From e12acfe142f1aac6f31d07a923fc2efd7d645cb7 Mon Sep 17 00:00:00 2001
From: Andrew Engelbrecht <andrew@fsf.org>
Date: Wed, 20 Apr 2022 16:03:09 -0400
Subject: [PATCH] clean up of code, in particular: hard coded values

---
 docs/fsf-drupal-auth.md           | 16 ++++++++---
 lib/Auth/Source/FSFDrupalAuth.php | 46 +++++++++++++++++--------------
 2 files changed, 37 insertions(+), 25 deletions(-)

diff --git a/docs/fsf-drupal-auth.md b/docs/fsf-drupal-auth.md
index 536c8f9..59f1db3 100644
--- a/docs/fsf-drupal-auth.md
+++ b/docs/fsf-drupal-auth.md
@@ -10,17 +10,25 @@ SQL queries in `config/authsources.php` should be something like the following:
 
         // custom fsf authentication source wrapped by ratelimit auth source
         'fsfdrupalauth:FSFDrupalAuth',
-        'nomination_process_contrib_start_date' => '2017-01-01',
-        'nomination_process_contrib_end_date' => '2022-01-01',
+
         'dsn' => 'mysql:host=example.com;port=3306;dbname=drupal',
         'username' => '$DB_USERNAME',
         'password' => '$DB_PASSWORD',
+
         'query_main' => 'SELECT pass, mail FROM users WHERE name = :username AND status = "1" limit 1;',
         // don't filter with 'and c.is_test = 0' because these may be useful for FSF staff
         'query_membership' => "select c.status_id from drupal.users a inner join civicrm.civicrm_uf_match b on a.uid=b.uf_id inner join civicrm.civicrm_membership c on b.contact_id=c.contact_id inner join civicrm.civicrm_contact d on c.contact_id=d.id where a.status = 1 and d.is_deleted = 0 and c.status_id is not NULL and a.name = :username and (c.status_id = 1 or c.status_id = 2 or c.status_id = 3 or c.status_id = 4) order by c.status_id limit 10;",
-        'query_staff' => "select a.name as is_fsf_staff from drupal.users a inner join civicrm.civicrm_uf_match b on a.uid=b.uf_id inner join civicrm.civicrm_contact c on b.contact_id=c.id inner join civicrm.civicrm_relationship d on c.id=d.contact_id_a where a.name=:username and a.status=1 and c.is_deleted=0 and d.relationship_type_id=4 and d.contact_id_b=FOOBAR and d.is_active=1 and (d.end_date>NOW() or d.end_date is NULL) limit 1;",
+        'query_staff' => "select a.name as is_fsf_staff from drupal.users a inner join civicrm.civicrm_uf_match b on a.uid=b.uf_id inner join civicrm.civicrm_contact c on b.contact_id=c.id inner join civicrm.civicrm_relationship d on c.id=d.contact_id_a where a.name=:username and a.status=1 and c.is_deleted=0 and d.relationship_type_id=4 and d.contact_id_b = :fsf_org_id and d.is_active=1 and (d.end_date>NOW() or d.end_date is NULL) limit 1;",
         'query_nomination_process_donations' => "select sum(d.total_amount) from drupal.users a inner join civicrm.civicrm_uf_match b on a.uid=b.uf_id inner join civicrm.civicrm_contact c on b.contact_id=c.id inner join civicrm.civicrm_contribution d on c.id=d.contact_id where a.name = :username and (d.financial_type_id = '2' or :all_contribs) and d.receive_date > :start_date and d.receive_date < :end_date;",
-        'query_nomination_process_gift_receipt' => "select count(*) from drupal.users a inner join civicrm.civicrm_uf_match b on a.uid=b.uf_id inner join civicrm.civicrm_contact c on b.contact_id=c.id inner join civicrm.civicrm_contribution d on c.id=d.contact_id where a.name = :username and d.contribution_page_id = :gift_redeem_page and d.receive_date > :start_date and d.receive_date < :end_date;",
+        'query_nomination_process_gift_receipt' => "select count(*) from drupal.users a inner join civicrm.civicrm_uf_match b on a.uid=b.uf_id inner join civicrm.civicrm_contact c on b.contact_id=c.id inner join civicrm.civicrm_contribution d on c.id=d.contact_id where a.name = :username and d.contribution_page_id = :gift_redeem_page_id and d.receive_date > :start_date and d.receive_date < :end_date;",
+
+        'fsf_org_id' => '739106',
+
+        'nomination_process_contrib_start_date' => '2017-01-01',
+        'nomination_process_contrib_end_date' => '2022-01-01',
+        'gift_redeem_page_id' => '63',
+        'membership_donation_threshold' => '5',
+        'donation_threshold' => '5',
 
     ],
 
diff --git a/lib/Auth/Source/FSFDrupalAuth.php b/lib/Auth/Source/FSFDrupalAuth.php
index 365ecef..58723bf 100644
--- a/lib/Auth/Source/FSFDrupalAuth.php
+++ b/lib/Auth/Source/FSFDrupalAuth.php
@@ -48,11 +48,15 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
     private $query_nomination_process_gift_receipt;
 
