Merge branch 'release/v4.5.0' into release/v4.4.0

Author: esprit-dev

Block/Adminhtml/Config/AbstractOauth2.php

@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Payplug\Payments\Block\Adminhtml\Config;
+
+use Magento\Backend\Block\Template\Context;
+use Magento\Config\Block\System\Config\Form\Field;
+use Magento\Config\Model\ResourceModel\Config\Data\CollectionFactory as ConfigDataCollectionFactory;
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\View\Helper\SecureHtmlRenderer;
+use Magento\Store\Model\ScopeInterface as StoreScopeInterface;
+
+abstract class AbstractOauth2 extends Field
+{
+    public function __construct(
+        private readonly ConfigDataCollectionFactory $configDatacollection,
+        Context $context,
+        array $data = [],
+        ?SecureHtmlRenderer $secureRenderer = null
+    ) {
+        parent::__construct($context, $data, $secureRenderer);
+    }
+
+    protected function _isInheritCheckboxRequired($element)
+    {
+        return false;
+    }
+
+    protected function isEmailSetForCurrentScope(): bool
+    {
+        $websiteId = $this->getRequest()->getParam('website');
+
+        $scope = $websiteId ? StoreScopeInterface::SCOPE_WEBSITES : ScopeConfigInterface::SCOPE_TYPE_DEFAULT;
+        $scopeId = $websiteId ?: 0;
+
+        $collection = $this->configDatacollection->create();
+        $collection->addFieldToFilter('path', 'payplug_payments/oauth2/email')
+            ->addFieldToFilter('scope', $scope)
+            ->addFieldToFilter('scope_id', $scopeId);
+
+        return (bool)$collection->getSize();
+    }
+}

Block/Adminhtml/Config/Login.php

@@ -51,14 +51,22 @@ public function render(\Magento\Framework\Data\Form\Element\AbstractElement $ele
         $this->helper->initScopeData();
 
         $connected = $this->helper->isConnected(ScopeInterface::SCOPE_WEBSITE, $this->request->getParam('website'));
+        $oauthConnected = $this->helper->isOauthConnected(ScopeInterface::SCOPE_WEBSITE, $this->request->getParam('website'));
         $isVerified = $this->helper->getConfigValue('verified', ScopeInterface::SCOPE_WEBSITE, $this->request->getParam('website'));
 
         $connexionFields = ['payplug_payments_general_email'];
+        $connexionFieldsWithPwd = ['payplug_payments_general_email', 'payplug_payments_general_pwd'];
 
         $disconnectionFields = ['payplug_payments_general_account_details'];
 
         $elements = '';
         foreach ($element->getElements() as $field) {
+            if ($oauthConnected) {
+                if (in_array($field->getId(), $connexionFieldsWithPwd)) {
+                    continue;
+                }
+            }
+
             if ($connected) {
                 if (in_array($field->getId(), $connexionFields)) {
                     continue;

Block/Adminhtml/Config/Oauth2Login.php

@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Payplug\Payments\Block\Adminhtml\Config;
+
+use Magento\Backend\Block\Widget\Button;
+use Magento\Framework\Data\Form\Element\AbstractElement;
+
+class Oauth2Login extends AbstractOauth2
+{
+    /** @noinspection PhpMissingParentCallCommonInspection */
+    protected function _getElementHtml(AbstractElement $element): string
+    {
+        /** @var Button $buttonBlock */
+        $buttonBlock = $this->getForm()->getLayout()->createBlock(Button::class);
+        $websiteId = $this->getRequest()->getParam('website');
+        $url = $this->getUrl('payplug_payments_admin/config/oauth2Login', ['website' => $websiteId]);
+
+        $data = [
+            'label' => $websiteId ? __('Connect to Payplug for this website') : __('Connect to Payplug'),
+            'onclick' => "setLocation('$url')",
+            'class' => 'action-primary'
+        ];
+
+        return $buttonBlock->setData($data)->toHtml();
+    }
+
+    public function render(AbstractElement $element): string
+    {
+        if ($this->isEmailSetForCurrentScope()) {
+            return '';
+        }
+
+        return parent::render($element);
+    }
+}

