';
print '| ';
print img_picto('', $supportedoauth2array[$keyforsupportedoauth2array]['picto'], 'class="pictofixedwidth"');
- print $langs->trans($keyforsupportedoauth2array);
+ if ($label == $keyforsupportedoauth2array) {
+ print $supportedoauth2array[$keyforsupportedoauth2array]['name'];
+ } else {
+ print $label;
+ }
if ($keyforprovider) {
print ' ('.$keyforprovider.')';
} else {
@@ -292,7 +298,8 @@ if ($mode == 'setup' && $user->admin) {
print '';
print ' | ';
if (is_object($tokenobj)) {
- print $langs->trans("HasAccessToken");
+ // TODO Read in database to get the date of creation of token
+ print $form->textwithpicto(yn(1), $langs->trans("HasAccessToken").' : ');
} else {
print ''.$langs->trans("NoAccessToken").'';
}
@@ -305,7 +312,9 @@ if ($mode == 'setup' && $user->admin) {
}
// Request remote token
if ($urltorenew) {
- print ''.$langs->trans('RequestAccess').'
';
+ print ''.$langs->trans('GetAccess').'';
+ print $form->textwithpicto('', $langs->trans('RequestAccess'));
+ print '
';
}
// Check remote access
if ($urltocheckperms) {
@@ -378,8 +387,8 @@ if ($mode == 'setup' && $user->admin) {
}
}
-
print '';
+ print '
';
}
}
diff --git a/htdocs/core/lib/oauth.lib.php b/htdocs/core/lib/oauth.lib.php
index f99266db178..bacd8135739 100644
--- a/htdocs/core/lib/oauth.lib.php
+++ b/htdocs/core/lib/oauth.lib.php
@@ -23,16 +23,30 @@
*/
+$shortscopegoogle = 'userinfo_email,userinfo_profile';
+$shortscopegoogle .= ',openid,email,profile'; // For openid connect
+if (!empty($conf->printing->enabled)) {
+ $shortscopegoogle .= ',cloud_print';
+}
+if (!empty($conf->global->OAUTH_GOOGLE_GSUITE)) {
+ $shortscopegoogle .= ',admin_directory_user';
+}
+if (!empty($conf->global->OAUTH_GOOGLE_GMAIL)) {
+ $shortscopegoogle.=',gmail_full';
+}
+
// Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth)
$supportedoauth2array = array(
- 'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/'),
+ 'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'defaultscope'=>$shortscopegoogle),
);
if (!empty($conf->stripe->enabled)) {
- $supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'');
- $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'');
+ $supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
+ $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
+}
+$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'defaultscope'=>'user,public_repo');
+if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) {
+ $supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'defaultscope'=>'ToComplete');
}
-$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers');
-
// API access parameters OAUTH
@@ -259,6 +273,11 @@ $list = array(
'OAUTH_YAMMER_ID',
'OAUTH_YAMMER_SECRET',
),
+ array(
+ 'OAUTH_OTHER_NAME',
+ 'OAUTH_OTHER_ID',
+ 'OAUTH_OTHER_SECRET',
+ ),
);
diff --git a/htdocs/core/modules/oauth/generic_oauthcallback.php b/htdocs/core/modules/oauth/generic_oauthcallback.php
new file mode 100644
index 00000000000..9d66bb07302
--- /dev/null
+++ b/htdocs/core/modules/oauth/generic_oauthcallback.php
@@ -0,0 +1,193 @@
+
+ * Copyright (C) 2015 Frederic France
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+/**
+ * \file htdocs/core/modules/oauth/generic_oauthcallback.php
+ * \ingroup oauth
+ * \brief Page to get oauth callback
+ */
+
+require '../../../main.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php';
+use OAuth\Common\Storage\DoliStorage;
+use OAuth\Common\Consumer\Credentials;
+use OAuth\OAuth2\Service\GitHub;
+
+// Define $urlwithroot
+$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
+$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
+//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
+
+
+$action = GETPOST('action', 'aZ09');
+$backtourl = GETPOST('backtourl', 'alpha');
+$keyforprovider = GETPOST('keyforprovider', 'aZ09');
+if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) {
+ $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"];
+}
+$genericstring = 'OTHER';
+
+
+/**
+ * Create a new instance of the URI class with the current URI, stripping the query string
+ */
+$uriFactory = new \OAuth\Common\Http\Uri\UriFactory();
+//$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);
+//$currentUri->setQuery('');
+$currentUri = $uriFactory->createFromAbsolute($urlwithroot.'/core/modules/oauth/generic_oauthcallback.php');
+
+
+/**
+ * Load the credential for the service
+ */
+
+/** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */
+$serviceFactory = new \OAuth\ServiceFactory();
+$httpClient = new \OAuth\Common\Http\Client\CurlClient();
+// TODO Set options for proxy and timeout
+// $params=array('CURLXXX'=>value, ...)
