From ee4a6e08fb4f5478f72503445587d3bf1be81b15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julien=20Fastr=C3=A9?= Date: Mon, 9 May 2022 14:24:58 +0200 Subject: [PATCH] refactor command to acquire admin consent --- ...AzureGrantAdminConsentAndAcquireToken.php} | 46 +++++++++---------- .../DependencyInjection/Configuration.php | 3 -- .../RemoteCalendarCompilerPass.php | 20 ++++---- .../Resources/config/services.yml | 2 +- 4 files changed, 34 insertions(+), 37 deletions(-) rename src/Bundle/ChillCalendarBundle/Command/{AzureGetMachineAccessTokenCommand.php => AzureGrantAdminConsentAndAcquireToken.php} (55%) diff --git a/src/Bundle/ChillCalendarBundle/Command/AzureGetMachineAccessTokenCommand.php b/src/Bundle/ChillCalendarBundle/Command/AzureGrantAdminConsentAndAcquireToken.php similarity index 55% rename from src/Bundle/ChillCalendarBundle/Command/AzureGetMachineAccessTokenCommand.php rename to src/Bundle/ChillCalendarBundle/Command/AzureGrantAdminConsentAndAcquireToken.php index 378ecc603..87a00d0b4 100644 --- a/src/Bundle/ChillCalendarBundle/Command/AzureGetMachineAccessTokenCommand.php +++ b/src/Bundle/ChillCalendarBundle/Command/AzureGrantAdminConsentAndAcquireToken.php @@ -14,13 +14,13 @@ namespace Chill\CalendarBundle\Command; use Chill\CalendarBundle\RemoteCalendar\Connector\MSGraph\MachineTokenStorage; use KnpU\OAuth2ClientBundle\Client\ClientRegistry; use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Helper\FormatterHelper; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; -use Symfony\Component\Console\Question\Question; +use Symfony\Component\Console\Question\ConfirmationQuestion; use TheNetworg\OAuth2\Client\Provider\Azure; -use const PHP_URL_QUERY; -class AzureGetMachineAccessTokenCommand extends Command +class AzureGrantAdminConsentAndAcquireToken extends Command { private Azure $azure; @@ -30,51 +30,47 @@ class AzureGetMachineAccessTokenCommand extends Command public function __construct(Azure $azure, ClientRegistry $clientRegistry, MachineTokenStorage $machineTokenStorage) { - parent::__construct('chill:calendar:get-access-token'); + parent::__construct('chill:calendar:msgraph-grant-admin-consent'); $this->azure = $azure; $this->clientRegistry = $clientRegistry; $this->machineTokenStorage = $machineTokenStorage; } - protected function configure() - { - } - protected function execute(InputInterface $input, OutputInterface $output) { + /** @var FormatterHelper $formatter */ + $formatter = $this->getHelper('formatter'); $this->azure->scope = ['https://graph.microsoft.com/.default']; - $authorizationUrl = explode('?', $this->azure->getAuthorizationUrl(['prompt' => 'consent'])); + $authorizationUrl = explode('?', $this->azure->getAuthorizationUrl(['prompt' => 'admin_consent'])); + // replace the first part by the admin consent authorization url $authorizationUrl[0] = strtr('https://login.microsoftonline.com/{tenant}/adminconsent', ['{tenant}' => $this->azure->tenant]); $output->writeln('Go to the url'); $output->writeln(implode('?', $authorizationUrl)); - $output->writeln('Authenticate as admin, and copy-paste the url you will reach'); + $output->writeln('Authenticate as admin, and grant admin consent'); // not necessary ? $helper = $this->getHelper('question'); - $question = new Question('Paste here the return url after you completed the admin consent'); + $question = new ConfirmationQuestion('Access granted ?'); - $returnUrl = $helper->ask($input, $output, $question); + if (!