From 095c8eea716c3a05e07ef557e6b7fd9e48e23b19 Mon Sep 17 00:00:00 2001
From: Lars Vierbergen <vierbergenlars@gmail.com>
Date: Tue, 24 Oct 2017 08:02:30 +0200
Subject: [PATCH] Move account disconnecting from oauth account to external
 account

---
 Controller/ConnectController.php              | 52 +++----------------
 .../OAuthExternalAccountProvider.php          | 46 +++++++++++++++-
 Resources/config/routing.yml                  |  4 --
 Resources/config/services.xml                 |  3 ++
 .../Connect/disconnect_service.html.twig      | 27 ----------
 5 files changed, 53 insertions(+), 79 deletions(-)
 delete mode 100644 Resources/views/Connect/disconnect_service.html.twig

diff --git a/Controller/ConnectController.php b/Controller/ConnectController.php
index b032be3..feb71c4 100644
--- a/Controller/ConnectController.php
+++ b/Controller/ConnectController.php
@@ -18,63 +18,23 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-
 namespace vierbergenlars\AuthserverOAuthAccountBundle\Controller;
 
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Form\Extension\Core\Type\FormType;
-use vierbergenlars\AuthserverExternalAccountBundle\Entity\ExternalUser;
-use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
 use HWI\Bundle\OAuthBundle\Controller\ConnectController as BaseConnectController;
-use vierbergenlars\AuthserverExternalAccountBundle\ExternalAccount\ExternalAccountProviderManager;
-use vierbergenlars\AuthserverOAuthAccountBundle\DependencyInjection\AuthserverOAuthAccountExtension;
+use Symfony\Component\HttpFoundation\Response;
 
 class ConnectController extends BaseConnectController
 {
+
     protected function render($view, array $parameters = [], Response $response = null)
     {
-        if($view === 'HWIOAuthBundle:Connect:connect_success.html.twig')
+        if ($view === 'HWIOAuthBundle:Connect:connect_success.html.twig')
             return $this->redirectToRoute('user_profile');
 
         $externalAccountProviderManager = $this->container->get('vierbergenlars.authserver_external_account.account_provider_manager');
 
-        return parent::render($view, $parameters + ['externalAccountProviderManager' => $externalAccountProviderManager], $response);
-    }
-
-    public function disconnectServiceAction(Request $request, ExternalUser $externalUser)
-    {
-        if($externalUser->getUser() !== $this->getUser())
-            throw $this->createAccessDeniedException();
-        $token = $this->getToken();
-        if($token instanceof OAuthToken) {
-            if('oauth_'.$token->getResourceOwnerName() === $externalUser->getProvider()) {
-                $resourceOwnerMap = $this->get('hwi_oauth.resource_ownermap.public');
-                /* @var $resourceOwnerMap \HWI\Bundle\OAuthBundle\Security\Http\ResourceOwnerMap */
-                $resourceOwner = $resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
-                $userInfo = $resourceOwner->getUserInformation($token->getRawToken());
-
-                if($userInfo->getUsername() == $externalUser->getProviderRef()) {
-                    throw $this->createAccessDeniedException('You can not disconnect the external user you are currently authenticated with.');
-                }
-
-            }
-        }
-
-
-        $form = $this->createForm(FormType::class);
-        $form->handleRequest($request);
-
-        if($form->isSubmitted() && $form->isValid()) {
-            $this->container->get('hwi_oauth.account.connector')->disconnect($externalUser);
-
-            return $this->redirectToRoute('user_profile');
-        }
-
-        return $this->render('AuthserverOAuthAccountBundle:Connect:disconnect_service.html.twig', [
-            'externalUser' => $externalUser,
-            'form' => $form->createView(),
-        ]);
-
+        return parent::render($view, $parameters + [
+            'externalAccountProviderManager' => $externalAccountProviderManager
+        ], $response);
     }
 }
diff --git a/ExternalAccount/OAuthExternalAccountProvider.php b/ExternalAccount/OAuthExternalAccountProvider.php
index 8b87dee..1b0afc1 100644
--- a/ExternalAccount/OAuthExternalAccountProvider.php
+++ b/ExternalAccount/OAuthExternalAccountProvider.php
@@ -20,11 +20,15 @@
 namespace vierbergenlars\AuthserverOAuthAccountBundle\ExternalAccount;
 
 use HWI\Bundle\OAuthBundle\Security\OAuthUtils;
+use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use vierbergenlars\AuthserverExternalAccountBundle\Entity\ExternalUser;
 use vierbergenlars\AuthserverExternalAccountBundle\ExternalAccount\ExternalAccountProviderInterface;
 use vierbergenlars\AuthserverExternalAccountBundle\ValueObject\Button;
-use vierbergenlars\AuthserverOAuthAccountBundle\ResourceOwner\ResourceOwnerConfig;
 use vierbergenlars\AuthserverOAuthAccountBundle\ResourceOwner\ResourceOwnerMap;
+use vierbergenlars\AuthserverOAuthAccountBundle\Security\Core\User\OAuthUserProvider;
 
 class OAuthExternalAccountProvider implements ExternalAccountProviderInterface
 {
@@ -47,11 +51,32 @@ class OAuthExternalAccountProvider implements ExternalAccountProviderInterface
      */
     private $OAuthUtils;
 
