From 4a9c9a97e503b8e846f1c19352718bc47003c15e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 4 Aug 2022 15:58:00 +0200 Subject: [PATCH] WIP Implement a generic handler for OAuth. --- htdocs/admin/oauth.php | 61 +++++- htdocs/admin/oauthlogintokens.php | 71 ++++--- htdocs/core/lib/oauth.lib.php | 29 ++- .../modules/oauth/generic_oauthcallback.php | 193 ++++++++++++++++++ .../modules/oauth/github_oauthcallback.php | 4 +- .../modules/oauth/google_oauthcallback.php | 2 +- .../oauth/stripelive_oauthcallback.php | 2 +- .../oauth/stripetest_oauthcallback.php | 2 +- htdocs/langs/en_US/oauth.lang | 7 +- 9 files changed, 320 insertions(+), 51 deletions(-) create mode 100644 htdocs/core/modules/oauth/generic_oauthcallback.php diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php index 772055f0809..ade561c4ef1 100644 --- a/htdocs/admin/oauth.php +++ b/htdocs/admin/oauth.php @@ -62,7 +62,7 @@ if ($action == 'add') { // $provider is OAUTH_XXX setEventMessages($langs->trans("AOAuthEntryForThisProviderAndLabelAlreadyHasAKey"), null, 'errors'); $error++; } else { - dolibarr_set_const($db, $constname, 'ToComplete', 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, $constname, $langs->trans('ToComplete'), 'chaine', 0, '', $conf->entity); setEventMessages($langs->trans("OAuthProviderAdded"), null); } } @@ -78,6 +78,16 @@ if ($action == 'update') { if (!dolibarr_set_const($db, $constvalue.'_SECRET', GETPOST($constvalue.'_ID') ? GETPOST($constvalue.'_SECRET') : '', 'chaine', 0, '', $conf->entity)) { $error++; } + if (GETPOSTISSET($constvalue.'_URLAUTHORIZE')) { + if (!dolibarr_set_const($db, $constvalue.'_URLAUTHORIZE', GETPOST($constvalue.'_URLAUTHORIZE'), 'chaine', 0, '', $conf->entity)) { + $error++; + } + } + if (GETPOSTISSET($constvalue.'_SCOPE')) { + if (!dolibarr_set_const($db, $constvalue.'_SCOPE', GETPOST($constvalue.'_SCOPE'), 'chaine', 0, '', $conf->entity)) { + $error++; + } + } } } @@ -147,11 +157,17 @@ print ''; $i = 0; -//var_dump($list); +// Define $listinsetup foreach ($conf->global as $key => $val) { if (!empty($val) && preg_match('/^OAUTH_.*_ID$/', $key)) { $provider = preg_replace('/_ID$/', '', $key); - $listinsetup[] = array($provider.'_NAME', $provider.'_ID', $provider.'_SECRET', 'OAUTH Provider '.str_replace('OAUTH_', '', $provider)); + $listinsetup[] = array( + $provider.'_NAME', + $provider.'_ID', + $provider.'_SECRET', + $provider.'_URLAUTHORIZE', // For custom oauth links + $provider.'_SCOPE' // For custom oauth links + ); } } @@ -178,12 +194,16 @@ foreach ($listinsetup as $key) { $i++; - print ''; // Api Name $label = $langs->trans($keyforsupportedoauth2array); + print ''; print ''; print ''; - print ''; + + if ($keyforsupportedoauth2array == 'OAUTH_OTHER_NAME') { + print ''; + print ''; + print ''; + } } else { print ''; print ''; @@ -213,14 +240,32 @@ foreach ($listinsetup as $key) { // Api Id print ''; print ''; - print ''; // Api Secret print ''; print ''; - print ''; + + // TODO Move this into token generation + if ($supported) { + if ($keyforsupportedoauth2array == 'OAUTH_OTHER_NAME') { + print ''; + print ''; + print ''; + } else { + print ''; + print ''; + print ''; + } + } } print '
'; print img_picto('', $supportedoauth2array[$keyforsupportedoauth2array]['picto'], 'class="pictofixedwidth"'); - print $label; + if ($label == $keyforsupportedoauth2array) { + print $supportedoauth2array[$keyforsupportedoauth2array]['name']; + } else { + print $label; + } if ($keyforprovider) { print ' ('.$keyforprovider.')'; } else { @@ -201,8 +221,15 @@ foreach ($listinsetup as $key) { $redirect_uri = $urlwithroot.'/core/modules/oauth/'.$supportedoauth2array[$keyforsupportedoauth2array]['callbackfile'].'_oauthcallback.php'; print '
'.$langs->trans("UseTheFollowingUrlAsRedirectURI").''; + print ''; print '
'.$langs->trans("URLOfServiceForAuthorization").''; + print '
'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'
'; + print ''; print '
'; + print ''; print '
'.$langs->trans("Scopes").''; + print ''; + print '
'.$langs->trans("Scopes").''; + //print ''; + print $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope']; + print '
'."\n"; diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php index b2830f95743..00daaf01e27 100644 --- a/htdocs/admin/oauthlogintokens.php +++ b/htdocs/admin/oauthlogintokens.php @@ -138,11 +138,17 @@ if (GETPOST('error')) { if ($mode == 'setup' && $user->admin) { print ''.$langs->trans("OAuthSetupForLogin")."

