Use dedicated secret manager for Firefly III values.

app/Http/Controllers/Import/ConfigurationController.php

@@ -30,6 +30,7 @@ use App\Exceptions\ImporterHttpException;
 use App\Http\Controllers\Controller;
 use App\Http\Middleware\ConfigurationControllerMiddleware;
 use App\Http\Request\ConfigurationPostRequest;
+use App\Services\Shared\Authentication\SecretManager;
 use App\Services\Shared\Configuration\Configuration;
 use App\Services\CSV\Converter\Date;
 use App\Services\Nordigen\Model\Account as NordigenAccount;
@@ -83,7 +84,7 @@ class ConfigurationController extends Controller
         $mainTitle = 'Configuration';
         $subTitle  = 'Configure your import';
         $accounts  = [];
-        $flow      = $request->cookie(Constants::FLOW_COOKIE);
+        $flow      = $request->cookie(Constants::FLOW_COOKIE); // TODO should be from configuration right
 
         // create configuration:
         $configuration = $this->restoreConfiguration();
@@ -96,8 +97,8 @@ class ConfigurationController extends Controller
         }
 
         // get list of asset accounts:
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new GetAccountsRequest($url, $token);
         $request->setType(GetAccountsRequest::ASSET);
         $request->setVerify(config('importer.connection.verify'));
@@ -110,8 +111,8 @@ class ConfigurationController extends Controller
         }
 
         // also get liabilities
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new GetAccountsRequest($url, $token);
         $request->setVerify(config('importer.connection.verify'));
         $request->setTimeOut(config('importer.connection.timeout'));

app/Http/Controllers/IndexController.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers;
 
 use App\Services\Session\Constants;
+use App\Services\Shared\Authentication\SecretManager;
 use Artisan;
 use Illuminate\Http\Request;
 use Log;
@@ -68,41 +69,35 @@ class IndexController extends Controller
     public function index(Request $request): mixed
     {
         Log::debug(sprintf('Now at %s', __METHOD__));
-        // check for access token cookie. if not, redirect to flow to get it.
-        $accessToken  = (string) $request->cookie('access_token');
-        $refreshToken = (string) $request->cookie('refresh_token');
-        $baseURL      = (string) $request->cookie('base_url');
-        $vanityURL    = (string) $request->cookie('vanity_url');
 
-        Log::debug(sprintf('Base URL   : "%s"', $baseURL));
-        Log::debug(sprintf('Vanity URL : "%s"', $vanityURL));
-
-        if ('' === $accessToken && '' === $refreshToken && '' === $baseURL) {
-            Log::debug('No access token cookie, redirect to token.index');
+        // global methods to get these values, from cookies or configuration.
+        // it's up to the manager to provide them.
+        // if invalid values, redirect to token index.
+        $validInfo = SecretManager::hasValidSecrets();
+        if (!$validInfo) {
+            Log::debug('No valid secrets, redirect to token.index');
             return redirect(route('token.index'));
         }
-        Log::debug('Has access token cookie.');
 
         // display to user the method of authentication
         $pat = false;
-        if ('' !== (string) env('FIREFLY_III_ACCESS_TOKEN')) {
+        if ('' !== (string) config('importer.access_token')) {
             $pat = true;
         }
         $clientIdWithURL = false;
-        if ('' !== (string) env('FIREFLY_III_URL') && '' !== (string) env('FIREFLY_III_CLIENT_ID')) {
+        if ('' !== (string) config('importer.url') && '' !== (string) config('importer.client_id')) {
             $clientIdWithURL = true;
         }
         $URLonly = false;
-        if ('' !== (string) env('FIREFLY_III_URL') && '' === (string) env('FIREFLY_III_CLIENT_ID') && '' === (string) env('FIREFLY_III_ACCESS_TOKEN')
+        if ('' !== (string) config('importer.url') && '' === (string) config('importer.client_id') && '' === (string) config('importer.access_token')
         ) {
             $URLonly = true;
         }
         $flexible = false;
-        if ('' === (string) env('FIREFLY_III_URL') && '' === (string) env('FIREFLY_III_CLIENT_ID')) {
+        if ('' === (string) config('importer.url') && '' === (string) config('importer.client_id')) {
             $flexible = true;
         }
 
