Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

let user authenticate via service principal #38

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions includes/class-power-bi-endpoints.php
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,35 @@ private function setup_actions() {
//construct
private function __construct(){}

/**
* Get Embedded Token for report.
*
* @since 1.1.5
* @access public
* @return mixed
*/
public function get_embedded_token($workspace_id, $report_id, $ms_token, $dataset_id) {
$username = (!empty(get_option('power_bi_settings')['powerbi_rls_effecitve_identity'])) ? get_option('power_bi_settings')['powerbi_rls_effecitve_identity'] : false;
$params = ['identities' => [['username' => $username, 'datasets' => [$dataset_id]],], "accessLevel" => "View", "datasetId" => $dataset_id];

$url = "https://api.powerbi.com/v1.0/myorg/groups/$workspace_id/reports/$report_id/GenerateToken";

$postdata = json_encode($params);

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER,
array(
"Content-Type: application/json",
"Authorization: Bearer $ms_token",));
$result = curl_exec($ch);
curl_close($ch);

return json_decode((string) $result);
}

/**
* Get Report Data to make api call.
*
Expand All @@ -50,6 +79,8 @@ private function __construct(){}
public function get_report_data($data){
if(!isset($data['post_id'])) return false;
$power_bi_credentials = get_option('power_bi_credentials');
$settings = get_option( 'power_bi_settings' );

$response = [];
if(!isset( $power_bi_credentials['access_token'])) return false;
$response['access_token'] = $power_bi_credentials['access_token'];
Expand Down Expand Up @@ -109,6 +140,13 @@ public function get_report_data($data){
$response['tile_id'] = esc_attr(get_post_meta( $post_id, '_power_bi_tile_id', true ));
$response['embed_url'] = $response['api_url'] . "embed?dashboardId=" . $response['dashboard_id'] . "&tileId=" . $response['tile_id'] . "&groupId=" . $response['group_id'];
}

if ( $settings['auth_type'] == 'service_principal' ) {
$result = $this->get_embedded_token($response['group_id'], $response['report_id'], $power_bi_credentials['access_token'], $response['dataset_id']);
$response['access_token'] = $result->token;
$response['embed_token'] = $result->token;
$response['token_type'] = 'Embed';
}
nocache_headers();
return new WP_REST_Response(!(empty($response)) ? $response : false);
}
Expand Down
74 changes: 71 additions & 3 deletions includes/class-power-bi-oauth.php
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,7 @@ private function setup_actions() {

public function add_token() {
$power_bi_credentials = get_option('power_bi_credentials');

if( isset( $power_bi_credentials['access_token'] ) || isset( $power_bi_credentials['error'] ) ) {
if( is_array($power_bi_credentials) && isset( $power_bi_credentials['access_token'] ) || isset( $power_bi_credentials['error'] ) ) {
$token_credentials = $this->get_token();
update_option('power_bi_credentials', $token_credentials);

Expand Down Expand Up @@ -77,7 +76,63 @@ public function add_management_azure_token() {
}
}

public function get_token() {
public function get_token_by_service_principal() {

$token_transient = get_transient( 't_token' );

if(! empty( $token_transient )) {
return $token_transient;
}

$user_credentials = get_option( 'power_bi_settings' );

$client_id = $user_credentials['power_bi_client_id'];
$client_secret = $user_credentials['power_bi_client_secret'];
$tenant_id = $user_credentials['power_bi_azure_tenant_id'];


$curl = curl_init();
if(!$curl) {
die("Embedded PowerBi could not initialize a cURL handle. Please have your hosting provider install curl");
}

curl_setopt_array($curl, array(
CURLOPT_URL => 'https://login.microsoftonline.com/' . $tenant_id . '/oauth2/token',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_POSTFIELDS => 'grant_type=client_credentials&resource=https%3A%2F%2Fanalysis.windows.net%2Fpowerbi%2Fapi&client_id=' . $client_id . '&client_secret=' . $client_secret . '',
CURLOPT_HTTPHEADER => array(
'Content-Type: application/x-www-form-urlencoded',
),
));

$response = curl_exec($curl);

$err = curl_error($curl);

curl_close($curl);

if ($err) {
$err = json_decode($err, true);
return $err;
}

$token = json_decode($response, true);

if ( isset($token['error']) ) {
return $token;
}

set_transient( 't_token', $token, HOUR_IN_SECONDS );
return $token;

