Skip to content

Commit 9cecd7b

Browse files
AngelFQCAngelFQC
committed
Plugin: Azure: Move code to function - refs BT#21930
1 parent 994244b commit 9cecd7b

File tree

2 files changed

+112
-66
lines changed

2 files changed

+112
-66
lines changed

plugin/azure_active_directory/src/AzureActiveDirectory.php

+107-3
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
<?php
22
/* For license terms, see /license.txt */
33

4+
use League\OAuth2\Client\Token\AccessTokenInterface;
45
use TheNetworg\OAuth2\Client\Provider\Azure;
56

67
/**
@@ -160,8 +161,7 @@ function ($position) use ($defaultOrder): bool {
160161
return $defaultOrder;
161162
}
162163

163-
public function getUserIdByVerificationOrder(array $azureUserData): ?int
164-
{
164+
public function getUserIdByVerificationOrder(array $azureUserData, string $azureUidKey = 'objectId'): ?int {
165165
$selectedOrder = $this->getExistingUserVerificationOrder();
166166

167167
$extraFieldValue = new ExtraFieldValue('user');
@@ -176,7 +176,7 @@ public function getUserIdByVerificationOrder(array $azureUserData): ?int
176176
),
177177
3 => $extraFieldValue->get_item_id_from_field_variable_and_field_value(
178178
AzureActiveDirectory::EXTRA_FIELD_AZURE_UID,
179-
$azureUserData['objectId']
179+
$azureUserData[$azureUidKey]
180180
),
181181
];
182182

@@ -188,4 +188,108 @@ public function getUserIdByVerificationOrder(array $azureUserData): ?int
188188

189189
return null;
190190
}
191+
192+
/**
193+
* @throws Exception
194+
*/
195+
public function registerUser(
196+
AccessTokenInterface $token,
197+
Azure $provider,
198+
array $azureUserInfo,
199+
string $apiGroupsRef = 'me/memberOf',
200+
string $objectIdKey = 'objectId',
201+
string $azureUidKey = 'objectId'
202+
) {
203+
if (empty($azureUserInfo)) {
204+
throw new Exception('Groups info not found.');
205+
}
206+
207+
$userId = $this->getUserIdByVerificationOrder($azureUserInfo, $azureUidKey);
208+
209+
if (empty($userId)) {
210+
// If we didn't find the user
211+
if ($this->get(self::SETTING_PROVISION_USERS) === 'true') {
212+
[$userRole, $isAdmin] = $this->getUserRoleAndCheckIsAdmin(
213+
$token,
214+
$provider,
215+
$apiGroupsRef,
216+
$objectIdKey
217+
);
218+
219+
$phone = null;
220+
221+
if (isset($azureUserInfo['telephoneNumber'])) {
222+
$phone = $azureUserInfo['telephoneNumber'];
223+
} elseif (isset($azureUserInfo['businessPhones'][0])) {
224+
$phone = $azureUserInfo['businessPhones'][0];
225+
} elseif (isset($azureUserInfo['mobilePhone'])) {
226+
$phone = $azureUserInfo['mobilePhone'];
227+
}
228+
229+
// If the option is set to create users, create it
230+
$userId = UserManager::create_user(
231+
$azureUserInfo['givenName'],
232+
$azureUserInfo['surname'],
233+
$userRole,
234+
$azureUserInfo['mail'],
235+
$azureUserInfo['userPrincipalName'],
236+
'',
237+
null,
238+
null,
239+
$phone,
240+
null,
241+
'azure',
242+
null,
243+
($azureUserInfo['accountEnabled'] ? 1 : 0),
244+
null,
245+
[
246+
'extra_'.self::EXTRA_FIELD_ORGANISATION_EMAIL => $azureUserInfo['mail'],
247+
'extra_'.self::EXTRA_FIELD_AZURE_ID => $azureUserInfo['mailNickname'],
248+
'extra_'.self::EXTRA_FIELD_AZURE_UID => $azureUserInfo[$azureUidKey],
249+
],
250+
null,
251+
null,
252+
$isAdmin
253+
);
254+
if (!$userId) {
255+
throw new Exception(get_lang('UserNotAdded').' '.$azureUserInfo['userPrincipalName']);
256+
}
257+
} else {
258+
throw new Exception('User not found when checking the extra fields from '.$azureUserInfo['mail'].' or '.$azureUserInfo['mailNickname'].' or '.$azureUserInfo[$azureUidKey].'.');
259+
}
260+
}
261+
262+
return $userId;
263+
}
264+
265+
private function getUserRoleAndCheckIsAdmin(
266+
AccessTokenInterface $token,
267+
Azure $provider = null,
268+
string $apiRef = 'me/memberOf',
269+
string $objectIdKey = 'objectId'
270+
): array {
271+
$provider = $provider ?: $this->getProvider();
272+
273+
$groups = $provider->get($apiRef, $token);
274+
275+
// If any specific group ID has been defined for a specific role, use that
276+
// ID to give the user the right role
277+
$givenAdminGroup = $this->get(self::SETTING_GROUP_ID_ADMIN);
278+
$givenSessionAdminGroup = $this->get(self::SETTING_GROUP_ID_SESSION_ADMIN);
279+
$givenTeacherGroup = $this->get(self::SETTING_GROUP_ID_TEACHER);
280+
$userRole = STUDENT;
281+
$isAdmin = false;
282+
foreach ($groups as $group) {
283+
if ($givenAdminGroup == $group[$objectIdKey]) {
284+
$userRole = COURSEMANAGER;
285+
$isAdmin = true;
286+
} elseif ($givenSessionAdminGroup == $group[$objectIdKey]) {
287+
$userRole = SESSIONADMIN;
288+
} elseif ($userRole != SESSIONADMIN && $givenTeacherGroup == $group[$objectIdKey]) {
289+
$userRole = COURSEMANAGER;
290+
}
291+
}
292+
293+
return [$userRole, $isAdmin];
294+
}
191295
}

