Plugin: Azure: Request a new access token when it expires - refs BT#21930

1 year ago · c9d99a60db
parent 228c3dc8fd
commit c9d99a60db
4 changed files with 35 additions and 12 deletions
--- a/plugin/azure_active_directory/src/AzureActiveDirectory.php
+++ b/plugin/azure_active_directory/src/AzureActiveDirectory.php
@ -213,7 +213,7 @@ class AzureActiveDirectory extends Plugin
     * @throws Exception
     */
    public function registerUser(
-        AccessTokenInterface $token,
+        AccessTokenInterface &$token,
        Azure $provider,
        array $azureUserInfo,
        string $apiGroupsRef = 'me/memberOf',
@ -319,7 +319,7 @@ class AzureActiveDirectory extends Plugin
     * @throws Exception
     */
    private function formatUserData(
-        AccessTokenInterface $token,
+        AccessTokenInterface &$token,
        Azure $provider,
        array $azureUserInfo,
        string $apiGroupsRef,
@ -378,7 +378,7 @@ class AzureActiveDirectory extends Plugin
     * @throws Exception
     */
    private function getUserRoleAndCheckIsAdmin(
-        AccessTokenInterface $token,
+        AccessTokenInterface &$token,
        Azure $provider,
        string $apiRef = 'me/memberOf',
        string $groupObjectIdKey = 'objectId'
--- a/plugin/azure_active_directory/src/AzureCommand.php
+++ b/plugin/azure_active_directory/src/AzureCommand.php
@ -2,6 +2,8 @@

 /* For license terms, see /license.txt */

+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Token\AccessTokenInterface;
 use TheNetworg\OAuth2\Client\Provider\Azure;

 class AzureCommand
@ -21,4 +23,19 @@ class AzureCommand
        $this->plugin->get_settings(true);
        $this->provider = $this->plugin->getProviderForApiGraph();
    }
+
+    /**
+     * @throws IdentityProviderException
+     */
+    protected function getToken(?AccessTokenInterface $currentToken = null): AccessTokenInterface
+    {
+        if (!$currentToken || ($currentToken->getExpires() && !$currentToken->getRefreshToken())) {
+            return $this->provider->getAccessToken(
+                'client_credentials',
+                ['resource' => $this->provider->resource]
+            );
+        }
+
+        return $currentToken;
+    }
 }
--- a/plugin/azure_active_directory/src/AzureSyncUsergroupsCommand.php
+++ b/plugin/azure_active_directory/src/AzureSyncUsergroupsCommand.php
@ -15,10 +15,7 @@ class AzureSyncUsergroupsCommand extends AzureCommand
    {
        yield 'Synchronizing groups from Azure.';

-        $token = $this->provider->getAccessToken(
-            'client_credentials',
-            ['resource' => $this->provider->resource]
-        );
+        $token = $this->getToken();

        foreach ($this->getAzureGroups($token) as $azureGroupInfo) {
            $usergroup = new UserGroup();
@ -80,6 +77,8 @@ class AzureSyncUsergroupsCommand extends AzureCommand
        );

        do {
+            $token = $this->getToken($token);
+
            try {
                $azureGroupsRequest = $this->provider->request('get', "groups?$query", $token);
            } catch (Exception $e) {
@ -121,6 +120,8 @@ class AzureSyncUsergroupsCommand extends AzureCommand
        $hasNextLink = false;

        do {
+            $token = $this->getToken($token);
+
            try {
                $azureGroupMembersRequest = $this->provider->request(
                    'get',
--- a/plugin/azure_active_directory/src/AzureSyncUsersCommand.php
+++ b/plugin/azure_active_directory/src/AzureSyncUsersCommand.php
@ -15,15 +15,14 @@ class AzureSyncUsersCommand extends AzureCommand
    {
        yield 'Synchronizing users from Azure.';

-        $token = $this->provider->getAccessToken(
-            'client_credentials',
-            ['resource' => $this->provider->resource]
-        );
+        $token = $this->getToken();

        $existingUsers = [];

        foreach ($this->getAzureUsers($token) as $azureUserInfo) {
            try {
+                $token = $this->getToken($token);
+
                $userId = $this->plugin->registerUser(
                    $token,
                    $this->provider,
@ -95,8 +94,14 @@ class AzureSyncUsersCommand extends AzureCommand
        );

        do {
+            $token = $this->getToken($token);
+
            try {
-                $azureUsersRequest = $this->provider->request('get', "users?$query", $token);
+                $azureUsersRequest = $this->provider->request(
+                    'get',
+                    "users?$query",
+                    $token
+                );
            } catch (Exception $e) {
                throw new Exception('Exception when requesting users from Azure: '.$e->getMessage());
            }