From 00bbc23d73fd8185a72c59695417302280d0bdf4 Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Fri, 17 Dec 2021 09:18:55 -0500 Subject: [PATCH 1/2] feat(api): catch all failed requests and throw exception --- php-classes/Slate/Connectors/GSuite/API.php | 31 ++++++++++++++++++--- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/php-classes/Slate/Connectors/GSuite/API.php b/php-classes/Slate/Connectors/GSuite/API.php index 5a0848e..b31cdc9 100644 --- a/php-classes/Slate/Connectors/GSuite/API.php +++ b/php-classes/Slate/Connectors/GSuite/API.php @@ -133,16 +133,39 @@ public static function execute(MessageInterface $Request, array $options = [], L curl_setopt($ch, CURLOPT_HTTPHEADER, static::formatHeaders($Request->getHeaders())); // execute request - $result = curl_exec($ch); + $response = curl_exec($ch); + $responseCode = curl_getinfo($ch, CURLINFO_RESPONSE_CODE); curl_close($ch); + // close output stream or parse response JSON if (isset($fp)) { fclose($fp); - } elseif (!isset($options['decodeJson']) || $options['decodeJson']) { - $result = json_decode($result, true); + } else { + $responseData = json_decode($response, true); + } + + // check for errors + if ($responseCode >= 400 || $responseCode < 200) { + $errorMessage = null; + + if (!empty($responseData) + && !empty($responseData['error']) + && !empty($responseData['error']['message']) + ) { + $errorMessage = $responseData['error']['message']; + } + + throw new \RuntimeException( + ( + $errorMessage + ? "Google API request failed with error: {$errorMessage}" + : "Google API request failed with code: {$responseCode}" + ), + $responseCode + ); } - return $result; + return $responseData; } public static function getDomainEmail(IPerson $User = null) From 2833d4ded5779a7add4c517ed18167ea5c0848ea Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Fri, 17 Dec 2021 09:19:55 -0500 Subject: [PATCH 2/2] fix(sync): always use configured admin user --- php-classes/Slate/Connectors/GSuite/API.php | 20 ++++++++++--------- .../Slate/Connectors/GSuite/Connector.php | 9 ++------- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/php-classes/Slate/Connectors/GSuite/API.php b/php-classes/Slate/Connectors/GSuite/API.php index b31cdc9..03d10e0 100644 --- a/php-classes/Slate/Connectors/GSuite/API.php +++ b/php-classes/Slate/Connectors/GSuite/API.php @@ -20,6 +20,7 @@ class API public static $privateKey; public static $domain; + public static $adminUser; public static $skew = 60; public static $expiry = 3600; @@ -203,22 +204,23 @@ protected static function getAuthorizationHeaders($scope, $user = null) public static function getAccessToken($scope, $user = null, $ignoreCache = false) { - $cacheKey = sprintf('gsuite_accesstoken:%s/%s', $scope, $user ? $user : static::$clientEmail); + if (!$user) { + $user = static::$adminUser; + } + + $cacheKey = sprintf('gsuite_accesstoken:%s/%s', $scope, $user); if ($ignoreCache === true || !$token = Cache::fetch($cacheKey)) { $assertion = [ 'iss' => static::$clientEmail, + 'sub' => $user, 'aud' => (string)static::buildUrl('/oauth2/v4/token'), 'exp' => time() + static::$expiry, 'iat' => time() - static::$skew, 'scope' => $scope ]; - if (!empty($user)) { - $assertion['sub'] = $user; - } - $params = [ 'assertion' => JWT::encode($assertion, static::$privateKey, 'RS256'), 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer' @@ -269,7 +271,7 @@ public static function getAllResults($resultsKey, $path, array $params = [], arr public static function getAllUsers($params = []) { - $headers = static::getAuthorizationHeaders('https://www.googleapis.com/auth/admin.directory.user', (string)static::getDomainEmail()); + $headers = static::getAuthorizationHeaders('https://www.googleapis.com/auth/admin.directory.user'); $params['domain'] = static::$domain; $path = new Uri('https://www.googleapis.com/admin/directory/v1/users'); @@ -285,14 +287,14 @@ public static function getAllUsers($params = []) // Patch user: https://developers.google.com/admin-sdk/directory/v1/reference/users/patch public static function patchUser($userKey, $data) { - $headers = static::getAuthorizationHeaders('https://www.googleapis.com/auth/admin.directory.user', (string)static::getDomainEmail()); + $headers = static::getAuthorizationHeaders('https://www.googleapis.com/auth/admin.directory.user'); return static::buildAndExecuteRequest('PATCH', "/admin/directory/v1/users/$userKey", $data, $headers); } // Create user: https://developers.google.com/admin-sdk/directory/v1/reference/users/insert public static function createUser($data) { - $headers = static::getAuthorizationHeaders('https://www.googleapis.com/auth/admin.directory.user', (string)static::getDomainEmail()); + $headers = static::getAuthorizationHeaders('https://www.googleapis.com/auth/admin.directory.user'); return static::buildAndExecuteRequest('POST', "/admin/directory/v1/users", $data, $headers); } -} \ No newline at end of file +} diff --git a/php-classes/Slate/Connectors/GSuite/Connector.php b/php-classes/Slate/Connectors/GSuite/Connector.php index 9266bd7..98b1c4d 100644 --- a/php-classes/Slate/Connectors/GSuite/Connector.php +++ b/php-classes/Slate/Connectors/GSuite/Connector.php @@ -56,13 +56,8 @@ public static function synchronize(IJob $Job, $pretend = true) return static::throwError('Cannot execute job, privateKey not configured'); } elseif (empty(API::$domain)) { return static::throwError('Cannot execute job, domain not configured'); - } elseif (empty(API::getDomainEmail())) { - // \MICS::dump([ - // (string)$GLOBALS['Session']->Person->PrimaryEmail, - // API::$domain, - // API::getDomainEmail($GLOBALS['Session']->Person) - // ], 'info'); - return static::throwError('Cannot execute job, domain email not configured for current user'); + } elseif (empty(API::$adminUser)) { + return static::throwError('Cannot execute job, admin user not configured'); } // update job status