-
         return view('index', compact('pat', 'clientIdWithURL', 'URLonly', 'flexible'));
     }
 
@@ -117,9 +112,9 @@ class IndexController extends Controller
         Artisan::call('cache:clear');
 
         $cookies = [
-            cookie('access_token', ''),
-            cookie('base_url', ''),
-            cookie('refresh_token', ''),
+            SecretManager::saveAccessToken(''),
+            SecretManager::saveBaseUrl(''),
+            SecretManager::saveRefreshToken(''),
             cookie(Constants::FLOW_COOKIE, ''),
         ];
 

app/Http/Controllers/TokenController.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace App\Http\Controllers;
 
 use App\Exceptions\ImporterErrorException;
+use App\Services\Shared\Authentication\SecretManager;
 use GrumpyDictator\FFIIIApiSupport\Exceptions\ApiHttpException;
 use GrumpyDictator\FFIIIApiSupport\Request\SystemInformationRequest;
 use GuzzleHttp\Client;
@@ -62,45 +63,41 @@ class TokenController extends Controller
     {
         $pageTitle = 'Data importer';
         Log::debug(sprintf('Now at %s', __METHOD__));
-        $configToken = (string) config('importer.access_token');
-        $clientId    = (int) config('importer.client_id');
-        $baseURL     = (string) config('importer.url');
-        $vanityURL   = $baseURL;
-        if ('' !== (string) config('importer.vanity_url')) {
-            $vanityURL = config('importer.vanity_url');
-        }
+
+        $accessToken = SecretManager::getAccessToken();
+        $clientId    = SecretManager::getClientId();
+        $baseUrl     = SecretManager::getBaseUrl();
+        $vanityUrl   = SecretManager::getVanityUrl();
 
         Log::info('The following configuration information was found:');
-        Log::info(sprintf('Personal Access Token: "%s" (limited to 25 chars if present)', substr($configToken, 0, 25)));
+        Log::info(sprintf('Personal Access Token: "%s" (limited to 25 chars if present)', substr($accessToken, 0, 25)));
         Log::info(sprintf('Client ID            : "%s"', $clientId));
-        Log::info(sprintf('Base URL             : "%s"', $baseURL));
-        Log::info(sprintf('Vanity URL           : "%s"', $vanityURL));
+        Log::info(sprintf('Base URL             : "%s"', $baseUrl));
+        Log::info(sprintf('Vanity URL           : "%s"', $vanityUrl));
 
         // Option 1: access token and url are present:
-        if ('' !== $configToken && '' !== $baseURL) {
-            Log::debug(sprintf('Found personal access token + URL "%s" in config, set cookie and return to index.', $baseURL));
+        if ('' !== $accessToken && '' !== $baseUrl) {
+            Log::debug(sprintf('Found personal access token + URL "%s" in config, set cookie and return to index.', $baseUrl));
 
-            // set cookies.
             $cookies = [
-                cookie('access_token', $configToken),
-                cookie('base_url', $baseURL),
-                cookie('vanity_url', $vanityURL),
-                cookie('refresh_token', ''),
+                SecretManager::saveAccessToken($accessToken),
+                SecretManager::saveBaseUrl($baseUrl),
+                SecretManager::saveVanityUrl($vanityUrl),
+                SecretManager::saveRefreshToken(''),
             ];
-
             return redirect(route('index'))->withCookies($cookies);
         }
 