-    public function __construct($name, ResourceOwnerMap $resourceOwnerMap, OAuthUtils $OAuthUtils)
+    /**
+     *
+     * @var OAuthUserProvider
+     */
+    private $userProvider;
+
+    /**
+     *
+     * @var TokenStorageInterface
+     */
+    private $tokenStorage;
+
+    /**
+     *
+     * @var \HWI\Bundle\OAuthBundle\Security\Http\ResourceOwnerMap
+     */
+    private $hwiResourceOwnerMap;
+
+    public function __construct($name, ResourceOwnerMap $resourceOwnerMap, OAuthUtils $OAuthUtils, OAuthUserProvider $userProvider, TokenStorageInterface $tokenStorage, \HWI\Bundle\OAuthBundle\Security\Http\ResourceOwnerMap $hwiResourceOwnerMap)
     {
         $this->resourceOwnerConfig = $resourceOwnerMap[$name];
         $this->name = $name;
         $this->OAuthUtils = $OAuthUtils;
+        $this->userProvider = $userProvider;
+        $this->tokenStorage = $tokenStorage;
+        $this->hwiResourceOwnerMap = $hwiResourceOwnerMap;
     }
 
     public function getName()
@@ -93,6 +118,23 @@ class OAuthExternalAccountProvider implements ExternalAccountProviderInterface
         return true;
     }
 
+    public function disconnect(ExternalUser $externalUser)
+    {
+        $token = $this->tokenStorage->getToken();
+        if ($token instanceof OAuthToken) {
+            if ('oauth_' . $token->getResourceOwnerName() === $externalUser->getProvider()) {
+                $resourceOwner = $this->hwiResourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
+                $userInfo = $resourceOwner->getUserInformation($token->getRawToken());
+
+                if ($userInfo->getUsername() == $externalUser->getProviderRef()) {
+                    throw new AccessDeniedException('You can not disconnect the external user you are currently authenticated with.');
+                }
+            }
+        }
+
+        $this->userProvider->disconnect($externalUser);
+    }
+
     public function supports($externalProviderData)
     {
         return true;
diff --git a/Resources/config/routing.yml b/Resources/config/routing.yml
index bcce1c7..35af703 100644
--- a/Resources/config/routing.yml
+++ b/Resources/config/routing.yml
@@ -6,10 +6,6 @@ hwi_oauth_connect:
     resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
     prefix:   /usr/oauth/connect
 
-vierbergenlars_oauth_account_disconnect:
-    path: /usr/oauth/disconnect/{externalUser}
-    defaults:
-        _controller: AuthserverOAuthAccountBundle:Connect:disconnectService
 
 oauth_login_paths:
     resource: vierbergenlars.authserver_oauth_account.route_provider:getOAuthLoginPaths
diff --git a/Resources/config/services.xml b/Resources/config/services.xml
index caddaab..9adf918 100644
--- a/Resources/config/services.xml
+++ b/Resources/config/services.xml
@@ -38,6 +38,9 @@
             <argument />
             <argument type="service" id="vierbergenlars.authserver_oauth_account.resource_owner_map" />
             <argument type="service" id="hwi_oauth.security.oauth_utils" />
+            <argument type="service" id="vierbergenlars.authserver_oauth_account.user_provider" />
+            <argument type="service" id="security.token_storage"/>
+            <argument type="service" id="hwi_oauth.resource_ownermap.public" />
         </service>
 
         <service class="vierbergenlars\AuthserverOAuthAccountBundle\EventListener\RegistrationHandlerListener">
diff --git a/Resources/views/Connect/disconnect_service.html.twig b/Resources/views/Connect/disconnect_service.html.twig
deleted file mode 100644
index b5825b0..0000000
--- a/Resources/views/Connect/disconnect_service.html.twig
+++ /dev/null
@@ -1,27 +0,0 @@
-{% extends '::base.html.twig' %}
-{% block title %}{{ parent() }} - Disconnect Account{% endblock %}
-{% block body %}
-    <div class="container">
-        <div class="row">
-            <div class="col-xs-12 col-sm-6 col-sm-offset-3 col-md-4 col-md-offset-4">
-                <div class="panel panel-primary">
-                    <div class="panel-heading">
-                        <h3 class="panel-title">Disconnecting</h3>
-                    </div>
-                    <div class="panel-body">
-                        <p>Are you sure you want to disconnect your {{ externalAccountProviderManager.getProviderForExternalUserUnsafe(externalUser).serviceName }} account "{{ externalUser.providerFriendlyName }}"?</p>
-                        <p>
-                            {{ form_start(form) }}
-                            {{ form_widget(form) }}
-                        <div>
-                            <button type="submit" class="btn btn-primary">Disconnect account</button>
-                            <a href="{{ path('user_profile') }}" class="btn btn-link">Cancel</a>
-                        </div>
-                        {{ form_end(form) }}
-                        </p>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-{% endblock %}