custom/static-plugins/WabsAuth/src/Helper/AuthHelper.php line 472

Open in your IDE?
  1. <?php
  3. namespace WabsAuth\Helper;
  5. use DateTimeImmutable;
  6. use Exception;
  7. use Lcobucci\JWT\Signer\Rsa\Sha256;
  8. use Shopware\Core\Checkout\Customer\Aggregate\CustomerGroup\CustomerGroupEntity;
  9. use Shopware\Core\Checkout\Customer\CustomerEntity;
  10. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  11. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  12. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  13. use Shopware\Core\Framework\Uuid\Uuid;
  14. use Shopware\Core\System\NumberRange\ValueGenerator\NumberRangeValueGeneratorInterface;
  15. use Shopware\Core\System\SalesChannel\Entity\SalesChannelRepositoryInterface;
  16. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  17. use Shopware\Core\System\SystemConfig\SystemConfigService;
  18. use Symfony\Component\HttpFoundation\Session\Session;
  19. use WabsAuth\Helper\Keycloak\KeycloakProvider;
  21. class AuthHelper
  22. {
  23.     private SystemConfigService $systemConfigService;
  24.     private SalesChannelRepositoryInterface $countryRepository;
  25.     private SalesChannelRepositoryInterface $salutationRepository;
  26.     private NumberRangeValueGeneratorInterface $numberRangeValueGenerator;
  27.     private EntityRepositoryInterface $customerRepository;
  28.     private EntityRepositoryInterface $customerGroupRepository;
  29.     private EntityRepositoryInterface $wabsAuthCustomerRepository;
  30.     private array $groupMapping;
  31.     private bool $noAdvancedMode;
  32.     private Session $session;
  33.     private AddressMatchingHelper $addressMatchingHelper;
  34.     private DebugHelper $logger;
  35.     public bool $organizationAddressFlag false;
  37.     /**
  38.      * AuthHelper constructor.
  39.      * @param SystemConfigService $systemConfigService
  40.      * @param SalesChannelRepositoryInterface $countryRepository
  41.      * @param SalesChannelRepositoryInterface $salutationRepository
  42.      * @param NumberRangeValueGeneratorInterface $numberRangeValueGenerator
  43.      * @param EntityRepositoryInterface $customerRepository
  44.      * @param EntityRepositoryInterface $wabsAuthCustomerRepository
  45.      * @param EntityRepositoryInterface $customerGroupRepository
  46.      * @param AddressMatchingHelper $addressMatchingHelper
  47.      * @param Session $session
  48.      * @param DebugHelper $logger
  49.      */
  50.     public function __construct(
  51.         SystemConfigService $systemConfigService,
  52.         SalesChannelRepositoryInterface $countryRepository,
  53.         SalesChannelRepositoryInterface $salutationRepository,
  54.         NumberRangeValueGeneratorInterface $numberRangeValueGenerator,
  55.         EntityRepositoryInterface $customerRepository,
  56.         EntityRepositoryInterface $wabsAuthCustomerRepository,
  57.         EntityRepositoryInterface $customerGroupRepository,
  58.         AddressMatchingHelper $addressMatchingHelper,
  59.         Session $session,
  60.         DebugHelper $logger
  61.     ) {
  62.         $this->systemConfigService $systemConfigService;
  63.         $this->countryRepository $countryRepository;
  64.         $this->salutationRepository $salutationRepository;
  65.         $this->numberRangeValueGenerator $numberRangeValueGenerator;
  66.         $this->customerRepository $customerRepository;
  67.         $this->wabsAuthCustomerRepository $wabsAuthCustomerRepository;
  68.         $this->customerGroupRepository $customerGroupRepository;
  69.         $this->noAdvancedMode = (bool)$this->systemConfigService->get('WabsAuth.config.disableAdvancedMode');
  70.         $tmpGroupMapping $this->systemConfigService->get('WabsAuth.config.customerGroupMapping');
  71.         $tmpGroupMapping explode("\n"$tmpGroupMapping);
  72.         foreach ($tmpGroupMapping as $item) {
  73.             if (!empty($item)) {
  74.                 [$igmWord$groupName$femaleTranslation$maleTranslation] = explode(';'$item);
  75.                 if ($igmWord && $groupName) {
  76.                     $this->groupMapping[$igmWord] = [$groupName$femaleTranslation ?? ''$maleTranslation ?? ''];
  77.                 }
  78.             }
  79.         }
  80.         $this->session $session;
  81.         $this->addressMatchingHelper $addressMatchingHelper;
  82.         $this->logger $logger;
  83.     }
  85.     /**
  86.      * Returns the OpenID Connector
  87.      *
  88.      * @return
  89.      */
  90.     public function getProvider(): KeycloakProvider
  91.     {
  92.         $scopes $this->systemConfigService->get('WabsAuth.config.scopes');
  93.         $scopes explode(','$scopes);
  94.         $scopes array_map('trim'$scopes);
  95.         $algorithm = new Sha256();
  97.         return new KeycloakProvider([
  98.             'authServerUrl' => $this->systemConfigService->get('WabsAuth.config.authServerUrl'),
  99.             'realm' => $this->systemConfigService->get('WabsAuth.config.realm'),
  100.             'clientId' => $this->systemConfigService->get('WabsAuth.config.clientId'),
  101.             'clientSecret' => $this->systemConfigService->get('WabsAuth.config.clientSecret'),
  102.             'redirectUri' => $this->systemConfigService->get('WabsAuth.config.redirectUri'),
  103.             'encryptionAlgorithm' => $algorithm->algorithmId(),
  104.             'encryptionKey' => $this->systemConfigService->get('WabsAuth.config.publicKey'),
  105.             'scopes' => $scopes,
  106.         ]);
  107.     }
  109.     /**
  110.      * Returns a valid customer or throws an exception, if creation or update of customer failed.
