5124: Making progress

Author: rimi-itk

…op/modules/os2loop_login_hack/.gitignore …op/modules/os2loop_cura_login/.gitignoreweb/profiles/custom/os2loop/modules/os2loop_login_hack/.gitignore renamed to web/profiles/custom/os2loop/modules/os2loop_cura_login/.gitignore web/profiles/custom/os2loop/modules/os2loop_login_hack/.gitignore renamed to web/profiles/custom/os2loop/modules/os2loop_cura_login/.gitignore

@@ -0,0 +1,27 @@
+# Cura login
+
+Use `https://os2loop.example.com/os2loop-cura-login/start` as `linkURL` (or is it `formPostUrl`?) in the Cura link
+configuration.
+
+## Example
+
+``` shell
+curl "http://$(docker compose port nginx 8080)/os2loop-cura-login/start"
+```
+
+
+``` shell
+drush os2loop-cura-login:get-login-url --help
+```
+
+``` shell
+drush --uri='http://nginx:8080' os2loop-cura-login:get-login-url test@example.com --secret=$(drush config:get --format string os2loop_cura_login.settings signing_secret --include-overridden) --algorithm=$(drush config:get --format string os2loop_cura_login.settings signing_algorithm --include-overridden)
+```
+
+
+## Development and debugging
+
+``` php
+# settings.local.php
+$config['os2loop_cura_login.settings']['log_level'] = \Drupal\Core\Logger\RfcLogLevel::DEBUG;
+```

web/profiles/custom/os2loop/modules/os2loop_cura_login/README.md

@@ -1,6 +1,6 @@
 {
-    "name": "os2loop/os2loop_login_hack",
-    "description": "drupal/os2loop_login_hack",
+    "name": "os2loop/os2loop_cura_login",
+    "description": "drupal/os2loop_cura_login",
     "license": "GPL-2.0+",
     "type": "os2loop-custom-module",
     "authors": [

…modules/os2loop_login_hack/composer.json …modules/os2loop_cura_login/composer.jsonweb/profiles/custom/os2loop/modules/os2loop_login_hack/composer.json renamed to web/profiles/custom/os2loop/modules/os2loop_cura_login/composer.json web/profiles/custom/os2loop/modules/os2loop_login_hack/composer.json renamed to web/profiles/custom/os2loop/modules/os2loop_cura_login/composer.json

@@ -0,0 +1,8 @@
+# Schema for the configuration files of the OS2Loop Cura login module.
+os2loop_cura_login.settings:
+  type: config_object
+  label: 'OS2Loop Cura login settings'
+  mapping:
+    example:
+      type: string
+      label: 'Example'

web/profiles/custom/os2loop/modules/os2loop_cura_login/config/schema/os2loop_cura_login.schema.yml

@@ -0,0 +1,9 @@
+name: 'OS2Loop Cura login'
+type: module
+description: 'OS2Loop Cura login'
+package: 'OS2Loop'
+core_version_requirement: ^10 || ^11
+dependencies:
+  - drupal:user
+
+configure: os2loop_cura_login.settings

web/profiles/custom/os2loop/modules/os2loop_cura_login/os2loop_cura_login.info.yml

@@ -0,0 +1,6 @@
+os2loop_cura_login.settings:
+  title: 'OS2Loop Cura login settings'
+  route_name: os2loop_cura_login.settings
+  description: 'Configure OS2Loop Cura login settings'
+  parent: os2loop.group.admin
+  weight: 100

web/profiles/custom/os2loop/modules/os2loop_cura_login/os2loop_cura_login.links.menu.yml

@@ -0,0 +1,25 @@
+os2loop_cura_login.start:
+  path: '/os2loop-cura-login/start'
+  defaults:
+    _title: 'Start login hack'
+    _controller: '\Drupal\os2loop_cura_login\Controller\Os2loopCuraLoginController::start'
+  methods: [GET, POST]
+  requirements:
+    _role: 'anonymous'
+
+os2loop_cura_login.authenticate:
+  path: '/os2loop-login-hack/authenticate'
+  defaults:
+    _title: 'Authenticate'
+    _controller: '\Drupal\os2loop_cura_login\Controller\Os2loopCuraLoginController::authenticate'
+  methods: [GET]
+  requirements:
+    _role: 'anonymous'
+
+os2loop_cura_login.settings:
+  path: '/admin/config/os2loop/os2loop_cura_login/settings'
+  defaults:
+    _form: '\Drupal\os2loop_cura_login\Form\SettingsForm'
+    _title: 'OS2Loop Cura login settings'
+  requirements:
+    _permission: 'administer site settings'

web/profiles/custom/os2loop/modules/os2loop_cura_login/os2loop_cura_login.routing.yml

