Move state into llx_oauth_token
This commit is contained in:
Laurent Destailleur
parent
17a833befc
commit
4c13b08258
@ -280,7 +280,7 @@ if ($mode == 'setup' && $user->admin) {
|
||||
print "</tr>\n";
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print '<td'.($key['required'] ? ' class="required"' : '').'>';
|
||||
print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
|
||||
//var_dump($key);
|
||||
print $langs->trans("OAuthIDSecret").'</td>';
|
||||
print '<td>';
|
||||
@ -291,14 +291,13 @@ if ($mode == 'setup' && $user->admin) {
|
||||
print '</tr>'."\n";
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print '<td'.($key['required'] ? ' class="required"' : '').'>';
|
||||
print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
|
||||
//var_dump($key);
|
||||
print $langs->trans("IsTokenGenerated");
|
||||
print '</td>';
|
||||
print '<td>';
|
||||
if (is_object($tokenobj)) {
|
||||
// TODO Read in database to get the date of creation of token
|
||||
print $form->textwithpicto(yn(1), $langs->trans("HasAccessToken").' : ');
|
||||
print $form->textwithpicto(yn(1), $langs->trans("HasAccessToken").' : '.dol_print_date($storage->date_modification, 'dayhour').' state='.dol_escape_htmltag($storage->state));
|
||||
} else {
|
||||
print '<span class="opacitymedium">'.$langs->trans("NoAccessToken").'</span>';
|
||||
}
|
||||
@ -323,7 +322,7 @@ if ($mode == 'setup' && $user->admin) {
|
||||
print '</tr>';
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print '<td'.($key['required'] ? ' class="required"' : '').'>';
|
||||
print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
|
||||
//var_dump($key);
|
||||
print $langs->trans("Token").'</td>';
|
||||
print '<td colspan="2">';
|
||||
@ -331,7 +330,7 @@ if ($mode == 'setup' && $user->admin) {
|
||||
if (is_object($tokenobj)) {
|
||||
//var_dump($tokenobj);
|
||||
$tokentoshow = $tokenobj->getAccessToken();
|
||||
print '<span class="" title="'.dol_escape_htmltag($tokentoshow).'">'.showValueWithClipboardCPButton($tokentoshow, 1, dol_trunc($tokentoshow, 32)).'<br>';
|
||||
print '<span class="" title="'.dol_escape_htmltag($tokentoshow).'">'.showValueWithClipboardCPButton($tokentoshow, 1, dol_trunc($tokentoshow, 32)).'</span><br>';
|
||||
//print 'Refresh: '.$tokenobj->getRefreshToken().'<br>';
|
||||
//print 'EndOfLife: '.$tokenobj->getEndOfLife().'<br>';
|
||||
//var_dump($tokenobj->getExtraParams());
|
||||
@ -356,7 +355,7 @@ if ($mode == 'setup' && $user->admin) {
|
||||
|
||||
// Token expired
|
||||
print '<tr class="oddeven">';
|
||||
print '<td'.($key['required'] ? ' class="required"' : '').'>';
|
||||
print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
|
||||
//var_dump($key);
|
||||
print $langs->trans("TOKEN_EXPIRED");
|
||||
print '</td>';
|
||||
@ -367,7 +366,7 @@ if ($mode == 'setup' && $user->admin) {
|
||||
|
||||
// Token expired at
|
||||
print '<tr class="oddeven">';
|
||||
print '<td'.($key['required'] ? ' class="required"' : '').'>';
|
||||
print '<td'.(empty($key['required']) ? '' : ' class="required"').'>';
|
||||
//var_dump($key);
|
||||
print $langs->trans("TOKEN_EXPIRE_AT");
|
||||
print '</td>';
|
||||
|
||||
@ -55,9 +55,13 @@ class DoliStorage implements TokenStorageInterface
|
||||
|
||||
private $conf;
|
||||
private $key;
|
||||
private $stateKey;
|
||||
//private $stateKey;
|
||||
private $keyforprovider;
|
||||
|
||||
public $state;
|
||||
public $date_creation;
|
||||
public $date_modification;
|
||||
|
||||
|
||||
/**
|
||||
* @param DoliDB $db Database handler
|
||||
@ -122,8 +126,10 @@ class DoliStorage implements TokenStorageInterface
|
||||
$resql = $this->db->query($sql);
|
||||
} else {
|
||||
// save
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, token, entity)";
|
||||
$sql.= " VALUES ('".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."', '".$this->db->escape($serializedToken)."', ".((int) $conf->entity).")";
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, token, entity, datec)";
|
||||
$sql .= " VALUES ('".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."', '".$this->db->escape($serializedToken)."', ".((int) $conf->entity).", ";
|
||||
$sql .= " '".$this->db->idate(dol_now())."'";
|
||||
$sql .= ")";
|
||||
$resql = $this->db->query($sql);
|
||||
}
|
||||
//print $sql;
|
||||
@ -140,7 +146,7 @@ class DoliStorage implements TokenStorageInterface
|
||||
// get from db
|
||||
dol_syslog("hasAccessToken service=".$service);
|
||||
|
||||
$sql = "SELECT token FROM ".MAIN_DB_PREFIX."oauth_token";
|
||||
$sql = "SELECT token, datec, tms, state FROM ".MAIN_DB_PREFIX."oauth_token";
