magento
diff --git a/‎app/code/Magento/AdminAdobeIms/Model/Authorization/AdobeImsAdminTokenUserService.php‎
Lines changed: 77 additions & 22 deletions b/‎app/code/Magento/AdminAdobeIms/Model/Authorization/AdobeImsAdminTokenUserService.php‎
Lines changed: 77 additions & 22 deletions
@@ -3,22 +3,24 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
 declare(strict_types=1);
 
 namespace Magento\AdminAdobeIms\Model\Authorization;
 
+use Magento\AdminAdobeIms\Api\SaveImsUserInterface;
 use Magento\AdminAdobeIms\Exception\AdobeImsAuthorizationException;
 use Magento\AdminAdobeIms\Service\AdminLoginProcessService;
 use Magento\AdminAdobeIms\Service\AdminReauthProcessService;
 use Magento\AdminAdobeIms\Service\ImsConfig;
 use Magento\AdobeIms\Exception\AdobeImsOrganizationAuthorizationException;
+use Magento\AdobeImsApi\Api\Data\TokenResponseInterface;
+use Magento\AdobeImsApi\Api\Data\TokenResponseInterfaceFactory;
 use Magento\AdobeImsApi\Api\GetProfileInterface;
 use Magento\AdobeImsApi\Api\GetTokenInterface;
 use Magento\AdobeImsApi\Api\OrganizationMembershipInterface;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Exception\AuthenticationException;
-use Magento\AdminAdobeIms\Api\SaveImsUserInterface;
+use Magento\Framework\Exception\AuthorizationException;
 
 /**
  * Adobe IMS Auth Model for getting Admin Token
@@ -28,6 +30,7 @@
 class AdobeImsAdminTokenUserService
 {
     private const ADOBE_IMS_MODULE_NAME = 'adobe_ims_auth';
+    private const AUTHORIZATION_METHOD_HEADER_BEARER = 'bearer';
 
     /**
      * @var ImsConfig
@@ -64,6 +67,11 @@ class AdobeImsAdminTokenUserService
      */
     private RequestInterface $request;
 
+    /**
+     * @var TokenResponseInterfaceFactory
+     */
+    private TokenResponseInterfaceFactory $tokenResponseFactory;
+
     /**
      * @var SaveImsUserInterface
      */
@@ -77,6 +85,7 @@ class AdobeImsAdminTokenUserService
      * @param RequestInterface $request
      * @param GetTokenInterface $token
      * @param GetProfileInterface $profile
+     * @param TokenResponseInterfaceFactory $tokenResponseFactory
      * @param SaveImsUserInterface $saveImsUser
      */
     public function __construct(
@@ -87,6 +96,7 @@ public function __construct(
         RequestInterface $request,
         GetTokenInterface $token,
         GetProfileInterface $profile,
+        TokenResponseInterfaceFactory $tokenResponseFactory,
         SaveImsUserInterface $saveImsUser
     ) {
         $this->adminImsConfig = $adminImsConfig;
@@ -96,6 +106,7 @@ public function __construct(
         $this->request = $request;
         $this->token = $token;
         $this->profile = $profile;
+        $this->tokenResponseFactory = $tokenResponseFactory;
         $this->saveImsUser = $saveImsUser;
     }
 
@@ -107,33 +118,23 @@ public function __construct(
      * @throws AdobeImsAuthorizationException
      * @throws AdobeImsOrganizationAuthorizationException
      * @throws AuthenticationException
+     * @throws AuthorizationException
      */
     public function processLoginRequest(bool $isReauthorize = false): void
     {
-        if ($this->adminImsConfig->enabled() && $this->request->getParam('code')
+        if ($this->adminImsConfig->enabled()
             && $this->request->getModuleName() === self::ADOBE_IMS_MODULE_NAME) {
             try {
-                $code = $this->request->getParam('code');
-
-                //get token from response
-                $tokenResponse = $this->token->getTokenResponse($code);
-                $accessToken = $tokenResponse->getAccessToken();
-
-                //get profile info to check email
-                $profile = $this->profile->getProfile($accessToken);
-                if (empty($profile['email'])) {
-                    throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
-                }
-
-                //check membership in organization
-                $this->organizationMembership->checkOrganizationMembership($accessToken);
-
-                if ($isReauthorize) {
-                    $this->adminReauthProcessService->execute($tokenResponse);
+                if ($this->request->getHeader('Authorization')) {
+                    $tokenResponse = $this->getRequestedToken();
+                } elseif ($this->request->getParam('code')) {
+                    $code = $this->request->getParam('code');
+                    $tokenResponse = $this->token->getTokenResponse($code);
                 } else {
-                    $this->saveImsUser->save($profile);
-                    $this->adminLoginProcessService->execute($tokenResponse, $profile);
+                    throw new AuthenticationException(__('Unable to get Access Token. Please try again.'));
                 }
+
+                $this->getLoggedIn($isReauthorize, $tokenResponse);
             } catch (AdobeImsAuthorizationException $e) {
                 throw new AdobeImsAuthorizationException(
                     __('You don\'t have access to this Commerce instance')
@@ -147,4 +148,58 @@ public function processLoginRequest(bool $isReauthorize = false): void
             throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
         }
     }
+
+    /**
+     * Get requested token using Authorization header
+     *
+     * @return TokenResponseInterface
+     * @throws AuthenticationException
+     */
+    private function getRequestedToken(): TokenResponseInterface
+    {
+        $authorizationHeaderValue = $this->request->getHeader('Authorization');
+        if (!$authorizationHeaderValue) {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+
+        $headerPieces = explode(" ", $authorizationHeaderValue);
+        if (count($headerPieces) !== 2) {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+
+        $tokenType = strtolower($headerPieces[0]);
+        if ($tokenType !== self::AUTHORIZATION_METHOD_HEADER_BEARER) {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+
+        $tokenResponse['access_token'] = $headerPieces[1];
+        return $this->tokenResponseFactory->create(['data' => $tokenResponse]);
+    }
+
+    /**
+     * Responsible for logging in to Admin Panel
+     *
+     * @param bool $isReauthorize
+     * @param TokenResponseInterface $tokenResponse
+     * @return void
+     * @throws AdobeImsAuthorizationException
+     * @throws AuthenticationException
+     * @throws AuthorizationException
+     */
+    private function getLoggedIn(bool $isReauthorize, TokenResponseInterface $tokenResponse): void
+    {
+        $profile = $this->profile->getProfile($tokenResponse->getAccessToken());
+        if (empty($profile['email'])) {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+
+        $this->organizationMembership->checkOrganizationMembership($tokenResponse->getAccessToken());
+
+        if ($isReauthorize) {
+            $this->adminReauthProcessService->execute($tokenResponse);
+        } else {
+            $this->saveImsUser->save($profile);
+            $this->adminLoginProcessService->execute($tokenResponse, $profile);
+        }
+    }
 }