From 79f401f5fb68ff05598f01c5e9efddf34a0c6c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20Fali=C3=A8re?= Date: Mon, 30 Jan 2023 11:50:23 +0100 Subject: [PATCH 01/42] Get data back when error on command create --- htdocs/commande/card.php | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 586cf98d606..776b07e0a93 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -13,8 +13,9 @@ * Copyright (C) 2014 Ferran Marcet * Copyright (C) 2015 Jean-François Ferry * Copyright (C) 2018-2021 Frédéric France - * Copyright (C) 2022 Gauthier VERDOL - * + * Copyright (C) 2022 Gauthier VERDOL + * Copyright (C) 2023 Benjamin Falière + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -1730,32 +1731,32 @@ if ($action == 'create' && $usercancreate) { // Delivery delay print ''.$langs->trans('AvailabilityPeriod').''; print img_picto('', 'clock', 'class="pictofixedwidth"'); - $form->selectAvailabilityDelay($availability_id, 'availability_id', '', 1, 'maxwidth200 widthcentpercentminusx'); + $form->selectAvailabilityDelay((GETPOST('availability_id')?GETPOST('availability_id'):$availability_id), 'availability_id', '', 1, 'maxwidth200 widthcentpercentminusx'); print ''; // Terms of payment print ''.$langs->trans('PaymentConditionsShort').''; print img_picto('', 'payment', 'class="pictofixedwidth"'); - $form->select_conditions_paiements($cond_reglement_id, 'cond_reglement_id', 1, 1, 0, 'maxwidth200 widthcentpercentminusx', $deposit_percent); + $form->select_conditions_paiements((GETPOST('cond_reglement_id')?GETPOST('cond_reglement_id'):$cond_reglement_id), 'cond_reglement_id', 1, 1, 0, 'maxwidth200 widthcentpercentminusx', $deposit_percent); print ''; // Payment mode print ''.$langs->trans('PaymentMode').''; print img_picto('', 'bank', 'class="pictofixedwidth"'); - $form->select_types_paiements($mode_reglement_id, 'mode_reglement_id', 'CRDT', 0, 1, 0, 0, 1, 'maxwidth200 widthcentpercentminusx'); + $form->select_types_paiements((GETPOST('mode_reglement_id')?GETPOST('mode_reglement_id'):$mode_reglement_id), 'mode_reglement_id', 'CRDT', 0, 1, 0, 0, 1, 'maxwidth200 widthcentpercentminusx'); print ''; // Bank Account if (!empty($conf->global->BANK_ASK_PAYMENT_BANK_DURING_ORDER) && !empty($conf->banque->enabled)) { print ''.$langs->trans('BankAccount').''; - print img_picto('', 'bank_account', 'class="pictofixedwidth"').$form->select_comptes($fk_account, 'fk_account', 0, '', 1, '', 0, 'maxwidth200 widthcentpercentminusx', 1); + print img_picto('', 'bank_account', 'class="pictofixedwidth"').$form->select_comptes((GETPOST('fk_account')?GETPOST('fk_account'):$fk_account), 'fk_account', 0, '', 1, '', 0, 'maxwidth200 widthcentpercentminusx', 1); print ''; } // Shipping Method if (isModEnabled('expedition')) { print ''.$langs->trans('SendingMethod').''; - print img_picto('', 'object_dolly', 'class="pictofixedwidth"').$form->selectShippingMethod($shipping_method_id, 'shipping_method_id', '', 1, '', 0, 'maxwidth200 widthcentpercentminusx'); + print img_picto('', 'object_dolly', 'class="pictofixedwidth"').$form->selectShippingMethod((GETPOST('shipping_method_id')?GETPOST('shipping_method_id'):$shipping_method_id), 'shipping_method_id', '', 1, '', 0, 'maxwidth200 widthcentpercentminusx'); print ''; } @@ -1764,14 +1765,14 @@ if ($action == 'create' && $usercancreate) { require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; $formproduct = new FormProduct($db); print ''.$langs->trans('Warehouse').''; - print img_picto('', 'stock', 'class="pictofixedwidth"').