AC-1199::Resolve the conflicts

Author: glo71317

app/code/Magento/AdminAdobeIms/Api/SaveImsUserInterface.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Api;
+
+use Magento\Framework\Exception\CouldNotSaveException;
+
+/**
+ * Interface SaveImsUserInterface
+ * Save Ims User & Role
+ */
+interface SaveImsUserInterface
+{
+    /**
+     * Add Admin Adobe IMS User with Default Role i.e "Adobe Ims" & No Permissions
+     *
+     * @param array $profile
+     * @return void
+     * @throws CouldNotSaveException
+     */
+    public function save(array $profile): void;
+}

app/code/Magento/AdminAdobeIms/Console/Command/AdminAdobeImsEnableCommand.php

@@ -11,8 +11,13 @@
 use Magento\AdminAdobeIms\Service\ImsConfig;
 use Magento\AdminAdobeIms\Service\UpdateTokensService;
 use Magento\AdobeImsApi\Api\AuthorizationInterface;
+use Magento\Authorization\Model\Acl\Role\Group;
+use Magento\Authorization\Model\ResourceModel\Role\CollectionFactory;
+use Magento\Authorization\Model\Role;
+use Magento\Authorization\Model\UserContextInterface;
 use Magento\Framework\App\Cache\Type\Config;
 use Magento\Framework\App\Cache\TypeListInterface;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Console\Cli;
 use Magento\Framework\Exception\InvalidArgumentException;
 use Magento\Framework\Exception\LocalizedException;
@@ -67,6 +72,16 @@ class AdminAdobeImsEnableCommand extends Command
      */
     private UpdateTokensService $updateTokensService;
 
+    /**
+     * @var Role
+     */
+    private Role $role;
+
+    /**
+     * @var CollectionFactory
+     */
+    private CollectionFactory $roleCollection;
+
     /**
      * @var AuthorizationInterface
      */
@@ -78,20 +93,26 @@ class AdminAdobeImsEnableCommand extends Command
      * @param TypeListInterface $cacheTypeList
      * @param UpdateTokensService $updateTokensService
      * @param AuthorizationInterface $authorization
+     * @param Role|null $role
+     * @param CollectionFactory|null $roleCollection
      */
     public function __construct(
         ImsConfig $adminImsConfig,
         ImsCommandOptionService $imsCommandOptionService,
         TypeListInterface $cacheTypeList,
         UpdateTokensService $updateTokensService,
-        AuthorizationInterface $authorization
+        AuthorizationInterface $authorization,
+        Role $role = null,
+        CollectionFactory $roleCollection = null
     ) {
         parent::__construct();
         $this->adminImsConfig = $adminImsConfig;
         $this->imsCommandOptionService = $imsCommandOptionService;
         $this->cacheTypeList = $cacheTypeList;
         $this->updateTokensService = $updateTokensService;
         $this->authorization = $authorization;
+        $this->role = $role ?: ObjectManager::getInstance()->get(Role::class);
+        $this->roleCollection = $roleCollection ?: ObjectManager::getInstance()->get(CollectionFactory::class);
 
         $this->setName('admin:adobe-ims:enable')
             ->setDescription('Enable Adobe IMS Module.')
@@ -163,6 +184,7 @@ protected function execute(InputInterface $input, OutputInterface $output): ?int
             if ($clientId && $clientSecret && $organizationId && $isTwoFactorAuthEnabled) {
                 $enabled = $this->enableModule($clientId, $clientSecret, $organizationId, $isTwoFactorAuthEnabled);
                 if ($enabled) {
+                    $this->saveImsAuthorizationRole();
                     $output->writeln(__('Admin Adobe IMS integration is enabled'));
                     return Cli::RETURN_SUCCESS;
                 }
@@ -181,6 +203,27 @@ protected function execute(InputInterface $input, OutputInterface $output): ?int
         }
     }
 