}

public function get_token_by_master_user() {

$token_transient = get_transient( 't_token' );

Expand Down Expand Up @@ -135,6 +190,19 @@ public function get_token() {
return $token;

}

public function get_token()
{
$settings = get_option( 'power_bi_settings' );

if ( $settings['auth_type'] == 'master_user' ) {
$token = (array)$this->get_token_by_master_user();
}
else if ( $settings['auth_type'] == 'service_principal' ) {
$token = (array)$this->get_token_by_service_principal();
}
return $token;
}

// Provided new get token request for https://management.azure.com/
function get_token_management_azure() {
Expand Down
16 changes: 16 additions & 0 deletions includes/class-power-bi-settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,14 @@ public function settings_init( ) {
'power_bi'
);

add_settings_field(
'powerbi_auth_type',
__( 'Auth type', 'power-bi' ),
'powerbi_auth_type_render',
'power_bi',
'power_bi_section'
);

add_settings_field(
'power_bi_username',
__( 'User Name', 'power-bi' ),
Expand Down Expand Up @@ -107,6 +115,14 @@ public function settings_init( ) {
'power_bi_section'
);

add_settings_field(
'powerbi_rls_effecitve_identity',
__( 'Username for Effective Identity (RLS)', 'power-bi' ),
'powerbi_rls_effecitve_identity_render',
'power_bi',
'power_bi_section'
);

add_settings_field(
'power_bi_oauth_success',
__( 'Oauth Status', 'power-bi' ),
Expand Down
55 changes: 53 additions & 2 deletions includes/functions-power-bi-settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ function powerbi_mobile_breakpoint_render() {
function power_bi_username_render() {
$options = get_power_bi_plugin_settings();
?>
<input type='text' name='power_bi_settings[power_bi_username]' value='<?php echo $options['power_bi_username']; ?>'>
<input id="power_bi_username" type='text' name='power_bi_settings[power_bi_username]' value='<?php echo $options['power_bi_username']; ?>'>
<?php

}
Expand All @@ -37,7 +37,7 @@ function power_bi_username_render() {
function power_bi_password_render() {
$options = get_power_bi_plugin_settings();
?>
<input type='password' name='power_bi_settings[power_bi_password]' value='<?php echo $options['power_bi_password']; ?>'>
<input id="power_bi_password" type='password' name='power_bi_settings[power_bi_password]' value='<?php echo $options['power_bi_password']; ?>'>
<?php

}
Expand All @@ -60,6 +60,57 @@ function power_bi_client_secret_render() {

}


function powerbi_rls_effecitve_identity_render() {
$options = get_power_bi_plugin_settings();
?>
<input id="powerbi_rls_effecitve_identity" type='text' name='power_bi_settings[powerbi_rls_effecitve_identity]' value='<?php echo $options['powerbi_rls_effecitve_identity']; ?>'>
<?php

}

function powerbi_auth_type_render() {
$options = get_power_bi_plugin_settings();
if ( empty($options['auth_type']) ) {
$options['auth_type'] = 'service_principal';
}
?>
<label for="master_user">
<input id="master_user" type='radio' name='power_bi_settings[auth_type]' <?php echo ($options['auth_type'] == 'master_user') ? 'checked' : ''; ?> value='master_user'>
<?php echo __('Master user', 'power-bi') ?>
</label>

<label for="service_principal">
<input id="service_principal" type='radio' name='power_bi_settings[auth_type]' <?php echo ($options['auth_type'] == 'service_principal') ? 'checked' : ''; ?> value='service_principal'>
<?php echo __('Service Principal', 'power-bi') ?>
</label>
<script>
var init = 0;
function checkAuthType() {
if(jQuery('#service_principal').is(':checked')) {
jQuery('#powerbi_rls_effecitve_identity').closest('tr').show();
jQuery('#power_bi_password, #power_bi_username').closest('tr').hide();
} else {
jQuery('#powerbi_rls_effecitve_identity').closest('tr').hide();
jQuery('#power_bi_password, #power_bi_username').closest('tr').show();
}
}
jQuery('#master_user, #service_principal').on('change', function () {
checkAuthType();
});

jQuery( document ).ready(function() {
checkAuthType();
setTimeout(function () {
checkAuthType();
}, 1000)
});
</script>
<?php

}


function power_bi_oauth_success_render() {

$power_bi_credentials = get_option('power_bi_credentials');
Expand Down