From 2df55d9958995c7228b2b01c3a31f6620718d75f Mon Sep 17 00:00:00 2001
From: tkiehne <tkiehne@washington.edu>
Date: Fri, 18 Oct 2024 13:19:40 -0700
Subject: [PATCH] Initial 4.x version with UW Groups V3 API support

---
 README.md                                |  3 +++
 src/EventSubscriber/UwAuthSubscriber.php | 22 ++++++++++------------
 uwauth.info.yml                          |  2 +-
 uwauth.module                            |  2 +-
 4 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 73fe1f3..51e4a50 100644
--- a/README.md
+++ b/README.md
@@ -108,6 +108,9 @@ For Drupal core versions 8.0.x < 8.8.3 use version v2.2.0 (8.x-2.2).
 
 For Drupal core versions >= 8.8.3, including Drupal 9, use v.3.0.0 or later.
 
+### API Version
+
+Version 4.x uses the UW Groups API version 3; previous releases use the version 1 API that was deprecated in 2019.
 
 
 ## Federation
diff --git a/src/EventSubscriber/UwAuthSubscriber.php b/src/EventSubscriber/UwAuthSubscriber.php
index df6d3c2..8be153d 100644
--- a/src/EventSubscriber/UwAuthSubscriber.php
+++ b/src/EventSubscriber/UwAuthSubscriber.php
@@ -210,32 +210,30 @@ private function fetchGwsGroups(AccountInterface $account): array {
     $username = $account->getAccountName();
 
     // UW GWS URL.
-    $uwgws_url = 'https://iam-ws.u.washington.edu/group_sws/v1/search?member=' . $username . '&type=effective&scope=all';
+    $uwgws_url = 'https://groups.uw.edu/group_sws/v3/search?member=' . $username . '&type=effective&scope=all';
 
     // Query UW GWS for group membership.
-    $uwgws = curl_init();
-    curl_setopt_array($uwgws, [
+    $uwgws = \curl_init();
+    \curl_setopt_array($uwgws, [
       CURLOPT_RETURNTRANSFER => TRUE,
       CURLOPT_FOLLOWLOCATION => TRUE,
       CURLOPT_SSLCERT        => $this->settings->get('gws.cert'),
       CURLOPT_SSLKEY         => $this->settings->get('gws.key'),
-      CURLOPT_CAINFO         => $this->settings->get('gws.cacert'),
       CURLOPT_URL            => $uwgws_url,
     ]);
-    $uwgws_response = curl_exec($uwgws);
-    curl_close($uwgws);
+    $uwgws_response = \curl_exec($uwgws);
+    \curl_close($uwgws);
 
     // Extract groups from response.
-    $uwgws_feed = simplexml_load_string(str_replace('xmlns=', 'ns=', $uwgws_response));
-    $uwgws_entries = $uwgws_feed->xpath("//a[@class='name']");
+    $uwgws_feed = \json_decode($uwgws_response, TRUE);
     $uwgws_groups = [];
-    foreach ($uwgws_entries as $uwgws_entry) {
-      $uwgws_groups[] = (string) $uwgws_entry[0];
+    if (isset($uwgws_feed['data'])) {
+      $uwgws_groups = \array_column($uwgws_feed['data'], 'id');
     }
 
-    $this->logger->log($this->severity['ad_sync'], 'Fetched groups from GWS for {name}: got {groups}.', [
+    $this->logger->log($this->severity['ad_sync'], 'Fetched groups from GWS V3 API for {name}: got {groups}.', [
       'name' => $account->getDisplayName(),
-      'groups' => implode(', ', $uwgws_groups),
+      'groups' => \implode(', ', $uwgws_groups),
     ]);
 
     return $uwgws_groups;
diff --git a/uwauth.info.yml b/uwauth.info.yml
index 3f4417d..d8f3a65 100644
--- a/uwauth.info.yml
+++ b/uwauth.info.yml
@@ -2,5 +2,5 @@ name: 'UW Auth'
 description: 'Provides authentication and role assignment with Shibboleth, and UW Groups or Active Directory'
 package: Web services
 type: module
-version: '3.0.5'
+version: '4.0.0'
 core_version_requirement: ^10.2 || ^11
diff --git a/uwauth.module b/uwauth.module
index 525ec83..0e17fa3 100644
--- a/uwauth.module
+++ b/uwauth.module
@@ -19,7 +19,7 @@ function uwauth_help($route_name, RouteMatchInterface $route_match) {
       $output .= '<p>' . t('From here you can specify what your group membership source is. By default, this will be set to None, which effectively disables the module. To minimize issues, select your group membership source after you have created your roles, mapped them, and configured the group source.') . '</p>';
       $output .= '<p>' . t('At any time if you wish to disable the module, you can do so by setting the source to None. This change will disable it, without erasing the module configuration.') . '</p>';
       $output .= '<h3>' . t('Groups Web Service') . '</h3>';
-      $output .= '<p>' . t('GWS offers a centralized system for managing user groups at UW. In order to utilize it, you will need a certificate issued by UW CA to authenticate your application with the web service. This certificate is different from the InCommon certificate issued for web servers.') . '</p>';
+      $output .= '<p>' . t('GWS offers a centralized system for managing user groups at UW. In order to utilize it, you will need a certificate issued by UW CA to authenticate your application with the web service.') . '</p>';
       $output .= '<h3>' . t('Active Directory') . '</h3>';
       $output .= '<p>' . t('With AD, you can utilize either NETID or a departmental AD infrastructure. Both authenticated, and anonymous binds are supported. It is recommended that you use LDAPS whenever possible, and it is required when using NETID. You may need to configure OpenLDAP to load the required CA certificates, if using LDAPS.') . '</p>';
       $output .= '<h3>' . t('Group to Role Mapping') . '</h3>';