+//$httpClient->setCurlParameters($params);
+$serviceFactory->setHttpClient($httpClient);
+
+// Dolibarr storage
+$storage = new DoliStorage($db, $conf);
+
+// Setup the credentials for the requests
+$keyforparamid = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_ID';
+$keyforparamsecret = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET';
+$credentials = new Credentials(
+ getDolGlobalString($keyforparamid),
+ getDolGlobalString($keyforparamsecret),
+ $currentUri->getAbsoluteUri()
+);
+
+$requestedpermissionsarray = array();
+if (GETPOST('state')) {
+ $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back
+}
+if ($action != 'delete' && empty($requestedpermissionsarray)) {
+ print 'Error, parameter state is not defined';
+ exit;
+}
+//var_dump($requestedpermissionsarray);exit;
+
+// Instantiate the Api service using the credentials, http client and storage mechanism for the token
+$apiService = $serviceFactory->createService($genericstring, $credentials, $storage, $requestedpermissionsarray);
+
+/*
+var_dump($genericstring.($keyforprovider ? '-'.$keyforprovider : ''));
+var_dump($credentials);
+var_dump($storage);
+var_dump($requestedpermissionsarray);
+*/
+
+if (empty($apiService)) {
+ print 'Error, failed to create serviceFactory';
+ exit;
+}
+
+// access type needed to have oauth provider refreshing token
+//$apiService->setAccessType('offline');
+
+$langs->load("oauth");
+
+if (!getDolGlobalString($keyforparamid)) {
+ accessforbidden('Setup of service is not complete. Customer ID is missing');
+}
+if (!getDolGlobalString($keyforparamsecret)) {
+ accessforbidden('Setup of service is not complete. Secret key is missing');
+}
+
+
+/*
+ * Actions
+ */
+
+if ($action == 'delete') {
+ $storage->clearToken($genericstring);
+
+ setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs');
+
+ header('Location: '.$backtourl);
+ exit();
+}
+
+if (GETPOST('code')) { // We are coming from oauth provider page
+ // We should have
+ //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16))
+
+ dol_syslog("We are coming from the oauth provider page");
+ //llxHeader('',$langs->trans("OAuthSetup"));
+
+ //$linkback=''.$langs->trans("BackToModuleList").'';
+ //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup');
+
+ //print dol_get_fiche_head();
+ // retrieve the CSRF state parameter
+ $state = GETPOSTISSET('state') ? GETPOST('state') : null;
+ //print '';
+
+ // This was a callback request from service, get the token
+ try {
+ //var_dump($_GET['code']);
+ //var_dump($state);
+ //var_dump($apiService); // OAuth\OAuth2\Service\GitHub
+
+ //$token = $apiService->requestAccessToken(GETPOST('code'), $state);
+ $token = $apiService->requestAccessToken(GETPOST('code'));
+ // Github is a service that does not need state to be stored.
+ // Into constructor of GitHub, the call
+ // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri)
+ // has not the ending parameter to true like the Google class constructor.
+
+ setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token
+
+ $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"];
+ unset($_SESSION["backtourlsavedbeforeoauthjump"]);
+
+ header('Location: '.$backtourl);
+ exit();
+ } catch (Exception $e) {
+ print $e->getMessage();
+ }
+} else { // If entry on page with no parameter, we arrive here
+ $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl;
+ $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider;
+ $_SESSION['oauthstateanticsrf'] = $state;
+
+ // This may create record into oauth_state before the header redirect.
+ // Creation of record with state in this tables depend on the Provider used (see its constructor).
