From 9952686b1014cadbfe3b0f33c4f870b42bf3c228 Mon Sep 17 00:00:00 2001
From: Marco Wildermuth <mw@cron.eu>
Date: Mon, 16 Sep 2024 18:33:04 +0200
Subject: [PATCH 1/2] Rename from DavUser to DavObisUser

---
 Classes/Eel/Helper/FobiHelper.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/Classes/Eel/Helper/FobiHelper.php b/Classes/Eel/Helper/FobiHelper.php
index 5e3bcea..3065e6f 100644
--- a/Classes/Eel/Helper/FobiHelper.php
+++ b/Classes/Eel/Helper/FobiHelper.php
@@ -14,16 +14,16 @@
 use Neos\Flow\Security\Context;
 use Neos\Flow\Session\Exception\SessionNotStartedException;
 use Psr\Log\LoggerInterface;
-use CRON\ObisIntegration\Service\DavUserService;
+use CRON\ObisIntegration\Service\DavObisUserService;
 
 /** @noinspection PhpUnused */
 class FobiHelper implements ProtectedContextAwareInterface
 {
     /**
      * @Flow\Inject
-     * @var DavUserService
+     * @var DavObisUserService
      */
-    protected $davUserService;
+    protected $davObisUserService;
 
     /**
      * @Flow\Inject
@@ -63,13 +63,13 @@ public function injectLogger(LoggerInterface $logger): void
      */
     public function getToken(): string
     {
-        $username = $this->davUserService->getCurrentUsername();
+        $username = $this->davObisUserService->getCurrentUsername();
         if (empty($username)) {
             return '';
         }
 
-        $davUser = $this->davUserService->getCurrentDavUser();
-        $obisRoles = $this->davUserService->getCurrentRoles();
+        $davObisUser = $this->davObisUserService->getCurrentDavObisUser();
+        $obisRoles = $this->davObisUserService->getCurrentRoles();
         $sessionRoles = $this->securityContext->getRoles();
 
         // We want only the roles from Neos which we need for Fobi
@@ -85,8 +85,8 @@ public function getToken(): string
 
         return $this->createToken(
             $username, // in the latest versions the username is always the mail address
-            $davUser->getFirstName(),
-            $davUser->getLastName(),
+            $davObisUser->getFirstName(),
+            $davObisUser->getLastName(),
             $this->getFobiRoles($roles)
         );
     }

From d5459ba6b7a69577c6b64c3883edf6cd03070ac4 Mon Sep 17 00:00:00 2001
From: Marco Wildermuth <mw@cron.eu>
Date: Mon, 30 Sep 2024 23:58:38 +0200
Subject: [PATCH 2/2] Allow token data provider via interface

---
 Classes/Eel/Helper/FobiHelper.php             | 78 ++++---------------
 .../Service/TokenDataProviderInterface.php    | 14 ++++
 Configuration/Settings.yaml                   |  6 +-
 README.md                                     | 12 ---
 4 files changed, 32 insertions(+), 78 deletions(-)
 create mode 100644 Classes/Service/TokenDataProviderInterface.php

diff --git a/Classes/Eel/Helper/FobiHelper.php b/Classes/Eel/Helper/FobiHelper.php
index 3065e6f..749ef91 100644
--- a/Classes/Eel/Helper/FobiHelper.php
+++ b/Classes/Eel/Helper/FobiHelper.php
@@ -2,35 +2,19 @@
 
 namespace CRON\DAV\Fobi\Eel\Helper;
 
-use CRON\ObisIntegration\ObisException;
+use CRON\DAV\Fobi\Service\TokenDataProviderInterface;
 use DateInterval;
 use DateTime;
 use Exception;
+use Firebase\JWT\JWT;
 use Neos\Eel\ProtectedContextAwareInterface;
 use Neos\Flow\Annotations as Flow;
-use Firebase\JWT\JWT;
 use Neos\Flow\Configuration\Exception\InvalidConfigurationException;
 use Neos\Flow\Log\Utility\LogEnvironment;
-use Neos\Flow\Security\Context;
-use Neos\Flow\Session\Exception\SessionNotStartedException;
 use Psr\Log\LoggerInterface;
-use CRON\ObisIntegration\Service\DavObisUserService;
 
-/** @noinspection PhpUnused */
 class FobiHelper implements ProtectedContextAwareInterface
 {
-    /**
-     * @Flow\Inject
-     * @var DavObisUserService
-     */
-    protected $davObisUserService;
-
-    /**
-     * @Flow\Inject
-     * @var Context
-     */
-    protected $securityContext;
-
     /**
      * @Flow\InjectConfiguration(package="CRON.DAV.Fobi")
      * @var array
@@ -57,38 +41,29 @@ public function injectLogger(LoggerInterface $logger): void
      * @return string A token identifying the user, or an empty string if there is no user
      *
      * @throws InvalidConfigurationException
-     * @throws \Neos\Flow\Exception
-     * @throws SessionNotStartedException
-     * @throws ObisException
+     * @throws Exception
      */
     public function getToken(): string
     {
-        $username = $this->davObisUserService->getCurrentUsername();
-        if (empty($username)) {
-            return '';
+        $tokenDataProviderClassName = $this->settings['tokenDataProvider']['className'];
+
+        if (empty($tokenDataProviderClassName)) {
+            throw new Exception('No tokenDataProvider configured.');
         }
 
