Merge branch 'release/2.0.0'

Release/2.0.0
dpc-sdp · Dec 8, 2020 · 3fb3a37 · 3fb3a37
2 parents ffb992e + e091b57
commit 3fb3a37
Show file tree

Hide file tree

Showing 19 changed files with 1,050 additions and 3 deletions.
diff --git a/composer.json b/composer.json
@@ -18,7 +18,7 @@
         "drupal/config_ignore": "^2.1",
         "drupal/config_split": "^1.4",
         "drupal/config_update": "^1.6",
-        "drupal/core": "8.8.x",
+        "drupal/core": "8.9.x",
         "drupal/diff": "^1.0-RC2",
         "drupal/editor_advanced_link": "^1.4",
         "drupal/entity_browser": "^1.6",
@@ -45,6 +45,7 @@
         "drupal/redirect": "^1.3",
         "drupal/role_delegation": "^1.0-alpha1",
         "drupal/seckit": "^1.1",
+        "drupal/simple_oauth": "^4.5",
         "drupal/simple_sitemap": "^2.12",
         "drupal/smart_trim": "^1.1",
         "drupal/smtp": "^1.0@RC",
@@ -62,7 +63,8 @@
         "drupal/link_field_autocomplete_filter": "^1.8",
         "drupal/queue_mail": "^1.0",
         "drupal/token": "^1.7",
-        "drupal/username_enumeration_prevention": "^1.1"
+        "drupal/username_enumeration_prevention": "^1.1",
+        "drupal/quick_node_clone": "^1.13"
     },
     "repositories": {
         "drupal": {
@@ -75,7 +77,6 @@
             "drupal/core": {
                 "Contextual links should not be added inside another link - https://www.drupal.org/node/2898875": "https://www.drupal.org/files/issues/2018-03-16/contextual_links_should-2898875-6.patch",
                 "Custom blocks are no longer displayed and no longer appear in the custom block library - https://www.drupal.org/project/drupal/issues/2997898#comment-12832813": "https://www.drupal.org/files/issues/2018-10-27/2997898-21.patch",
-                "Unrecognised entity operation passed to Menu Link Content throws exceptions - https://www.drupal.org/project/drupal/issues/3016038": "https://www.drupal.org/files/issues/2019-03-03/3016038-menu-link-operation-8.patch",
                 "Make the DateTime input format and descriptive text consistent - https://www.drupal.org/project/drupal/issues/2791693#comment-13024583": "https://www.drupal.org/files/issues/2019-03-16/2791693-38.patch",
                 "Content types are ordered by machine name on node/add - https://www.drupal.org/project/drupal/issues/2693485#comment-11004325": "https://www.drupal.org/files/issues/2693485-node-3.patch",
                 "Poor performance when using moderation state views filter - https://www.drupal.org/project/drupal/issues/3097303#comment-13559283": "https://www.drupal.org/files/issues/2020-04-17/3097303-9.patch",
@@ -118,6 +119,9 @@
             "drupal/scheduled_transitions": {
                 "The revision user is incorrect after CRON ran - https://www.drupal.org/project/scheduled_transitions/issues/3094322": "https://www.drupal.org/files/issues/2019-11-14/3094322_8.x-8.x-1.0-rc3-2.patch"
             },
+            "drupal/simple_oauth": {
+                "access:false even though permission is checked for the role - https://www.drupal.org/project/simple_oauth/issues/2958159#comment-13847450": "https://www.drupal.org/files/issues/2020-10-05/simple_oauth-refresh_token_authenticated_missing_scope-2958159-4.patch"
+            },
             "drupal/viewsreference": {
                 "Updating from alpha4 to alpha5 via composer results in error - https://www.drupal.org/project/viewsreference/issues/3096956#comment-13370643": "https://www.drupal.org/files/issues/2019-11-28/3096956-17.Unmet-service-dependencies.patch"
             },

diff --git a/config/install/user.role.site_admin.yml b/config/install/user.role.site_admin.yml
@@ -24,6 +24,7 @@ permissions:
   - 'access webform submission log'
   - 'administer blocks'
   - 'administer menu'
+  - 'administer nodes'
   - 'administer redirect settings'
   - 'administer redirects'
   - 'administer taxonomy'
@@ -36,6 +37,7 @@ permissions:
   - 'assign editor role'
   - 'assign previewer role'
   - 'assign site_admin role'
+  - 'bypass node access'
   - 'create alert content'
   - 'create image_gallery content'
   - 'create landing_page content'

diff --git a/includes/helpers.inc b/includes/helpers.inc
@@ -9,6 +9,8 @@ use Drupal\config\StorageReplaceDataWrapper;
 use Drupal\Core\Config\ConfigImporter;
 use Drupal\Core\Config\FileStorage;
 use Drupal\Core\Config\StorageComparer;
+use Drupal\Core\Serialization\Yaml;
+use Drupal\Core\Site\Settings;
 