@@ -0,0 +1,4 @@
+services:
+  logger.channel.os2loop_cura_login:
+    parent: logger.channel_base
+    arguments: ['os2loop_cura_login']

web/profiles/custom/os2loop/modules/os2loop_cura_login/os2loop_cura_login.services.yml

@@ -2,18 +2,21 @@
 
 declare(strict_types=1);
 
-namespace Drupal\os2loop_login_hack\Controller;
+namespace Drupal\os2loop_cura_login\Controller;
 
 use Drupal\Component\Datetime\TimeInterface;
+use Drupal\Core\Config\ImmutableConfig;
 use Drupal\Core\Controller\ControllerBase;
-use Drupal\Core\Entity\EntityTypeManagerInterface;
+use Drupal\Core\Logger\RfcLogLevel;
 use Drupal\Core\Routing\TrustedRedirectResponse;
 use Drupal\Core\Url;
 use Drupal\user\Entity\User;
 use Drupal\user\UserStorageInterface;
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
 use Psr\Log\LoggerInterface;
+use Psr\Log\LoggerTrait;
+use Psr\Log\LogLevel;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\HttpFoundation\Exception\BadRequestException;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -22,45 +25,55 @@
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 /**
- * Returns responses for os2loop_login_hack routes.
+ * Returns responses for os2loop_cura_login routes.
  */
-final class Os2loopLoginHackController extends ControllerBase {
-  private const JWT_KEY = 'os2loop_login_hack';
+final class Os2loopCuraLoginController extends ControllerBase {
+  use LoggerTrait;
+
+  private const JWT_KEY = 'os2loop_cura_login';
 
   /**
    * The user storage.
    */
   private readonly UserStorageInterface $userStorage;
 
+  /**
+   * The module config.
+   */
+  private readonly ImmutableConfig $config;
+
   /**
    * Constructor.
    */
   public function __construct(
-    EntityTypeManagerInterface $entityTypeManager,
     private readonly TimeInterface $time,
-    #[Autowire(service: 'logger.channel.os2loop_login_hack')]
+    #[Autowire(service: 'logger.channel.os2loop_cura_login')]
     private readonly LoggerInterface $logger,
   ) {
-    $this->userStorage = $entityTypeManager->getStorage('user');
+    $this->userStorage = $this->entityTypeManager()->getStorage('user');
+    $this->config = $this->config('os2loop_cura_login.settings');
   }
 
   /**
    * Start user authentication.
    */
   public function start(Request $request): Response {
     try {
-      $this->logger->info('Request: @request', [
+      $this->info('Request: @request', [
         '@request' => json_encode([
           'method' => $request->getMethod(),
           'query' => $request->query->all(),
           'content' => (string) $request->getContent(),
         ]),
       ]);
 
-      return new Response('https://example.com/cura-login');
+      $jwt = Request::METHOD_POST === $request->getMethod()
+        ? $request->getContent()
+        : $request->query->getString($this->config->get('token_param_name') ?? 'token');
+
+      $payload = (array) JWT::decode($jwt, new Key($this->config->get('signing_secret'), $this->config->get('signing_algorithm')));
 
-      $data = json_decode($request->getContent(), associative: TRUE, flags: JSON_THROW_ON_ERROR);
-      $username = $data['username'] ?? NULL;
+      $username = $payload['username'] ?? NULL;
       if (empty($username)) {
         throw new BadRequestHttpException('Missing username');
       }
@@ -87,7 +100,7 @@ public function start(Request $request): Response {
       ];
       $jwt = JWT::encode($payload, self::JWT_KEY, 'HS256');
 
-      $url = Url::fromRoute('os2loop_login_hack.authenticate', [
+      $url = Url::fromRoute('os2loop_cura_login.authenticate', [
         'username' => $username,
         'jwt' => $jwt,
       ])->setAbsolute()->toString(TRUE)->getGeneratedUrl();
@@ -98,7 +111,7 @@ public function start(Request $request): Response {
       ]);
     }
     catch (\Exception $exception) {
-      $this->logger->error('start: @message', ['@message' => $exception->getMessage(), $exception]);
+      $this->error('start: @message', ['@message' => $exception->getMessage(), $exception]);
       throw new BadRequestException($exception->getMessage());
     }
   }
@@ -136,7 +149,7 @@ public function authenticate(Request $request): Response {
       return new TrustedRedirectResponse($url);
     }
     catch (\Exception $exception) {
-      $this->logger->error('start: @message', ['@message' => $exception->getMessage(), $exception]);
+      $this->error('start: @message', ['@message' => $exception->getMessage(), $exception]);
       throw new BadRequestException($exception->getMessage());
     }
   }
@@ -174,4 +187,23 @@ private function getUserinfo(User $user): array {
     ];
   }
 
