Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-13 05:44:24 +00:00
Code Issues Actions Projects Releases Wiki Activity

refactor command to acquire admin consent

Browse Source
This commit is contained in:
Julien Fastré 2022-05-09 14:24:58 +02:00
parent d570145385
commit ee4a6e08fb
4 changed files with 34 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/Bundle/ChillCalendarBundle/Command/AzureGetMachineAccessTokenCommand.php → src/Bundle/ChillCalendarBundle/Command/AzureGrantAdminConsentAndAcquireToken.php
View File

@ -14,13 +14,13 @@ namespace Chill\CalendarBundle\Command;
use Chill\CalendarBundle\RemoteCalendar\Connector\MSGraph\MachineTokenStorage; use Chill\CalendarBundle\RemoteCalendar\Connector\MSGraph\MachineTokenStorage;
use KnpU\OAuth2ClientBundle\Client\ClientRegistry; use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Helper\FormatterHelper;
use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface; use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Question\Question; use Symfony\Component\Console\Question\ConfirmationQuestion;
use TheNetworg\OAuth2\Client\Provider\Azure; use TheNetworg\OAuth2\Client\Provider\Azure;
use const PHP_URL_QUERY;
class AzureGetMachineAccessTokenCommand extends Command class AzureGrantAdminConsentAndAcquireToken extends Command
{ {
private Azure $azure; private Azure $azure;
@ -30,51 +30,47 @@ class AzureGetMachineAccessTokenCommand extends Command
public function __construct(Azure $azure, ClientRegistry $clientRegistry, MachineTokenStorage $machineTokenStorage) public function __construct(Azure $azure, ClientRegistry $clientRegistry, MachineTokenStorage $machineTokenStorage)
{ {
parent::__construct('chill:calendar:get-access-token'); parent::__construct('chill:calendar:msgraph-grant-admin-consent');
$this->azure = $azure; $this->azure = $azure;
$this->clientRegistry = $clientRegistry; $this->clientRegistry = $clientRegistry;
$this->machineTokenStorage = $machineTokenStorage; $this->machineTokenStorage = $machineTokenStorage;
} }
protected function configure()
{
}
protected function execute(InputInterface $input, OutputInterface $output) protected function execute(InputInterface $input, OutputInterface $output)
{ {
/** @var FormatterHelper $formatter */
$formatter = $this->getHelper('formatter');
$this->azure->scope = ['https://graph.microsoft.com/.default']; $this->azure->scope = ['https://graph.microsoft.com/.default'];
$authorizationUrl = explode('?', $this->azure->getAuthorizationUrl(['prompt' => 'consent'])); $authorizationUrl = explode('?', $this->azure->getAuthorizationUrl(['prompt' => 'admin_consent']));
// replace the first part by the admin consent authorization url // replace the first part by the admin consent authorization url
$authorizationUrl[0] = strtr('https://login.microsoftonline.com/{tenant}/adminconsent', ['{tenant}' => $this->azure->tenant]); $authorizationUrl[0] = strtr('https://login.microsoftonline.com/{tenant}/adminconsent', ['{tenant}' => $this->azure->tenant]);
$output->writeln('Go to the url'); $output->writeln('Go to the url');
$output->writeln(implode('?', $authorizationUrl)); $output->writeln(implode('?', $authorizationUrl));
$output->writeln('Authenticate as admin, and copy-paste the url you will reach'); $output->writeln('Authenticate as admin, and grant admin consent');
// not necessary ? // not necessary ?
$helper = $this->getHelper('question'); $helper = $this->getHelper('question');
$question = new Question('Paste here the return url after you completed the admin consent'); $question = new ConfirmationQuestion('Access granted ?');
$returnUrl = $helper->ask($input, $output, $question); if (!$helper->ask($input, $output, $question)) {
$messages = ['No problem, we will wait for you', 'Grant access and come back here'];
$output->writeln($formatter->formatBlock($messages, 'warning'));
$keyValues = explode('&', parse_url($returnUrl, PHP_URL_QUERY)); return 0;
$params = [];
foreach ($keyValues as $str) {
$strs = explode('=', $str);
$params[$strs[0]] = $strs[1];
} }
dump($params); $token = $this->machineTokenStorage->getToken();
$token = $this->azure->getAccessToken('client_credentials', [ $messages = ['Token acquired!', 'We could acquire a machine token successfully'];
'scope' => $this->azure->scope, $output->writeln($formatter->formatBlock($messages, 'success'));
]);
$this->machineTokenStorage->storeToken($token); $output->writeln('Token information:');
$output->writeln($token->getToken());
$output->writeln('machine access token acquired and saved!'); $output->writeln('Expires at: ' . $token->getExpires());
$output->writeln('To inspect the token content, go to https://jwt.ms/#access_token=' . urlencode($token->getToken()));
return 0; return 0;
} }

