From 471bcdd29f273527e98e5801e01d5941c7707b0e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 13 Nov 2015 02:11:47 +0100
Subject: [PATCH] Remove hard coded list of permissions.

---
 htdocs/admin/oauth.php                        |  9 +++---
 ...hcallback.php => google_oauthcallback.php} | 24 ++++++++++++----
 .../modules/printing/printgcp.modules.php     | 14 ++++++----
 htdocs/langs/en_US/oauth.lang                 |  7 +++--
 htdocs/langs/en_US/printing.lang              |  4 +--
 htdocs/printing/admin/printing.php            | 28 ++++++++-----------
 htdocs/printing/lib/printing.lib.php          |  4 +--
 7 files changed, 50 insertions(+), 40 deletions(-)
 rename htdocs/core/modules/oauth/{getgoogleoauthcallback.php => google_oauthcallback.php} (85%)

diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php
index 66878753b46..2adf79a6174 100644
--- a/htdocs/admin/oauth.php
+++ b/htdocs/admin/oauth.php
@@ -43,8 +43,9 @@ if (!$user->admin)
 
 $action = GETPOST('action', 'alpha');
 
-// Supported OAUTH
-$supportedoauth2array=array('OAUTH_GOOGLE_NAME');
+// Supported OAUTH (a provider is supported when a file xxx_oauth2callback.php is available into htdocs/core/modules/oauth)
+$supportedoauth2array=array('OAUTH_GOOGLE_NAME'=>'google');
+
 // API access parameters OAUTH
 $list = array (
             array(
@@ -315,7 +316,7 @@ $var = true;
 foreach ($list as $key)
 {
     $supported=0;
-    if (in_array($key[0], $supportedoauth2array)) $supported=1;
+    if (in_array($key[0], array_keys($supportedoauth2array))) $supported=1;
     if (! $supported) continue;     // show only supported
         
     print '<tr class="liste_titre">';
@@ -325,7 +326,7 @@ foreach ($list as $key)
 
     if ($supported)
     {
-        $redirect_uri=$urlwithroot.'/core/modules/oauth/getgoogleoauthcallback.php';
+        $redirect_uri=$urlwithroot.'/core/modules/oauth/'.$supportedoauth2array[$key[0]].'_oauthcallback.php';
         $var = !$var;
         print '<tr '.$bc[$var].' class="value">';
         print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
diff --git a/htdocs/core/modules/oauth/getgoogleoauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php
similarity index 85%
rename from htdocs/core/modules/oauth/getgoogleoauthcallback.php
rename to htdocs/core/modules/oauth/google_oauthcallback.php
index e159198314c..43232ed92f2 100644
--- a/htdocs/core/modules/oauth/getgoogleoauthcallback.php
+++ b/htdocs/core/modules/oauth/google_oauthcallback.php
@@ -24,10 +24,8 @@
 
 require '../../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php';
-use OAuth\Common\Storage\Session;
 use OAuth\Common\Storage\DoliStorage;
 use OAuth\Common\Consumer\Credentials;
-use OAuth\Common\Token\TokenInterface;
 use OAuth\OAuth2\Service\Google;
 
 // Define $urlwithroot
@@ -72,11 +70,18 @@ $credentials = new Credentials(
     $currentUri->getAbsoluteUri()
 );
 
+$requestedpermissionsarray=array();
+if (GETPOST('state')) $requestedpermissionsarray=explode(',', GETPOST('state'));       // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to retrieve some parameters back
+if ($action != 'delete' && empty($requestedpermissionsarray))
+{
+    print 'Error, parameter state is not defined';
+    exit;
+}
+//var_dump($requestedpermissionsarray);exit;
 
 // Instantiate the Api service using the credentials, http client and storage mechanism for the token
 /** @var $apiService Service */
-// TODO remove hardcoded array
-$apiService = $serviceFactory->createService('Google', $credentials, $storage, array('userinfo_email', 'userinfo_profile', 'cloud_print'));
+$apiService = $serviceFactory->createService('Google', $credentials, $storage, $requestedpermissionsarray);
 