plugin/azure_active_directory/src/callback.php

+5-63
Original file line numberDiff line numberDiff line change
@@ -85,69 +85,11 @@
8585
throw new Exception('The id field is empty in Azure AD and is needed to set the unique Azure ID for this user.');
8686
}
8787

88-
$userId = $plugin->getUserIdByVerificationOrder($me);
89-
90-
if (empty($userId)) {
91-
// If we didn't find the user
92-
if ($plugin->get(AzureActiveDirectory::SETTING_PROVISION_USERS) === 'true') {
93-
// Get groups info, if any
94-
$groups = $provider->get('me/memberOf', $token);
95-
if (empty($me)) {
96-
throw new Exception('Groups info not found.');
97-
}
98-
// If any specific group ID has been defined for a specific role, use that
99-
// ID to give the user the right role
100-
$givenAdminGroup = $plugin->get(AzureActiveDirectory::SETTING_GROUP_ID_ADMIN);
101-
$givenSessionAdminGroup = $plugin->get(AzureActiveDirectory::SETTING_GROUP_ID_SESSION_ADMIN);
102-
$givenTeacherGroup = $plugin->get(AzureActiveDirectory::SETTING_GROUP_ID_TEACHER);
103-
$userRole = STUDENT;
104-
$isAdmin = false;
105-
foreach ($groups as $group) {
106-
if ($isAdmin) {
107-
break;
108-
}
109-
if ($givenAdminGroup == $group['objectId']) {
110-
$userRole = COURSEMANAGER;
111-
$isAdmin = true;
112-
} elseif (!$isAdmin && $givenSessionAdminGroup == $group['objectId']) {
113-
$userRole = SESSIONADMIN;
114-
} elseif (!$isAdmin && $userRole != SESSIONADMIN && $givenTeacherGroup == $group['objectId']) {
115-
$userRole = COURSEMANAGER;
116-
}
117-
}
118-
119-
// If the option is set to create users, create it
120-
$userId = UserManager::create_user(
121-
$me['givenName'],
122-
$me['surname'],
123-
$userRole,
124-
$me['mail'],
125-
$me['mailNickname'],
126-
'',
127-
null,
128-
null,
129-
$me['telephoneNumber'],
130-
null,
131-
'azure',
132-
null,
133-
($me['accountEnabled'] ? 1 : 0),
134-
null,
135-
[
136-
'extra_'.AzureActiveDirectory::EXTRA_FIELD_ORGANISATION_EMAIL => $me['mail'],
137-
'extra_'.AzureActiveDirectory::EXTRA_FIELD_AZURE_ID => $me['mailNickname'],
138-
'extra_'.AzureActiveDirectory::EXTRA_FIELD_AZURE_UID => $me['id'],
139-
],
140-
null,
141-
null,
142-
$isAdmin
143-
);
144-
if (!$userId) {
145-
throw new Exception(get_lang('UserNotAdded').' '.$me['mailNickname']);
146-
}
147-
} else {
148-
throw new Exception('User not found when checking the extra fields from '.$me['mail'].' or '.$me['mailNickname'].' or '.$me['id'].'.');
149-
}
150-
}
88+
$userId = $plugin->registerUser(
89+
$token,
90+
$provider,
91+
$me
92+
);
15193

15294
$userInfo = api_get_user_info($userId);
15395

0 commit comments

Comments
 (0)