Plugin: Azure: Request a new access token when it expires - refs BT#2…

…1930
AngelFQC · Sep 6, 2024 · c9d99a6 · c9d99a6
1 parent 228c3dc
commit c9d99a6
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 12 deletions.
diff --git a/plugin/azure_active_directory/src/AzureActiveDirectory.php b/plugin/azure_active_directory/src/AzureActiveDirectory.php
@@ -213,7 +213,7 @@ public function getUserIdByVerificationOrder(array $azureUserData, string $azure
      * @throws Exception
      */
     public function registerUser(
-        AccessTokenInterface $token,
+        AccessTokenInterface &$token,
         Azure $provider,
         array $azureUserInfo,
         string $apiGroupsRef = 'me/memberOf',
@@ -319,7 +319,7 @@ public function registerUser(
      * @throws Exception
      */
     private function formatUserData(
-        AccessTokenInterface $token,
+        AccessTokenInterface &$token,
         Azure $provider,
         array $azureUserInfo,
         string $apiGroupsRef,
@@ -378,7 +378,7 @@ private function formatUserData(
      * @throws Exception
      */
     private function getUserRoleAndCheckIsAdmin(
-        AccessTokenInterface $token,
+        AccessTokenInterface &$token,
         Azure $provider,
         string $apiRef = 'me/memberOf',
         string $groupObjectIdKey = 'objectId'

diff --git a/plugin/azure_active_directory/src/AzureCommand.php b/plugin/azure_active_directory/src/AzureCommand.php
@@ -2,6 +2,8 @@
 
 /* For license terms, see /license.txt */
 
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Token\AccessTokenInterface;
 use TheNetworg\OAuth2\Client\Provider\Azure;
 
 class AzureCommand
@@ -21,4 +23,19 @@ public function __construct()
         $this->plugin->get_settings(true);
         $this->provider = $this->plugin->getProviderForApiGraph();
     }
+
+    /**
+     * @throws IdentityProviderException
+     */
+    protected function getToken(?AccessTokenInterface $currentToken = null): AccessTokenInterface
+    {
+        if (!$currentToken || ($currentToken->getExpires() && !$currentToken->getRefreshToken())) {
+            return $this->provider->getAccessToken(
+                'client_credentials',
+                ['resource' => $this->provider->resource]
+            );
+        }
+
+        return $currentToken;
+    }
 }
diff --git a/plugin/azure_active_directory/src/AzureSyncUsergroupsCommand.php b/plugin/azure_active_directory/src/AzureSyncUsergroupsCommand.php
@@ -15,10 +15,7 @@ public function __invoke(): Generator
     {
         yield 'Synchronizing groups from Azure.';
 
-        $token = $this->provider->getAccessToken(
-            'client_credentials',
-            ['resource' => $this->provider->resource]
-        );
+        $token = $this->getToken();
 
         foreach ($this->getAzureGroups($token) as $azureGroupInfo) {
             $usergroup = new UserGroup();
@@ -80,6 +77,8 @@ private function getAzureGroups(AccessTokenInterface $token): Generator
         );
 
         do {
+            $token = $this->getToken($token);
+
             try {
                 $azureGroupsRequest = $this->provider->request('get', "groups?$query", $token);
             } catch (Exception $e) {
@@ -121,6 +120,8 @@ private function getAzureGroupMembers(AccessTokenInterface $token, string $group
         $hasNextLink = false;
 
         do {
+            $token = $this->getToken($token);
+
             try {
                 $azureGroupMembersRequest = $this->provider->request(
                     'get',

diff --git a/plugin/azure_active_directory/src/AzureSyncUsersCommand.php b/plugin/azure_active_directory/src/AzureSyncUsersCommand.php
@@ -15,15 +15,14 @@ public function __invoke(): Generator
     {
         yield 'Synchronizing users from Azure.';
 
-        $token = $this->provider->getAccessToken(
-            'client_credentials',
-            ['resource' => $this->provider->resource]
-        );
+        $token = $this->getToken();
 
         $existingUsers = [];
 
         foreach ($this->getAzureUsers($token) as $azureUserInfo) {
             try {
+                $token = $this->getToken($token);
+
                 $userId = $this->plugin->registerUser(
                     $token,
                     $this->provider,
@@ -95,8 +94,14 @@ private function getAzureUsers(AccessTokenInterface $token): Generator
         );
 
         do {
+            $token = $this->getToken($token);
+
             try {
-                $azureUsersRequest = $this->provider->request('get', "users?$query", $token);
+                $azureUsersRequest = $this->provider->request(
+                    'get',
+                    "users?$query",
+                    $token
+                );
             } catch (Exception $e) {
                 throw new Exception('Exception when requesting users from Azure: '.$e->getMessage());
             }