 // access type needed for google refresh token
 $apiService->setAccessType('offline');
@@ -129,11 +134,18 @@ if (! empty($_GET['code']))     // We are coming from Google oauth page
     header('Location: ' . $backtourl);
     exit();
 }
-else 
+else // If entry on page with no parameter, we arrive here
 {
     $_SESSION["backtourlsavedbeforeoauthjump"]=$backtourl;
     
-    $url = $apiService->getAuthorizationUri();
+    if (GETPOST('state'))
+    {
+        $url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state')));
+    }
+    else
+    {
+        $url = $apiService->getAuthorizationUri();      // Parameter state will be randomly generated
+    }
     // we go on google authorization page
     header('Location: ' . $url);
     exit();
diff --git a/htdocs/core/modules/printing/printgcp.modules.php b/htdocs/core/modules/printing/printgcp.modules.php
index aab1ae13bb6..7c6e965f778 100644
--- a/htdocs/core/modules/printing/printgcp.modules.php
+++ b/htdocs/core/modules/printing/printgcp.modules.php
@@ -113,18 +113,20 @@ class printing_printgcp extends PrintingDriver
          
             if ($this->google_id != '' && $this->google_secret != '') {
                 $this->conf[] = array('varname'=>'PRINTGCP_INFO', 'info'=>'GoogleAuthConfigured', 'type'=>'info');
-                $this->conf[] = array('varname'=>'PRINTGCP_TOKEN_ACCESS', 'info'=>$access, 'type'=>'info');
+                $this->conf[] = array('varname'=>'PRINTGCP_TOKEN_ACCESS', 'info'=>$access, 'type'=>'info', 'renew'=>$urlwithroot.'/core/modules/oauth/getgoogleoauthcallback.php?state=userinfo_email,userinfo_profile,cloud_print&backtourl='.urlencode(DOL_URL_ROOT.'/printing/admin/printing.php?mode=setup&driver=printgcp'), 'delete'=>($storage->hasAccessToken('Google')?$urlwithroot.'/core/modules/oauth/getgoogleoauthcallback.php?action=delete&backtourl='.urlencode(DOL_URL_ROOT.'/printing/admin/printing.php?mode=setup&driver=printgcp'):''));
                 if ($token_ok) {
                     $refreshtoken = $token->getRefreshToken();
-                    $this->conf[] = array('varname'=>'PRINTGCP_TOKEN_REFRESH', 'info'=>((! empty($refreshtoken))?'Yes':'No'), 'type'=>'info');
-                    $this->conf[] = array('varname'=>'PRINTGCP_TOKEN_EXPIRED', 'info'=>($expire?'Yes':'No'), 'type'=>'info');
+                    $this->conf[] = array('varname'=>'PRINTGCP_TOKEN_REFRESH',   'info'=>((! empty($refreshtoken))?'Yes':'No'), 'type'=>'info');
+                    $this->conf[] = array('varname'=>'PRINTGCP_TOKEN_EXPIRED',   'info'=>($expire?'Yes':'No'), 'type'=>'info');
                     $this->conf[] = array('varname'=>'PRINTGCP_TOKEN_EXPIRE_AT', 'info'=>(dol_print_date($token->getEndOfLife(), "dayhour")), 'type'=>'info');
                 }
-                if (!$storage->hasAccessToken('Google')) {
+                /*
+                if ($storage->hasAccessToken('Google')) {
                     $this->conf[] = array('varname'=>'PRINTGCP_AUTHLINK', 'link'=>$urlwithroot.'/core/modules/oauth/getgoogleoauthcallback.php?backtourl='.urlencode(DOL_URL_ROOT.'/printing/admin/printing.php?mode=setup&driver=printgcp'), 'type'=>'authlink');
-                } else {