 /**
  * Helper to read configuration from provided locations.
@@ -152,3 +154,36 @@ function _tide_import_single_config($config_name, array $locations = [], $priori
     throw $exception;
   }
 }
+
+/**
+ * Retrieve UUID of a config file in config/sync directory.
+ *
+ * @param string $config_name
+ *   The config name.
+ *
+ * @return string|null
+ *   The UUID.
+ */
+function _tide_retrieve_config_uuid(string $config_name) : ?string {
+  try {
+    if (version_compare(\Drupal::VERSION, '8.8.0', '<')) {
+      $config_sync = config_get_config_directory(CONFIG_SYNC_DIRECTORY);
+    }
+    else {
+      $config_sync = Settings::get('config_sync_directory');
+    }
+    if ($config_sync) {
+      $config_file = $config_sync . DIRECTORY_SEPARATOR . $config_name . '.yml';
+      if (file_exists($config_file)) {
+        $config = Yaml::decode(file_get_contents($config_file));
+        if (!empty($config['uuid'])) {
+          return $config['uuid'];
+        }
+      }
+    }
+  }
+  catch (Exception $exception) {
+    watchdog_exception('tide_core', $exception);
+  }
+  return NULL;
+}
diff --git a/modules/tide_oauth/README.md b/modules/tide_oauth/README.md
@@ -0,0 +1,50 @@
+## Tide OAuth
+
+### Prerequisites
+1. Consumers module: https://www.drupal.org/project/consumers
+2. Simple OAuth module: https://www.drupal.org/project/simple_oauth
+
+### Installation
+1. _(Optional)_ Generate a key pair and set environment variables
+    ```shell script
+    $ openssl genrsa -out /tmp/private.key 4096
+    $ openssl rsa -in /tmp/private.key -pubout > /tmp/public.key
+    $ export TIDE_OAUTH_PRIVATE_KEY=`cat /tmp/private.key`
+    $ export TIDE_OAUTH_PUBLIC_KEY=`cat /tmp/public.key`
+    ```
+2. Enable the `tide_oauth` module.
+    * If the TIDE_OAUTH_ environment variables are set, the module will copy
+    the keys to `private://oauth.key` and `private://oauth.pub`.
+    * Otherwise, the module will generate a new key pair.
+3. _(Optional - **Lagoon only**)_ Add a `post-rollout` task to generate the OAuth
+    key pair from environment variables upon deployment.
+    ```yaml
+    tasks:
+       post-rollout:
+          - run:
+             name: Generate OAuth keys from ENV variables.
+             command: 'drush tide-oauth:keygen'
+             service: cli
+    ```    
+
+### Authentication
+1. See the documentation of [Simple OAuth2](https://www.drupal.org/node/2843627)
+2. Due to both JWT Authentication module and Simple OAuth module accept 
+    `Authorization: Bearer {TOKEN}` header, Tide OAuth provides extra headers:
+    * `Authorization: OAuth2 {TOKEN}`     
+    * `X-OAuth2-Authorization: Bearer {TOKEN}`
+    * `X-OAuth2-Authorization: OAuth2 {TOKEN}` 
+
+    When Tide Authenticated Content or JWT module is enabled, all OAuth2 
+    authentication calls should one of the custom headers as the normal 
+    `Authorization` header is always authenticated against JWT Authentication.
+3. By default, the module creates a client `Editorial Preview` with the scope
+    `editor`. All OAuth2 authentication requests using this client will have
+    permissions of the `Editor` role.
+4. OAuth2 endpoints:
+    * Authorization URL: `/oauth/authorize`
+    * Access token URL: `/oauth/token`
+5. Default expiration time:
+    * Access token: 5 minutes
+    * Authorization code: 5 minutes
+    * Refresh token: 2 weeks
diff --git a/modules/tide_oauth/composer.json b/modules/tide_oauth/composer.json
@@ -0,0 +1,12 @@
+{
+    "name": "dpc-sdp/tide_oauth",
+    "type": "drupal-drush",
+    "description": "Drush commands for Tide OAuth.",
+    "extra": {
+        "drush": {
+            "services": {
+                "drush.services.yml": "^9"
+            }
+        }
+    }
+}
diff --git a/modules/tide_oauth/drush.services.yml b/modules/tide_oauth/drush.services.yml
@@ -0,0 +1,6 @@
+services:
+  tide_oauth.commands:
+    class: \Drupal\tide_oauth\Commands\TideOauthCommands
+    arguments: ['@tide_oauth.env_key_generator']
+      tags:
+        - { name: drush.command }
diff --git a/modules/tide_oauth/drush/tide_oauth.drush.inc b/modules/tide_oauth/drush/tide_oauth.drush.inc
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * @file
+ * Tide OAuth Drush commands.
+ */
+
+/**
+ * Implements hook_drush_command().
+ */
+function tide_oauth_drush_command() {
+  $commands['tide-oauth-keygen'] = [
+    'description' => 'Generate OAuth keys from environment variables',
+    'drupal dependencies' => ['tide_oauth'],
