Merge pull request #413 from magento-performance/cabpi-315-login-with-inactive-user

CABPI-315: Return correct error message for login with inactive user

Author: slopukhov

app/code/Magento/AdminAdobeIms/Api/ImsLogOutInterface.php

@@ -0,0 +1,25 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Api;
+
+/**
+ * Declare functionality for user logout from the Adobe IMS account
+ *
+ * @api
+ */
+interface ImsLogOutInterface
+{
+    /**
+     * LogOut User from Adobe IMS Account
+     *
+     * @param string|null $accessToken
+     * @return bool
+     */
+    public function execute(?string $accessToken = null) : bool;
+}

app/code/Magento/AdminAdobeIms/Model/LogOut.php

@@ -11,7 +11,7 @@
 use Magento\AdobeImsApi\Api\FlushUserTokensInterface;
 use Magento\AdobeImsApi\Api\GetAccessTokenInterface;
 use Magento\AdminAdobeIms\Service\ImsConfig;
-use Magento\AdobeImsApi\Api\LogOutInterface;
+use Magento\AdminAdobeIms\Api\ImsLogOutInterface;
 use Magento\Framework\Exception\AuthorizationException;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\HTTP\Client\CurlFactory;
@@ -21,7 +21,7 @@
 /**
  * Represent functionality for log out users from the Adobe account
  */
-class LogOut implements LogOutInterface
+class LogOut implements ImsLogOutInterface
 {
     /**
      * Successful result code.
@@ -31,22 +31,22 @@ class LogOut implements LogOutInterface
     /**
      * @var LoggerInterface
      */
-    private $logger;
+    private LoggerInterface $logger;
 
     /**
      * @var CurlFactory
      */
-    private $curlFactory;
+    private CurlFactory $curlFactory;
 
     /**
      * @var GetAccessTokenInterface
      */
-    private $getAccessToken;
+    private GetAccessTokenInterface $getAccessToken;
 
     /**
      * @var FlushUserTokensInterface
      */
-    private $flushUserTokens;
+    private FlushUserTokensInterface $flushUserTokens;
     /**
      * @var ImsConfig
      */
@@ -83,10 +83,12 @@ public function __construct(
     /**
      * @inheritDoc
      */
-    public function execute() : bool
+    public function execute(?string $accessToken = null) : bool
     {
         try {
-            $accessToken = $this->getAccessToken->execute();
+            if ($accessToken === null) {
+                $accessToken = $this->getAccessToken->execute();
+            }
 
             if (empty($accessToken)) {
                 return true;

app/code/Magento/AdminAdobeIms/Service/AdminLoginProcessService.php

@@ -9,13 +9,13 @@
 
 namespace Magento\AdminAdobeIms\Service;
 
+use Exception;
 use Magento\AdminAdobeIms\Exception\AdobeImsTokenAuthorizationException;
 use Magento\AdminAdobeIms\Model\Auth;
+use Magento\AdminAdobeIms\Model\LogOut;
 use Magento\AdminAdobeIms\Model\User;
 use Magento\AdobeIms\Model\LogIn;
 use Magento\AdobeImsApi\Api\Data\TokenResponseInterface;
-use Magento\Framework\Exception\AuthenticationException;
-use Magento\Framework\Exception\CouldNotSaveException;
 
 class AdminLoginProcessService
 {
@@ -32,19 +32,27 @@ class AdminLoginProcessService
      */
     private LogIn $logIn;
 
+    /**
+     * @var LogOut
+     */
+    private LogOut $logOut;
+
     /**
      * @param User $adminUser
      * @param Auth $auth
      * @param LogIn $logIn
+     * @param LogOut $logOut
      */
     public function __construct(
         User $adminUser,
         Auth $auth,
-        LogIn $logIn
+        LogIn $logIn,
+        LogOut $logOut
     ) {
         $this->adminUser = $adminUser;
         $this->auth = $auth;
         $this->logIn = $logIn;
+        $this->logOut = $logOut;
     }
 
     /**
@@ -54,19 +62,43 @@ public function __construct(
      * @param TokenResponseInterface $tokenResponse
      * @return void
      * @throws AdobeImsTokenAuthorizationException
-     * @throws CouldNotSaveException|AuthenticationException
      */
     public function execute(array $profile, TokenResponseInterface $tokenResponse): void
     {
         $adminUser = $this->adminUser->loadByEmail($profile['email']);
         if (empty($adminUser['user_id'])) {
+            $this->externalLogout($tokenResponse->getAccessToken());
             throw new AdobeImsTokenAuthorizationException(
                 __('No matching admin user found for Adobe ID.')
             );
         }
 
-        $this->logIn->execute((int)$adminUser['user_id'], $tokenResponse);
+        try {
+            $this->logIn->execute((int)$adminUser['user_id'], $tokenResponse);
+            $this->auth->loginByUsername($adminUser['username']);
+        } catch (Exception $exception) {
+            $this->externalLogout($tokenResponse->getAccessToken());
+            throw new AdobeImsTokenAuthorizationException(
+                __($exception->getMessage())
+            );
+        }
+    }
 
