Add act like user

thecatontheflat · Dec 29, 2017 · cbc0159 · cbc0159
1 parent 3a1470f
commit cbc0159
Show file tree

Hide file tree

Showing 9 changed files with 48 additions and 25 deletions.
diff --git a/DependencyInjection/AtlassianConnectExtension.php b/DependencyInjection/AtlassianConnectExtension.php
@@ -29,7 +29,6 @@ public function load(array $configs, ContainerBuilder $container): void
         $config['dev'] = \array_merge($prod, $dev);
 
         $container->setParameter('atlassian_connect', $config);
-        $container->setParameter('atlassian_connect_token_lifetime', $config['token_lifetime']);
         $container->setParameter('atlassian_connect_dev_tenant', $config['dev_tenant']);
 
         $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));

diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -19,7 +19,6 @@ public function getConfigTreeBuilder(): TreeBuilder
         $rootNode = $treeBuilder->root('atlassian_connect');
         $rootNode
             ->children()
-                ->variableNode('token_lifetime')->defaultValue(600)->end()
                 ->variableNode('dev_tenant')->defaultValue(1)->end()
                 ->variableNode('prod')->end()
                 ->variableNode('dev')->end()

diff --git a/README.md b/README.md
@@ -42,7 +42,6 @@ Sample configuration in `config.yml`:
 ```yaml
     atlassian_connect:
         dev_tenant: 1
-        token_lifetime: 86400
         prod:
             key: 'your-addon-key'
             name: 'Your Add-On Name'
@@ -126,6 +125,7 @@ In your **protected** controller action you can make a signed request to JIRA in
 
 namespace App\Controller;
 
+use AtlassianConnectBundle\Service\AtlassianRestClient;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\HttpFoundation\Response;
@@ -141,9 +141,17 @@ class ProtectedController extends Controller
     public function index()
     {
         $client = $this->container->get(AtlassianRestClient::class);
-        $json = $client->get('/rest/api/2/issue/KEY-XXX');
 
-        return new Response($json);
+        // Send request from system user
+        $issue = $client->get('/rest/api/2/issue/KEY-XXX');
+
+        // Send request from system user
+        $user = $client
+            ->setUser('admin') // the primary key of the user in Jira/Confluence etc.
+            ->get('/rest/api/2/myself')
+        ;
+
+        return new Response([$issue, $user]);
     }
 }
 ```

diff --git a/Resources/config/services.yml b/Resources/config/services.yml
@@ -54,7 +54,6 @@ services:
         class: '%atlassian_connect_jwt_user_provider_class%'
         arguments:
             $registry: '@Doctrine\Common\Persistence\ManagerRegistry'
-            $tokenLifetime: '%atlassian_connect_token_lifetime%'
             $tenantClass: '%atlassian_connect_tenant_entity_class%'
 
     jwt_authenticator:

diff --git a/Security/JWTUserProvider.php b/Security/JWTUserProvider.php
@@ -22,11 +22,6 @@ class JWTUserProvider implements UserProviderInterface
      */
     protected $em;
 
-    /**
-     * @var int
-     */
-    protected $tokenLifetime;
-
     /**
      * @var string
      */
@@ -36,13 +31,11 @@ class JWTUserProvider implements UserProviderInterface
      * JWTUserProvider constructor.
      *
      * @param ManagerRegistry $registry
-     * @param int             $tokenLifetime
      * @param string          $tenantClass
      */
-    public function __construct(ManagerRegistry $registry, int $tokenLifetime, string $tenantClass)
+    public function __construct(ManagerRegistry $registry, string $tenantClass)
     {
         $this->em = $registry->getManager();
-        $this->tokenLifetime = $tokenLifetime;
         $this->tenantClass = $tenantClass;
     }
 

diff --git a/Service/AtlassianRestClient.php b/Service/AtlassianRestClient.php
@@ -24,6 +24,11 @@ class AtlassianRestClient
      */
     private $client;
 