  111.      *
  112.      * @param array $ownerData
  113.      * @param string $accessToken
  114.      * @param SalesChannelContext $context
  115.      * @return bool|CustomerEntity
  116.      * @throws Exception
  117.      */
  118.     public function getCustomer(array $ownerDatastring $accessTokenSalesChannelContext $context)
  119.     {
  120.         // check if user exists in database and return entity
  121.         $ownerData['email'] = $this->getOwnerMailAddress($ownerData);
  122.         if (!$ownerData['email']) {
  123.             $this->logger->debug('AuthHelper | No Email Address provided.');
  124.             throw new Exception('E-Mail Address not available.');
  125.         }
  127.         /** @var CustomerEntity $customer */
  128.         $customer $this->customerExists($ownerData$context);
  129.         if (!$customer) {
  130.             $customer $this->_register($ownerData$context);
  131.         }
  133.         if (!$customer->getActive()) {
  134.             $this->logger->debug('AuthHelper | Customer not active.');
  135.             throw new Exception('Customer Account deactivated.');
  136.         }
  138.         $customerGroups $this->getAllowedGroups($ownerData);
  139.         $customerGroupId $this->getCustomerGroupId($ownerData$customerGroups$context);
  141.         if (empty($customerGroupId)) {
  142.             $this->logger->debug('AuthHelper | No Valid Group for customer with number: ' $customer->getCustomerNumber());
  143.             throw new Exception('No valid Group for customer.');
  144.         }
  145.         if (empty($customerGroups)) {
  146.             $customerGroups[] = $customerGroups;
  147.         }
  149.         return $this->updateCustomer($customer$ownerData$customerGroupId$customerGroups$accessToken$context);
  150.     }
  152.     /**
  153.      * Returns the email of the customer from the given array.
  154.      *
  155.      * @param array $data
  156.      * @return string
  157.      */
  158.     protected function getOwnerMailAddress(array $data): string
  159.     {
  160.         if (filter_var($data['preferred_username'], FILTER_VALIDATE_EMAIL)) {
  161.             return $data['preferred_username'];
  162.         }
  163.         if (filter_var($data['igm_account_data']['accountName'], FILTER_VALIDATE_EMAIL)) {
  164.             return $data['igm_account_data']['accountName'];
  165.         }
  166.         return '';
  167.     }
  169.     /**
  170.      * Fetch current User by igm_uid
  171.      *
  172.      * @param array $data
  173.      * @param SalesChannelContext $context
  174.      *
  175.      * @return mixed|null
  176.      */
  177.     protected function customerExists(array $dataSalesChannelContext $context)
  178.     {
  179.         $criteria = new Criteria();
  180.         $criteria->addFilter(new EqualsFilter('customer.guest'0));
  181.         $criteria->addFilter(new EqualsFilter('pluginWabsAuthCustomer.igmUid'$data['igm_account_data']['relId']));
  183.         $result $this->customerRepository->search($criteria$context->getContext());
  185.         if ($result->count() !== 1) {
  186.             $this->logger->debug('AuthHelper | No customer with email address.');
  187.             return null;
  188.         }
  190.         return $result->first();
  191.     }
  193.     /**
  194.      * Registers a new customer in the system.
  195.      *
  196.      * @param array $data
  197.      * @param SalesChannelContext $context
  198.      *
  199.      * @return CustomerEntity
  200.      */
  201.     protected function _register(array $dataSalesChannelContext $context): CustomerEntity
  202.     {
  203.         /** get salutation uuid */
  204.         $gender 'mr';
  205.         if ($data['igm_account_data']['gender'] === 'W') {
  206.             $gender .= 's';
  207.         }
  209.         $criteria = new Criteria();
  210.         $criteria->addFilter(new EqualsFilter('salutationKey'$gender));
  211.         $salutation $this->salutationRepository->search($criteria$context)->first();
  213.         /** get country uuid | DE */
  214.         $criteria = new Criteria();
  215.         $criteria->addFilter(new EqualsFilter('active'true));
  216.         $criteria->addFilter(new EqualsFilter('iso''DE'));
  217.         $country $this->countryRepository->search($criteria$context)->first();
  219.         $customer = [
  220.             'id' => Uuid::randomHex(),
  221.             'customerNumber' => $this->numberRangeValueGenerator->getValue(
  222.                 $this->customerRepository->getDefinition()->getEntityName(),
  223.                 $context->getContext(),
  224.                 $context->getSalesChannel()->getId()
  225.             ),
  226.             'salesChannelId' => $context->getSalesChannel()->getId(),
  227.             'languageId' => $context->getContext()->getLanguageId(),
  228.             'groupId' => $context->getCurrentCustomerGroup()->getId(),
  229.             'defaultPaymentMethodId' => $context->getPaymentMethod()->getId(),
  230.             'salutationId' => $salutation->getId(),
  231.             'firstName' => $data['given_name'] ?? '',
  232.             'lastName' => $data['family_name'] ?? '',
  233.             'email' => $data['email'],
  234.             'title' => '',
  235.             'affiliateCode' => '',
  236.             'campaignCode' => '',
  237.             'active' => true,
  238.             'birthday' => '',
  239.             'guest' => false,
  240.             'firstLogin' => new DateTimeImmutable(),
  241.             'defaultShippingAddressId' => null,
  242.             'defaultBillingAddressId' => null,
  243.             'addresses' => [],
  244.         ];
  246.         $billingAddress = [];
  247.         $billingAddress['id'] = Uuid::randomHex();
  248.         $billingAddress['customerId'] = $customer['id'];
  249.         $billingAddress['firstName'] = $data['given_name'] ?? '';
  250.         $billingAddress['lastName'] = $data['family_name'] ?? '';
  251.         $billingAddress['salutationId'] = $salutation->getId();
  253.         /** @ToDo: Woher kommen diese Infos? */
  254.         /** Default: Aktuelle Daten des IGM Impressum */
  255.         $billingAddress['street'] = 'xxxxx';
  256.         $billingAddress['zipcode'] = 'xxxxx';
  257.         $billingAddress['city'] = 'xxxxx';
  258.         /** @ToDo: End */
  260.         $billingAddress['countryId'] = $country->getId();
  262.         $customer['defaultShippingAddressId'] = $billingAddress['id'];
  263.         $customer['defaultBillingAddressId'] = $billingAddress['id'];
  264.         $customer['addresses'][] = $billingAddress;
  266.         // Prüfen auf Funktionalität!
  267.         // $customer['pluginWabsAuthCustomer']['igmUid'] = $data['igm_account_data']['relId'];
  269.         // register new user with api data
  270.         $this->customerRepository->create([$customer], $context->getContext());
  272.         $criteria = new Criteria([$customer['id']]);
  273.         $criteria->addAssociation('addresses');
  274.         $criteria->addAssociation('salutation');
  276.         $customer $this->customerRepository->search($criteria$context->getContext())->first();
  277.         /** save relId */
  278.         $this->wabsAuthCustomerRepository->create([
  279.             [
  280.                 'customerId' => $customer->getId(),
  281.                 'igmUid' => $data['igm_account_data']['relId']
  282.             ]
  283.         ], $context->getContext());
  285.         /** @var CustomerEntity $customerEntity */
  286.         return $customer;
  287.     }
  289.     /**
  290.      * @param array $ownerData
  291.      * @return array
  292.      */
  293.     private function getAllowedGroups(array $ownerData): array
  294.     {
  295.         $igmGroups = [];
  296.         if (array_key_exists('igm_authorization_groups'$ownerData)) {
  297.             foreach ($ownerData['igm_authorization_groups'] as $igmGroup) {
  298.                 if (array_key_exists($igmGroup$this->groupMapping)) {
  299.                     $igmGroups[] = $this->groupMapping[$igmGroup];
  300.                 }
  301.             }
  302.         }
  303.         return $igmGroups;
  304.     }
  306.     /**
  307.      * Returns true, if the user has multiple groups to choose from.
  308.      * Else returns false.
  309.      *
  310.      * @param array $ownerData
  311.      * @param array $igmGroups
  312.      * @param SalesChannelContext $context
  313.      *
  314.      * @return string
  315.      * @throws Exception
  316.      */
  317.     public function getCustomerGroupId(
  318.         array $ownerData,
  319.         array $igmGroups,
  320.         SalesChannelContext $context
  321.     ): string {
  322.         $autoLoginGroup $this->session->get('oauth_auto_group');
  323.         if ($autoLoginGroup) {
  324.             $this->session->remove('oauth_auto_group');
  325.             $this->logger->debug('AuthHelper | Auto login is active (Group: ' $autoLoginGroup ').');
  326.             $this->logger->debug('AuthHelper | Available groups:' var_export($igmGroups,true));
  327.             foreach ($igmGroups as $igmGroup) {
  328.                 if (in_array($autoLoginGroup$igmGroup)) {
  329.                     $this->logger->debug('AuthHelper | Auto login returns ' $autoLoginGroup '.');
  330.                     return $this->loadCustomerGroupId($autoLoginGroup$context);
  331.                 }
  332.             }
  333.             if( $this->session->get('oauth_force_auto_group') ) {
  334.                 return '';
  335.             }
  336.         }
  338.         if (count($igmGroups) <= 0) {
  339.             if (!array_key_exists('igm_account_category'$ownerData) || empty($ownerData['igm_account_category'])) {
  340.                 $this->logger->debug('AuthHelper | getCustomerGroupId | No group transmitted.');
  341.                 return '';
  342.             }
  343.             $this->logger->debug('AuthHelper | getCustomerGroupId | igm_account_category used instead of groups.');
  344.             return $this->loadCustomerGroupId($ownerData['igm_account_category'], $context);
  345.         }
  347.         if (count($igmGroups) === 1) {
  348.             $this->logger->debug('AuthHelper | getCustomerGroupId | Customer had exactly one group so we use it.');
  349.             return $this->loadCustomerGroupId($igmGroups[0][0], $context);
  350.         }
  352.         $this->logger->debug('AuthHelper | getCustomerGroupId | Customer has multiple groups, so he is GC.');
  353.         return $this->loadCustomerGroupId('GC'$context);
  354.     }
  356.     /**
  357.      * Tries to set the group for the customer by simple name. If $groupName is not found, nothing happens.
  358.      *
  359.      * @param CustomerEntity $customer
  360.      * @param string $groupName
  361.      * @param SalesChannelContext $context
  362.      *
  363.      * @return CustomerEntity
  364.      */
  365.     public function loadCustomerGroupId(
  366.         string $groupName,
  367.         SalesChannelContext $context
  368.     ): string {
  369.         $criteria = new Criteria();
  370.         $possibleGroups $this->customerGroupRepository->search($criteria,
  371.             $context->getContext())->getEntities()->getElements();
  373.         if ($this->noAdvancedMode) {
  374.             $groupName 'Mitglied';
  375.         }
  377.         /** @var CustomerGroupEntity $group */
  378.         foreach ($possibleGroups as $group) {
  379.             if (strtolower($group->getName()) === strtolower($groupName)) {
  380.                 return $group->getId();
  381.             }
  382.         }
  383.         return '';
  384.     }
  386.     /**
  387.      * Updates the customer with the given $data array values.
  388.      *
  389.      * @param CustomerEntity $customerEntity
  390.      * @param array $data
  391.      * @param string $customerGroup
  392.      * @param array $igmGroups
  393.      * @param string $accessToken
  394.      * @param SalesChannelContext $context
  395.      *
  396.      * @return CustomerEntity
  397.      */
  398.     public function updateCustomer(
  399.         CustomerEntity $customerEntity,
  400.         array $data,
  401.         string $customerGroup,
  402.         array $igmGroups,
  403.         string $accessToken,
  404.         SalesChannelContext $context
  405.     ): CustomerEntity {
  406.         $customFieldData = [
  407.             'igm_session_token' => $data['igm_session_token'],
  408.             'igm_account_data' => $data['igm_account_data'],
  409.             'access_token' => $accessToken,
  410.             'igm_groups' => $igmGroups
  411.         ];
  412.         $this->logger->debug('AuthHelper | ARRAY customFieldData: ' json_encode($customFieldData));
  413.         $this->logger->debug('AuthHelper | ARRAY data: ' json_encode($customFieldData));
  415.         /** get salutation uuid */
  416.         $gender 'mr';
  417.         if ($data['igm_account_data']['gender'] === 'W') {
  418.             $gender .= 's';
  419.         }
  421.         $criteria = new Criteria();
  422.         $criteria->addFilter(new EqualsFilter('salutationKey'$gender));
  423.         $salutation $this->salutationRepository->search($criteria$context)->first();
  425.         $paymentMethodId $this->addressMatchingHelper->getAppropriatePaymentMethodId($customerGroup);
  426.         $addressUUID $this->addressMatchingHelper->createCustomerAddress(
  427.             $customerEntity,
  428.             $customerGroup,
  429.             $data['igm_session_token'],
  430.             $accessToken,
  431.             $data['igm_account_data'],
  432.             $context
  433.         );
  434.         if ($addressUUID === false) {
  435.             $this->organizationAddressFlag true;
  436.         }
  438.         $this->logger->debug('AuthHelper | customer update $addressUUID: ' json_encode($addressUUID));
  439.         $customer = [
  440.             'id' => $customerEntity->getId(),
  441.             'salutationId' => $salutation->getId(),
  442.             'firstName' => $data['igm_account_data']['firstname'] ?? $customerEntity->getFirstName(),
  443.             'lastName' => $data['igm_account_data']['lastname'] ?? $customerEntity->getLastName(),
  444.             'email' => $data['igm_account_data']['accountName'] ?? $customerEntity->getEmail(),
  445.             'customFields' => $customFieldData,
  446.             'groupId' => $customerGroup,
  447.             'lastLogin' => new DateTimeImmutable(),
  448.             'defaultPaymentMethodId' => $paymentMethodId,
  449.             'lastPaymentMethodId' => $paymentMethodId,
  450.         ];
  451.         if (!empty($addressUUID)) {
  452.             $customer['defaultShippingAddressId'] = $addressUUID;
  453.             $customer['defaultBillingAddressId'] = $addressUUID;
  454.         }
  455.         $this->logger->debug('AuthHelper | ARRAY customer update data: ' json_encode($customer));
  457.         // update user with api data
  458.         $this->customerRepository->update([$customer], $context->getContext());
  460.         $customerEntity $this->addressMatchingHelper->reloadCustomer($customerEntity$context);
  461.         $this->addressMatchingHelper->deleteUnnecessaryAddresses($customerEntity$context);
  462.         return $customerEntity;
  463.     }
  465.     /**
  466.      * Loads the customer group of the user and adds them to the customer
  467.      *
  468.      * @param CustomerEntity $customer
  469.      * @param SalesChannelContext $context
  470.      * @return CustomerEntity|null
  471.      */
  472.     public function loadCustomerGroupToCustomer(CustomerEntity $customerSalesChannelContext $context): ?CustomerEntity
  473.     {
  474.         $criteria = new Criteria();
  475.         $criteria->addFilter(new EqualsFilter('id'$customer->getGroupId()));
  476.         $customerGroup $this->customerGroupRepository->search($criteria$context->getContext())->first();
  478.         if ($customerGroup === null) {
  479.             $this->logger->debug('AuthHelper | No customer group could be loaded to customer.');
  480.             return $customer;
  481.         }
  483.         $customer->setGroup($customerGroup);
  484.         return $customer;
  485.     }
  487.     /**
  488.      * Checks if user in the GC group that is used to select groups. Checks then if the user has the
  489.      * $selectedGroup added to the account on login and therefore the permission to use the $selectedGroup.
  490.      *
  491.      * @param string $selectedGroup
  492.      * @param CustomerEntity $customer
  493.      * @return bool
  494.      */
  495.     public function checkAllowedGroups(string $selectedGroupCustomerEntity $customer): bool
  496.     {
  497.         $customerGroup $customer->getGroup();
  498.         if ($this->noAdvancedMode) {
  499.             return true;
  500.         }
  502.         if ($customerGroup === null || $customerGroup->getName() !== 'GC') {
  503.             $this->logger->debug('AuthHelper | Customer has no group and is therefore not allowed to login.');
  504.             return false;
  505.         }
  507.         $customerCustomFields $customer->getCustomFields();
  508.         if (!array_key_exists('igm_groups'$customerCustomFields)) {
  509.             $this->logger->debug('AuthHelper | igm_groups array key is missing in custom fields.');
  510.             return false;
  511.         }
  512.         $possibleGroups $customerCustomFields['igm_groups'];
  513.         foreach ($possibleGroups as $group) {
  514.             if (in_array($selectedGroup$group)) {
  515.                 return true;
  516.             }
  517.         }
  519.         $this->logger->debug('AuthHelper | The customer group is not in the allowed groups.');
  520.         return false;
  521.     }
  522. }