CABPI-467: Admin Authentication implementation based on UserContextInterface

Author: nishant04412

app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsCallback.php

@@ -9,70 +9,49 @@
 namespace Magento\AdminAdobeIms\Controller\Adminhtml\OAuth;
 
 use Exception;
-use Magento\AdminAdobeIms\Exception\AdobeImsOrganizationAuthorizationException;
-use Magento\AdminAdobeIms\Exception\AdobeImsAuthorizationException;
 use Magento\AdminAdobeIms\Logger\AdminAdobeImsLogger;
-use Magento\AdminAdobeIms\Service\AdminLoginProcessService;
+use Magento\Authorization\Model\UserContextInterface;
 use Magento\AdminAdobeIms\Service\ImsConfig;
-use Magento\AdminAdobeIms\Service\ImsOrganizationService;
 use Magento\Backend\App\Action\Context;
-use Magento\AdminAdobeIms\Model\ImsConnection;
 use Magento\Backend\Controller\Adminhtml\Auth;
 use Magento\Backend\Model\View\Result\Redirect;
 use Magento\Framework\App\Action\HttpGetActionInterface;
-use Magento\Framework\Exception\AuthenticationException;
 
 class ImsCallback extends Auth implements HttpGetActionInterface
 {
     public const ACTION_NAME = 'imscallback';
 
-    /**
-     * @var ImsConnection
-     */
-    private ImsConnection $adminImsConnection;
-
     /**
      * @var ImsConfig
      */
     private ImsConfig $adminImsConfig;
 
     /**
-     * @var ImsOrganizationService
-     */
-    private ImsOrganizationService $adminOrganizationService;
-
-    /**
-     * @var AdminLoginProcessService
+     * @var AdminAdobeImsLogger
      */
-    private AdminLoginProcessService $adminLoginProcessService;
+    private AdminAdobeImsLogger $logger;
 
     /**
-     * @var AdminAdobeImsLogger
+     * @var UserContextInterface
      */
-    private AdminAdobeImsLogger $logger;
+    private UserContextInterface $userContext;
 
     /**
      * @param Context $context
-     * @param ImsConnection $adminImsConnection
      * @param ImsConfig $adminImsConfig
-     * @param ImsOrganizationService $adminOrganizationService
-     * @param AdminLoginProcessService $adminLoginProcessService
      * @param AdminAdobeImsLogger $logger
+     * @param UserContextInterface $userContext
      */
     public function __construct(
         Context $context,
-        ImsConnection $adminImsConnection,
         ImsConfig $adminImsConfig,
-        ImsOrganizationService $adminOrganizationService,
-        AdminLoginProcessService $adminLoginProcessService,
-        AdminAdobeImsLogger $logger
+        AdminAdobeImsLogger $logger,
+        UserContextInterface $userContext
     ) {
         parent::__construct($context);
-        $this->adminImsConnection = $adminImsConnection;
         $this->adminImsConfig = $adminImsConfig;
-        $this->adminOrganizationService = $adminOrganizationService;
-        $this->adminLoginProcessService = $adminLoginProcessService;
         $this->logger = $logger;
+        $this->userContext = $userContext;
     }
 
     /**
@@ -92,40 +71,11 @@ public function execute(): Redirect
         }
 
         try {
-            $code = $this->getRequest()->getParam('code');
-
-            if ($code === null) {
-                throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
-            }
-
-            //get token from response
-            $tokenResponse = $this->adminImsConnection->getTokenResponse($code);
-            $accessToken = $tokenResponse->getAccessToken();
-
-            //get profile info to check email
-            $profile = $this->adminImsConnection->getProfile($accessToken);
-            if (empty($profile['email'])) {
-                throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+            if ($this->userContext->getUserId()
+                && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_ADMIN
+            ) {
+                return $resultRedirect;
             }
-
-            //check membership in organization
-            $this->adminOrganizationService->checkOrganizationMembership($accessToken);
-
-            $this->adminLoginProcessService->execute($tokenResponse, $profile);
-        } catch (AdobeImsAuthorizationException $e) {
-            $this->logger->error($e->getMessage());
-
-            $this->imsErrorMessage(
-                'You don\'t have access to this Commerce instance',
-                AdobeImsAuthorizationException::ERROR_MESSAGE
-            );
-        } catch (AdobeImsOrganizationAuthorizationException $e) {
-            $this->logger->error($e->getMessage());
-
-            $this->imsErrorMessage(
-                'Unable to sign in with the Adobe ID',
-                AdobeImsOrganizationAuthorizationException::ERROR_MESSAGE
-            );
         } catch (Exception $e) {
             $this->logger->error($e->getMessage());
 

app/code/Magento/AdminAdobeIms/Model/Authorization/AdobeImsAdminTokenUserContext.php

