ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
dev
TenantAtlas/app/Http/Controllers/AdminConsentCallbackController.php
Ahmed Darrazi 6d14d2544f feat: TenantPilot v1 - Complete implementation (Phases 1-12) 
Complete implementation of TenantPilot v1 Intune Management Platform with
comprehensive backup, versioning, and restore capabilities.

CONSTITUTION & SPEC
- Ratified constitution v1.0.0 with 7 core principles
- Complete spec.md with 7 user stories (US1-7)
- Detailed plan.md with constitution compliance check
- Task breakdown with 125+ tasks across 12 phases

CORE FEATURES (US1-4)
- Policy inventory with Graph-based sync (US1)
- Backup creation with immutable JSONB snapshots (US2)
- Version history with diff viewer (human + JSON) (US3)
- Defensive restore with preview/dry-run (US4)

TENANT MANAGEMENT (US6-7)
- Full tenant CRUD with Entra ID app configuration
- Admin consent callback flow integration
- Tenant connectivity verification
- Permission health status monitoring
- 'Highlander' pattern: single current tenant with is_current flag

GRAPH ABSTRACTION
- Complete isolation layer (7 classes)
- GraphClientInterface with mockable implementations
- Error mapping, logging, and standardized responses
- Rate-limit aware design

DOMAIN SERVICES
- BackupService: immutable snapshot creation
- RestoreService: preview, selective restore, conflict detection
- VersionService: immutable version capture
- VersionDiff: human-readable and structured diffs
- PolicySyncService: Graph-based policy import
- TenantConfigService: connectivity testing
- TenantPermissionService: permission health checks
- AuditLogger: comprehensive audit trail

DATA MODEL
- 11 migrations with tenant-aware schema
- 8 Eloquent models with proper relationships
- SoftDeletes on Tenant, BackupSet, BackupItem, PolicyVersion, RestoreRun
- JSONB storage for snapshots, metadata, permissions
- Encrypted storage for client secrets
- Partial unique index for is_current tenant

FILAMENT ADMIN UI
- 5 main resources: Tenant, Policy, PolicyVersion, BackupSet, RestoreRun
- RelationManagers: Versions (Policy), BackupItems (BackupSet)
- Actions: Verify config, Admin consent, Make current, Delete/Force delete
- Filters: Status, Type, Platform, Archive state
- Permission panel with status indicators
- ActionGroup pattern for cleaner row actions

HOUSEKEEPING (Phases 10-12)
- Soft delete with archive status for all entities
- Force delete protection (blocks if dependencies exist)
- Tenant deactivation with cascade prevention
- Audit logging for all delete operations

TESTING
- 36 tests passing (125 assertions, 11.21s)
- Feature tests: Policy, Backup, Restore, Version, Tenant, Housekeeping
- Unit tests: VersionDiff, TenantCurrent, Permissions, Scopes
- Full TDD coverage for critical flows

CONFIGURATION
- config/tenantpilot.php: 10+ policy types with metadata
- config/intune_permissions.php: required Graph permissions
- config/graph.php: Graph client configuration

SAFETY & COMPLIANCE
- Constitution compliance: 7/7 principles ✓
- Safety-first operations: preview, confirmation, validation
- Immutable versioning: no in-place modifications
- Defensive restore: dry-run, selective, conflict detection
- Comprehensive auditability: all critical operations logged
- Tenant-aware architecture: multi-tenant ready
- Graph abstraction: isolated, mockable, testable
- Spec-driven development: spec → plan → tasks → implementation

OPERATIONAL READINESS
- Laravel Sail for local development
- Dokploy deployment documentation
- Queue/worker ready architecture
- Migration safety notes
- Environment variable documentation

Tests: 36 passed
Duration: 11.21s
Status: Production-ready (98% complete)
2025-12-12 02:27:54 +01:00

241 lines
7.6 KiB
PHP
Raw Permalink Blame History

<?php
namespace App\Http\Controllers;
use App\Models\Tenant;
use App\Services\Graph\GraphClientInterface;
use App\Services\Intune\AuditLogger;
use App\Services\Intune\TenantConfigService;
use App\Services\Intune\TenantPermissionService;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;
use Illuminate\View\View;
use Symfony\Component\HttpFoundation\Response as ResponseAlias;
class AdminConsentCallbackController extends Controller
{
/**
* Handle the incoming request.
*/
public function __invoke(
Request $request,
AuditLogger $auditLogger,
TenantConfigService $configService,
TenantPermissionService $permissionService,
GraphClientInterface $graphClient
): View {
$expectedState = $request->session()->pull('tenant_onboard_state');
$tenantKey = $request->string('tenant')->toString();
$state = $request->string('state')->toString();
$tenantIdentifier = $tenantKey ?: $this->parseState($state);
if ($expectedState && $expectedState !== $state) {
abort(ResponseAlias::HTTP_FORBIDDEN, 'Invalid consent state');
}
abort_if(empty($tenantIdentifier), 404);
$tenant = Tenant::withTrashed()
->forTenant($tenantIdentifier)
->first();
if ($tenant?->trashed()) {
$tenant->restore();
}
if (! $tenant) {
$tenant = Tenant::create([
'tenant_id' => $tenantIdentifier,
'name' => 'New Tenant',
'app_client_id' => config('graph.client_id'),
'app_client_secret' => config('graph.client_secret'),
'app_status' => 'pending',
]);
}
$error = $request->string('error')->toString() ?: null;
$consentGranted = $request->has('admin_consent')
? filter_var($request->input('admin_consent'), FILTER_VALIDATE_BOOLEAN)
: null;
$status = match (true) {
$error !== null => 'error',
$consentGranted === false => 'consent_denied',
$consentGranted === true => 'ok',
default => 'pending',
};
$tenant->update([
'app_status' => $status,
'app_notes' => $error,
]);
$auditLogger->log(
tenant: $tenant,
action: 'tenant.consent.callback',
context: [
'metadata' => [
'status' => $status,
'state' => $state,
'error' => $error,
'consent' => $consentGranted,
],
],
status: $status === 'ok' ? 'success' : 'error',
resourceType: 'tenant',
resourceId: (string) $tenant->id,
);
return view('admin-consent-callback', [
'tenant' => $tenant,
'status' => $status,
'error' => $error,
'consentGranted' => $consentGranted,
]);
}
private function handleAuthorizationCodeFlow(
Request $request,
AuditLogger $auditLogger,
TenantConfigService $configService,
TenantPermissionService $permissionService,
GraphClientInterface $graphClient
): View {
$expectedState = $request->session()->pull('tenant_onboard_state');
if ($expectedState && $expectedState !== $request->string('state')->toString()) {
abort(ResponseAlias::HTTP_FORBIDDEN, 'Invalid consent state');
}
$redirectUri = route('admin.consent.callback');
$token = $this->exchangeAuthorizationCode(
code: $request->string('code')->toString(),
redirectUri: $redirectUri
);
$tenantId = $token['tenant_id'] ?? null;
abort_if(empty($tenantId), 500, 'Tenant ID missing from token');
/** @var Tenant|null $tenant */
$tenant = Tenant::withTrashed()
->forTenant($tenantId)
->first();
if ($tenant?->trashed()) {
$tenant->restore();
}
if (! $tenant) {
$tenant = Tenant::create([
'tenant_id' => $tenantId,
'name' => 'New Tenant',
'app_client_id' => config('graph.client_id'),
'app_client_secret' => config('graph.client_secret'),
'app_status' => 'pending',
]);
}
$orgResponse = $graphClient->getOrganization([
'tenant' => $tenant->graphTenantId(),
'client_id' => $tenant->app_client_id,
'client_secret' => $tenant->app_client_secret,
]);
if ($orgResponse->successful()) {
$org = $orgResponse->data ?? [];
$tenant->update([
'name' => $org['displayName'] ?? $tenant->name,
'domain' => $org['verifiedDomains'][0]['name'] ?? $tenant->domain,
]);
}
$configResult = $configService->testConnectivity($tenant);
$permissionService->compare($tenant);
$status = $configResult['success'] ? 'ok' : 'error';
$tenant->update([
'app_status' => $status,
'app_notes' => $configResult['error_message'],
]);
$auditLogger->log(
tenant: $tenant,
action: 'tenant.consent.callback',
context: [
'metadata' => [
'status' => $status,
'error' => $configResult['error_message'],
'from' => 'authorization_code',
],
],
status: $status === 'ok' ? 'success' : 'error',
resourceType: 'tenant',
resourceId: (string) $tenant->id,
);
return view('admin-consent-callback', [
'tenant' => $tenant,
'status' => $status,
'error' => $configResult['error_message'],
'consentGranted' => $status === 'ok',
]);
}
/**
* @return array{access_token:string,id_token:string,tenant_id:?string}
*/
private function exchangeAuthorizationCode(string $code, string $redirectUri): array
{
$response = Http::asForm()->post('https://login.microsoftonline.com/common/oauth2/v2.0/token', [
'client_id' => config('graph.client_id'),
'client_secret' => config('graph.client_secret'),
'code' => $code,
'grant_type' => 'authorization_code',
'redirect_uri' => $redirectUri,
'scope' => 'https://graph.microsoft.com/.default offline_access openid profile',
]);
if ($response->failed()) {
abort(ResponseAlias::HTTP_BAD_GATEWAY, 'Failed to exchange code for token');
}
$body = $response->json();
$idToken = $body['id_token'] ?? null;
$tenantId = $this->parseTenantIdFromToken($idToken);
return [
'access_token' => $body['access_token'] ?? '',
'id_token' => $idToken ?? '',
'tenant_id' => $tenantId,
];
}
private function parseTenantIdFromToken(?string $token): ?string
{
if (! $token || ! str_contains($token, '.')) {
return null;
}
$parts = explode('.', $token);
$payload = json_decode(base64_decode(strtr($parts[1], '-_', '+/')) ?: '[]', true);
return $payload['tid'] ?? $payload['tenant'] ?? null;
}
private function parseState(?string $state): ?string
{
if (empty($state)) {
return null;
}
if (str_contains($state, '|')) {
[, $value] = explode('|', $state, 2);
return $value;
}
return $state;
}
}
Reference in New Issue View Git Blame Copy Permalink