+  public function log($level, \Stringable|string $message, array $context = []): void
+  {
+    // Lifted from LoggerChannel
+    $levels = [
+      LogLevel::EMERGENCY => RfcLogLevel::EMERGENCY,
+      LogLevel::ALERT => RfcLogLevel::ALERT,
+      LogLevel::CRITICAL => RfcLogLevel::CRITICAL,
+      LogLevel::ERROR => RfcLogLevel::ERROR,
+      LogLevel::WARNING => RfcLogLevel::WARNING,
+      LogLevel::NOTICE => RfcLogLevel::NOTICE,
+      LogLevel::INFO => RfcLogLevel::INFO,
+      LogLevel::DEBUG => RfcLogLevel::DEBUG,
+    ];
+    $rfcLogLevel = $levels[$level] ?? RfcLogLevel::ERROR;
+    if ((int)$this->config->get('log_level') >= $rfcLogLevel) {
+      $this->logger->log($level, $message, $context);
+    }
+  }
+
 }

…ontroller/Os2loopLoginHackController.php …ontroller/Os2loopCuraLoginController.phpweb/profiles/custom/os2loop/modules/os2loop_login_hack/src/Controller/Os2loopLoginHackController.php renamed to web/profiles/custom/os2loop/modules/os2loop_cura_login/src/Controller/Os2loopCuraLoginController.php web/profiles/custom/os2loop/modules/os2loop_login_hack/src/Controller/Os2loopLoginHackController.php renamed to web/profiles/custom/os2loop/modules/os2loop_cura_login/src/Controller/Os2loopCuraLoginController.php

@@ -0,0 +1,85 @@
+<?php
+
+namespace Drupal\os2loop_cura_login\Drush\Commands;
+
+use Consolidation\OutputFormatters\StructuredData\RowsOfFields;
+use Drupal\Component\Datetime\TimeInterface;
+use Drupal\Core\DependencyInjection\AutowireTrait;
+use Drupal\Core\Url;
+use Drupal\Core\Utility\Token;
+use Drush\Attributes as CLI;
+use Drush\Commands\DrushCommands;
+use Firebase\JWT\JWT;
+use Http\Client\HttpClient;
+use Psr\Http\Client\ClientInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * A Drush commandfile.
+ */
+final class Os2loopCuraLoginCommands extends DrushCommands
+{
+  use AutowireTrait;
+
+  /**
+   * Constructs an Os2loopCuraLoginCommands object.
+   */
+  public function __construct(
+    private readonly TimeInterface $time,
+    private readonly ClientInterface $httpClient,
+  ) {
+    parent::__construct();
+  }
+
+  /**
+   * Command description here.
+   */
+  #[CLI\Command(name: 'os2loop-cura-login:get-login-url')]
+  #[CLI\Argument(name: 'username', description: 'The username.')]
+  #[CLI\Option(name: 'post', description: 'Use POST to get the login URL')]
+  #[CLI\Usage(name: 'os2loop-cura-login:get-login-url test@example.com', description: 'Get login URL')]
+  public function commandName(
+    $username,
+    $options = [
+      'get' => null,
+      'secret' => null,
+      'algorithm' => 'HS256',
+    ]
+  ) {
+    // https://github.com/firebase/php-jwt?tab=readme-ov-file#example
+    $payload = [
+      // Issued at.
+      'iat' => $this->time->getRequestTime(),
+      // Expire af 60 seconds.
+      'exp' => $this->time->getRequestTime() + 60,
+      'username' => $username,
+    ];
+    $jwt = JWT::encode($payload, $options['secret'], $options['algorithm']);
+
+    $routeParameters = [];
+    $requestOptions = [];
+    if ($name = $options['get']) {
+      $method = Request::METHOD_GET;
+      $routeParameters[$name] = $jwt;
+    } else {
+      $method = Request::METHOD_POST;
+      $requestOptions['body'] = $jwt;
+    }
+    $url = Url::fromRoute('os2loop_cura_login.start', $routeParameters)->setAbsolute()->toString(true)->getGeneratedUrl();
+    $this->io()->writeln($method === Request::METHOD_POST
+      ? sprintf('POST\'ing to %s', $url)
+      : sprintf('GET\'ing %s', $url),
+    );
+    $request = $this->httpClient->request($method, $url, $requestOptions);
+
+    header('content-type: text/plain');
+    echo var_export([
+      $url,
+      $request->getStatusCode(),
+      $request->getBody()->getContents(),
+    ], true);
+    die(__FILE__ . ':' . __LINE__ . ':' . __METHOD__);
+  }
+
+}