@@ -0,0 +1,103 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Model\Authorization;
+
+use Magento\AdminAdobeIms\Model\Auth;
+use Magento\AdminAdobeIms\Model\ImsConnection;
+use Magento\AdminAdobeIms\Service\ImsConfig;
+use Magento\Authorization\Model\UserContextInterface;
+use Magento\Framework\Exception\AuthenticationException;
+
+/**
+ * A user context determined by Adobe IMS tokens for Admin Panel.
+ */
+class AdobeImsAdminTokenUserContext implements UserContextInterface
+{
+    /**
+     * @var int|null
+     */
+    private ?int $userId = null;
+
+    /**
+     * @var bool
+     */
+    private bool $isRequestProcessed = false;
+
+    /**
+     * @var ImsConfig
+     */
+    private ImsConfig $adminImsConfig;
+
+    /**
+     * @var Auth
+     */
+    protected Auth $auth;
+
+    /**
+     * @var ImsConnection
+     */
+    private ImsConnection $adminImsConnection;
+
+    /**
+     * @var AdobeImsAdminTokenUserService
+     */
+    private AdobeImsAdminTokenUserService $adminTokenUserService;
+
+    /**
+     * @param ImsConfig $adminImsConfig
+     * @param Auth $auth
+     * @param ImsConnection $adminImsConnection
+     * @param AdobeImsAdminTokenUserService $adminTokenUserService
+     */
+    public function __construct(
+        ImsConfig $adminImsConfig,
+        Auth $auth,
+        ImsConnection $adminImsConnection,
+        AdobeImsAdminTokenUserService $adminTokenUserService
+    ) {
+        $this->adminImsConfig = $adminImsConfig;
+        $this->auth = $auth;
+        $this->adminImsConnection = $adminImsConnection;
+        $this->adminTokenUserService = $adminTokenUserService;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getUserId(): ?int
+    {
+        if (!$this->adminImsConfig->enabled() || $this->isRequestProcessed) {
+            return $this->userId;
+        }
+
+        $session = $this->auth->getAuthStorage();
+
+        if (!empty($session->getAdobeAccessToken())) {
+            $isTokenValid = $this->adminImsConnection->validateToken($session->getAdobeAccessToken());
+            if (!$isTokenValid) {
+                throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+            }
+        } else {
+            $this->adminTokenUserService->processLoginRequest();
+        }
+
+        $this->userId = (int) $session->getUser()->getUserId();
+        $this->isRequestProcessed = true;
+
+        return $this->userId;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getUserType(): ?int
+    {
+        return UserContextInterface::USER_TYPE_ADMIN;
+    }
+}

app/code/Magento/AdminAdobeIms/Model/Authorization/AdobeImsAdminTokenUserService.php

@@ -0,0 +1,114 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Model\Authorization;
+
+use Magento\AdminAdobeIms\Exception\AdobeImsAuthorizationException;
+use Magento\AdminAdobeIms\Exception\AdobeImsOrganizationAuthorizationException;
+use Magento\AdminAdobeIms\Model\ImsConnection;
+use Magento\AdminAdobeIms\Service\AdminLoginProcessService;
+use Magento\AdminAdobeIms\Service\ImsConfig;
+use Magento\AdminAdobeIms\Service\ImsOrganizationService;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\Exception\AuthenticationException;
+
+/**
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
+class AdobeImsAdminTokenUserService
+{
+    private const ADOBE_IMS_MODULE_NAME = 'adobe_ims_auth';
+
+    /**
+     * @var ImsConfig
+     */
+    private ImsConfig $adminImsConfig;
+
+    /**
+     * @var ImsConnection
+     */
+    private ImsConnection $adminImsConnection;
+
+    /**
+     * @var ImsOrganizationService
+     */
+    private ImsOrganizationService $adminOrganizationService;
+
+    /**
+     * @var AdminLoginProcessService
+     */
+    private AdminLoginProcessService $adminLoginProcessService;
+
+    /**
+     * @var RequestInterface
+     */
+    private RequestInterface $request;
+
+    /**
+     * @param ImsConfig $adminImsConfig
+     * @param ImsConnection $adminImsConnection
+     * @param ImsOrganizationService $adminOrganizationService
+     * @param AdminLoginProcessService $adminLoginProcessService
+     * @param RequestInterface $request
+     */
+    public function __construct(
+        ImsConfig $adminImsConfig,
+        ImsConnection $adminImsConnection,
+        ImsOrganizationService $adminOrganizationService,
+        AdminLoginProcessService $adminLoginProcessService,
+        RequestInterface $request
+    ) {
+        $this->adminImsConfig = $adminImsConfig;
+        $this->adminImsConnection = $adminImsConnection;
+        $this->adminOrganizationService = $adminOrganizationService;
+        $this->adminLoginProcessService = $adminLoginProcessService;
+        $this->request = $request;
+    }
+
+    /**
+     * Process login request to Admin Adobe IMS.
+     *
+     * @return void
+     * @throws AuthenticationException
+     * @throws AdobeImsAuthorizationException
+     */
+    public function processLoginRequest()
+    {
+        if ($this->adminImsConfig->enabled() && $this->request->getParam('code')
+            && $this->request->getModuleName() === self::ADOBE_IMS_MODULE_NAME) {
+            try {
+                $code = $this->request->getParam('code');
+
+                //get token from response
+                $tokenResponse = $this->adminImsConnection->getTokenResponse($code);
+                $accessToken = $tokenResponse->getAccessToken();
+
+                //get profile info to check email
+                $profile = $this->adminImsConnection->getProfile($accessToken);
+                if (empty($profile['email'])) {
+                    throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+                }
+
+                //check membership in organization
+                $this->adminOrganizationService->checkOrganizationMembership($accessToken);
+
+                $this->adminLoginProcessService->execute($tokenResponse, $profile);
+            } catch (AdobeImsAuthorizationException $e) {
+                throw new AdobeImsAuthorizationException(
+                    __('You don\'t have access to this Commerce instance')
+                );
+            } catch (AdobeImsOrganizationAuthorizationException $e) {
+                throw new AdobeImsOrganizationAuthorizationException(
+                    __('Unable to sign in with the Adobe ID')
+                );
+            }
+        } else {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+    }
+}