+ if (GETPOST('state')) {
+ $url = $apiService->getAuthorizationUri(array('state' => GETPOST('state')));
+ } else {
+ $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated
+ }
+
+ // we go on oauth provider authorization page
+ header('Location: '.$url);
+ exit();
+}
+
+
+/*
+ * View
+ */
+
+// No view at all, just actions
+
+$db->close();
diff --git a/htdocs/core/modules/oauth/github_oauthcallback.php b/htdocs/core/modules/oauth/github_oauthcallback.php
index 5c24e23aafa..f496c42d0ac 100644
--- a/htdocs/core/modules/oauth/github_oauthcallback.php
+++ b/htdocs/core/modules/oauth/github_oauthcallback.php
@@ -1,5 +1,5 @@
* Copyright (C) 2015 Frederic France
*
* This program is free software; you can redistribute it and/or modify
@@ -86,7 +86,7 @@ if ($action != 'delete' && empty($requestedpermissionsarray)) {
//var_dump($requestedpermissionsarray);exit;
// Instantiate the Api service using the credentials, http client and storage mechanism for the token
-$apiService = $serviceFactory->createService('GitHub'.($keyforprovider ? '-'.$keyforprovider : ''), $credentials, $storage, $requestedpermissionsarray);
+$apiService = $serviceFactory->createService('GitHub', $credentials, $storage, $requestedpermissionsarray);
// access type needed to have oauth provider refreshing token
//$apiService->setAccessType('offline');
diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php
index 2812c4f7163..9208a6110a9 100644
--- a/htdocs/core/modules/oauth/google_oauthcallback.php
+++ b/htdocs/core/modules/oauth/google_oauthcallback.php
@@ -1,5 +1,5 @@
* Copyright (C) 2015 Frederic France
*
* This program is free software; you can redistribute it and/or modify
diff --git a/htdocs/core/modules/oauth/stripelive_oauthcallback.php b/htdocs/core/modules/oauth/stripelive_oauthcallback.php
index bf9656df783..f24921faf83 100644
--- a/htdocs/core/modules/oauth/stripelive_oauthcallback.php
+++ b/htdocs/core/modules/oauth/stripelive_oauthcallback.php
@@ -1,5 +1,5 @@
* Copyright (C) 2019 Thibault FOUCART
*
* This program is free software; you can redistribute it and/or modify
diff --git a/htdocs/core/modules/oauth/stripetest_oauthcallback.php b/htdocs/core/modules/oauth/stripetest_oauthcallback.php
index 64d55fba760..b41b579857e 100644
--- a/htdocs/core/modules/oauth/stripetest_oauthcallback.php
+++ b/htdocs/core/modules/oauth/stripetest_oauthcallback.php
@@ -1,5 +1,5 @@
* Copyright (C) 2015 Frederic France
*
* This program is free software; you can redistribute it and/or modify
diff --git a/htdocs/langs/en_US/oauth.lang b/htdocs/langs/en_US/oauth.lang
index 08f7956f455..b7f7c0c2c1a 100644
--- a/htdocs/langs/en_US/oauth.lang
+++ b/htdocs/langs/en_US/oauth.lang
@@ -9,8 +9,9 @@ HasAccessToken=A token was generated and saved into local database
NewTokenStored=Token received and saved
ToCheckDeleteTokenOnProvider=Click here to check/delete authorization saved by %s OAuth provider
TokenDeleted=Token deleted
+GetAccess=Click here to get a token
RequestAccess=Click here to request/renew access and receive a new token
-DeleteAccess=Click here to delete token
+DeleteAccess=Click here to delete the token
UseTheFollowingUrlAsRedirectURI=Use the following URL as the Redirect URI when creating your credentials with your OAuth provider:
ListOfSupportedOauthProviders=Add your OAuth2 token providers. Then, go on your OAuth provider admin page to create/get an OAuth ID and Secret and save them here. Once done, switch on the other tab to generate your token.
OAuthSetupForLogin=Page to manage (generate/delete) OAuth tokens
@@ -33,4 +34,6 @@ OAUTH_STRIPE_LIVE_NAME=OAuth Stripe Live
OAUTH_ID=OAuth ID
OAUTH_SECRET=OAuth secret
OAuthProviderAdded=OAuth provider added
-AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists
\ No newline at end of file
+AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists
+URLOfServiceForAuthorization=URL provided by OAuth service for authentication
+Scopes=Scopes
\ No newline at end of file
|