$formproduct->selectWarehouses($warehouse_id, 'warehouse_id', '', 1, 0, 0, '', 0, 0, array(), 'maxwidth500 widthcentpercentminusxx'); + print img_picto('', 'stock', 'class="pictofixedwidth"').$formproduct->selectWarehouses((GETPOST('warehouse_id')?GETPOST('warehouse_id'):$warehouse_id), 'warehouse_id', '', 1, 0, 0, '', 0, 0, array(), 'maxwidth500 widthcentpercentminusxx'); print ''; } // Source / Channel - What trigger creation print ''.$langs->trans('Channel').''; print img_picto('', 'question', 'class="pictofixedwidth"'); - $form->selectInputReason($demand_reason_id, 'demand_reason_id', '', 1, 'maxwidth200 widthcentpercentminusx'); + $form->selectInputReason((GETPOST('demand_reason_id')?GETPOST('demand_reason_id'):$demand_reason_id), 'demand_reason_id', '', 1, 'maxwidth200 widthcentpercentminusx'); print ''; // TODO How record was recorded OrderMode (llx_c_input_method) @@ -1781,7 +1782,7 @@ if ($action == 'create' && $usercancreate) { $langs->load("projects"); print ''; print ''.$langs->trans("Project").''; - print img_picto('', 'project', 'class="pictofixedwidth"').$formproject->select_projects(($soc->id > 0 ? $soc->id : -1), $projectid, 'projectid', 0, 0, 1, 0, 0, 0, 0, '', 1, 0, 'maxwidth500 widthcentpercentminusxx'); + print img_picto('', 'project', 'class="pictofixedwidth"').$formproject->select_projects(($soc->id > 0 ? $soc->id : -1), (GETPOST('projectid')?GETPOST('projectid'):$projectid), 'projectid', 0, 0, 1, 0, 0, 0, 0, '', 1, 0, 'maxwidth500 widthcentpercentminusxx'); print ' id).'">'; print ''; print ''; @@ -1840,7 +1841,7 @@ if ($action == 'create' && $usercancreate) { print ''; print ''.$form->editfieldkey("Currency", 'multicurrency_code', '', $object, 0).''; print ''; - print img_picto('', 'currency', 'class="pictofixedwidth"').$form->selectMultiCurrency($currency_code, 'multicurrency_code', 0, '', false, 'maxwidth200 widthcentpercentminusx'); + print img_picto('', 'currency', 'class="pictofixedwidth"').$form->selectMultiCurrency((GETPOST('multicurrency_code')?GETPOST('multicurrency_code'):$currency_code), 'multicurrency_code', 0, '', false, 'maxwidth200 widthcentpercentminusx'); print ''; } From f2c877f66af1433a003934c9c8958a867ba2e6bf Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Mon, 30 Jan 2023 11:06:30 +0000 Subject: [PATCH 02/42] Fixing style errors. --- htdocs/commande/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 776b07e0a93..4b0fb283e17 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -15,7 +15,7 @@ * Copyright (C) 2018-2021 Frédéric France * Copyright (C) 2022 Gauthier VERDOL * Copyright (C) 2023 Benjamin Falière - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or From e7c6eac984eeb56167b72c0b78a8313e57cc5cf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20Fali=C3=A8re?= Date: Mon, 30 Jan 2023 14:05:17 +0100 Subject: [PATCH 03/42] Replaced GETPOST with GETPOSTISSET --- htdocs/commande/card.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 4b0fb283e17..d746c93a315 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1731,32 +1731,32 @@ if ($action == 'create' && $usercancreate) { // Delivery delay print ''.$langs->trans('AvailabilityPeriod').''; print img_picto('', 'clock', 'class="pictofixedwidth"'); - $form->selectAvailabilityDelay((GETPOST('availability_id')?GETPOST('availability_id'):$availability_id), 'availability_id', '', 1, 'maxwidth200 widthcentpercentminusx'); + $form->selectAvailabilityDelay((GETPOSTISSET('availability_id')?GETPOST('availability_id'):$availability_id), 'availability_id', '', 1, 'maxwidth200 widthcentpercentminusx'); print ''; // Terms of payment print ''.