\n"; - //var_dump($list); + // Define $listinsetup foreach ($conf->global as $key => $val) { if (!empty($val) && preg_match('/^OAUTH_.*_ID$/', $key)) { $provider = preg_replace('/_ID$/', '', $key); - $listinsetup[] = array($provider.'_NAME', $provider.'_ID', $provider.'_SECRET', 'OAUTH Provider '.str_replace('OAUTH_', '', $provider)); + $listinsetup[] = array( + $provider.'_NAME', + $provider.'_ID', + $provider.'_SECRET', + $provider.'_URLAUTHORIZE', // For custom oauth links + $provider.'_SCOPE' // For custom oauth links + ); } } @@ -165,46 +171,39 @@ if ($mode == 'setup' && $user->admin) { $OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : '')); - // Define $shortscope, $urltorenew, $urltodelete, $urltocheckperms + $shortscope = $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope']; + if (getDolGlobalString($key[4])) { + $shortscope = getDolGlobalString($key[4]); + } + $state = $shortscope; // TODO USe a better state + + // Define $urltorenew, $urltodelete, $urltocheckperms // TODO Use array $supportedoauth2array if ($keyforsupportedoauth2array == 'OAUTH_GITHUB_NAME') { // List of keys that will be converted into scopes (from constants 'SCOPE_state_in_uppercase' in file of service). // We pass this param list in to 'state' because we need it before and after the redirect. - $shortscope = 'user,public_repo'; - // Note: github does not accept csrf key inside the state parameter (only know values) - $urltorenew = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?shortscope='.$shortscope.'&state='.$shortscope.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); + // Note: github does not accept csrf key inside the state parameter (only known values) + $urltorenew = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.$shortscope.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltodelete = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?action=delete&token='.newToken().'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltocheckperms = 'https://github.com/settings/applications/'; } elseif ($keyforsupportedoauth2array == 'OAUTH_GOOGLE_NAME') { // List of keys that will be converted into scopes (from constants 'SCOPE_state_in_uppercase' in file of service). // List of scopes for Google are here: https://developers.google.com/identity/protocols/oauth2/scopes // We pass this key list into the param 'state' because we need it before and after the redirect. - $shortscope = 'userinfo_email,userinfo_profile'; - $shortscope .= ',openid,email,profile'; // For openid connect - if (!empty($conf->printing->enabled)) { - $shortscope .= ',cloud_print'; - } - if (!empty($conf->global->OAUTH_GOOGLE_GSUITE)) { - $shortscope .= ',admin_directory_user'; - } - if (!empty($conf->global->OAUTH_GOOGLE_GMAIL)) { - $shortscope.=',gmail_full'; - } - - $urltorenew = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?shortscope='.$shortscope.'&state='.$shortscope.'-'.$oauthstateanticsrf.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); + $urltorenew = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'-'.$oauthstateanticsrf.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltodelete = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?action=delete&token='.newToken().'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltocheckperms = 'https://security.google.com/settings/security/permissions'; } elseif ($keyforsupportedoauth2array == 'OAUTH_STRIPE_TEST_NAME') { - $shortscope = 'none'; - - $urltorenew = $urlwithroot.'/core/modules/oauth/stripetest_oauthcallback.php?backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); + $urltorenew = $urlwithroot.'/core/modules/oauth/stripetest_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltodelete = ''; $urltocheckperms = ''; } elseif ($keyforsupportedoauth2array == 'OAUTH_STRIPE_LIVE_NAME') { - $shortscope = 'none'; - - $urltorenew = $urlwithroot.'/core/modules/oauth/stripelive_oauthcallback.php?backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); + $urltorenew = $urlwithroot.'/core/modules/oauth/stripelive_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); + $urltodelete = ''; + $urltocheckperms = ''; + } elseif ($keyforsupportedoauth2array = 'OAUTH_OTHER_NAME') { + $urltorenew = $urlwithroot.'/core/modules/oauth/generic_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltodelete = ''; $urltocheckperms = ''; } else { @@ -212,7 +211,8 @@ if ($mode == 'setup' && $user->admin) { $urltodelete = ''; $urltocheckperms = ''; } - $urltorenew .= '&keyforprovider='.$keyforprovider; + + $urltorenew .= '&keyforprovider='.urlencode($keyforprovider); // Show value of token $tokenobj = null; @@ -246,7 +246,7 @@ if ($mode == 'setup' && $user->admin) { } elseif ($endoflife == $tokenobj::EOL_UNKNOWN) { $expiredat = $langs->trans("Unknown"); } else { - $expiredat = dol_print_date($endoflife, "dayhour"); + $expiredat = dol_print_date($endoflife, "dayhour", 'tzuserrel'); } } } @@ -260,10 +260,16 @@ if ($mode == 'setup' && $user->admin) { print '