                     $this->conf[] = array('varname'=>'PRINTGCP_DELETE_TOKEN', 'link'=>$urlwithroot.'/core/modules/oauth/getgoogleoauthcallback.php?action=delete&backtourl='.urlencode(DOL_URL_ROOT.'/printing/admin/printing.php?mode=setup&driver=printgcp'), 'type'=>'delete');
-                }
+                } else {
+                    $this->conf[] = array('varname'=>'PRINTGCP_AUTHLINK', 'link'=>$urlwithroot.'/core/modules/oauth/getgoogleoauthcallback.php?backtourl='.urlencode(DOL_URL_ROOT.'/printing/admin/printing.php?mode=setup&driver=printgcp'), 'type'=>'authlink');
+                }*/
             } else {
                 $this->conf[] = array('varname'=>'PRINTGCP_INFO', 'info'=>'GoogleAuthNotConfigured', 'type'=>'info');
             }
diff --git a/htdocs/langs/en_US/oauth.lang b/htdocs/langs/en_US/oauth.lang
index 4567af2a0b6..b902ff27098 100644
--- a/htdocs/langs/en_US/oauth.lang
+++ b/htdocs/langs/en_US/oauth.lang
@@ -1,9 +1,12 @@
 # Dolibarr language file - Source file is en_US - oauth
 ConfigOAuth=Oauth Configuration
-NoAccessToken=No token access saved.
-HasAccessToken=A token was generated and saved into database
+NoAccessToken=No access token saved into local database
+HasAccessToken=A token was generated and saved into local database
 NewTokenStored=Token received ans saved
+ToCheckDeleteTokenOnProvider=To check/delete authorization saved by %s OAuth provider
 TokenDeleted=Token deleted
+RequestAccess=Click here to request/renew access and receive a new token to save
+DeleteAccess=Click here to delete token
 UseTheFollowingUrlAsRedirectURI=Use the following URL as the Redirect URI when creating your credential on your OAuth provider:
 ListOfSupportedOauthProviders=Enter here credential provided by your OAuth2 provider. Only supported OAuth2 providers are visible here. This setup may be used by other modules than need OAuth2 authentication.
 OAUTH_AMAZON_NAME=Api Amazon
diff --git a/htdocs/langs/en_US/printing.lang b/htdocs/langs/en_US/printing.lang
index ab70ca671d7..427b4973e80 100644
--- a/htdocs/langs/en_US/printing.lang
+++ b/htdocs/langs/en_US/printing.lang
@@ -18,15 +18,13 @@ TestDriver=Test
 TargetedPrinter=Targeted printer
 UserConf=Setup per user
 PRINTGCP=Google Cloud Print
-PRINTGCP_INFO=Google Api State
+PRINTGCP_INFO=Google OAuth API setup
 PRINTGCP_AUTHLINK=Authentication
 PRINTGCP_TOKEN_ACCESS=Google Cloud Print OAuth Token
 PRINTGCP_TOKEN_REFRESH=Token Refresh Present
 PRINTGCP_TOKEN_EXPIRED=Token Expired
 PRINTGCP_TOKEN_EXPIRE_AT=Token expire at
 PRINTGCP_DELETE_TOKEN=Delete saved token
-RequestAccess=Click here to request access and receive a token to save
-DeleteAccess=Click here to delete token
 PrintGCPDesc=This driver allow to send documents directly to a printer with Google Cloud Print.
 PrintingDriverDescprintgcp=Configuration variables for printing driver Google Cloud Print.
 PrintTestDescprintgcp=List of Printers for Google Cloud Print.
diff --git a/htdocs/printing/admin/printing.php b/htdocs/printing/admin/printing.php
index ce87a5c7178..ea051113faa 100644
--- a/htdocs/printing/admin/printing.php
+++ b/htdocs/printing/admin/printing.php
@@ -45,6 +45,7 @@ if (! empty($driver)) $langs->load($driver);
 
 if (!$mode) $mode='config';
 