$langs->trans('PaymentConditionsShort').''; print img_picto('', 'payment', 'class="pictofixedwidth"'); - $form->select_conditions_paiements((GETPOST('cond_reglement_id')?GETPOST('cond_reglement_id'):$cond_reglement_id), 'cond_reglement_id', 1, 1, 0, 'maxwidth200 widthcentpercentminusx', $deposit_percent); + $form->select_conditions_paiements((GETPOSTISSET('cond_reglement_id')?GETPOST('cond_reglement_id'):$cond_reglement_id), 'cond_reglement_id', 1, 1, 0, 'maxwidth200 widthcentpercentminusx', $deposit_percent); print ''; // Payment mode print ''.$langs->trans('PaymentMode').''; print img_picto('', 'bank', 'class="pictofixedwidth"'); - $form->select_types_paiements((GETPOST('mode_reglement_id')?GETPOST('mode_reglement_id'):$mode_reglement_id), 'mode_reglement_id', 'CRDT', 0, 1, 0, 0, 1, 'maxwidth200 widthcentpercentminusx'); + $form->select_types_paiements((GETPOSTISSET('mode_reglement_id')?GETPOST('mode_reglement_id'):$mode_reglement_id), 'mode_reglement_id', 'CRDT', 0, 1, 0, 0, 1, 'maxwidth200 widthcentpercentminusx'); print ''; // Bank Account if (!empty($conf->global->BANK_ASK_PAYMENT_BANK_DURING_ORDER) && !empty($conf->banque->enabled)) { print ''.$langs->trans('BankAccount').''; - print img_picto('', 'bank_account', 'class="pictofixedwidth"').$form->select_comptes((GETPOST('fk_account')?GETPOST('fk_account'):$fk_account), 'fk_account', 0, '', 1, '', 0, 'maxwidth200 widthcentpercentminusx', 1); + print img_picto('', 'bank_account', 'class="pictofixedwidth"').$form->select_comptes((GETPOSTISSET('fk_account')?GETPOST('fk_account'):$fk_account), 'fk_account', 0, '', 1, '', 0, 'maxwidth200 widthcentpercentminusx', 1); print ''; } // Shipping Method if (isModEnabled('expedition')) { print ''.$langs->trans('SendingMethod').''; - print img_picto('', 'object_dolly', 'class="pictofixedwidth"').$form->selectShippingMethod((GETPOST('shipping_method_id')?GETPOST('shipping_method_id'):$shipping_method_id), 'shipping_method_id', '', 1, '', 0, 'maxwidth200 widthcentpercentminusx'); + print img_picto('', 'object_dolly', 'class="pictofixedwidth"').$form->selectShippingMethod((GETPOST('shipping_method_id')?GETPOSTISSET('shipping_method_id'):$shipping_method_id), 'shipping_method_id', '', 1, '', 0, 'maxwidth200 widthcentpercentminusx'); print ''; } @@ -1765,14 +1765,14 @@ if ($action == 'create' && $usercancreate) { require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; $formproduct = new FormProduct($db); print ''.$langs->trans('Warehouse').''; - print img_picto('', 'stock', 'class="pictofixedwidth"').$formproduct->selectWarehouses((GETPOST('warehouse_id')?GETPOST('warehouse_id'):$warehouse_id), 'warehouse_id', '', 1, 0, 0, '', 0, 0, array(), 'maxwidth500 widthcentpercentminusxx'); + print img_picto('', 'stock', 'class="pictofixedwidth"').$formproduct->selectWarehouses((GETPOSTISSET('warehouse_id')?GETPOST('warehouse_id'):$warehouse_id), 'warehouse_id', '', 1, 0, 0, '', 0, 0, array(), 'maxwidth500 widthcentpercentminusxx'); print ''; } // Source / Channel - What trigger creation print ''.$langs->trans('Channel').''; print img_picto('', 'question', 'class="pictofixedwidth"'); - $form->selectInputReason((GETPOST('demand_reason_id')?GETPOST('demand_reason_id'):$demand_reason_id), 'demand_reason_id', '', 1, 'maxwidth200 widthcentpercentminusx'); + $form->selectInputReason((GETPOSTISSET('demand_reason_id')?GETPOST('demand_reason_id'):$demand_reason_id), 'demand_reason_id', '', 1, 'maxwidth200 widthcentpercentminusx'); print ''; // TODO How record was recorded OrderMode (llx_c_input_method) @@ -1782,7 +1782,7 @@ if ($action == 'create' && $usercancreate) { $langs->load("projects"); print ''; print ''.