+    'aliases' => ['tokgn', 'tide-oauth:keygen'],
+  ];
+  return $commands;
+}
+
+/**
+ * Callback for tide-oauth:keygen command.
+ */
+function drush_tide_oauth_keygen() {
+  /** @var \Drupal\tide_oauth\EnvKeyGenerator $env_key_generator */
+  $env_key_generator = \Drupal::service('tide_oauth.env_key_generator');
+  // Generate the OAuth encryption keys from Environment variables.
+  if ($env_key_generator->generateEnvKeys()) {
+    // Update Simple OAuth settings.
+    $env_key_generator->setSimpleOauthKeySettings();
+  }
+  else {
+    drush_set_error('Could not generate OAuth keys.');
+  }
+}
diff --git a/modules/tide_oauth/src/Authentication/Provider/XSimpleOauthAuthenticationProvider.php b/modules/tide_oauth/src/Authentication/Provider/XSimpleOauthAuthenticationProvider.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace Drupal\tide_oauth\Authentication\Provider;
+
+use Drupal\simple_oauth\Authentication\Provider\SimpleOauthAuthenticationProvider;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Class XSimpleOauthAuthenticationProvider.
+ *
+ * @internal
+ * @package Drupal\tide_oauth\Authentication\Provider
+ */
+class XSimpleOauthAuthenticationProvider extends SimpleOauthAuthenticationProvider {
+
+  /**
+   * {@inheritdoc}
+   */
+  public function authenticate(Request $request) {
+    // X-OAuth2-Authorization does not comply to OAuth2 so that we need to
+    // set Authorization header as per the OAuth2 specs.
+    // However, Authorization header will trigger JWT Authentication (if exists)
+    // hence we need to clone the request instead of modifying the original.
+    $oauth2_request = clone $request;
+    $auth_header = trim($request->headers->get('Authorization', '', TRUE));
+    if ((strpos($auth_header, 'OAuth2 ') !== FALSE) || ($auth_header === 'OAuth2')) {
+      $oauth2_request->headers->add([
+        'Authorization' => str_replace('OAuth2', 'Bearer', $auth_header),
+      ]);
+    }
+    else {
+      $x_auth_header = trim($oauth2_request->headers->get('X-OAuth2-Authorization', '', TRUE));
+      if (($x_auth_header === 'Bearer') || (strpos($x_auth_header, 'Bearer ') !== FALSE)) {
+        $oauth2_request->headers->add(['Authorization' => $x_auth_header]);
+      }
+      elseif (($x_auth_header === 'OAuth2') || (strpos($x_auth_header, 'OAuth2 ') !== FALSE)) {
+        $oauth2_request->headers->add([
+          'Authorization' => str_replace('OAuth2', 'Bearer', $x_auth_header),
+        ]);
+      }
+    }
+
+    $account = parent::authenticate($oauth2_request);
+    if ($account) {
+      // Inherit uploaded files for the current request.
+      /* @link https://www.drupal.org/project/drupal/issues/2934486 */
+      $request->files->add($oauth2_request->files->all());
+      // Set consumer ID header on successful authentication, so negotiators
+      // will trigger correctly.
+      $request->headers->set('X-Consumer-ID', $account->getConsumer()->uuid());
+    }
+
+    return $account;
+  }
+
+}
diff --git a/modules/tide_oauth/src/Commands/TideOauthCommands.php b/modules/tide_oauth/src/Commands/TideOauthCommands.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace Drupal\tide_oauth\Commands;
+
+use Drupal\tide_oauth\EnvKeyGenerator;
+use Drush\Commands\DrushCommands;
+
+/**
+ * Class TideOauthCommands.
+ *
+ * @package Drupal\tide_oauth\Commands
+ */
+class TideOauthCommands extends DrushCommands {
+
+  /**
+   * Env Key Generator.
+   *
+   * @var \Drupal\tide_oauth\EnvKeyGenerator
+   */
+  protected $envKeyGenerator;
+
+  /**
+   * TideOauthCommands constructor.
+   *
+   * @param \Drupal\tide_oauth\EnvKeyGenerator $env_key_generator
+   *   Env Key Generator.
+   */
+  public function __construct(EnvKeyGenerator $env_key_generator) {
+    parent::__construct();
+    $this->envKeyGenerator = $env_key_generator;
+  }
+
+  /**
+   * Generate OAuth keys from Environment variables.
+   *
+   * @usage drush tide-oauth:keygen
+   *   Generate OAuth keys from Environment variables.
+   *
+   * @command tide-oauth:keygen
+   * @validate-module-enabled tide_oauth
+   * @aliases tokgn,tide-oauth-keygen
+   */
+  public function generateKeys() {
+    if ($this->envKeyGenerator->generateEnvKeys()) {
+      // Update Simple OAuth settings.
+      $this->envKeyGenerator->setSimpleOauthKeySettings();
+      $this->io()->success('OAuth keys have been created.');
+    }
+    else {
+      $this->io()->error('Could not generate OAuth keys.');
+    }
+  }
+
+}