'; print ''."\n"; + // Api Name + $label = $langs->trans($keyforsupportedoauth2array); print ''; print '
'; print img_picto('', $supportedoauth2array[$keyforsupportedoauth2array]['picto'], 'class="pictofixedwidth"'); - print $langs->trans($keyforsupportedoauth2array); + if ($label == $keyforsupportedoauth2array) { + print $supportedoauth2array[$keyforsupportedoauth2array]['name']; + } else { + print $label; + } if ($keyforprovider) { print ' ('.$keyforprovider.')'; } else { @@ -292,7 +298,8 @@ if ($mode == 'setup' && $user->admin) { print ''; print ''; if (is_object($tokenobj)) { - print $langs->trans("HasAccessToken"); + // TODO Read in database to get the date of creation of token + print $form->textwithpicto(yn(1), $langs->trans("HasAccessToken").' : '); } else { print ''.$langs->trans("NoAccessToken").''; } @@ -305,7 +312,9 @@ if ($mode == 'setup' && $user->admin) { } // Request remote token if ($urltorenew) { - print ''.$langs->trans('RequestAccess').'
'; + print ''.$langs->trans('GetAccess').''; + print $form->textwithpicto('', $langs->trans('RequestAccess')); + print '
'; } // Check remote access if ($urltocheckperms) { @@ -378,8 +387,8 @@ if ($mode == 'setup' && $user->admin) { } } - print ''; + print '
'; } } diff --git a/htdocs/core/lib/oauth.lib.php b/htdocs/core/lib/oauth.lib.php index f99266db178..bacd8135739 100644 --- a/htdocs/core/lib/oauth.lib.php +++ b/htdocs/core/lib/oauth.lib.php @@ -23,16 +23,30 @@ */ +$shortscopegoogle = 'userinfo_email,userinfo_profile'; +$shortscopegoogle .= ',openid,email,profile'; // For openid connect +if (!empty($conf->printing->enabled)) { + $shortscopegoogle .= ',cloud_print'; +} +if (!empty($conf->global->OAUTH_GOOGLE_GSUITE)) { + $shortscopegoogle .= ',admin_directory_user'; +} +if (!empty($conf->global->OAUTH_GOOGLE_GMAIL)) { + $shortscopegoogle.=',gmail_full'; +} + // Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth) $supportedoauth2array = array( - 'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/'), + 'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'defaultscope'=>$shortscopegoogle), ); if (!empty($conf->stripe->enabled)) { - $supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>''); - $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>''); + $supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'defaultscope'=>'read_write'); + $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'defaultscope'=>'read_write'); +} +$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'defaultscope'=>'user,public_repo'); +if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) { + $supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'defaultscope'=>'ToComplete'); } -$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers'); - // API access parameters OAUTH @@ -259,6 +273,11 @@ $list = array( 'OAUTH_YAMMER_ID', 'OAUTH_YAMMER_SECRET', ), + array( + 'OAUTH_OTHER_NAME', + 'OAUTH_OTHER_ID', + 'OAUTH_OTHER_SECRET', + ), ); diff --git a/htdocs/core/modules/oauth/generic_oauthcallback.php b/htdocs/core/modules/oauth/generic_oauthcallback.php new file mode 100644 index 00000000000..9d66bb07302 --- /dev/null +++ b/htdocs/core/modules/oauth/generic_oauthcallback.php @@ -0,0 +1,193 @@ + + * Copyright (C) 2015 Frederic France + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/core/modules/oauth/generic_oauthcallback.php + * \ingroup oauth + * \brief Page to get oauth callback + */ + +require '../../../main.inc.php'; +require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php'; +use OAuth\Common\Storage\DoliStorage; +use OAuth\Common\Consumer\Credentials; +use OAuth\OAuth2\Service\GitHub; + +// Define $urlwithroot +$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); +$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file +//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current + + +$action = GETPOST('action', 'aZ09'); +$backtourl = GETPOST('backtourl', 'alpha'); +$keyforprovider = GETPOST('keyforprovider', 'aZ09'); +if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) { + $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"]; +} +$genericstring = 'OTHER'; + + +/** + * Create a new instance of the URI class with the current URI, stripping the query string + */ +$uriFactory = new \OAuth\Common\Http\Uri\UriFactory(); +//$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER); +//$currentUri->setQuery(''); +$currentUri = $uriFactory->createFromAbsolute($urlwithroot.'/core/modules/oauth/generic_oauthcallback.php'); + + +/** + * Load the credential for the service + */ + +/** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */ +$serviceFactory = new \OAuth\ServiceFactory(); +$httpClient = new \OAuth\Common\Http\Client\CurlClient(); +// TODO Set options for proxy and timeout +// $params=array('CURLXXX'=>value, ...) +//$httpClient->setCurlParameters($params); +$serviceFactory->setHttpClient($httpClient); + +// Dolibarr storage +$storage = new DoliStorage($db, $conf); + +// Setup the credentials for the requests +$keyforparamid = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; +$keyforparamsecret = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET'; +$credentials = new Credentials( + getDolGlobalString($keyforparamid), + getDolGlobalString($keyforparamsecret), + $currentUri->getAbsoluteUri() +); + +$requestedpermissionsarray = array(); +if (GETPOST('state')) { + $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back +} +if ($action != 'delete' && empty($requestedpermissionsarray)) { + print 'Error, parameter state is not defined'; + exit; +} +//var_dump($requestedpermissionsarray);exit; + +// Instantiate the Api service using the credentials, http client and storage mechanism for the token +$apiService = $serviceFactory->createService($genericstring, $credentials, $storage, $requestedpermissionsarray); + +/* +var_dump($genericstring.($keyforprovider ? '-'.$keyforprovider : '')); +var_dump($credentials); +var_dump($storage); +var_dump($requestedpermissionsarray); +*/ + +if (empty($apiService)) { + print 'Error, failed to create serviceFactory'; + exit; +} + +// access type needed to have oauth provider refreshing token +//$apiService->setAccessType('offline'); + +$langs->load("oauth"); + +if (!getDolGlobalString($keyforparamid)) { + accessforbidden('Setup of service is not complete. Customer ID is missing'); +} +if (!getDolGlobalString($keyforparamsecret)) { + accessforbidden('Setup of service is not complete. Secret key is missing'); +} + + +/* + * Actions + */ + +if ($action == 'delete') { + $storage->clearToken($genericstring); + + setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); + + header('Location: '.$backtourl); + exit(); +} + +if (GETPOST('code')) { // We are coming from oauth provider page + // We should have + //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16)) + + dol_syslog("We are coming from the oauth provider page"); + //llxHeader('',$langs->trans("OAuthSetup")); + + //$linkback=''.$langs->trans("BackToModuleList").''; + //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup'); + + //print dol_get_fiche_head(); + // retrieve the CSRF state parameter + $state = GETPOSTISSET('state') ? GETPOST('state') : null; + //print ''; + + // This was a callback request from service, get the token + try { + //var_dump($_GET['code']); + //var_dump($state); + //var_dump($apiService); // OAuth\OAuth2\Service\GitHub + + //$token = $apiService->requestAccessToken(GETPOST('code'), $state); + $token = $apiService->requestAccessToken(GETPOST('code')); + // Github is a service that does not need state to be stored. + // Into constructor of GitHub, the call + // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri) + // has not the ending parameter to true like the Google class constructor. + + setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token + + $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; + unset($_SESSION["backtourlsavedbeforeoauthjump"]); + + header('Location: '.