$langs->trans("Project").''; - print img_picto('', 'project', 'class="pictofixedwidth"').$formproject->select_projects(($soc->id > 0 ? $soc->id : -1), (GETPOST('projectid')?GETPOST('projectid'):$projectid), 'projectid', 0, 0, 1, 0, 0, 0, 0, '', 1, 0, 'maxwidth500 widthcentpercentminusxx'); + print img_picto('', 'project', 'class="pictofixedwidth"').$formproject->select_projects(($soc->id > 0 ? $soc->id : -1), (GETPOSTISSET('projectid')?GETPOST('projectid'):$projectid), 'projectid', 0, 0, 1, 0, 0, 0, 0, '', 1, 0, 'maxwidth500 widthcentpercentminusxx'); print ' id).'">'; print ''; print ''; @@ -1841,7 +1841,7 @@ if ($action == 'create' && $usercancreate) { print ''; print ''.$form->editfieldkey("Currency", 'multicurrency_code', '', $object, 0).''; print ''; - print img_picto('', 'currency', 'class="pictofixedwidth"').$form->selectMultiCurrency((GETPOST('multicurrency_code')?GETPOST('multicurrency_code'):$currency_code), 'multicurrency_code', 0, '', false, 'maxwidth200 widthcentpercentminusx'); + print img_picto('', 'currency', 'class="pictofixedwidth"').$form->selectMultiCurrency((GETPOSTISSET('multicurrency_code')?GETPOST('multicurrency_code'):$currency_code), 'multicurrency_code', 0, '', false, 'maxwidth200 widthcentpercentminusx'); print ''; } From 9f85e4a60f93dfe1609c89a192d0243a62d3b395 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20Fali=C3=A8re?= Date: Mon, 30 Jan 2023 14:21:10 +0100 Subject: [PATCH 04/42] Fixed another little error --- htdocs/commande/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index d746c93a315..6e4c5f45420 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1756,7 +1756,7 @@ if ($action == 'create' && $usercancreate) { // Shipping Method if (isModEnabled('expedition')) { print ''.$langs->trans('SendingMethod').''; - print img_picto('', 'object_dolly', 'class="pictofixedwidth"').$form->selectShippingMethod((GETPOST('shipping_method_id')?GETPOSTISSET('shipping_method_id'):$shipping_method_id), 'shipping_method_id', '', 1, '', 0, 'maxwidth200 widthcentpercentminusx'); + print img_picto('', 'object_dolly', 'class="pictofixedwidth"').$form->selectShippingMethod((GETPOSTISSET('shipping_method_id')?GETPOST('shipping_method_id'):$shipping_method_id), 'shipping_method_id', '', 1, '', 0, 'maxwidth200 widthcentpercentminusx'); print ''; } From afa1fd3e8ae61d3adae9d2e373a8aad477218c42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9lina=20JOUM?= Date: Wed, 1 Feb 2023 16:51:13 +0100 Subject: [PATCH 05/42] Get data back on product update --- htdocs/product/card.php | 71 ++++++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 33 deletions(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 351245794c3..90c48e44140 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -1660,15 +1660,15 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; // Ref - print ''; + print ''; // Label - print ''; + print ''; // Status To sell print ''; if (!empty($object->status_batch) || !empty($conf->use_javascript_ajax)) { $langs->load("admin"); @@ -1815,7 +1815,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Default warehouse print ''; /* @@ -1854,7 +1854,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (empty($conf->global->PRODUCT_DISABLE_NATURE)) { // Nature print ''; } } @@ -1862,7 +1862,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (!$object->isService() && !empty($conf->bom->enabled)) { print ''; } @@ -1870,40 +1870,40 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { if (empty($conf->global->PRODUCT_DISABLE_WEIGHT)) { // Brut Weight print ''; } if (empty($conf->global->PRODUCT_DISABLE_SIZE)) { // Brut Length print ''; } if (empty($conf->global->PRODUCT_DISABLE_SURFACE)) { // Brut Surface print ''; } if (empty($conf->global->PRODUCT_DISABLE_VOLUME)) { // Brut Volume print ''; } if (!empty($conf->global->PRODUCT_ADD_NET_MEASURE)) { // Net Measure print ''; } } @@ -1917,7 +1917,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Custom code if (!$object->isService() && empty($conf->global->PRODUCT_DISABLE_CUSTOM_INFO)) { - print ''; + print ''; // Origin country print ''; print '"; } @@ -1995,76 +2000,76 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Accountancy_code_sell print ''; print ''; // Accountancy_code_sell_intra if ($mysoc->isInEEC()) { print ''; print ''; } // Accountancy_code_sell_export print ''; print ''; // Accountancy_code_buy print ''; print ''; // Accountancy_code_buy_intra if ($mysoc->isInEEC()) { print ''; print ''; } // Accountancy_code_buy_export print ''; print ''; } else { // For external software // Accountancy_code_sell print ''; - print ''; // Accountancy_code_sell_intra if ($mysoc->isInEEC()) { print ''; - print ''; } // Accountancy_code_sell_export print ''; - print ''; // Accountancy_code_buy print ''; - print ''; // Accountancy_code_buy_intra if ($mysoc->isInEEC()) { print ''; - print ''; } // Accountancy_code_buy_export print ''; - print ''; } } From eb6c25f64d67788a11d54ce0036eb8c2054cc035 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Wed, 1 Feb 2023 22:06:22 +0100 Subject: [PATCH 06/42] fix https://github.com/Dolibarr/dolibarr/issues/23753 --- .../doc/doc_generic_invoice_odt.modules.php | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php b/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php index fc73460bd1b..53f1e6f9619 100644 --- a/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php +++ b/htdocs/core/modules/facture/doc/doc_generic_invoice_odt.modules.php @@ -334,15 +334,19 @@ class doc_generic_invoice_odt extends ModelePDFFactures $object->fetchObjectLinked('', '', '', ''); //print_r($object->linkedObjects['propal']); exit; - $propal_object = $object->linkedObjects['propal'][0]; + if (isset($object->linkedObjects['propal'][0])) { + $propal_object = $object->linkedObjects['propal'][0]; + } else { + $propal_object = null; + } // Make substitution $substitutionarray = array( - '__FROM_NAME__' => $this->emetteur->name, - '__FROM_EMAIL__' => $this->emetteur->email, - '__TOTAL_TTC__' => $object->total_ttc, - '__TOTAL_HT__' => $object->total_ht, - '__TOTAL_VAT__' => $object->total_tva + '__FROM_NAME__' => $this->emetteur->name, + '__FROM_EMAIL__' => $this->emetteur->email, + '__TOTAL_TTC__' => $object->total_ttc, + '__TOTAL_HT__' => $object->total_ht, + '__TOTAL_VAT__' => $object->total_tva ); complete_substitutions_array($substitutionarray, $langs, $object); // Call the ODTSubstitution hook @@ -433,8 +437,8 @@ class doc_generic_invoice_odt extends ModelePDFFactures } else { $odfHandler->setVars($key, 'ErrorFileNotFound', true, 'UTF-8'); } - } else // Text - { + } else { + // Text $odfHandler->setVars($key, $value, true, 'UTF-8'); } } catch (OdfException $e) { From 4b61ef946a9b4370ea93ea3675d4c11a239bb343 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9lina=20JOUM?= Date: Thu, 2 Feb 2023 11:44:10 +0100 Subject: [PATCH 07/42] Fix --- htdocs/product/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 90c48e44140..2a4ad20ed04 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -1888,7 +1888,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Brut Surface print ''; } if (empty($conf->global->PRODUCT_DISABLE_VOLUME)) { From f46d9f1a153562808b6dd78470f029e26b432992 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9lina=20JOUM?