Merge remote-tracking branch 'origin/2.4-develop' into Hammer_Community_Backlog_21092022

Author: glo71317

app/code/Magento/AdminAdobeIms/Api/SaveImsUserInterface.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Api;
+
+use Magento\Framework\Exception\CouldNotSaveException;
+
+/**
+ * Interface SaveImsUserInterface
+ * Save Ims User & Role
+ */
+interface SaveImsUserInterface
+{
+    /**
+     * Add Admin Adobe IMS User with Default Role i.e "Adobe Ims" & No Permissions
+     *
+     * @param array $profile
+     * @return void
+     * @throws CouldNotSaveException
+     */
+    public function save(array $profile): void;
+}

app/code/Magento/AdminAdobeIms/Model/Authorization/AdobeImsAdminTokenUserService.php

@@ -18,6 +18,7 @@
 use Magento\AdobeImsApi\Api\OrganizationMembershipInterface;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Exception\AuthenticationException;
+use Magento\AdminAdobeIms\Api\SaveImsUserInterface;
 
 /**
  * Adobe IMS Auth Model for getting Admin Token
@@ -63,6 +64,11 @@ class AdobeImsAdminTokenUserService
      */
     private RequestInterface $request;
 
+    /**
+     * @var SaveImsUserInterface
+     */
+    private SaveImsUserInterface $saveImsUser;
+
     /**
      * @param ImsConfig $adminImsConfig
      * @param OrganizationMembershipInterface $organizationMembership
@@ -71,6 +77,7 @@ class AdobeImsAdminTokenUserService
      * @param RequestInterface $request
      * @param GetTokenInterface $token
      * @param GetProfileInterface $profile
+     * @param SaveImsUserInterface $saveImsUser
      */
     public function __construct(
         ImsConfig $adminImsConfig,
@@ -79,7 +86,8 @@ public function __construct(
         AdminReauthProcessService $adminReauthProcessService,
         RequestInterface $request,
         GetTokenInterface $token,
-        GetProfileInterface $profile
+        GetProfileInterface $profile,
+        SaveImsUserInterface $saveImsUser
     ) {
         $this->adminImsConfig = $adminImsConfig;
         $this->organizationMembership = $organizationMembership;
@@ -88,6 +96,7 @@ public function __construct(
         $this->request = $request;
         $this->token = $token;
         $this->profile = $profile;
+        $this->saveImsUser = $saveImsUser;
     }
 
     /**
@@ -122,6 +131,7 @@ public function processLoginRequest(bool $isReauthorize = false): void
                 if ($isReauthorize) {
                     $this->adminReauthProcessService->execute($tokenResponse);
                 } else {
+                    $this->saveImsUser->save($profile);
                     $this->adminLoginProcessService->execute($tokenResponse, $profile);
                 }
             } catch (AdobeImsAuthorizationException $e) {

app/code/Magento/AdminAdobeIms/Model/SaveImsUser.php

@@ -0,0 +1,151 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Model;
+
+use Magento\AdminAdobeIms\Api\SaveImsUserInterface;
+use Magento\User\Model\User;
+use Magento\User\Model\ResourceModel\User\CollectionFactory as UserCollectionFactory;
+use Magento\Authorization\Model\ResourceModel\Role\CollectionFactory as RoleCollectionFactory;
+use Magento\AdminAdobeIms\Logger\AdminAdobeImsLogger;
+use Magento\AdminAdobeIms\Service\ImsConfig;
+use Magento\Authorization\Model\Acl\Role\User as UserRoleType;
+use Exception;
+use Magento\Framework\Exception\CouldNotSaveException;
+
+/**
+ * Class SaveImsUser
+ * Save Adobe IMS User with Default Role i.e "Adobe Ims" & No Permissions
+ */
+class SaveImsUser implements SaveImsUserInterface
+{
+    private const ADMIN_IMS_ROLE = 'Adobe Ims';
+
+    /**
+     * @var User
+     */
+    private User $user;
+
+    /**
+     * @var UserCollectionFactory
+     */
+    private UserCollectionFactory $userCollectionFactory;
+
+    /**
+     * @var RoleCollectionFactory
+     */
+    private RoleCollectionFactory $roleCollectionFactory;
+
+    /**
+     * @var AdminAdobeImsLogger
+     */
+    private AdminAdobeImsLogger $logger;
+
+    /**
+     * @var ImsConfig
+     */
+    private ImsConfig $adminImsConfig;
+
+    /**
+     * SaveImsUser constructor.
+     * @param User $user
+     * @param UserCollectionFactory $userCollectionFactory
+     * @param RoleCollectionFactory $roleCollectionFactory
+     * @param AdminAdobeImsLogger $logger
+     * @param ImsConfig $adminImsConfig
+     */
+    public function __construct(
+        User $user,
+        UserCollectionFactory $userCollectionFactory,
+        RoleCollectionFactory $roleCollectionFactory,
+        AdminAdobeImsLogger $logger,
+        ImsConfig $adminImsConfig
+    ) {
+        $this->user = $user;
+        $this->userCollectionFactory = $userCollectionFactory;
+        $this->roleCollectionFactory = $roleCollectionFactory;
+        $this->logger = $logger;
+        $this->adminImsConfig = $adminImsConfig;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function save(array $profile): void
+    {
+        if (!$this->adminImsConfig->enabled() || empty($profile['email'])) {
+            throw new CouldNotSaveException(__('Could not save ims user.'));
+        }
+
+        $username = strtolower(strstr($profile['email'], '@', true));
+        $userCollection = $this->userCollectionFactory->create()
+            ->addFieldToFilter('email', ['eq' => $profile['email']])
+            ->addFieldToFilter('username', ['eq' => $username]);
+
+        if (!$userCollection->getSize()) {
+            $roleId = $this->getImsDefaultRole();
+            if ($roleId > 0) {
+                try {
+                    $this->user->setFirstname($profile['first_name'])
+                        ->setLastname($profile['last_name'])
+                        ->setUsername($username)
+                        ->setPassword($this->generateRandomPassword())
+                        ->setEmail($profile['email'])
+                        ->setRoleType(UserRoleType::ROLE_TYPE)
+                        ->setPrivileges("")
+                        ->setAssertId(0)
+                        ->setRoleId((int)$roleId)
+                        ->setPermission('allow')
+                        ->save();
+                    unset($this->user);
+                } catch (Exception $e) {
+                    $this->logger->critical($e->getMessage());
+                    throw new CouldNotSaveException(__('Could not save ims user.'));
+                }
+            }
+        }
+        $userCollection->clear();
+    }
+
+    /**
+     * Fetch Default Role "Adobe Ims"
+     *
+     * @return int
+     */
+    private function getImsDefaultRole(): int
+    {
+        $roleId = 0;
+        $roleCollection = $this->roleCollectionFactory->create()
+            ->addFieldToFilter('role_name', ['eq' => self::ADMIN_IMS_ROLE])
+            ->addFieldToSelect('role_id');
+
+        if ($roleCollection->getSize() > 0) {
+            $objRole = $roleCollection->fetchItem();
+            $roleId = (int) $objRole->getId();
+        }
+        $roleCollection->clear();
+
+        return $roleId;
+    }
+
+    /**
+     * Generate random password string
+     *
+     * @return string
+     */
+    private function generateRandomPassword(): string
+    {
+        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-.';
+        $pass = [];
+        $alphaLength = strlen($characters) - 1;
+        for ($i = 0; $i < 100; $i++) {
+            $n = random_int(0, $alphaLength);
+            $pass[] = $characters[$n];
+        }
+        return implode($pass);
+    }
+}

app/code/Magento/AdminAdobeIms/Test/Unit/Model/Authorization/AdobeImsAdminTokenUserServiceTest.php

@@ -19,9 +19,13 @@
 use Magento\Framework\Exception\AuthenticationException;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
 use PHPUnit\Framework\TestCase;
+use Magento\AdminAdobeIms\Service\AdminReauthProcessService;
+use Magento\AdminAdobeIms\Api\SaveImsUserInterface;
 
 /**
  * Tests Magento\AdminAdobeIms\Model\Authorization\AdobeImsAdminTokenUserService
+ *
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class AdobeImsAdminTokenUserServiceTest extends TestCase
 {
@@ -65,6 +69,16 @@ class AdobeImsAdminTokenUserServiceTest extends TestCase
      */
     private $requestInterfaceMock;
 
+    /**
+     * @var AdminReauthProcessService
+     */
+    private $adminReauthProcessService;
+
+    /**
+     * @var SaveImsUserInterface
+     */
+    private $saveImsUser;
+
     protected function setUp(): void
     {
         $this->objectManager = new ObjectManager($this);
@@ -75,6 +89,8 @@ protected function setUp(): void
         $this->organizationMembership = $this->createMock(OrganizationMembershipInterface::class);
         $this->adminLoginProcessService = $this->createMock(AdminLoginProcessService::class);
         $this->requestInterfaceMock = $this->createMock(RequestInterface::class);
+        $this->adminReauthProcessService = $this->createMock(AdminReauthProcessService::class);
+        $this->saveImsUser = $this->createMock(SaveImsUserInterface::class);
 
         $this->adminImsConfigMock->expects($this->any())
             ->method('enabled')
@@ -86,9 +102,11 @@ protected function setUp(): void
                 'adminImsConfig' => $this->adminImsConfigMock,
                 'organizationMembership' => $this->organizationMembership,
                 'adminLoginProcessService' => $this->adminLoginProcessService,
+                'adminReauthProcessService' => $this->adminReauthProcessService,
                 'request' => $this->requestInterfaceMock,
                 'token' => $this->token,
-                'profile' => $this->profile
+                'profile' => $this->profile,
+                'saveImsUser' => $this->saveImsUser
             ]
         );
     }
@@ -128,6 +146,14 @@ public function testProcessLoginRequest(string $code, array $responseData)
             ->method('checkOrganizationMembership')
             ->with($responseData['access_token']);
 
+        $this->saveImsUser->expects($this->once())
+            ->method('save')
+            ->with($responseData);
+
+        $this->adminLoginProcessService->expects($this->once())
+            ->method('execute')
+            ->with($tokenResponse, $responseData);
+
         $this->adobeImsAdminTokenUserService->processLoginRequest();
     }
 
@@ -256,7 +282,9 @@ public function responseDataProvider(): array
                         'email' => 'user@test.com',
                         'access_token' => 'kladjflakdjf3423rfzddsf',
                         'refresh_token' => 'kladjflakdjf3423rfzddsf',
-                        'expires_in' => 1642259230998
+                        'expires_in' => 1642259230998,
+                        'first_name' => 'Test',
+                        'last_name' => 'User'
                     ]
                 ]
             ];

app/code/Magento/AdminAdobeIms/etc/di.xml

@@ -11,6 +11,7 @@
     <preference for="Magento\AdminAdobeIms\Api\Data\ImsWebapiInterface" type="Magento\AdminAdobeIms\Model\ImsWebapi"/>
     <preference for="Magento\AdobeImsApi\Api\GetAccessTokenInterface" type="Magento\AdminAdobeIms\Model\GetAccessTokenProxy"/>
     <preference for="Magento\AdobeImsApi\Api\UserAuthorizedInterface" type="Magento\AdminAdobeIms\Model\UserAuthorizedProxy"/>
+    <preference for="Magento\AdminAdobeIms\Api\SaveImsUserInterface" type="Magento\AdminAdobeIms\Model\SaveImsUser"/>
 
     <type name="Magento\Framework\Console\CommandListInterface">
         <arguments>

app/code/Magento/AdminAdobeIms/i18n/en_US.csv

@@ -0,0 +1,52 @@
+"Admin Adobe IMS integration is disabled","Admin Adobe IMS integration is disabled"
+"Admin Adobe IMS integration is enabled","Admin Adobe IMS integration is enabled"
+"The Client ID, Client Secret, Organization ID and 2FA are required when enabling the Admin Adobe IMS Module","The Client ID, Client Secret, Organization ID and 2FA are required when enabling the Admin Adobe IMS Module"
+"Module is disabled","Module is disabled"
+"Admin Adobe IMS integration is %1","Admin Adobe IMS integration is %1"
+"Adobe Sign-In is disabled.","Adobe Sign-In is disabled."
+"Authorization was successful","Authorization was successful"
+"Session Access Token is not valid","Session Access Token is not valid"
+"Login request error %1","Login request error %1"
+"An authentication error occurred. Verify and try again.","An authentication error occurred. Verify and try again."
+"You don't have access to this Commerce instance","You don't have access to this Commerce instance"
+"Unable to sign in with the Adobe ID","Unable to sign in with the Adobe ID"
+"Could not save ims token.","Could not save ims token."
+"Could not find ims token id: %id.","Could not find ims token id: %id."
+"Could not delete ims tokens for admin user id %1.","Could not delete ims tokens for admin user id %1."
+"Could not save ims user.","Could not save ims user."
+"The account sign-in was incorrect or your account is disabled temporarily. Please wait and try again later.","The account sign-in was incorrect or your account is disabled temporarily. Please wait and try again later."
+"More permissions are needed to access this.","More permissions are needed to access this."
+"Please sign in with Adobe ID","Please sign in with Adobe ID"
+"Admin token generation is disabled. Please use Adobe IMS ACCESS_TOKEN.","Admin token generation is disabled. Please use Adobe IMS ACCESS_TOKEN."
+"Identity Verification","Identity Verification"
+"Verify Identity with Adobe IMS","Verify Identity with Adobe IMS"
+"Confirm Identity","Confirm Identity"
+"To apply changes you need to verify your Adobe identity.","To apply changes you need to verify your Adobe identity."
+"Identity Verified with Adobe IMS","Identity Verified with Adobe IMS"
+"Please perform the AdobeIms reAuth and try again.","Please perform the AdobeIms reAuth and try again."
+"Use the same email user has in Adobe IMS organization.","Use the same email user has in Adobe IMS organization."
+"The tokens couldn't be revoked.","The tokens couldn't be revoked."
+"No matching admin user found for Adobe ID.","No matching admin user found for Adobe ID."
+"This field is required to enable the Admin Adobe IMS Module","This field is required to enable the Admin Adobe IMS Module"
+"No valid Organization ID provided","No valid Organization ID provided"
+"No valid Client ID provided","No valid Client ID provided"
+"No valid Client Secret provided","No valid Client Secret provided"
+"The ims token wasn't found.","The ims token wasn't found."
+"Sign in to access the Adobe Commerce for your organization.","Sign in to access the Adobe Commerce for your organization."
+"Sign In","Sign In"
+"This Commerce instance is managed by an organization. Contact your organization administrator to request access.","This Commerce instance is managed by an organization. Contact your organization administrator to request access."
+"Sign in with Adobe ID","Sign in with Adobe ID"
+Footer,Footer
+"User Guides","User Guides"
+"Customer Support","Customer Support"
+Forums,Forums
+Header,Header
+"%user_name, you now have access to Adobe Commerce","%user_name, you now have access to Adobe Commerce"
+"Your administrator at %store_name has given you access to Adobe Commerce","Your administrator at %store_name has given you access to Adobe Commerce"
+"Get started","Get started"
+"Here are a few links to help you get up and running:","Here are a few links to help you get up and running:"
+Documentation,Documentation
+"Release notes","Release notes"
+"If you have any questions about access to Adobe Commerce, contact your administrator or your Adobe account team for more information.","If you have any questions about access to Adobe Commerce, contact your administrator or your Adobe account team for more information."
+"Enable Logging for Admin Adobe IMS Module","Enable Logging for Admin Adobe IMS Module"
+"Adobe Commerce","Adobe Commerce"