+    /**
+     * @var string|null
+     */
+    private $user;
+
     /**
      * @param TenantInterface|null       $tenant
      * @param TokenStorageInterface|null $tokenStorage
@@ -102,6 +107,19 @@ public function delete(string $restUrl): string
         return $this->client->delete($this->buildURL($restUrl))->getBody()->getContents();
     }
 
+    /**
+     * @param string|null $user
+     *
+     * @return AtlassianRestClient
+     */
+    public function setUser(?string $user): AtlassianRestClient
+    {
+        $this->user = $user;
+        $this->createClient();
+
+        return $this;
+    }
+
     /**
      * @param string $restUrl
      *
@@ -128,7 +146,8 @@ private function createClient(): Client
         $stack->setHandler(new CurlHandler());
         $stack->push(GuzzleJWTMiddleware::authTokenMiddleware(
             $this->tenant->getAddonKey(),
-            $this->tenant->getSharedSecret()
+            $this->tenant->getSharedSecret(),
+            $this->user
         ));
 
         return new Client(['handler' => $stack]);

diff --git a/Service/GuzzleJWTMiddleware.php b/Service/GuzzleJWTMiddleware.php
@@ -15,19 +15,20 @@ class GuzzleJWTMiddleware
     /**
      * JWT Authentication middleware for Guzzle
      *
-     * @param string $issuer Add-on key in most cases
-     * @param string $secret Shared secret
+     * @param string      $issuer Add-on key in most cases
+     * @param string      $secret Shared secret
+     * @param null|string $user
      *
      * @return callable
      */
-    public static function authTokenMiddleware(string $issuer, string $secret): callable
+    public static function authTokenMiddleware(string $issuer, string $secret, ?string $user): callable
     {
         return Middleware::mapRequest(
-            function (RequestInterface $request) use ($issuer, $secret) {
+            function (RequestInterface $request) use ($issuer, $secret, $user) {
                 return new Request(
                     $request->getMethod(),
                     $request->getUri(),
-                    \array_merge($request->getHeaders(), ['Authorization' => 'JWT '.static::createToken($request, $issuer, $secret)]),
+                    \array_merge($request->getHeaders(), ['Authorization' => 'JWT '.static::createToken($request, $issuer, $secret, $user)]),
                     $request->getBody()
                 );
             }
@@ -40,16 +41,23 @@ function (RequestInterface $request) use ($issuer, $secret) {
      * @param RequestInterface $request
      * @param string           $issuer  Key of the add-on
      * @param string           $secret  Shared secret of the Tenant
+     * @param null|string      $user
      *
      * @return string
      */
-    private static function createToken(RequestInterface $request, string $issuer, string $secret): string
+    private static function createToken(RequestInterface $request, string $issuer, string $secret, ?string $user): string
     {
-        return JWT::encode([
+        $data = [
             'iss' => $issuer,
             'iat' => \time(),
             'exp' => \strtotime('+1 day'),
             'qsh' => QSHGenerator::generate((string) $request->getUri(), $request->getMethod()),
-        ], $secret);
+        ];
+
+        if ($user !== null) {
+            $data['sub'] = $user;
+        }
+
+        return JWT::encode($data, $secret);
     }
 }
diff --git a/Tests/Controller/DescriptorControllerTest.php b/Tests/Controller/DescriptorControllerTest.php
@@ -20,7 +20,6 @@ public function testIndexAction(): void
         ];
 
         $controller = new DescriptorController('dev', [
-            'token_lifetime' => 86400,
             'dev_tenant' => 1,
             'prod' => [],
             'dev' => $data,

diff --git a/Tests/DependencyInjection/AtlassianConnectExtensionTest.php b/Tests/DependencyInjection/AtlassianConnectExtensionTest.php
@@ -55,7 +55,6 @@ public function testLoadExtension(): void
         $this->container->setParameter('kernel.environment', 'test');
 
         $this->container->prependExtensionConfig($this->extension->getAlias(), [
-            'token_lifetime' => 86400,
             'dev_tenant' => 1,
             'prod' => [],
             'dev' => [],