         // Option 2: client ID + base URL.
-        if (0 !== $clientId && '' !== $baseURL) {
-            Log::debug(sprintf('Found client ID "%d" + URL "%s" in config, redirect to Firefly III for permission.', $clientId, $baseURL));
-            return $this->redirectForPermission($request, $baseURL, $vanityURL, $clientId);
+        if (0 !== $clientId && '' !== $baseUrl) {
+            Log::debug(sprintf('Found client ID "%d" + URL "%s" in config, redirect to Firefly III for permission.', $clientId, $baseUrl));
+            return $this->redirectForPermission($request, $baseUrl, $vanityUrl, $clientId);
         }
 
         // Option 3: either is empty, ask for client ID and/or base URL:
         $clientId = 0 === $clientId ? '' : $clientId;
 
-        return view('token.client_id', compact('baseURL', 'clientId', 'pageTitle'));
+        return view('token.client_id', compact('baseUrl', 'clientId', 'pageTitle'));
     }
 
     /**
@@ -211,9 +208,11 @@ class TokenController extends Controller
     {
         Log::debug(sprintf('Now at %s', __METHOD__));
         $response = ['result' => 'OK', 'message' => null];
-        $url      = (string) $request->cookie('base_url');
-        $token    = (string) $request->cookie('access_token');
-        $request  = new SystemInformationRequest($url, $token);
+
+        // get values from secret manager:
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
+        $request = new SystemInformationRequest($url, $token);
 
         $request->setVerify(config('importer.connection.verify'));
         $request->setTimeOut(config('importer.connection.timeout'));
@@ -304,10 +303,10 @@ class TokenController extends Controller
 
         // set cookies.
         $cookies = [
-            cookie('access_token', (string) $data['access_token']),
-            cookie('base_url', $baseURL),
-            cookie('vanity_url', $vanityURL),
-            cookie('refresh_token', (string) $data['refresh_token']),
+            SecretManager::saveAccessToken((string) $data['access_token']),
+            SecretManager::saveBaseUrl($baseURL),
+            SecretManager::saveVanityUrl($vanityURL),
+            SecretManager::saveRefreshToken((string) $data['refresh_token']),
         ];
         Log::debug(sprintf('Return redirect with cookies to "%s"', route('index')));
 

app/Http/Middleware/IsReadyForStep.php

@@ -67,7 +67,7 @@ trait IsReadyForStep
      */
     protected function isReadyForStep(Request $request): bool
     {
-        $flow = $request->cookie('flow');
+        $flow = $request->cookie(Constants::FLOW_COOKIE);
         if (null === $flow) {
             Log::debug('isReadyForStep returns true because $flow is null');
             return true;

app/Http/Request/ConfigurationPostRequest.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace App\Http\Request;
 
 
+use App\Services\Session\Constants;
 use Illuminate\Validation\Validator;
 
 /**
@@ -138,7 +139,7 @@ class ConfigurationPostRequest extends Request
         $validator->after(
             function (Validator $validator) {
                 // validate all account info
-                $flow     = request()->cookie('flow');
+                $flow     = request()->cookie(Constants::FLOW_COOKIE);
                 $data     = $validator->getData();
                 $doImport = $data['do_import'] ?? [];
                 if (0 === count($doImport) && 'csv' !== $flow) {

app/Services/CSV/Conversion/Routine/PseudoTransactionProcessor.php

@@ -26,6 +26,7 @@ namespace App\Services\CSV\Conversion\Routine;
 
 use App\Exceptions\ImporterErrorException;
 use App\Services\CSV\Conversion\Task\AbstractTask;
+use App\Services\Shared\Authentication\SecretManager;
 use App\Services\Shared\Conversion\ProgressInformation;
 use App\Support\Token;
 use GrumpyDictator\FFIIIApiSupport\Exceptions\ApiHttpException;
@@ -71,8 +72,8 @@ class PseudoTransactionProcessor
      */
     private function getDefaultAccount(?int $accountId): void
     {
-        $url   = Token::getURL();
-        $token = Token::getAccessToken();
+        $url   = SecretManager::getBaseUrl();
+        $token = SecretManager::getAccessToken();
 
         if (null !== $accountId) {
             $accountRequest = new GetAccountRequest($url, $token);
@@ -95,8 +96,8 @@ class PseudoTransactionProcessor
      */
     private function getDefaultCurrency(): void
     {
-        $url   = Token::getURL();
-        $token = Token::getAccessToken();
+        $url   = SecretManager::getBaseUrl();
+        $token = SecretManager::getAccessToken();
 
