From f3bf03269a9b5cade5b2aba05e27298db3b22c94 Mon Sep 17 00:00:00 2001
From: Santeri Hurnanen <santeri.hurnanen@fame.fi>
Date: Tue, 30 Jan 2024 16:07:45 +0200
Subject: [PATCH] Revert "UHF-9531: Add separate client for edu users"

---
 conf/cmi/openid_connect.client.keycloak.yml   | 21 --------------
 conf/cmi/openid_connect.client.tunnistamo.yml |  2 +-
 .../helfi_kasko_content.module                | 29 -------------------
 .../helfi_kasko_content/translations/fi.po    |  3 --
 public/sites/default/all.settings.php         |  7 -----
 5 files changed, 1 insertion(+), 61 deletions(-)
 delete mode 100644 conf/cmi/openid_connect.client.keycloak.yml

diff --git a/conf/cmi/openid_connect.client.keycloak.yml b/conf/cmi/openid_connect.client.keycloak.yml
deleted file mode 100644
index 4b3162c3..00000000
--- a/conf/cmi/openid_connect.client.keycloak.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-uuid: 734bd97e-6964-42d0-80ad-2b641885ae6b
-langcode: en
-status: true
-dependencies:
-  module:
-    - helfi_tunnistamo
-_core:
-  default_config_hash: nGpk9fP8YMhP_c3Sz_aCQFVhAJyN6eJI6E4Qpnqna-A
-id: keycloak
-label: Tunnistamo
-plugin: tunnistamo
-settings:
-  client_id: placeholder
-  client_secret: placeholder
-  iss_allowed_domains: ''
-  is_production: 0
-  auto_login: 0
-  environment_url: ''
-  client_scopes: 'openid,email'
-  client_roles: {  }
-
diff --git a/conf/cmi/openid_connect.client.tunnistamo.yml b/conf/cmi/openid_connect.client.tunnistamo.yml
index f31f90c3..c6a9c773 100644
--- a/conf/cmi/openid_connect.client.tunnistamo.yml
+++ b/conf/cmi/openid_connect.client.tunnistamo.yml
@@ -7,7 +7,7 @@ dependencies:
 _core:
   default_config_hash: nGpk9fP8YMhP_c3Sz_aCQFVhAJyN6eJI6E4Qpnqna-A
 id: tunnistamo
-label: edu.hel.fi
+label: Tunnistamo
 plugin: tunnistamo
 settings:
   client_id: placeholder
diff --git a/public/modules/custom/helfi_kasko_content/helfi_kasko_content.module b/public/modules/custom/helfi_kasko_content/helfi_kasko_content.module
index 8ed76e86..1ef65e78 100644
--- a/public/modules/custom/helfi_kasko_content/helfi_kasko_content.module
+++ b/public/modules/custom/helfi_kasko_content/helfi_kasko_content.module
@@ -10,11 +10,9 @@ use Drupal\Core\Entity\ContentEntityInterface;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Language\LanguageInterface;
 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\StringTranslation\TranslatableMarkup;
 use Drupal\helfi_kasko_content\UnitCategoryUtility;
 use Drupal\helfi_platform_config\DTO\ParagraphTypeCollection;
 use Drupal\paragraphs\ParagraphInterface;
-use Drupal\user\UserInterface;
 
 /**
  * Implements hook_ENTITY_TYPE_access().
@@ -338,30 +336,3 @@ function helfi_kasko_content_views_data_alter(array &$data) {
     ],
   ];
 }
-
-/**
- * Implements hook_openid_connect_pre_authorize().
- */
-function helfi_kasko_content_openid_connect_pre_authorize(UserInterface|bool $account, array $context) : bool {
-  $pluginId = $context['plugin_id'];
-  $userinfo = $context['userinfo'] ?? NULL;
-  $email = $userinfo['email'] ?? NULL;
-
-  // Helsinki-profiili has issues with edu.hel.fi users:
-  // https://helsinkisolutionoffice.atlassian.net/browse/HP-2147.
-  // As a workaround, kasko has a separate client that still uses old
-  // Tunnistamo. This prevents non edu.hel.fi users from using tunnistamo.
-  // @todo remove when edu.hel.fi clients work with Helsinki-profiili.
-  $allowLogin = match ($pluginId) {
-    'tunnistamo' => $email === helfi_tunnistamo_create_email($userinfo),
-    'keycloak' => $email !== helfi_tunnistamo_create_email($userinfo),
-    default => TRUE,
-  };
-
-  if (!$allowLogin && $pluginId === 'tunnistamo') {
-    \Drupal::messenger()
-      ->addError(new TranslatableMarkup("Only edu.hel.fi users are allowed to log in with this method."));
-  }
-
-  return $allowLogin;
-}
diff --git a/public/modules/custom/helfi_kasko_content/translations/fi.po b/public/modules/custom/helfi_kasko_content/translations/fi.po
index 59aa51ed..8dba95e9 100644
--- a/public/modules/custom/helfi_kasko_content/translations/fi.po
+++ b/public/modules/custom/helfi_kasko_content/translations/fi.po
@@ -177,6 +177,3 @@ msgstr "B2-kieli"
 msgctxt "TPR Ontologyword details schools"
 msgid "Language offering"
 msgstr "Kielitarjonta"
-
-msgid "Only edu.hel.fi users are allowed to log in with this method"
-msgstr "Vain edu.hel.fi käyttäjät voivat kirjautua tällä kirjautumistavalla."
diff --git a/public/sites/default/all.settings.php b/public/sites/default/all.settings.php
index cee69c3e..05daef53 100644
--- a/public/sites/default/all.settings.php
+++ b/public/sites/default/all.settings.php
@@ -32,10 +32,3 @@
 
 // Sentry DSN for React.
 $config['react_search.settings']['sentry_dsn_react'] = getenv('SENTRY_DSN_REACT');
-
-// @todo remove separate client once edu.hel.fi users work with keycloak.
-$config['openid_connect.client.keycloak']['settings']['client_id'] = getenv('KEYCLOAK_CLIENT_ID');
-$config['openid_connect.client.keycloak']['settings']['client_secret'] = getenv('KEYCLOAK_CLIENT_SECRET');
-if ($keycloak_environment_url = getenv('KEYCLOAK_ENVIRONMENT_URL')) {
-  $config['openid_connect.client.keycloak']['settings']['environment_url'] = $keycloak_environment_url;
-}