$backtourl); + exit(); + } catch (Exception $e) { + print $e->getMessage(); + } +} else { // If entry on page with no parameter, we arrive here + $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; + $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider; + $_SESSION['oauthstateanticsrf'] = $state; + + // This may create record into oauth_state before the header redirect. + // Creation of record with state in this tables depend on the Provider used (see its constructor). + if (GETPOST('state')) { + $url = $apiService->getAuthorizationUri(array('state' => GETPOST('state'))); + } else { + $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated + } + + // we go on oauth provider authorization page + header('Location: '.$url); + exit(); +} + + +/* + * View + */ + +// No view at all, just actions + +$db->close(); diff --git a/htdocs/core/modules/oauth/github_oauthcallback.php b/htdocs/core/modules/oauth/github_oauthcallback.php index 5c24e23aafa..f496c42d0ac 100644 --- a/htdocs/core/modules/oauth/github_oauthcallback.php +++ b/htdocs/core/modules/oauth/github_oauthcallback.php @@ -1,5 +1,5 @@ * Copyright (C) 2015 Frederic France * * This program is free software; you can redistribute it and/or modify @@ -86,7 +86,7 @@ if ($action != 'delete' && empty($requestedpermissionsarray)) { //var_dump($requestedpermissionsarray);exit; // Instantiate the Api service using the credentials, http client and storage mechanism for the token -$apiService = $serviceFactory->createService('GitHub'.($keyforprovider ? '-'.$keyforprovider : ''), $credentials, $storage, $requestedpermissionsarray); +$apiService = $serviceFactory->createService('GitHub', $credentials, $storage, $requestedpermissionsarray); // access type needed to have oauth provider refreshing token //$apiService->setAccessType('offline'); diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php index 2812c4f7163..9208a6110a9 100644 --- a/htdocs/core/modules/oauth/google_oauthcallback.php +++ b/htdocs/core/modules/oauth/google_oauthcallback.php @@ -1,5 +1,5 @@ * Copyright (C) 2015 Frederic France * * This program is free software; you can redistribute it and/or modify diff --git a/htdocs/core/modules/oauth/stripelive_oauthcallback.php b/htdocs/core/modules/oauth/stripelive_oauthcallback.php index bf9656df783..f24921faf83 100644 --- a/htdocs/core/modules/oauth/stripelive_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripelive_oauthcallback.php @@ -1,5 +1,5 @@ * Copyright (C) 2019 Thibault FOUCART * * This program is free software; you can redistribute it and/or modify diff --git a/htdocs/core/modules/oauth/stripetest_oauthcallback.php b/htdocs/core/modules/oauth/stripetest_oauthcallback.php index 64d55fba760..b41b579857e 100644 --- a/htdocs/core/modules/oauth/stripetest_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripetest_oauthcallback.php @@ -1,5 +1,5 @@ * Copyright (C) 2015 Frederic France * * This program is free software; you can redistribute it and/or modify diff --git a/htdocs/langs/en_US/oauth.lang b/htdocs/langs/en_US/oauth.lang index 08f7956f455..b7f7c0c2c1a 100644 --- a/htdocs/langs/en_US/oauth.lang +++ b/htdocs/langs/en_US/oauth.lang @@ -9,8 +9,9 @@ HasAccessToken=A token was generated and saved into local database NewTokenStored=Token received and saved ToCheckDeleteTokenOnProvider=Click here to check/delete authorization saved by %s OAuth provider TokenDeleted=Token deleted +GetAccess=Click here to get a token RequestAccess=Click here to request/renew access and receive a new token -DeleteAccess=Click here to delete token +DeleteAccess=Click here to delete the token UseTheFollowingUrlAsRedirectURI=Use the following URL as the Redirect URI when creating your credentials with your OAuth provider: ListOfSupportedOauthProviders=Add your OAuth2 token providers. Then, go on your OAuth provider admin page to create/get an OAuth ID and Secret and save them here. Once done, switch on the other tab to generate your token. OAuthSetupForLogin=Page to manage (generate/delete) OAuth tokens @@ -33,4 +34,6 @@ OAUTH_STRIPE_LIVE_NAME=OAuth Stripe Live OAUTH_ID=OAuth ID OAUTH_SECRET=OAuth secret OAuthProviderAdded=OAuth provider added -AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists \ No newline at end of file +AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists +URLOfServiceForAuthorization=URL provided by OAuth service for authentication +Scopes=Scopes \ No newline at end of file