ahmido
110245a9ec
Some checks are pending
Main Confidence / confidence (push) Waiting to run
## Summary - add a shared provider target-scope descriptor, normalizer, identity-context metadata, and surface-summary layer - update provider connection list, detail, create, edit, and onboarding surfaces to use neutral target-scope vocabulary while keeping Microsoft identity contextual - align provider connection audit and resolver output with the neutral target-scope contract and add focused guard/unit/feature coverage for regressions ## Validation - browser smoke: opened the tenant-scoped provider connection list, drilled into detail, and verified the edit/create surfaces in local admin context ## Notes - this PR comes from the session branch created for the active feature work - no additional runtime or persistence layer was introduced in this slice Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #274
80 lines
3.4 KiB
PHP
80 lines
3.4 KiB
PHP
<?php
|
|
|
|
namespace App\Services\Providers;
|
|
|
|
use App\Support\Providers\ProviderConnectionType;
|
|
use App\Support\Providers\ProviderReasonCodes;
|
|
use App\Support\Providers\TargetScope\ProviderConnectionTargetScopeDescriptor;
|
|
use App\Support\Providers\TargetScope\ProviderIdentityContextMetadata;
|
|
|
|
final class PlatformProviderIdentityResolver
|
|
{
|
|
/**
|
|
* @param list<ProviderIdentityContextMetadata> $contextualIdentityDetails
|
|
*/
|
|
public function resolve(
|
|
string $tenantContext,
|
|
?ProviderConnectionTargetScopeDescriptor $targetScope = null,
|
|
array $contextualIdentityDetails = [],
|
|
): ProviderIdentityResolution {
|
|
$targetTenant = trim($tenantContext);
|
|
$clientId = trim((string) config('graph.client_id'));
|
|
$clientSecret = trim((string) config('graph.client_secret'));
|
|
$authorityTenant = trim((string) config('graph.tenant_id', 'organizations'));
|
|
$redirectUri = trim((string) route('admin.consent.callback'));
|
|
|
|
if ($targetTenant === '') {
|
|
return ProviderIdentityResolution::blocked(
|
|
connectionType: ProviderConnectionType::Platform,
|
|
tenantContext: 'organizations',
|
|
credentialSource: 'platform_config',
|
|
reasonCode: ProviderReasonCodes::ProviderConnectionInvalid,
|
|
message: 'Provider connection is missing target tenant scope.',
|
|
targetScope: $targetScope,
|
|
contextualIdentityDetails: $contextualIdentityDetails,
|
|
);
|
|
}
|
|
|
|
if ($clientId === '') {
|
|
return ProviderIdentityResolution::blocked(
|
|
connectionType: ProviderConnectionType::Platform,
|
|
tenantContext: $targetTenant,
|
|
credentialSource: 'platform_config',
|
|
reasonCode: ProviderReasonCodes::PlatformIdentityMissing,
|
|
message: 'Platform app identity is not configured.',
|
|
targetScope: $targetScope,
|
|
contextualIdentityDetails: $contextualIdentityDetails,
|
|
);
|
|
}
|
|
|
|
if ($clientSecret === '' || $redirectUri === '') {
|
|
return ProviderIdentityResolution::blocked(
|
|
connectionType: ProviderConnectionType::Platform,
|
|
tenantContext: $targetTenant,
|
|
credentialSource: 'platform_config',
|
|
reasonCode: ProviderReasonCodes::PlatformIdentityIncomplete,
|
|
message: 'Platform app identity is incomplete.',
|
|
targetScope: $targetScope,
|
|
contextualIdentityDetails: $contextualIdentityDetails,
|
|
);
|
|
}
|
|
|
|
return ProviderIdentityResolution::resolved(
|
|
connectionType: ProviderConnectionType::Platform,
|
|
tenantContext: $targetTenant,
|
|
effectiveClientId: $clientId,
|
|
credentialSource: 'platform_config',
|
|
clientSecret: $clientSecret,
|
|
authorityTenant: $authorityTenant !== '' ? $authorityTenant : 'organizations',
|
|
redirectUri: $redirectUri,
|
|
targetScope: $targetScope,
|
|
contextualIdentityDetails: $contextualIdentityDetails !== []
|
|
? array_values(array_merge($contextualIdentityDetails, array_filter([
|
|
ProviderIdentityContextMetadata::authorityTenant($authorityTenant !== '' ? $authorityTenant : 'organizations'),
|
|
ProviderIdentityContextMetadata::redirectUri($redirectUri),
|
|
])))
|
|
: [],
|
|
);
|
|
}
|
|
}
|