         $prefRequest = new GetPreferenceRequest($url, $token);
         $prefRequest->setVerify(config('importer.connection.verify'));

app/Services/CSV/Conversion/Task/Accounts.php

@@ -27,6 +27,7 @@ namespace App\Services\CSV\Conversion\Task;
 
 use App\Exceptions\ImporterErrorException;
 use App\Services\CSV\Conversion\Support\DeterminesTransactionType;
+use App\Services\Shared\Authentication\SecretManager;
 use App\Support\Token;
 use GrumpyDictator\FFIIIApiSupport\Exceptions\ApiException;
 use GrumpyDictator\FFIIIApiSupport\Exceptions\ApiHttpException as GrumpyApiHttpException;
@@ -291,8 +292,8 @@ class Accounts extends AbstractTask
     private function findById(string $value): ?Account
     {
         Log::debug(sprintf('Going to search account with ID "%s"', $value));
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new GetSearchAccountRequest($url, $token);
         $request->setVerify(config('importer.connection.verify'));
         $request->setTimeOut(config('importer.connection.timeout'));
@@ -332,8 +333,8 @@ class Accounts extends AbstractTask
     private function findByIban(string $iban, string $transactionType): ?Account
     {
         Log::debug(sprintf('Going to search account with IBAN "%s"', $iban));
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new GetSearchAccountRequest($url, $token);
         $request->setVerify(config('importer.connection.verify'));
         $request->setTimeOut(config('importer.connection.timeout'));
@@ -401,8 +402,8 @@ class Accounts extends AbstractTask
     private function findByName(string $name): ?Account
     {
         Log::debug(sprintf('Going to search account with name "%s"', $name));
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new GetSearchAccountRequest($url, $token);
         $request->setVerify(config('importer.connection.verify'));
         $request->setTimeOut(config('importer.connection.timeout'));

app/Services/CSV/Mapper/Bills.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace App\Services\CSV\Mapper;
 
 use App\Exceptions\ImporterErrorException;
+use App\Services\Shared\Authentication\SecretManager;
 use App\Support\Token;
 use GrumpyDictator\FFIIIApiSupport\Exceptions\ApiHttpException;
 use GrumpyDictator\FFIIIApiSupport\Model\Bill;
@@ -44,8 +45,8 @@ class Bills implements MapperInterface
     public function getMap(): array
     {
         $result  = [];
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new GetBillsRequest($url, $token);
 
         $request->setVerify(config('importer.connection.verify'));

app/Services/CSV/Mapper/Budgets.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace App\Services\CSV\Mapper;
 
 use App\Exceptions\ImporterErrorException;
+use App\Services\Shared\Authentication\SecretManager;
 use App\Support\Token;
 use GrumpyDictator\FFIIIApiSupport\Exceptions\ApiHttpException;
 use GrumpyDictator\FFIIIApiSupport\Model\Budget;
@@ -46,8 +47,8 @@ class Budgets implements MapperInterface
     public function getMap(): array
     {
         $result  = [];
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new GetBudgetsRequest($url, $token);
 
         $request->setVerify(config('importer.connection.verify'));

app/Services/CSV/Mapper/Categories.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace App\Services\CSV\Mapper;
 
 use App\Exceptions\ImporterErrorException;
+use App\Services\Shared\Authentication\SecretManager;
 use App\Support\Token;
 use GrumpyDictator\FFIIIApiSupport\Exceptions\ApiHttpException;
 use GrumpyDictator\FFIIIApiSupport\Model\Category;
@@ -46,8 +47,8 @@ class Categories implements MapperInterface
     public function getMap(): array
     {
         $result  = [];
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new GetCategoriesRequest($url, $token);
 
         $request->setVerify(config('importer.connection.verify'));

app/Services/CSV/Mapper/GetAccounts.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace App\Services\CSV\Mapper;
 
 use App\Exceptions\ImporterErrorException;
+use App\Services\Shared\Authentication\SecretManager;
 use App\Support\Token;
 use GrumpyDictator\FFIIIApiSupport\Exceptions\ApiHttpException;
 use GrumpyDictator\FFIIIApiSupport\Model\Account;
@@ -48,8 +49,8 @@ trait GetAccounts
     {
         // get list of asset accounts:
         $accounts = [];
-        $url      = Token::getURL();
-        $token    = Token::getAccessToken();
+        $url      = SecretManager::getBaseUrl();
+        $token    = SecretManager::getAccessToken();
         $request  = new GetAccountsRequest($url, $token);
 
         $request->setVerify(config('importer.connection.verify'));
@@ -102,8 +103,8 @@ trait GetAccounts
         // get list of asset accounts:
         $accounts    = [];
         $liabilities = [];
-        $url         = Token::getURL();
-        $token       = Token::getAccessToken();
+        $url         = SecretManager::getBaseUrl();
+        $token       = SecretManager::getAccessToken();
         $request     = new GetAccountsRequest($url, $token);
 
         $request->setType(GetAccountsRequest::ASSET);

app/Services/CSV/Mapper/TransactionCurrencies.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace App\Services\CSV\Mapper;
 
 use App\Exceptions\ImporterErrorException;
+use App\Services\Shared\Authentication\SecretManager;
 use App\Support\Token;
 use GrumpyDictator\FFIIIApiSupport\Exceptions\ApiHttpException;
 use GrumpyDictator\FFIIIApiSupport\Model\TransactionCurrency;
@@ -46,8 +47,8 @@ class TransactionCurrencies implements MapperInterface
     public function getMap(): array
     {
         $result = [];
-        $url    = Token::getURL();
-        $token  = Token::getAccessToken();
+        $url    = SecretManager::getBaseUrl();
+        $token  = SecretManager::getAccessToken();
 
         $request = new GetCurrenciesRequest($url, $token);
         $request->setVerify(config('importer.connection.verify'));

app/Services/Nordigen/Authentication/SecretManager.php

@@ -0,0 +1,29 @@
+<?php
+declare(strict_types=1);
+/*
+ * SecretManager.php
+ * Copyright (c) 2021 james@firefly-iii.org
+ *
+ * This file is part of the Firefly III Data Importer
+ * (https://github.com/firefly-iii/data-importer).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Services\Nordigen\Authentication;
+
+class SecretManager
+{
+
+}