|
||||
$sql .= " WHERE service = '".$this->db->escape($service.(empty($this->keyforprovider) ? '' : '-'.$this->keyforprovider))."'";
|
||||
$sql .= " AND entity IN (".getEntity('oauth_token').")";
|
||||
$resql = $this->db->query($sql);
|
||||
@ -150,8 +156,14 @@ class DoliStorage implements TokenStorageInterface
|
||||
$result = $this->db->fetch_array($resql);
|
||||
if ($result) {
|
||||
$token = unserialize($result['token']);
|
||||
$this->date_creation = $this->db->jdate($result['datec']);
|
||||
$this->date_modification = $this->db->jdate($result['tms']);
|
||||
$this->state = $result['state'];
|
||||
} else {
|
||||
$token = '';
|
||||
$this->date_creation = null;
|
||||
$this->date_modification = null;
|
||||
$this->state = '';
|
||||
}
|
||||
|
||||
$this->tokens[$service] = $token;
|
||||
@ -217,9 +229,7 @@ class DoliStorage implements TokenStorageInterface
|
||||
{
|
||||
global $conf;
|
||||
|
||||
// TODO save or update
|
||||
|
||||
dol_syslog("storeAuthorizationState service=".$service);
|
||||
dol_syslog("storeAuthorizationState service=".$service." state=".$state);
|
||||
|
||||
if (!isset($this->states) || !is_array($this->states)) {
|
||||
$this->states = array();
|
||||
@ -228,7 +238,10 @@ class DoliStorage implements TokenStorageInterface
|
||||
//$states[$service] = $state;
|
||||
$this->states[$service] = $state;
|
||||
|
||||
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."oauth_state";
|
||||
//$newstate = preg_replace('/\-.*$/', '', $state);
|
||||
$newstate = $state;
|
||||
|
||||
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."oauth_token";
|
||||
$sql .= " WHERE service = '".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."'";
|
||||
$sql .= " AND entity IN (".getEntity('oauth_token').")";
|
||||
$resql = $this->db->query($sql);
|
||||
@ -238,14 +251,14 @@ class DoliStorage implements TokenStorageInterface
|
||||
$obj = $this->db->fetch_array($resql);
|
||||
if ($obj) {
|
||||
// update
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."oauth_state";
|
||||
$sql.= " SET state = '".$this->db->escape($state)."'";
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."oauth_token";
|
||||
$sql.= " SET state = '".$this->db->escape($newstate)."'";
|
||||
$sql.= " WHERE rowid = ".((int) $obj['rowid']);
|
||||
$resql = $this->db->query($sql);
|
||||
} else {
|
||||
// save
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_state (service, state, entity)";
|
||||
$sql.= " VALUES ('".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."', '".$this->db->escape($state)."', ".((int) $conf->entity).")";
|
||||
// insert (should not happen)
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, state, entity)";
|
||||
$sql.= " VALUES ('".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."', '".$this->db->escape($newstate)."', ".((int) $conf->entity).")";
|
||||
$resql = $this->db->query($sql);
|
||||
}
|
||||
|
||||
@ -261,7 +274,7 @@ class DoliStorage implements TokenStorageInterface
|
||||
// get state from db
|
||||
dol_syslog("hasAuthorizationState service=".$service);
|
||||
|
||||
$sql = "SELECT state FROM ".MAIN_DB_PREFIX."oauth_state";
|
||||
$sql = "SELECT state FROM ".MAIN_DB_PREFIX."oauth_token";
|
||||
$sql .= " WHERE service = '".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."'";
|
||||
$sql .= " AND entity IN (".getEntity('oauth_token').")";
|
||||
|
||||
|
||||
@ -55,6 +55,8 @@ ALTER TABLE llx_user DROP COLUMN idpers3;
|
||||
|
||||
-- v17
|
||||
|
||||
ALTER TABLE llx_oauth_token ADD COLUMN state text after tokenstring;
|
||||
|
||||
ALTER TABLE llx_adherent ADD COLUMN default_lang VARCHAR(6) DEFAULT NULL AFTER datefin;
|
||||
|
||||
ALTER TABLE llx_adherent_type ADD COLUMN caneditamount integer DEFAULT 0 AFTER amount;
|
||||
|
||||
@ -20,6 +20,7 @@ CREATE TABLE llx_oauth_token (
|
||||
service varchar(36), -- What king of key or token: 'Google', 'Stripe', 'auth-public-key', ...
|
||||
token text, -- token in serialize format, of an object StdOAuth2Token of library phpoauth2. Deprecated, use tokenstring instead.
|
||||
tokenstring text, -- token in json or text format. Value depends on 'service'. For example for an OAUTH service: '{"access_token": "sk_test_cccc", "refresh_token": "rt_aaa", "token_type": "bearer", ..., "scope": "read_write"}
|
||||
state text, -- the state (list of permission) the token was obtained for
|
||||
fk_soc integer, -- Id of thirdparty in llx_societe
|
||||
fk_user integer, -- Id of user in llx_user
|
||||
fk_adherent integer, -- Id of member in llx_adherent
|
||||
|
||||
Loading…
Reference in New Issue
Block a user