Auth: Fix command to synchronize users with Azure - refs BT#22639

Author: AngelFQC

src/CoreBundle/Command/AzureSyncAbstractCommand.php

@@ -7,7 +7,6 @@
 namespace Chamilo\CoreBundle\Command;
 
 use Chamilo\CoreBundle\Entity\AzureSyncState;
-use Chamilo\CoreBundle\Entity\User;
 use Chamilo\CoreBundle\Helpers\AuthenticationConfigHelper;
 use Chamilo\CoreBundle\Helpers\AzureAuthenticatorHelper;
 use Chamilo\CoreBundle\Repository\AzureSyncStateRepository;
@@ -43,9 +42,12 @@ public function __construct(
     ) {
         parent::__construct();
 
+        $this->providerParams = $configHelper->getProviderConfig('azure');
+
         $this->client = $this->clientRegistry->getClient('azure');
+
         $this->provider = $this->client->getOAuth2Provider();
-        $this->providerParams = $configHelper->getProviderConfig('azure');
+        $this->provider->tenant = $this->providerParams['tenant'] ?? null;
     }
 
     /**
@@ -67,29 +69,17 @@ protected function generateOrRefreshToken(?AccessTokenInterface &$token): void
      */
     protected function getAzureUsers(): Generator
     {
-        $userFields = [
-            'givenName',
-            'surname',
-            'mail',
-            'userPrincipalName',
-            'businessPhones',
-            'mobilePhone',
-            'accountEnabled',
-            'mailNickname',
-            'id',
-        ];
-
         if ($this->providerParams['script_users_delta']) {
             $usersDeltaLink = $this->syncStateRepo->findOneBy(['title' => AzureSyncState::USERS_DATALINK]);
 
             $query = $usersDeltaLink
                 ? $usersDeltaLink->getValue()
-                : \sprintf('$select=%s', implode(',', $userFields));
+                : \sprintf('$select=%s', implode(',', AzureAuthenticatorHelper::QUERY_FIELDS));
         } else {
             $query = \sprintf(
                 '$top=%d&$select=%s',
                 AzureSyncState::API_PAGE_SIZE,
-                implode(',', $userFields)
+                implode(',', AzureAuthenticatorHelper::QUERY_FIELDS)
             );
         }
 
@@ -99,16 +89,15 @@ protected function getAzureUsers(): Generator
             try {
                 $this->generateOrRefreshToken($token);
 
-                $azureUsersRequest = $this->provider->request(
-                    'get',
-                    $this->providerParams['script_users_delta'] ? "users/delta?$query" : "users?$query",
+                $azureUsersRequest = $this->provider->get(
+                    $this->providerParams['script_users_delta'] ? "/v1.0/users/delta?$query" : "/v1.0/users?$query",
                     $token
                 );
             } catch (GuzzleException|Exception $e) {
                 throw new Exception('Exception when requesting users from Azure: '.$e->getMessage());
             }
 
-            $azureUsersInfo = $azureUsersRequest['value'] ?? [];
+            $azureUsersInfo = $azureUsersRequest ?? [];
 
             foreach ($azureUsersInfo as $azureUserInfo) {
                 $azureUserInfo['mail'] = $azureUserInfo['mail'] ?? null;
@@ -134,50 +123,6 @@ protected function getAzureUsers(): Generator
         } while ($hasNextLink);
     }
 
-    /**
-     * @return array<string, string|false>
-     */
-    public function getGroupUidByRole(): array
-    {
-        $groupUidList = [
-            'admin' => $this->providerParams['group_id_admin'],
-            'sessionAdmin' => $this->providerParams['group_id_session_admin'],
-            'teacher' => $this->providerParams['group_id_teacher'],
-        ];
-
-        return array_filter($groupUidList);
-    }
-
-    /**
-     * @return array<string, callable>
-     */
-    public function getUpdateActionByRole(): array
-    {
-        return [
-            'admin' => function (User $user): void {
-                $user
-                    ->setStatus(COURSEMANAGER)
-                    ->addUserAsAdmin()
-                    ->setRoleFromStatus(COURSEMANAGER)
-                ;
-            },
-            'sessionAdmin' => function (User $user): void {
-                $user
-                    ->setStatus(SESSIONADMIN)
-                    ->removeUserAsAdmin()
-                    ->setRoleFromStatus(SESSIONADMIN)
-                ;
-            },
-            'teacher' => function (User $user): void {
-                $user
-                    ->setStatus(COURSEMANAGER)
-                    ->removeUserAsAdmin()
-                    ->setRoleFromStatus(COURSEMANAGER)
-                ;
-            },
-        ];
-    }
-
     /**
      * @throws Exception
      */

src/CoreBundle/Command/AzureSyncUsersCommand.php

@@ -55,10 +55,13 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 
         $io->section('Updating users status');
 
-        $roleGroups = $this->getGroupUidByRole();
-        $roleActions = $this->getUpdateActionByRole();
+        $roleActions = $this->azureHelper->getUpdateActionByRole();
+
+        foreach ($this->providerParams['group_id'] as $userRole => $groupUid) {
+            if (empty($groupUid)) {
+                continue;
+            }
 
-        foreach ($roleGroups as $userRole => $groupUid) {
             try {
                 $azureGroupMembersInfo = iterator_to_array($this->getAzureGroupMembers($groupUid));
             } catch (Exception $e) {
@@ -114,7 +117,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
             );
         }
 
-        $io->success('You have a new command! Now make it your own! Pass --help to see your options.');
+        $io->success('Done.');
 
         return Command::SUCCESS;
     }

src/CoreBundle/Helpers/AzureAuthenticatorHelper.php

@@ -172,7 +172,8 @@ public function getExistingUserVerificationOrder(): array
         return [1, 2, 3];
     }
 
-    private function formatUserData(array $azureUserData): array {
+    private function formatUserData(array $azureUserData): array
+    {
         $phone = null;
 
         if (isset($azureUserData['telephoneNumber'])) {
@@ -207,4 +208,36 @@ private function formatUserData(array $azureUserData): array {
             $extra,
         ];
     }
+
+    /**
+     * The keys are the user roles, as defined for the group_ip parameter in the authentication.yaml file for Azure.
+     *
+     * @return array<string, callable>
+     */
+    public function getUpdateActionByRole(): array
+    {
+        return [
+            'admin' => function (User $user): void {
+                $user
+                    ->setStatus(COURSEMANAGER)
+                    ->addUserAsAdmin()
+                    ->setRoleFromStatus(COURSEMANAGER)
+                ;
+            },
+            'session_admin' => function (User $user): void {
+                $user
+                    ->setStatus(SESSIONADMIN)
+                    ->removeUserAsAdmin()
+                    ->setRoleFromStatus(SESSIONADMIN)
+                ;
+            },
+            'teacher' => function (User $user): void {
+                $user
+                    ->setStatus(COURSEMANAGER)
+                    ->removeUserAsAdmin()
+                    ->setRoleFromStatus(COURSEMANAGER)
+                ;
+            },
+        ];
+    }
 }