Block/Adminhtml/Config/Oauth2Logout.php

@@ -0,0 +1,120 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Payplug\Payments\Block\Adminhtml\Config;
+
+use Magento\Backend\Block\Template\Context;
+use Magento\Backend\Block\Widget\Button;
+use Magento\Config\Model\ResourceModel\Config\Data\CollectionFactory as ConfigDataCollectionFactory;
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\App\State;
+use Magento\Framework\Data\Form\Element\AbstractElement;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Stdlib\DateTime\TimezoneInterface;
+use Magento\Framework\View\Helper\SecureHtmlRenderer;
+use Magento\Store\Model\ScopeInterface as StoreScopeInterface;
+use Payplug\Payments\Service\GetOauth2AccessTokenData;
+
+class Oauth2Logout extends AbstractOauth2
+{
+    public function __construct(
+        private readonly ScopeConfigInterface $scopeConfig,
+        private readonly GetOauth2AccessTokenData $getOauth2AccessTokenData,
+        private readonly State $appState,
+        private readonly TimezoneInterface $timezone,
+        ConfigDataCollectionFactory $configDatacollection,
+        Context $context,
+        array $data = [],
+        ?SecureHtmlRenderer $secureRenderer = null
+    ) {
+        parent::__construct(
+            $configDatacollection,
+            $context,
+            $data,
+            $secureRenderer
+        );
+    }
+
+    /** @noinspection PhpMissingParentCallCommonInspection */
+    protected function _getElementHtml(AbstractElement $element): string
+    {
+        /** @var Button $buttonBlock  */
+        $buttonBlock = $this->getForm()->getLayout()->createBlock(Button::class);
+        $websiteId = $this->getRequest()->getParam('website');
+        $url = $this->getUrl('payplug_payments_admin/config/oauth2Logout', ['website' => $websiteId]);
+
+        $data = [
+            'label' => __('Logout'),
+            'onclick' => "setLocation('$url')"
+        ];
+
+        $statusLabel = __(
+            'Your are currently authenticated with email <strong>%1</strong> (%2)',
+            $this->getEmailValue(),
+            $websiteId && $this->isEmailSetForCurrentScope() ? __('Website') : __('Default')
+        );
+
+        $info = <<<HTML
+<div class="message message-success">{$statusLabel}</div>
+HTML;
+
+        if (!$this->isEmailSetForCurrentScope()) {
+            return $info;
+        }
+
+        if ($this->isDeveloperMode()) {
+            $accessTokenData = $this->getAccessTokenData();
+            $expirationDate = $this->timezone->date($accessTokenData['expires_date'])->format('Y-m-d H:i:s');
+            $expirationLabel = __('Current access token expiration date');
+            $tokenValueLabel = __('Current access token value');
+
+            $info .= <<<HTML
+<div class="message info">{$expirationLabel} : {$expirationDate}</div>
+<div class="message info">{$tokenValueLabel} : <code style="overflow-wrap: anywhere;">{$accessTokenData['access_token']}</code></div>
+HTML;
+        }
+
+        return $info . '<br>' . $buttonBlock->setData($data)->toHtml();
+    }
+
+    public function render(AbstractElement $element): string
+    {
+        if (!$this->getEmailValue()) {
+            return '';
+        }
+
+        return parent::render($element);
+    }
+
+    private function getEmailValue(): ?string
+    {
+
+        $websiteId = $this->getCurrentWebsite();
+
+        return $this->scopeConfig->getValue(
+            'payplug_payments/oauth2/email',
+            $websiteId ? StoreScopeInterface::SCOPE_WEBSITES : ScopeConfigInterface::SCOPE_TYPE_DEFAULT,
+            $websiteId ?: 0
+        );
+    }
+
+    private function getAccessTokenData(): ?array
+    {
+        try {
+            return $this->getOauth2AccessTokenData->execute($this->getCurrentWebsite());
+        } catch (LocalizedException) {
+            return null;
+        }
+    }
+
+    private function getCurrentWebsite(): ?int
+    {
+        return $this->getRequest()->getParam('website') ?: null;
+    }
+
+    private function isDeveloperMode(): bool
+    {
+        return $this->appState->getMode() === State::MODE_DEVELOPER;
+    }
+}

