed|string|null
-     * @throws AuthorizationException
+     * @throws AdobeImsTokenAuthorizationException
      */
     public function getProfile(string $code)
     {