refactor command to acquire admin consent

2025-06-07 18:44:08 +00:00 · 2022-05-09 14:24:58 +02:00 · 2022-05-09 14:24:58 +02:00 · ee4a6e08fb
commit ee4a6e08fb
parent d570145385
4 changed files with 34 additions and 37 deletions
--- a/src/Bundle/ChillCalendarBundle/Command/AzureGrantAdminConsentAndAcquireToken.php
+++ b/src/Bundle/ChillCalendarBundle/Command/AzureGrantAdminConsentAndAcquireToken.php
@ -14,13 +14,13 @@ namespace Chill\CalendarBundle\Command;
 use Chill\CalendarBundle\RemoteCalendar\Connector\MSGraph\MachineTokenStorage;
 use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
 use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Helper\FormatterHelper;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
-use Symfony\Component\Console\Question\Question;
+use Symfony\Component\Console\Question\ConfirmationQuestion;
 use TheNetworg\OAuth2\Client\Provider\Azure;
-use const PHP_URL_QUERY;

-class AzureGetMachineAccessTokenCommand extends Command
+class AzureGrantAdminConsentAndAcquireToken extends Command
 {
    private Azure $azure;

@ -30,51 +30,47 @@ class AzureGetMachineAccessTokenCommand extends Command

    public function __construct(Azure $azure, ClientRegistry $clientRegistry, MachineTokenStorage $machineTokenStorage)
    {
-        parent::__construct('chill:calendar:get-access-token');
+        parent::__construct('chill:calendar:msgraph-grant-admin-consent');

        $this->azure = $azure;
        $this->clientRegistry = $clientRegistry;
        $this->machineTokenStorage = $machineTokenStorage;
    }

-    protected function configure()
-    {
-    }
-
    protected function execute(InputInterface $input, OutputInterface $output)
    {
+        /** @var FormatterHelper $formatter */
+        $formatter = $this->getHelper('formatter');
        $this->azure->scope = ['https://graph.microsoft.com/.default'];
-        $authorizationUrl = explode('?', $this->azure->getAuthorizationUrl(['prompt' => 'consent']));
+        $authorizationUrl = explode('?', $this->azure->getAuthorizationUrl(['prompt' => 'admin_consent']));
+
        // replace the first part by the admin consent authorization url
        $authorizationUrl[0] = strtr('https://login.microsoftonline.com/{tenant}/adminconsent', ['{tenant}' => $this->azure->tenant]);

        $output->writeln('Go to the url');
        $output->writeln(implode('?', $authorizationUrl));
-        $output->writeln('Authenticate as admin, and copy-paste the url you will reach');
+        $output->writeln('Authenticate as admin, and grant admin consent');

        // not necessary ?
        $helper = $this->getHelper('question');
-        $question = new Question('Paste here the return url after you completed the admin consent');
+        $question = new ConfirmationQuestion('Access granted ?');

-        $returnUrl = $helper->ask($input, $output, $question);
+        if (!$helper->ask($input, $output, $question)) {
+            $messages = ['No problem, we will wait for you', 'Grant access and come back here'];
+            $output->writeln($formatter->formatBlock($messages, 'warning'));

-        $keyValues = explode('&', parse_url($returnUrl, PHP_URL_QUERY));
-        $params = [];
-
-        foreach ($keyValues as $str) {
-            $strs = explode('=', $str);
-            $params[$strs[0]] = $strs[1];
+            return 0;
        }

-        dump($params);
+        $token = $this->machineTokenStorage->getToken();

-        $token = $this->azure->getAccessToken('client_credentials', [
-            'scope' => $this->azure->scope,
-        ]);
+        $messages = ['Token acquired!', 'We could acquire a machine token successfully'];
+        $output->writeln($formatter->formatBlock($messages, 'success'));

-        $this->machineTokenStorage->storeToken($token);
-
-        $output->writeln('machine access token acquired and saved!');
+        $output->writeln('Token information:');
+        $output->writeln($token->getToken());
+        $output->writeln('Expires at: ' . $token->getExpires());
+        $output->writeln('To inspect the token content, go to https://jwt.ms/#access_token=' . urlencode($token->getToken()));

        return 0;
    }
--- a/src/Bundle/ChillCalendarBundle/DependencyInjection/Configuration.php
+++ b/src/Bundle/ChillCalendarBundle/DependencyInjection/Configuration.php
@ -31,9 +31,6 @@ class Configuration implements ConfigurationInterface
            ->children()
            ->arrayNode('microsoft_graph')->canBeEnabled()
            ->children()
-            ->scalarNode('machine_access_token')
-            ->isRequired()
-            ->info('Access token for writing to remote calendars')
            ->end() // end of machine_access_token
            ->end() // end of microsoft_graph children
            ->end() // end of array microsoft_graph
--- a/src/Bundle/ChillCalendarBundle/RemoteCalendar/DependencyInjection/RemoteCalendarCompilerPass.php
+++ b/src/Bundle/ChillCalendarBundle/RemoteCalendar/DependencyInjection/RemoteCalendarCompilerPass.php
@ -11,6 +11,7 @@ declare(strict_types=1);

 namespace Chill\CalendarBundle\RemoteCalendar\DependencyInjection;

+use Chill\CalendarBundle\Command\MapUserCalendarCommand;
 use Chill\CalendarBundle\RemoteCalendar\Connector\MSGraphRemoteCalendarConnector;
 use Chill\CalendarBundle\RemoteCalendar\Connector\NullRemoteCalendarConnector;
 use Chill\CalendarBundle\RemoteCalendar\Connector\RemoteCalendarConnectorInterface;
@ -26,16 +27,19 @@ class RemoteCalendarCompilerPass implements CompilerPassInterface
        $config = $container->getParameter('chill_calendar');
        $connector = null;

-        if (!$config['remote_calendars_sync']['enabled']) {
+        if ($config['remote_calendars_sync']['enabled']) {
            $connector = NullRemoteCalendarConnector::class;
-        } else {
-            if ($config['remote_calendars_sync']['microsoft_graph']['enabled']) {
-                $connector = MSGraphRemoteCalendarConnector::class;
+        }

-                if (!$container->hasAlias(Azure::class)) {
-                    $container->setAlias(Azure::class, 'knpu.oauth2.provider.azure');
-                }
-            }
+        if ($config['remote_calendars_sync']['microsoft_graph']['enabled']) {
+            $connector = MSGraphRemoteCalendarConnector::class;
+        } else {
+            // remove services which cannot be loaded
+            $container->removeDefinition(MapUserCalendarCommand::class);
+        }
+
+        if (!$container->hasAlias(Azure::class)) {
+            $container->setAlias(Azure::class, 'knpu.oauth2.provider.azure');
        }

        if (null === $connector) {
--- a/src/Bundle/ChillCalendarBundle/Resources/config/services.yml
+++ b/src/Bundle/ChillCalendarBundle/Resources/config/services.yml
@ -18,7 +18,7 @@ services:
        autoconfigure: true
        resource: '../../Command/'

-    Chill\CalendarBundle\Command\AzureGetMachineAccessTokenCommand:
+    Chill\CalendarBundle\Command\AzureGrantAdminConsentAndAcquireToken:
        autoconfigure: true
        autowire: true
        arguments: