MC-32830: Do not store admin and customer tokens in DB

ogorkun · ogorkun · commit acaa153a4314 · 2021-04-19T16:24:40.000-05:00
diff --git a/app/code/Magento/Webapi/Model/Authorization/SoapUserContext.php b/app/code/Magento/Webapi/Model/Authorization/SoapUserContext.php
@@ -0,0 +1,164 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Webapi\Model\Authorization;
+
+use Magento\Authorization\Model\UserContextInterface;
+use Magento\Framework\App\ObjectManager;
+use Magento\Integration\Model\Oauth\Token;
+use Magento\Integration\Model\Oauth\TokenFactory;
+use Magento\Integration\Api\IntegrationServiceInterface;
+use Magento\Framework\Webapi\Request;
+use Magento\Framework\Stdlib\DateTime\DateTime as Date;
+use Magento\Framework\Stdlib\DateTime;
+use Magento\Integration\Helper\Oauth\Data as OauthHelper;
+
+/**
+ * SOAP specific user context based on opaque tokens.
+ */
+class SoapUserContext implements UserContextInterface
+{
+    /**
+     * @var Request
+     */
+    protected $request;
+
+    /**
+     * @var Token
+     */
+    protected $tokenFactory;
+
+    /**
+     * @var int
+     */
+    protected $userId;
+
+    /**
+     * @var string
+     */
+    protected $userType;
+
+    /**
+     * @var bool
+     */
+    protected $isRequestProcessed;
+
+    /**
+     * @var IntegrationServiceInterface
+     */
+    protected $integrationService;
+
+    /**
+     * @var DateTime
+     */
+    private $dateTime;
+
+    /**
+     * @var Date
+     */
+    private $date;
+
+    /**
+     * @var OauthHelper
+     */
+    private $oauthHelper;
+
+    /**
+     * Initialize dependencies.
+     *
+     * @param Request $request
+     * @param TokenFactory $tokenFactory
+     * @param IntegrationServiceInterface $integrationService
+     * @param DateTime|null $dateTime
+     * @param Date|null $date
+     * @param OauthHelper|null $oauthHelper
+     */
+    public function __construct(
+        Request $request,
+        TokenFactory $tokenFactory,
+        IntegrationServiceInterface $integrationService,
+        DateTime $dateTime = null,
+        Date $date = null,
+        OauthHelper $oauthHelper = null
+    ) {
+        $this->request = $request;
+        $this->tokenFactory = $tokenFactory;
+        $this->integrationService = $integrationService;
+        $this->dateTime = $dateTime ?: ObjectManager::getInstance()->get(
+            DateTime::class
+        );
+        $this->date = $date ?: ObjectManager::getInstance()->get(
+            Date::class
+        );
+        $this->oauthHelper = $oauthHelper ?: ObjectManager::getInstance()->get(
+            OauthHelper::class
+        );
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getUserId()
+    {
+        $this->processRequest();
+        return $this->userId;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getUserType()
+    {
+        $this->processRequest();
+        return $this->userType;
+    }
+
+    /**
+     * Finds the bearer token and looks up the value.
+     *
+     * @return void
+     */
+    protected function processRequest()
+    {
+        if ($this->isRequestProcessed) {
+            return;
+        }
+
+        $authorizationHeaderValue = $this->request->getHeader('Authorization');
+        if (!$authorizationHeaderValue) {
+            $this->isRequestProcessed = true;
+            return;
+        }
+
+        $headerPieces = explode(" ", $authorizationHeaderValue);
+        if (count($headerPieces) !== 2) {
+            $this->isRequestProcessed = true;
+            return;
+        }
+
+        $tokenType = strtolower($headerPieces[0]);
+        if ($tokenType !== 'bearer') {
+            $this->isRequestProcessed = true;
+            return;
+        }
+
+        $bearerToken = $headerPieces[1];
+        /** @var Token $token */
+        $token = $this->tokenFactory->create()->load($bearerToken, 'token');
+
+        if (!$token->getId() || $token->getRevoked()) {
+            $this->isRequestProcessed = true;
+
+            return;
+        }
+        if (((int) $token->getUserType()) === UserContextInterface::USER_TYPE_INTEGRATION) {
+            $this->userId = $this->integrationService->findByConsumerId($token->getConsumerId())->getId();
+            $this->userType = UserContextInterface::USER_TYPE_INTEGRATION;
+        }
+
+        $this->isRequestProcessed = true;
+    }
+}
diff --git a/app/code/Magento/Webapi/etc/webapi_soap/di.xml b/app/code/Magento/Webapi/etc/webapi_soap/di.xml
@@ -14,6 +14,10 @@
     <type name="Magento\Authorization\Model\CompositeUserContext">
         <arguments>
             <argument name="userContexts" xsi:type="array">
+                <item name="soapUserContext" xsi:type="array">
+                    <item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\SoapUserContext</item>
+                    <item name="sortOrder" xsi:type="string">9</item>
+                </item>
                 <item name="tokenUserContext" xsi:type="array">
                     <item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\TokenUserContext</item>
                     <item name="sortOrder" xsi:type="string">10</item>