3
src/Bundle/ChillCalendarBundle/DependencyInjection/Configuration.php
View File

@ -31,9 +31,6 @@ class Configuration implements ConfigurationInterface
->children() ->children()
->arrayNode('microsoft_graph')->canBeEnabled() ->arrayNode('microsoft_graph')->canBeEnabled()
->children() ->children()
->scalarNode('machine_access_token')
->isRequired()
->info('Access token for writing to remote calendars')
->end() // end of machine_access_token ->end() // end of machine_access_token
->end() // end of microsoft_graph children ->end() // end of microsoft_graph children
->end() // end of array microsoft_graph ->end() // end of array microsoft_graph

20
src/Bundle/ChillCalendarBundle/RemoteCalendar/DependencyInjection/RemoteCalendarCompilerPass.php
View File

@ -11,6 +11,7 @@ declare(strict_types=1);
namespace Chill\CalendarBundle\RemoteCalendar\DependencyInjection; namespace Chill\CalendarBundle\RemoteCalendar\DependencyInjection;
use Chill\CalendarBundle\Command\MapUserCalendarCommand;
use Chill\CalendarBundle\RemoteCalendar\Connector\MSGraphRemoteCalendarConnector; use Chill\CalendarBundle\RemoteCalendar\Connector\MSGraphRemoteCalendarConnector;
use Chill\CalendarBundle\RemoteCalendar\Connector\NullRemoteCalendarConnector; use Chill\CalendarBundle\RemoteCalendar\Connector\NullRemoteCalendarConnector;
use Chill\CalendarBundle\RemoteCalendar\Connector\RemoteCalendarConnectorInterface; use Chill\CalendarBundle\RemoteCalendar\Connector\RemoteCalendarConnectorInterface;
@ -26,16 +27,19 @@ class RemoteCalendarCompilerPass implements CompilerPassInterface
$config = $container->getParameter('chill_calendar'); $config = $container->getParameter('chill_calendar');
$connector = null; $connector = null;
if (!$config['remote_calendars_sync']['enabled']) { if ($config['remote_calendars_sync']['enabled']) {
$connector = NullRemoteCalendarConnector::class; $connector = NullRemoteCalendarConnector::class;
} else { }
if ($config['remote_calendars_sync']['microsoft_graph']['enabled']) {
$connector = MSGraphRemoteCalendarConnector::class;
if (!$container->hasAlias(Azure::class)) { if ($config['remote_calendars_sync']['microsoft_graph']['enabled']) {
$container->setAlias(Azure::class, 'knpu.oauth2.provider.azure'); $connector = MSGraphRemoteCalendarConnector::class;
} } else {
} // remove services which cannot be loaded
$container->removeDefinition(MapUserCalendarCommand::class);
}
if (!$container->hasAlias(Azure::class)) {
$container->setAlias(Azure::class, 'knpu.oauth2.provider.azure');
} }
if (null === $connector) { if (null === $connector) {

2
src/Bundle/ChillCalendarBundle/Resources/config/services.yml
View File

@ -18,7 +18,7 @@ services:
autoconfigure: true autoconfigure: true
resource: '../../Command/' resource: '../../Command/'
Chill\CalendarBundle\Command\AzureGetMachineAccessTokenCommand: Chill\CalendarBundle\Command\AzureGrantAdminConsentAndAcquireToken:
autoconfigure: true autoconfigure: true
autowire: true autowire: true
arguments: arguments: