Merge pull request #322 from moreonion/multi-org

auth: Use simplified app-to-app flow
moreonion · Mar 8, 2023 · b5d9fe7 · b5d9fe7
2 parents 2942515 + ff406e7
commit b5d9fe7
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 5 deletions.
diff --git a/campaignion_auth/campaignion_auth.variable.inc b/campaignion_auth/campaignion_auth.variable.inc
@@ -27,7 +27,7 @@ function campaignion_auth_variable_info($options) {
     'title' => t('Impact-stack organization'),
     'description' => t('Machine name of the impact-stack organization owning the data of this installation.'),
     'type' => 'string',
-    'default' => basename(conf_path()),
+    'default' => 'impact-stack>' . basename(conf_path()),
     'localize' => FALSE,
   ];
   return $v;

diff --git a/campaignion_auth/src/AuthAppClient.php b/campaignion_auth/src/AuthAppClient.php
@@ -72,18 +72,32 @@ public function getToken() : string {
     if (($cache = cache_get(static::TOKEN_CID)) && $cache->expire > REQUEST_TIME) {
       return $cache->data;
     }
-    $token = $this->post('token/' . urlencode($this->organization), [], $this->key)['token'];
+    $token = $this->post('token', [], $this->key)['token'];
     cache_set(static::TOKEN_CID, $token, 'cache', REQUEST_TIME + $this->tokenLifetime);
     return $token;
   }
 
   /**
-   * Get editor token.
+   * Get token for acting as an editor.
    */
   public function getEditorToken() : string {
+    return $this->getUserToken(['editor']);
+  }
+
+  /**
+   * Get a token for a set of roles.
+   *
+   * @param string[] $roles
+   *   Access to these roles should be granted with the resulting JWT.
+   *
+   * @return string
+   *   The JWT from the auth app suitable for using in the Authorization header.
+   */
+  public function getUserToken(array $roles = []) : string {
     $token = $this->getToken();
     $options['headers']['Authorization'] = "Bearer $token";
-    $token = $this->post('session', [], ['roles' => ['editor']], $options)['token'];
+    $session['roles'][$this->organization] = $roles;
+    $token = $this->post('session', [], $session, $options)['token'];
     return $token;
   }
 

diff --git a/campaignion_auth/tests/AuthAppClientTest.php b/campaignion_auth/tests/AuthAppClientTest.php
@@ -36,7 +36,7 @@ public function testRequestingTokenTwiceOnTwoObjects() {
     $api = $this->instrumentedApi();
     $api->expects($this->once())
       ->method('send')
-      ->with('token/org1', [], [
+      ->with('token', [], [
         'public_key' => 'pk_',
         'secret_key' => 'sk_',
       ], [