Merge branch 'main' into feature/tags

# Conflicts: # README.md
flownative · Oct 26, 2021 · 1faf9ff · 1faf9ff
2 parents c1e0373 + ec8efe3
commit 1faf9ff
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 3 deletions.
diff --git a/Classes/AssetSource/CantoAssetSource.php b/Classes/AssetSource/CantoAssetSource.php
@@ -263,6 +263,8 @@ public function getCantoClient(): CantoClient
         if ($this->cantoClient === null) {
             $this->cantoClient = new CantoClient(
                 $this->apiBaseUri,
+                $this->appId,
+                $this->appSecret,
                 $this->assetSourceIdentifier
             );
         }

diff --git a/Classes/Service/CantoClient.php b/Classes/Service/CantoClient.php
@@ -15,6 +15,7 @@
 
 use Flownative\Canto\Domain\Model\AccountAuthorization;
 use Flownative\Canto\Domain\Repository\AccountAuthorizationRepository;
+use Flownative\Canto\Exception\AuthenticationFailedException;
 use Flownative\OAuth2\Client\Authorization;
 use Flownative\OAuth2\Client\OAuthClientException;
 use GuzzleHttp\Client;
@@ -40,6 +41,8 @@
  */
 final class CantoClient
 {
+    protected bool $allowClientCredentialsAuthentication = false;
+
     /**
      * @var string
      */
@@ -86,16 +89,25 @@ final class CantoClient
 
     /**
      * @param string $apiBaseUri
+     * @param string $appId
+     * @param string $appSecret
      * @param string $serviceName
      */
-    public function __construct(string $apiBaseUri, string $serviceName)
+    public function __construct(string $apiBaseUri, string $appId, string $appSecret, string $serviceName)
     {
         $this->apiBaseUri = $apiBaseUri;
+        $this->appId = $appId;
+        $this->appSecret = $appSecret;
         $this->serviceName = $serviceName;
 
         $this->httpClient = new Client(['allow_redirects' => true]);
     }
 
+    public function allowClientCredentialsAuthentication(bool $allowed): void
+    {
+        $this->allowClientCredentialsAuthentication = $allowed;
+    }
+
     private function authenticate(): void
     {
         $oAuthClient = new CantoOAuthClient($this->serviceName);
@@ -118,8 +130,18 @@ private function authenticate(): void
                         ->uriFor('needed', ['returnUri' => (string)$returnToUri], 'Authorization', 'Flownative.Canto')
                 );
             }
+        } elseif ($this->allowClientCredentialsAuthentication) {
+            $authorizationId = Authorization::generateAuthorizationIdForClientCredentialsGrant($this->serviceName, $this->appId, $this->appSecret, '');
+            $this->authorization = $oAuthClient->getAuthorization($authorizationId);
+            if ($this->authorization === null) {
+                $oAuthClient->requestAccessToken($this->serviceName, $this->appId, $this->appSecret, '');
+                $this->authorization = $oAuthClient->getAuthorization($authorizationId);
+            }
+            if ($this->authorization === null) {
+                throw new AuthenticationFailedException('Authentication failed: ' . ($result->help ?? 'Unknown cause'), 1630059881);
+            }
         } else {
-            throw new \RuntimeException('Security context not initialized', 1631821639);
+            throw new \RuntimeException('Security context not initialized and client credentials use not allowed', 1631821639);
         }
     }
 

diff --git a/Classes/Service/CantoOAuthClient.php b/Classes/Service/CantoOAuthClient.php
@@ -102,6 +102,10 @@ protected function createOAuthProvider(string $clientId, string $clientSecret):
 
     public function renderFinishAuthorizationUri(): string
     {
+        if (FLOW_SAPITYPE === 'CLI') {
+            return '';
+        }
+
         $currentRequestHandler = $this->bootstrap->getActiveRequestHandler();
         $httpRequest = $currentRequestHandler->getHttpRequest();
         $actionRequest = ActionRequest::fromHttpRequest($httpRequest);

diff --git a/README.md b/README.md
@@ -30,13 +30,22 @@ $ composer require flownative/neos-canto
 
 ### Enabling Canto API access
 
-1. In Canto go to Settings > Configuration Options > API 
+1. In Canto go to Settings > Configuration Options > API > API Keys
 2. Click "Create API Key"
 3. Fill in a name that helps you understand what the key is for
 4. Fill in the "Redirect URL", using `http://<www.your-site.com>/flownative-canto/authorization/finish`,
    using your own domain(!)
 5. Note down "App ID", "App Secret" and "Website" of the new key
 
+### Allow client credentials mode for API key
+
+To be able to use the Canto connection from the command line, client credentials
+mode must be enabled.
+
+1. In Canto go to Settings > Configuration Options > API > API Keys
+2. Edit the API key you use for the Neos integration
+3. Enable "Support Client Credentials Mode" and click "Save"
+
 ### Configure the Canto connection
 
 You need to set the "App ID" and "App Secret" from the generated API key as well