+    /**
+     * Save new Adobe IMS role
+     *
+     * @return bool
+     * @throws \Exception
+     */
+    private function saveImsAuthorizationRole(): bool
+    {
+        $roleCollection = $this->roleCollection->create()->addFieldToFilter('role_name', 'Adobe Ims');
+        if (!$roleCollection->getSize()) {
+            $this->role->setRoleName('Adobe Ims')
+                ->setUserType((string)UserContextInterface::USER_TYPE_ADMIN)
+                ->setUserId(0)
+                ->setRoleType(Group::ROLE_TYPE)
+                ->setParentId(0)
+                ->save();
+        }
+
+        return true;
+    }
+
     /**
      * Enable Admin Adobe IMS Module when testConnection was successfully
      *

app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsCallback.php

@@ -8,20 +8,18 @@
 namespace Magento\AdminAdobeIms\Controller\Adminhtml\OAuth;
 
 use Exception;
-use Magento\AdminAdobeIms\Exception\AdobeImsAuthorizationException;
+
 use Magento\AdminAdobeIms\Logger\AdminAdobeImsLogger;
-use Magento\AdminAdobeIms\Service\AdminLoginProcessService;
 use Magento\AdminAdobeIms\Service\ImsConfig;
-use Magento\AdobeIms\Exception\AdobeImsOrganizationAuthorizationException;
-use Magento\AdobeImsApi\Api\GetProfileInterface;
-use Magento\AdobeImsApi\Api\GetTokenInterface;
-use Magento\AdobeImsApi\Api\OrganizationMembershipInterface;
+use Magento\Authorization\Model\UserContextInterface;
 use Magento\Backend\App\Action\Context;
 use Magento\Backend\Controller\Adminhtml\Auth;
 use Magento\Backend\Model\View\Result\Redirect;
 use Magento\Framework\App\Action\HttpGetActionInterface;
-use Magento\Framework\Exception\AuthenticationException;
 
+/**
+ * Callback for handling redirect from Adobe IMS
+ */
 class ImsCallback extends Auth implements HttpGetActionInterface
 {
     public const ACTION_NAME = 'imscallback';
@@ -31,56 +29,32 @@ class ImsCallback extends Auth implements HttpGetActionInterface
      */
     private ImsConfig $adminImsConfig;
 
-    /**
-     * @var OrganizationMembershipInterface
-     */
-    private OrganizationMembershipInterface $organizationMembership;
-
-    /**
-     * @var AdminLoginProcessService
-     */
-    private AdminLoginProcessService $adminLoginProcessService;
-
     /**
      * @var AdminAdobeImsLogger
      */
     private AdminAdobeImsLogger $logger;
 
     /**
-     * @var GetTokenInterface
-     */
-    private GetTokenInterface $token;
-
-    /**
-     * @var GetProfileInterface
+     * @var UserContextInterface
      */
-    private GetProfileInterface $profile;
+    private UserContextInterface $userContext;
 
     /**
      * @param Context $context
      * @param ImsConfig $adminImsConfig
-     * @param OrganizationMembershipInterface $organizationMembership
-     * @param AdminLoginProcessService $adminLoginProcessService
      * @param AdminAdobeImsLogger $logger
-     * @param GetTokenInterface $token
-     * @param GetProfileInterface $profile
+     * @param UserContextInterface $userContext
      */
     public function __construct(
         Context $context,
         ImsConfig $adminImsConfig,
-        OrganizationMembershipInterface $organizationMembership,
-        AdminLoginProcessService $adminLoginProcessService,
         AdminAdobeImsLogger $logger,
-        GetTokenInterface $token,
-        GetProfileInterface $profile
+        UserContextInterface $userContext
     ) {
         parent::__construct($context);
         $this->adminImsConfig = $adminImsConfig;
-        $this->organizationMembership = $organizationMembership;
-        $this->adminLoginProcessService = $adminLoginProcessService;
         $this->logger = $logger;
-        $this->token = $token;
-        $this->profile = $profile;
+        $this->userContext = $userContext;
     }
 
     /**
@@ -100,40 +74,11 @@ public function execute(): Redirect
         }
 
         try {
-            $code = $this->getRequest()->getParam('code');
-
-            if ($code === null) {
-                throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+            if ($this->userContext->getUserId()
+                && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_ADMIN
+            ) {
+                return $resultRedirect;
             }
-
-            //get token from response
-            $tokenResponse = $this->token->getTokenResponse($code);
-            $accessToken = $tokenResponse->getAccessToken();
-
-            //get profile info to check email
-            $profile = $this->profile->getProfile($accessToken);
-            if (empty($profile['email'])) {
-                throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
-            }
-
-            //check membership in organization
-            $this->organizationMembership->checkOrganizationMembership($accessToken);
-
-            $this->adminLoginProcessService->execute($tokenResponse, $profile);
-        } catch (AdobeImsAuthorizationException $e) {
-            $this->logger->error($e->getMessage());
-
-            $this->imsErrorMessage(
-                'You don\'t have access to this Commerce instance',
-                AdobeImsAuthorizationException::ERROR_MESSAGE
-            );
-        } catch (AdobeImsOrganizationAuthorizationException $e) {
-            $this->logger->error($e->getMessage());
-
-            $this->imsErrorMessage(
-                'Unable to sign in with the Adobe ID',
-                AdobeImsOrganizationAuthorizationException::ERROR_MESSAGE
-            );
         } catch (Exception $e) {
             $this->logger->error($e->getMessage());
 