     /**
-     * Date for determining whether someone may participate in board nomination
-     * process
+     * SQL query parameters, or variables that help determine which attributes
+     * someone has
      */
+    private $fsf_org_id;
     private $nomination_process_contrib_start_date;
     private $nomination_process_contrib_end_date;
+    private $gift_redeem_page_id;
+    private $donation_threshold;
+    private $membership_donation_threshold;
 
     /**
      * Constructor for this authentication source.
@@ -69,7 +73,15 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
         parent::__construct($info, $config);
 
         // Make sure that all required parameters are present.
-        foreach (['dsn', 'username', 'password', 'query_main', 'query_membership', 'query_staff', 'query_nomination_process_donations', 'query_nomination_process_gift_receipt', 'nomination_process_contrib_start_date', 'nomination_process_contrib_end_date'] as $param) {
+	foreach (['dsn', 'username', 'password', 'query_main',
+		'query_membership', 'query_staff',
+		'query_nomination_process_donations',
+		'query_nomination_process_gift_receipt', 'gift_redeem_page_id',
+		'fsf_org_id', 'donation_threshold',
+		'membership_donation_threshold',
+		'nomination_process_contrib_start_date',
+		'nomination_process_contrib_end_date'] as $param) {
+
             if (!array_key_exists($param, $config)) {
                 throw new Exception('Missing required attribute \''.$param.
                     '\' for authentication source '.$this->authId);
@@ -81,18 +93,10 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
                     ' to be a string. Instead it was: '.
                     var_export($config[$param], true));
             }
+
+            $this->$param = $config[$param];
         }
 
-        $this->dsn = $config['dsn'];
-        $this->username = $config['username'];
-        $this->password = $config['password'];
-        $this->query_main =       $config['query_main'];
-        $this->query_membership = $config['query_membership'];
-        $this->query_staff =      $config['query_staff'];
-        $this->query_nomination_process_donations = $config['query_nomination_process_donations'];
-        $this->query_nomination_process_gift_receipt = $config['query_nomination_process_gift_receipt'];
-        $this->nomination_process_contrib_start_date    = $config['nomination_process_contrib_start_date'];
-        $this->nomination_process_contrib_end_date    = $config['nomination_process_contrib_end_date'];
         if (isset($config['options'])) {
             $this->options = $config['options'];
         }
@@ -288,9 +292,9 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
          * @param string $query_name  Name of query in authsources
          * @param number $amount  Amount to compare result to
          * @param boolean $all_contribs  Pass as 'all_contribs' param. The var may also be null to exclude it
-         * @param boolean $gift_redeem_page  Pass as 'gift_redeem_page' param. The var may also be null to exclude it
+         * @param boolean $gift_redeem_page_id  Pass as 'gift_redeem_page_id' param. The var may also be null to exclude it
 	 */
-	$meets_a_donation_criterion = function ($query_name, $amount, $all_contribs, $gift_redeem_page)
+	$meets_a_donation_criterion = function ($query_name, $amount, $all_contribs, $gift_redeem_page_id)
 	    use ($username, $start_date, $end_date, $attributes) {
 
 		$parameters =
@@ -301,8 +305,8 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
 		if ($all_contribs !== null) {
 			$parameters['all_contribs'] = $all_contribs;
 		}
-		if ($gift_redeem_page !== null) {
-			$parameters['gift_redeem_page'] = $gift_redeem_page;
+		if ($gift_redeem_page_id !== null) {
+			$parameters['gift_redeem_page_id'] = $gift_redeem_page_id;
 		}
 
 		$result = $this->query_db($query_name, $parameters);
@@ -318,9 +322,9 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
 		return false;
 	};
 
-	if ($meets_a_donation_criterion('query_nomination_process_donations', 5, true, null)
-	    || $meets_a_donation_criterion('query_nomination_process_donations', 5, false, null)
-	    || $meets_a_donation_criterion('query_nomination_process_gift_receipt', 1, null, 63)) {
+	if ($meets_a_donation_criterion('query_nomination_process_donations', intval($this->donation_threshold), true, null)
+	    || $meets_a_donation_criterion('query_nomination_process_donations', intval($this->membership_donation_threshold), false, null)
+	    || $meets_a_donation_criterion('query_nomination_process_gift_receipt', 1, null, intval($this->gift_redeem_page_id))) {
 
 		$attributes['nomination_process'] = ['true'];
 	} else {
@@ -331,7 +335,7 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
         // query on staff
         //
 
-        $staff_data = $this->query_db('query_staff', ['username' => $username]);
+        $staff_data = $this->query_db('query_staff', ['username' => $username, 'fsf_org_id' => $this->fsf_org_id]);
 
         if (count($staff_data) === 0) {
             // No rows returned - invalid username
-- 
2.25.1