$helper->ask($input, $output, $question)) { + $messages = ['No problem, we will wait for you', 'Grant access and come back here']; + $output->writeln($formatter->formatBlock($messages, 'warning')); - $keyValues = explode('&', parse_url($returnUrl, PHP_URL_QUERY)); - $params = []; - - foreach ($keyValues as $str) { - $strs = explode('=', $str); - $params[$strs[0]] = $strs[1]; + return 0; } - dump($params); + $token = $this->machineTokenStorage->getToken(); - $token = $this->azure->getAccessToken('client_credentials', [ - 'scope' => $this->azure->scope, - ]); + $messages = ['Token acquired!', 'We could acquire a machine token successfully']; + $output->writeln($formatter->formatBlock($messages, 'success')); - $this->machineTokenStorage->storeToken($token); - - $output->writeln('machine access token acquired and saved!'); + $output->writeln('Token information:'); + $output->writeln($token->getToken()); + $output->writeln('Expires at: ' . $token->getExpires()); + $output->writeln('To inspect the token content, go to https://jwt.ms/#access_token=' . urlencode($token->getToken())); return 0; } diff --git a/src/Bundle/ChillCalendarBundle/DependencyInjection/Configuration.php b/src/Bundle/ChillCalendarBundle/DependencyInjection/Configuration.php index 7d5afba87..bb3ab576d 100644 --- a/src/Bundle/ChillCalendarBundle/DependencyInjection/Configuration.php +++ b/src/Bundle/ChillCalendarBundle/DependencyInjection/Configuration.php @@ -31,9 +31,6 @@ class Configuration implements ConfigurationInterface ->children() ->arrayNode('microsoft_graph')->canBeEnabled() ->children() - ->scalarNode('machine_access_token') - ->isRequired() - ->info('Access token for writing to remote calendars') ->end() // end of machine_access_token ->end() // end of microsoft_graph children ->end() // end of array microsoft_graph diff --git a/src/Bundle/ChillCalendarBundle/RemoteCalendar/DependencyInjection/RemoteCalendarCompilerPass.php b/src/Bundle/ChillCalendarBundle/RemoteCalendar/DependencyInjection/RemoteCalendarCompilerPass.php index 4390f4634..5724eabcf 100644 --- a/src/Bundle/ChillCalendarBundle/RemoteCalendar/DependencyInjection/RemoteCalendarCompilerPass.php +++ b/src/Bundle/ChillCalendarBundle/RemoteCalendar/DependencyInjection/RemoteCalendarCompilerPass.php @@ -11,6 +11,7 @@ declare(strict_types=1); namespace Chill\CalendarBundle\RemoteCalendar\DependencyInjection; +use Chill\CalendarBundle\Command\MapUserCalendarCommand; use Chill\CalendarBundle\RemoteCalendar\Connector\MSGraphRemoteCalendarConnector; use Chill\CalendarBundle\RemoteCalendar\Connector\NullRemoteCalendarConnector; use Chill\CalendarBundle\RemoteCalendar\Connector\RemoteCalendarConnectorInterface; @@ -26,16 +27,19 @@ class RemoteCalendarCompilerPass implements CompilerPassInterface $config = $container->getParameter('chill_calendar'); $connector = null; - if (!$config['remote_calendars_sync']['enabled']) { + if ($config['remote_calendars_sync']['enabled']) { $connector = NullRemoteCalendarConnector::class; - } else { - if ($config['remote_calendars_sync']['microsoft_graph']['enabled']) { - $connector = MSGraphRemoteCalendarConnector::class; + } - if (!$container->hasAlias(Azure::class)) { - $container->setAlias(Azure::class, 'knpu.oauth2.provider.azure'); - } - } + if ($config['remote_calendars_sync']['microsoft_graph']['enabled']) { + $connector = MSGraphRemoteCalendarConnector::class; + } else { + // remove services which cannot be loaded + $container->removeDefinition(MapUserCalendarCommand::class); + } + + if (!$container->hasAlias(Azure::class)) { + $container->setAlias(Azure::class, 'knpu.oauth2.provider.azure'); } if (null === $connector) { diff --git a/src/Bundle/ChillCalendarBundle/Resources/config/services.yml b/src/Bundle/ChillCalendarBundle/Resources/config/services.yml index fde32b70b..19fbebab6 100644 --- a/src/Bundle/ChillCalendarBundle/Resources/config/services.yml +++ b/src/Bundle/ChillCalendarBundle/Resources/config/services.yml @@ -18,7 +18,7 @@ services: autoconfigure: true resource: '../../Command/' - Chill\CalendarBundle\Command\AzureGetMachineAccessTokenCommand: + Chill\CalendarBundle\Command\AzureGrantAdminConsentAndAcquireToken: autoconfigure: true autowire: true arguments: