Merge pull request #312 from dof-dss/10.x-dev

PR for release
dof-dss · Dec 6, 2023 · c3145cf · c3145cf
2 parents bd0002b + e039738
commit c3145cf
Show file tree

Hide file tree

Showing 7 changed files with 1,190 additions and 2,352 deletions.
diff --git a/origins_qa/origins_qa.module b/origins_qa/origins_qa.module
@@ -16,6 +16,8 @@ function origins_qa_help($route_name, RouteMatchInterface $route_match) {
       $output = '';
       $output .= '<h3>' . t('About') . '</h3>';
       $output .= '<p>' . t("This module provides management operations for QA accounts. User accounts must be assigned the role 'qa' (Quality Assurance) to appear on the 'QA Accounts' section under 'People'.") . '</p>';
+      $output .= '<h2>' . t('API') . '</h2>';
+      $output .= '<p>' . t("The API provides commands to activate or deactivate QA accounts on non-production environments. The API requires that a token called 'ORIGINS_QA_API_TOKEN' is set within the Platform SH environment variables.") . '</p>';
       return $output;
   }
 }
diff --git a/origins_qa/origins_qa.routing.yml b/origins_qa/origins_qa.routing.yml
@@ -34,3 +34,22 @@ origins_qa.manager.qa_account_create_form_modal:
     _permission: 'manage qa accounts'
   options:
     _admin_route: TRUE
+
+origins_qa.api.users_enable:
+  path: '/origins-qa/api/users/enable/{token}'
+  defaults:
+    _title: 'Enable QA users'
+    _controller: '\Drupal\origins_qa\Controller\QaApiController::setQaUsersStatus'
+    status: 'enable'
+    methods: [GET]
+  options:
+    no_cache: TRUE
+origins_qa.api.users_disable:
+  path: '/origins-qa/api/users/disable/{token}'
+  defaults:
+    _title: 'Disable QA users'
+    _controller: '\Drupal\origins_qa\Controller\QaApiController::setQaUsersStatus'
+    status: 'disable'
+    methods: [GET]
+  options:
+    no_cache: TRUE
diff --git a/origins_qa/src/Controller/QaApiController.php b/origins_qa/src/Controller/QaApiController.php
@@ -0,0 +1,123 @@
+<?php
+
+declare(strict_types = 1);
+
+namespace Drupal\origins_qa\Controller;
+
+use Drupal\Core\Controller\ControllerBase;
+use Drupal\Core\File\FileSystemInterface;
+use Drupal\Core\Logger\LoggerChannelFactory;
+use Drupal\Core\Site\Settings;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Provides endpoints for the QA API service.
+ */
+final class QaApiController extends ControllerBase {
+
+  /**
+   * The filepath to the invalid token list.
+   *
+   * @var string
+   */
+  protected $invalidTokensFilepath;
+
+  /**
+   * The current request.
+   *
+   * @var \Symfony\Component\HttpFoundation\Request
+   */
+  protected $request;
+
+  /**
+   * The logger channel.
+   *
+   * @var \Drupal\Core\Logger\LoggerChannel
+   */
+  protected $logger;
+
+  /**
+   * Constructs a QaEndpointController object.
+   *
+   * @param \Symfony\Component\HttpFoundation\Request $request
+   *   The current request.
+   *
+   * @param \Drupal\Core\Logger\LoggerChannelFactory $logger
+   *   The logger channel factory service.
+   */
+  public function __construct(Request $request, LoggerChannelFactory $logger) {
+    $this->request = $request;
+    $this->logger = $logger->get('origins_qa');
+    $this->invalidTokensFilepath = Settings::get('file_private_path') . '/origins_qa_invalid_tokens.txt';
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    return new static(
+      $container->get('request_stack')->getCurrentRequest(),
+      $container->get('logger.factory'),
+    );
+  }
+
+  /**
+   * Enable QA accounts.
+   */
+  public function setQaUsersStatus($status, $token) {
+    // If we're on the production environment reject the request.
+    if (getenv('PLATFORM_BRANCH') === 'main') {
+      $this->logger->warning("Origins QA module is enabled and should NOT be for production environments.");
+      return new JsonResponse(NULL, 405);
+    }
+
+    // Check if the token is in the invalid list.
+    if (file_exists($this->invalidTokensFilepath)) {
+      $invalid_tokens = str_getcsv(file_get_contents($this->invalidTokensFilepath));
+
+      if (in_array($token, $invalid_tokens)) {
+        return new JsonResponse(NULL, 403);
+      }
+    }
+
+    // Check we have an HTTPS connection.
+    if (!$this->request->isSecure()) {
+      // Add the token to the invalid list if it was passed via
+      // an unencrypted HTTP connection.
+      if (file_exists($this->invalidTokensFilepath)) {
+        $invalid_tokens = str_getcsv(file_get_contents($this->invalidTokensFilepath));
+        $invalid_tokens[] = $token;
+      }
+      else {
+        $invalid_tokens = [$token];
+      }
+
+      $file_data = implode(',', $invalid_tokens);
+      if (file_put_contents($this->invalidTokensFilepath, $file_data) === FALSE) {
+        $this->logger->warning("Unable to write QA API invalid tokens file. Check filesystem permissions.");
+      }
+
+      return new JsonResponse(NULL, 400);
+    }
+
+    // Reject if the token is incorrect.
+    if ($token != getenv('ORIGINS_QA_API_TOKEN')) {
+      return new JsonResponse(NULL, 401);
+    }
+
+    $response = new JsonResponse();
+    $qac = new QaAccountsManager();
+
+    if ($status === 'enable') {
+      $qac->toggleAll('enable');
+      return $response->setStatusCode(200);
+    }
+    else {
+      $qac->toggleAll('disable');
+      return $response->setStatusCode(200);
+    }
+  }
+
+}