app/Services/Shared/Authentication/SecretManager.php

@@ -0,0 +1,224 @@
+<?php
+declare(strict_types=1);
+/*
+ * SecretManager.php
+ * Copyright (c) 2021 james@firefly-iii.org
+ *
+ * This file is part of the Firefly III Data Importer
+ * (https://github.com/firefly-iii/data-importer).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Services\Shared\Authentication;
+
+
+use Log;
+use Symfony\Component\HttpFoundation\Cookie;
+
+
+/**
+ * Class SecretManager
+ */
+class SecretManager
+{
+    public const ACCESS_TOKEN = 'access_token';
+    public const BASE_URL     = 'base_url';
+    public const VANITY_URL     = 'base_url';
+    public const REFRESH_TOKEN = 'refresh_token';
+
+    /**
+     * Will return true if the session / cookies hold valid secrets (access token, URLs)
+     * @return bool
+     */
+    public static function hasValidSecrets(): bool
+    {
+        Log::debug(__METHOD__);
+        // check for access token cookie. if not, redirect to flow to get it.
+        if (!self::hasAccessToken() && !self::hasRefreshToken() && !self::hasBaseUrl()) {
+            return false;
+        }
+        return true;
+//        $accessToken  = (string) $request->cookie('access_token');
+//        $refreshToken = (string) $request->cookie('refresh_token');
+//        $baseURL      = (string) $request->cookie('base_url');
+//        $vanityURL    = (string) $request->cookie('vanity_url');
+//
+//        Log::debug(sprintf('Base URL   : "%s"', $baseURL));
+//        Log::debug(sprintf('Vanity URL : "%s"', $vanityURL));
+//
+//        if ('' === $accessToken && '' === $refreshToken && '' === $baseURL) {
+//            Log::debug('No access token cookie, redirect to token.index');
+//            return redirect(route('token.index'));
+//        }
+    }
+
+    /**
+     * Will verify if the user has an access token (in a cookie)
+     * TODO is a cookie the best place?
+     *
+     * @return bool
+     */
+    private static function hasAccessToken(): bool
+    {
+        return '' !== (string) request()->cookie(self::ACCESS_TOKEN);
+    }
+
+    /**
+     * Will verify if the user has an refresh token (in a cookie)
+     * TODO is a cookie the best place?
+     *
+     * @see self::hasAccessToken
+     */
+    private static function hasRefreshToken(): bool
+    {
+        return '' !== (string) request()->cookie(self::REFRESH_TOKEN);
+    }
+
+    /**
+     * Will verify if the user has an base URL defined (in a cookie)
+     * TODO is a cookie the best place?
+     * @return bool
+     */
+    private static function hasBaseUrl(): bool
+    {
+        return '' !== (string) request()->cookie(self::BASE_URL);
+    }
+
+    /**
+     * Will verify if the user has an client ID defined (in a cookie)
+     * TODO is a cookie the best place?
+     *
+     * @return bool
+     */
+    private static function hasClientId(): bool
+    {
+        return '' !== (string) request()->cookie('client_id');
+    }
+
+    /**
+     * Will verify if the user has a vanity URL defined (in a cookie)
+     * TODO is a cookie the best place?
+     *
+     * @return bool
+     */
+    private static function hasVanityUrl(): bool
+    {
+        return '' !== (string) request()->cookie(self::VANITY_URL);
+    }
+
+    /**
+     * Will return the access token. From a cookie if its there, otherwise from configuration.
+     *
+     * @return string
+     */
+    public static function getAccessToken(): string
+    {
+        if (!self::hasAccessToken()) {
+            Log::debug('No access token in hasAccessToken(), will return config variable.');
+            return (string) config('importer.access_token');
+        }
+        return request()->cookie(self::ACCESS_TOKEN);
+    }
+
+    /**
+     * Will return the client ID. From a cookie if its there, otherwise from configuration.
+     *
+     * @return int
+     */
+    public static function getClientId(): int
+    {
+        if (!self::hasClientId()) {
+            Log::debug('No client id in hasClientId(), will return config variable.');
+            return (int) config('importer.client_id');
+        }
+        return (int) request()->cookie('client_id');
+    }
+
+    /**
+     * @return string
+     */
+    public static function getBaseUrl(): string
+    {
+        if (!self::hasBaseUrl()) {
+            Log::debug('No base url in getBaseUrl(), will return config variable.');
+            return (string) config('importer.url');
+        }
+        return (string) request()->cookie(self::BASE_URL);
+    }
+
+    /**
+     * @return string
+     */
+    public static function getVanityUrl(): string
+    {
+        if (!self::hasVanityUrl()) {
+            Log::debug('No vanity url in getVanityUrl(), will return config variable.');
+            if ('' === (string) config('importer.vanity_url')) {
+                return (string) config('importer.url');
+            }
+            return (string) config('importer.vanity_url');
+        }
+        return (string) request()->cookie(self::VANITY_URL);
+    }
+
+    /**
+     * Store access token in a cookie.
+     * TODO is a cookie the best place?
+     *
+     * @param string $token
+     * @return Cookie
+     */
+    public static function saveAccessToken(string $token): Cookie
+    {
+        return cookie(self::ACCESS_TOKEN, $token);
+    }
+
+    /**
+     * Store access token in a cookie.
+     * TODO is a cookie the best place?
+     *
+     * @param string $token
+     * @return Cookie
+     */
+    public static function saveRefreshToken(string $token): Cookie
+    {
+        return cookie(self::REFRESH_TOKEN, $token);
+    }
+
+    /**
+     * Store access token in a cookie.
+     * TODO is a cookie the best place?
+     *
+     * @param string $url
+     * @return Cookie
+     */
+    public static function saveBaseUrl(string $url): Cookie
+    {
+        return cookie(self::BASE_URL, $url);
+    }
+
+    /**
+     * Store access token in a cookie.
+     * TODO is a cookie the best place?
+     *
+     * @param string $url
+     * @return Cookie
+     */
+    public static function saveVanityUrl(string $url): Cookie
+    {
+        return cookie(self::VANITY_URL, $url);
+    }
+
+}