-        $this->auth->loginByUsername($adminUser['username']);
+    /**
+     * If log in attempt failed, we should clean the Adobe IMS Session
+     *
+     * @param string $accessToken
+     * @return void
+     * @throws AdobeImsTokenAuthorizationException
+     */
+    private function externalLogout(string $accessToken): void
+    {
+        try {
+            $this->logOut->execute($accessToken);
+        } catch (Exception $exception) {
+            throw new AdobeImsTokenAuthorizationException(
+                __($exception->getMessage())
+            );
+        }
     }
 }

app/code/Magento/AdminAdobeIms/Test/Unit/Service/AdminLoginProcessServiceTest.php

@@ -0,0 +1,152 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Test\Unit\Service;
+
+use Exception;
+use Magento\AdminAdobeIms\Exception\AdobeImsTokenAuthorizationException;
+use Magento\AdminAdobeIms\Model\Auth;
+use Magento\AdminAdobeIms\Model\LogOut;
+use Magento\AdminAdobeIms\Model\User;
+use Magento\AdminAdobeIms\Service\AdminLoginProcessService;
+use Magento\AdobeIms\Model\LogIn;
+use Magento\AdobeImsApi\Api\Data\TokenResponseInterface;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;
+use PHPUnit\Framework\TestCase;
+
+class AdminLoginProcessServiceTest extends TestCase
+{
+    private const TEST_EMAIL = '[email protected]';
+
+    /**
+     * @var AdminLoginProcessService
+     */
+    private $loginService;
+
+    /**
+     * @var User
+     */
+    private $user;
+
+    /**
+     * @var Auth
+     */
+    private $auth;
+
+    /**
+     * @var LogIn
+     */
+    private $logIn;
+
+    /**
+     * @var LogOut
+     */
+    private $logOut;
+
+    /**
+     * @var TokenResponseInterface
+     */
+    private $tokenResponse;
+
+    protected function setUp(): void
+    {
+        $objectManagerHelper = new ObjectManagerHelper($this);
+
+        $this->user = $this->createMock(User::class);
+        $this->auth = $this->createMock(Auth::class);
+        $this->logIn = $this->createMock(LogIn::class);
+        $this->logOut = $this->createMock(LogOut::class);
+
+        $this->tokenResponse = $this->createMock(TokenResponseInterface::class);
+        $this->tokenResponse
+            ->method('getAccessToken')
+            ->willReturn('accessToken');
+
+        $this->loginService = $objectManagerHelper->getObject(
+            AdminLoginProcessService::class,
+            [
+                'adminUser' => $this->user,
+                'auth' => $this->auth,
+                'logIn' => $this->logIn,
+                'logOut' => $this->logOut,
+            ]
+        );
+    }
+
+    public function testExceptionWillBeThrownWhenNoUserFound(): void
+    {
+        $this->user
+            ->method('loadByEmail')
+            ->willReturn([]);
+
+        $this->logOut
+            ->expects($this->once())
+            ->method('execute')
+            ->with('accessToken');
+
+        $this->expectException(AdobeImsTokenAuthorizationException::class);
+        $this->expectExceptionMessage('No matching admin user found for Adobe ID.');
+
+        $this->loginService->execute(['email' => self::TEST_EMAIL], $this->tokenResponse);
+    }
+
+    /**
+     * @return void
+     * @throws AdobeImsTokenAuthorizationException
+     */
+    public function testExceptionWillBeThrownWhenLoginFails(): void
+    {
+        $this->user
+            ->method('loadByEmail')
+            ->willReturn([
+                'user_id' => '1',
+                'email' => self::TEST_EMAIL,
+            ]);
+
+        $this->logIn
+            ->method('execute')
+            ->willThrowException(new Exception());
+
+        $this->logOut
+            ->expects($this->once())
+            ->method('execute')
+            ->with('accessToken');
+
+        $this->expectException(AdobeImsTokenAuthorizationException::class);
+
+        $this->loginService->execute(['email' => self::TEST_EMAIL], $this->tokenResponse);
+    }
+
+    /**
+     * @return void
+     * @throws AdobeImsTokenAuthorizationException
+     */
+    public function testExceptionWillBeThrownWhenAuthenticationFails(): void
+    {
+        $this->user
+            ->method('loadByEmail')
+            ->willReturn([
+                'user_id' => '1',
+                'username' => 'admin',
+                'email' => self::TEST_EMAIL,
+            ]);
+
+        $this->auth
+            ->method('loginByUsername')
+            ->willThrowException(new Exception());
+
+        $this->logOut
+            ->expects($this->once())
+            ->method('execute')
+            ->with('accessToken');
+
+        $this->expectException(AdobeImsTokenAuthorizationException::class);
+
+        $this->loginService->execute(['email' => self::TEST_EMAIL], $this->tokenResponse);
+    }
+}