app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsReauthCallback.php

@@ -9,18 +9,14 @@
 
 use Exception;
 use Magento\AdminAdobeIms\Logger\AdminAdobeImsLogger;
-use Magento\AdminAdobeIms\Service\AdminReauthProcessService;
+use Magento\AdminAdobeIms\Model\Authorization\AdobeImsAdminTokenUserService;
 use Magento\AdminAdobeIms\Service\ImsConfig;
-use Magento\AdobeImsApi\Api\OrganizationMembershipInterface;
-use Magento\AdobeImsApi\Api\GetProfileInterface;
 use Magento\Backend\App\Action\Context;
 use Magento\Backend\Controller\Adminhtml\Auth;
 use Magento\Framework\App\Action\HttpGetActionInterface;
 use Magento\Framework\Controller\Result\Raw;
 use Magento\Framework\Controller\ResultFactory;
 use Magento\Framework\Controller\ResultInterface;
-use Magento\AdobeImsApi\Api\GetTokenInterface;
-use Magento\Framework\Exception\AuthenticationException;
 
 class ImsReauthCallback extends Auth implements HttpGetActionInterface
 {
@@ -42,56 +38,32 @@ class ImsReauthCallback extends Auth implements HttpGetActionInterface
      */
     private ImsConfig $adminImsConfig;
 
-    /**
-     * @var OrganizationMembershipInterface
-     */
-    private OrganizationMembershipInterface $organizationMembership;
-
-    /**
-     * @var AdminReauthProcessService
-     */
-    private AdminReauthProcessService $adminReauthProcessService;
-
     /**
      * @var AdminAdobeImsLogger
      */
     private AdminAdobeImsLogger $logger;
 
     /**
-     * @var GetTokenInterface
-     */
-    private GetTokenInterface $token;
-
-    /**
-     * @var GetProfileInterface
+     * @var AdobeImsAdminTokenUserService
      */
-    private GetProfileInterface $profile;
+    private AdobeImsAdminTokenUserService $adminTokenUserService;
 
     /**
      * @param Context $context
-     * @param GetProfileInterface $profile
      * @param ImsConfig $adminImsConfig
-     * @param OrganizationMembershipInterface $organizationMembership
-     * @param AdminReauthProcessService $adminReauthProcessService
+     * @param AdobeImsAdminTokenUserService $adminTokenUserService
      * @param AdminAdobeImsLogger $logger
-     * @param GetTokenInterface $token
      */
     public function __construct(
         Context                         $context,
-        GetProfileInterface             $profile,
         ImsConfig                       $adminImsConfig,
-        OrganizationMembershipInterface $organizationMembership,
-        AdminReauthProcessService       $adminReauthProcessService,
-        AdminAdobeImsLogger             $logger,
-        GetTokenInterface               $token
+        AdobeImsAdminTokenUserService $adminTokenUserService,
+        AdminAdobeImsLogger             $logger
     ) {
         parent::__construct($context);
-        $this->profile = $profile;
         $this->adminImsConfig = $adminImsConfig;
-        $this->organizationMembership = $organizationMembership;
-        $this->adminReauthProcessService = $adminReauthProcessService;
+        $this->adminTokenUserService = $adminTokenUserService;
         $this->logger = $logger;
-        $this->token = $token;
     }
 
     /**
@@ -119,24 +91,7 @@ public function execute(): ResultInterface
         }
 
         try {
-            $code = $this->getRequest()->getParam('code');
-
-            if ($code === null) {
-                throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
-            }
-
-            $tokenResponse = $this->token->getTokenResponse($code);
-            $accessToken = $tokenResponse->getAccessToken();
-
-            $profile = $this->profile->getProfile($accessToken);
-            if (empty($profile['email'])) {
-                throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
-            }
-
-            //check membership in organization
-            $this->organizationMembership->checkOrganizationMembership($accessToken);
-
-            $this->adminReauthProcessService->execute($tokenResponse);
+            $this->adminTokenUserService->processLoginRequest(true);
 
             $response = sprintf(
                 self::RESPONSE_TEMPLATE,