CHANGELOG.md

@@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.5.0](https://github.com/payplug/payplug-magento2/releases/tag/v4.5.0) - 2025-07-04
+
+### Features
+
+- Implement OAuth2 redirect handling and securely store credentials
+- Set up automatic JWT generation and refresh
+- Integrate OAuth2 login UI (button)
+- Sign every API request with the JWT token
+- Support both legacy authentication and OAuth2 (dual mode)
+
+**[View diff](https://github.com/payplug/payplug-magento2/compare/v4.3.4...v4.5.0)**
+
 ## [4.4.0](https://github.com/payplug/payplug-magento2/releases/tag/v4.4.0) - 2025-06-24
 
 ### Features

Controller/Adminhtml/Config/Oauth2FetchAuthCode.php

@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Payplug\Payments\Controller\Adminhtml\Config;
+
+use Magento\Backend\App\Action;
+use Magento\Backend\App\Action\Context;
+use Magento\Backend\Model\Auth\Session as AdminAuthSession;
+use Magento\Framework\App\Action\HttpGetActionInterface;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\Controller\Result\RedirectFactory;
+use Magento\Framework\UrlInterface;
+use Payplug\Authentication as PayplugAuthentication;
+use Payplug\Exception\ConfigurationException;
+use Payplug\Payments\Logger\Logger;
+
+class Oauth2FetchAuthCode extends Action implements HttpGetActionInterface
+{
+    public const OAUTH_CONFIG_FETCH_DATA = 'payplug_payments_admin/config/oauth2FetchClientData';
+    public const OAUTH_CONFIG_FETCH_AUTH = 'payplug_payments_admin/config/oauth2FetchAuthCode';
+
+    public function __construct(
+        private readonly RequestInterface $request,
+        private readonly UrlInterface $urlBuilder,
+        private readonly RedirectFactory $redirectFactory,
+        private readonly Logger $logger,
+        private readonly AdminAuthSession $adminAuthSession,
+        Context $context
+    ) {
+        parent::__construct($context);
+    }
+
+    public function execute()
+    {
+        $clientId = $this->request->getParam('client_id');
+        $companyId = $this->request->getParam('company_id');
+        $websiteId = $this->request->getParam('website');
+        $callbackUrl = $this->urlBuilder->getUrl(
+            Oauth2FetchAuthCode::OAUTH_CONFIG_FETCH_DATA,
+            ['website' => $websiteId]
+        );
+
+        $codeVerifier = bin2hex(openssl_random_pseudo_bytes(50));
+
+        $this->adminAuthSession->setData(Oauth2FetchClientData::PAYPLUG_OAUTH2_AUTHENTICATION_CONTEXT_DATA, [
+            'client_id' => $clientId,
+            'company_id' => $companyId,
+            'code_verifier' => $codeVerifier,
+            'callback_url' => $callbackUrl,
+        ]);
+
+        try {
+            PayplugAuthentication::initiateOAuth($clientId, $callbackUrl, $codeVerifier);
+            // phpcs:ignore Magento2.Security.LanguageConstruct.ExitUsage
+            exit;
+        } catch (ConfigurationException $e) {
+            $this->logger->error($e->getMessage());
+            $this->messageManager->addErrorMessage(__('Could not retrieve Auth Code from Payplug Portal'));
+
+            return $this->redirectFactory->create()->setPath(
+                'adminhtml/system_config/edit',
+                ['section' => 'payplug_payments']
+            );
+        }
+    }
+}