From bb03d28b7dd5827a15beffdcaebeab5548b23daf Mon Sep 17 00:00:00 2001
From: Sarah Vaupel <sarah.vaupel@uniworx.de>
Date: Sun, 3 Mar 2024 06:16:53 +0100
Subject: [PATCH] chore(auth): actually use user-auth config for determining
 auth plugins to load

---
 src/Application.hs | 33 ++++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/src/Application.hs b/src/Application.hs
index 85db6bf07..76d56defd 100644
--- a/src/Application.hs
+++ b/src/Application.hs
@@ -60,7 +60,6 @@ import System.Directory
 import Jobs
 
 import qualified Data.Text.Encoding as Text
-import qualified Data.Text as Text
 
 import Yesod.Auth.OAuth2.AzureADv2 (oauth2AzureADv2Scoped)
 import Yesod.Auth.Util.PasswordStore
@@ -344,21 +343,33 @@ makeFoundation appSettings''@AppSettings{..} = do
       appAuthKey <- clusterSetting (Proxy :: Proxy 'ClusterAuthKey) `customRunSqlPool` sqlPool
       appPersonalisedSheetFilesSeedKey <- clusterSetting (Proxy :: Proxy 'ClusterPersonalisedSheetFilesSeedKey) `customRunSqlPool` sqlPool
 
-
-      mAzureTenantID <- liftIO $ (fmap Text.pack) <$> (return $ Just "123") -- lookupEnv "AZURE_ADV2_TENANT_ID"
+      -- TODO: either migrate these to Foundation.Instances, or migrate additions in Foundation.Instances here
+      -- TODO: use scopes from Settings
+#ifdef DEVELOPMENT
+      oauth2Plugins <- liftIO $ sequence
+        [ (azureMockServer . fromJust) <$> lookupEnv "OAUTH2_SERVER_PORT"
+        , return $ oauth2AzureADv2Scoped ["openid", "profile", "offline_access"] "42" "42" "shhh"
+        ]
+#else
       let -- Auth Plugins
-        tenantID = fromMaybe (error "Tenant ID mising") mAzureTenantID
         loadPlugin p prefix = do -- Loads given YesodAuthPlugin
-          mID <- (fmap Text.pack) <$> (return $ Just "UWX") -- (lookupEnv $ prefix ++ "_CLIENT_ID")
-          mSecret <- (fmap Text.pack) <$> (return $ Just prefix) -- (lookupEnv $ prefix ++ "_CLIENT_SECRET")
+          mID <- fmap Text.pack <$> appUserAuthConf ^? _UserAuthConfSingleSource . _AuthSourceConfAzure . _azureConfClientId
+          mSecret <- fmap Text.pack <$> appUserAuthConf ^? _UserAuthConfSingleSource . _AuthSourceConfAzure . _azureConfClientSecret
           let mArgs = (,) <$> mID <*> mSecret
           guard $ isJust mArgs
           return . uncurry p $ fromJust mArgs
-
-      appAuthPlugins <- liftIO $ sequence [
-          (azureMockServer . fromJust) <$> lookupEnv "OAUTH2_SERVER_PORT"
-        , loadPlugin (oauth2AzureADv2Scoped ["openid", "profile", "offline_access"] tenantID) "AZURE_ADV2"
-        ]
+        tenantID = case appUserAuthConf of
+          UserAuthConfSingleSource (AuthSourceConfAzure AzureConf{..})
+            -> Text.pack azureConfTenantId
+          _other
+            -> error "Tenant ID missing!"
+        oauth2Plugins
+          | UserAuthConfSingleSource (AuthSourceConfAzure AzureConf{..}) appUserAuthConf
+            -> singleton $ oauth2AzureADv2Scoped (Set.toList azureConfScopes) azureConfTenantId azureConfClientId azureConfClientSecret
+          | otherwise
+            -> mempty
+#endif
+      let appAuthPlugins = oauth2Plugins
 
 
       let appVolatileClusterSettingsCacheTime' = Clock.fromNanoSecs ns