app/Services/Shared/Authentication/TokenManager.php

@@ -0,0 +1,34 @@
+<?php
+declare(strict_types=1);
+/*
+ * TokenManager.php
+ * Copyright (c) 2021 james@firefly-iii.org
+ *
+ * This file is part of the Firefly III Data Importer
+ * (https://github.com/firefly-iii/data-importer).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Services\Shared\Authentication;
+
+/**
+ * Firefly III access token manager.
+ *
+ * Class TokenManager
+ */
+class TokenManager
+{
+
+}

app/Services/Shared/Configuration/Configuration.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /*
  * Configuration.php
  * Copyright (c) 2021 james@firefly-iii.org

app/Services/Shared/Import/Routine/ApiSubmitter.php

@@ -27,6 +27,7 @@ declare(strict_types=1);
 namespace App\Services\Shared\Import\Routine;
 
 use App\Exceptions\ImporterErrorException;
+use App\Services\Shared\Authentication\SecretManager;
 use App\Services\Shared\Configuration\Configuration;
 use App\Services\Shared\Import\Status\ProgressInformation;
 use App\Support\Token;
@@ -105,8 +106,8 @@ class ApiSubmitter
 
             return;
         }
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new PostTagRequest($url, $token);
         $request->setVerify(config('importer.connection.verify'));
         $request->setTimeOut(config('importer.connection.timeout'));
@@ -201,8 +202,8 @@ class ApiSubmitter
 
         Log::debug(sprintf('Going to search for %s:%s using query %s', $field, $value, $query));
 
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new GetSearchTransactionsRequest($url, $token);
         $request->setQuery($query);
         try {
@@ -232,8 +233,8 @@ class ApiSubmitter
     {
         $line    = $this->replaceMappings($line);
         $return  = [];
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new PostTransactionRequest($url, $token);
         $request->setVerify(config('importer.connection.verify'));
         $request->setTimeOut(config('importer.connection.timeout'));
@@ -431,8 +432,8 @@ class ApiSubmitter
                     'tags'                   => $currentTags,
                 ];
         }
-        $url     = Token::getURL();
-        $token   = Token::getAccessToken();
+        $url     = SecretManager::getBaseUrl();
+        $token   = SecretManager::getAccessToken();
         $request = new PutTransactionRequest($url, $token, $groupId);
         $request->setVerify(config('importer.connection.verify'));
         $request->setTimeOut(config('importer.connection.timeout'));

app/Services/Spectre/Authentication/SecretManager.php

@@ -0,0 +1,29 @@
+<?php
+declare(strict_types=1);
+/*
+ * SecretManager.php
+ * Copyright (c) 2021 james@firefly-iii.org
+ *
+ * This file is part of the Firefly III Data Importer
+ * (https://github.com/firefly-iii/data-importer).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Services\Spectre\Authentication;
+
+class SecretManager
+{
+
+}

app/Support/Http/RestoresConfiguration.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /*
  * RestoresConfiguration.php
  * Copyright (c) 2021 james@firefly-iii.org