+
 /*
  * Action
  */
@@ -155,25 +156,18 @@ if ($mode == 'setup' && $user->admin)
                     print '<td>&nbsp;'.($key['example']!=''?$langs->trans("Example").' : '.$key['example']:'').'</td>';
                     print '</tr>'."\n";
                     break;
-                case "authlink":
-                    print '<tr '.$bc[$var].'>';
-                    print '<td>'.$langs->trans($key['varname']).'</td>';
-                    print '<td><a class="button" href="'.$key['link'].'">'.$langs->trans('RequestAccess').'</a></td>';
-                    print '<td>&nbsp;</td>';
-                    print '</tr>'."\n";
-                    break;
-                case "delete":
-                    print '<tr '.$bc[$var].'>';
-                    print '<td>'.$langs->trans($key['varname']).'</td>';
-                    print '<td><a class="button" href="'.$key['link'].'">'.$langs->trans('DeleteAccess').'</a></td>';
-                    print '<td>&nbsp;</td>';
-                    print '</tr>'."\n";
-                    break;
-                case "info":
+                case "info":    // Google Api setup or Google OAuth Token
                     print '<tr '.$bc[$var].'>';
                     print '<td'.($key['required']?' class=required':'').'>'.$langs->trans($key['varname']).'</td>';
                     print '<td>'.$langs->trans($key['info']).'</td>';
-                    print '<td>&nbsp;</td>';
+                    print '<td>';
+                    if ($key['varname'] == 'PRINTGCP_TOKEN_ACCESS')
+                    {
+                        if (! empty($key['delete'])) print '<a class="button" href="'.$key['delete'].'">'.$langs->trans('DeleteAccess').'</a><br><br>';
+                        print '<a class="button" href="'.$key['renew'].'">'.$langs->trans('RequestAccess').'</a><br><br>';
+                        print $langs->trans("ToCheckDeleteTokenOnProvider", 'Google').': <a href="https://security.google.com/settings/security/permissions" target="_google">https://security.google.com/settings/security/permissions</a>';
+                    }
+                    print '</td>';
                     print '</tr>'."\n";
                     break;
                 case "submit":
@@ -225,7 +219,7 @@ if ($mode == 'config' && $user->admin)
         //print '<pre>'.print_r($printer, true).'</pre>';
         $var=!$var;
         print '<tr '.$bc[$var].'>';
-        print '<td>'.img_picto('', $printer->picto).$langs->trans($printer->desc).'</td>';
+        print '<td>'.img_picto('', $printer->picto).' '.$langs->trans($printer->desc).'</td>';
         print '<td class="center">';
         if (! empty($conf->use_javascript_ajax))
         {
diff --git a/htdocs/printing/lib/printing.lib.php b/htdocs/printing/lib/printing.lib.php
index 59e2e1e0048..697e986cd56 100644
--- a/htdocs/printing/lib/printing.lib.php
+++ b/htdocs/printing/lib/printing.lib.php
@@ -43,7 +43,7 @@ function printingadmin_prepare_head($mode)
 
     if ($mode == 'setup')
     {
-	    $head[$h][0] = DOL_URL_ROOT."/printing/admin/printing.php?mode=setup";
+	    $head[$h][0] = DOL_URL_ROOT."/printing/admin/printing.php?mode=setup&driver=".GETPOST('driver','alpha');
 	    $head[$h][1] = $langs->trans("SetupDriver");
 	    $head[$h][2] = 'setup';
 	    $h++;
@@ -51,7 +51,7 @@ function printingadmin_prepare_head($mode)
 
     if ($mode == 'test')
     {
-	    $head[$h][0] = DOL_URL_ROOT."/printing/admin/printing.php?mode=test";
+	    $head[$h][0] = DOL_URL_ROOT."/printing/admin/printing.php?mode=test&driver=".GETPOST('driver','alpha');
 	    $head[$h][1] = $langs->trans("TargetedPrinter");
 	    $head[$h][2] = 'test';
 	    $h++;