-        $davObisUser = $this->davObisUserService->getCurrentDavObisUser();
-        $obisRoles = $this->davObisUserService->getCurrentRoles();
-        $sessionRoles = $this->securityContext->getRoles();
+        $tokenDataProvider = new $tokenDataProviderClassName();
 
-        // We want only the roles from Neos which we need for Fobi
-        $mappedRoles = [];
-        foreach ($sessionRoles as $key => $value) {
-          if (isset($this->settings['rolesMapping'][$key])) {
-              $mappedRoles[] = $key;
-            }
+        if (!$tokenDataProvider instanceof TokenDataProviderInterface) {
+            throw new Exception(sprintf('Class "%s" should implement TokenDataProviderInterface but does not.', $tokenDataProviderClassName));
         }
 
-        // Ensures after the arrays have been merged that the roles are always unique
-        $roles = array_unique($obisRoles + $mappedRoles);
+        $tokenData = $tokenDataProvider->getTokenData();
 
-        return $this->createToken(
-            $username, // in the latest versions the username is always the mail address
-            $davObisUser->getFirstName(),
-            $davObisUser->getLastName(),
-            $this->getFobiRoles($roles)
-        );
+        if (!$tokenData) {
+            return '';
+        }
+
+        return $this->createToken($tokenData['email'], $tokenData['firstName'], $tokenData['lastName'], $tokenData['roles']);
     }
 
     /**
@@ -144,27 +119,6 @@ protected function createToken(?string $email, ?string $firstName, ?string $last
         return $jwt;
     }
 
-    /**
-     * Map flow roles to strings to be used in DAV.Fobi
-     *
-     * Use the CRON.DAV.Fobi.rolesMapping setting
-     *
-     * @param array $roles A list of flow roles
-     * @return array
-     */
-    protected function getFobiRoles(array $roles): array
-    {
-        if (empty($roles)) {
-            return [];
-        }
-        return array_map(function ($role) {
-            if (isset($this->settings['rolesMapping'][$role])) {
-                $role = $this->settings['rolesMapping'][$role];
-            }
-            return $role;
-        }, $roles);
-    }
-
     /**
      * Allow calling all public methods as Eel functions (only getToken)
      *
diff --git a/Classes/Service/TokenDataProviderInterface.php b/Classes/Service/TokenDataProviderInterface.php
new file mode 100644
index 0000000..30e0d78
--- /dev/null
+++ b/Classes/Service/TokenDataProviderInterface.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace CRON\DAV\Fobi\Service;
+
+interface TokenDataProviderInterface
+{
+    /**
+     * This method should return an associative array with "email", "firstName", "lastName" and "roles", containing
+     * the respective data.
+     *
+     * @return array|null
+     */
+    public function getTokenData(): ?array;
+}
diff --git a/Configuration/Settings.yaml b/Configuration/Settings.yaml
index fbab0b3..552a42f 100644
--- a/Configuration/Settings.yaml
+++ b/Configuration/Settings.yaml
@@ -1,6 +1,8 @@
 CRON:
   DAV:
     Fobi:
+      tokenDataProvider:
+        className: ''
       widgetLoaderUri: '%env:DAV_FOBI_URI%'
       token:
         # The issuer of the token
@@ -11,7 +13,3 @@ CRON:
         secret: '%env:DAV_FOBI_SECRET%'
         # Token expiration: a string which can be passed to the php DateInterval constructor
         expiresAfter: '%env:DAV_FOBI_EXPIRESAFTER%'
-      rolesMapping:
-        # Map flow roles to strings used in Fobi, i.e.:
-        #'CRON.DazSite:DazSubscriber': 'DAZ-Abo'
-        #'CRON.DazSite:ELearningUser': 'eLearning-Benutzer'
diff --git a/README.md b/README.md
index db868a3..d8eac50 100644
--- a/README.md
+++ b/README.md
@@ -45,15 +45,3 @@ Use environment variables for the secrets:
 `DAV_FOBI_AUDIENCE`: the target domain for which the token was issued.
 `DAV_FOBI_SECRET`: the token shared passphrase
 `DAV_FOBI_EXPIRESAFTER`: token expiration, as a string which can be passed to the php DateInterval constructor (i.e. `PT6H`)
-
-Furthermore, configure a proper mapping between the Flow roles and the name of the ACLs for Fobi, i.e.:
-
-```yaml
-CRON:
-  DAV:
-    Fobi:
-      rolesMapping:
-        # Map flow roles to strings used in Fobi
-        'CRON.DazSite:DazSubscriber': 'DAZ-Abo'
-        'CRON.DazSite:ELearningUser': 'eLearning-Benutzer'
-```