= Date: Thu, 2 Feb 2023 15:54:24 +0100 Subject: [PATCH 08/42] Fix GETPOST --- htdocs/product/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 2a4ad20ed04..b9b31762037 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -1668,7 +1668,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Status To sell print ''; + print ''; } else { $tmpaction = 'view'; $parameters = array('fieldlist'=>$fieldlist, 'tabname'=>$tabname[$id]); From 5bddb31b9062dd9a649d87637e02244998924eac Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 6 Feb 2023 21:23:02 +0100 Subject: [PATCH 25/42] Fix csrf on referrer is duplicate with csrf on token. We keep token only --- htdocs/conf/conf.php.example | 2 +- htdocs/filefunc.inc.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index 1cc028ff137..5325523f8e5 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -302,7 +302,7 @@ $dolibarr_main_restrict_ip=''; // This might be required if you access Dolibarr behind a proxy that make bad URL rewriting, to avoid false alarms. // In most cases, you should always keep this to 0. // Default value: 0 -// Possible values: 0 or 1 +// Possible values: 0 or 1 (no strict CSRF test, only test on referer) or 2 (no CSRF test at all) // Examples: // $dolibarr_nocsrfcheck='0'; // diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php index 08ecd37f995..80f167057df 100644 --- a/htdocs/filefunc.inc.php +++ b/htdocs/filefunc.inc.php @@ -206,7 +206,7 @@ include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; // when we post forms (we allow GET and HEAD to accept direct link from a particular page). // Note about $_SERVER[HTTP_HOST/SERVER_NAME]: http://shiflett.org/blog/2006/mar/server-name-versus-http-host // See also CSRF protections done into main.inc.php -if (!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck)) { +if (!defined('NOCSRFCHECK') && isset($dolibarr_nocsrfcheck) && $dolibarr_nocsrfcheck == 1) { // If $dolibarr_nocsrfcheck is 0, there is a strict CSRF test with token in main if (!empty($_SERVER['REQUEST_METHOD']) && !in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) && !empty($_SERVER['HTTP_HOST'])) { $csrfattack = false; if (empty($_SERVER['HTTP_REFERER'])) { From eb5f1b6649272cdf4e8bb0cc8c12c0fca592cbf2 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 6 Feb 2023 22:26:09 +0100 Subject: [PATCH 26/42] Fix filter on supplier categories --- htdocs/compta/stats/supplier_turnover_by_thirdparty.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php index 19088a6d2fa..10cec544e19 100644 --- a/htdocs/compta/stats/supplier_turnover_by_thirdparty.php +++ b/htdocs/compta/stats/supplier_turnover_by_thirdparty.php @@ -239,9 +239,9 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= " sum(f.total_ht) as amount, sum(f.total_ttc) as amount_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f, ".MAIN_DB_PREFIX."societe as s"; if ($selected_cat === -2) { // Without any category - $sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."categorie_societe as cs ON s.rowid = cs.fk_soc"; + $sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."categorie_fournisseur as cs ON s.rowid = cs.fk_soc"; } elseif ($selected_cat) { // Into a specific category - $sql .= ", ".MAIN_DB_PREFIX."categorie as c, ".MAIN_DB_PREFIX."categorie_societe as cs"; + $sql .= ", ".MAIN_DB_PREFIX."categorie as c, ".MAIN_DB_PREFIX."categorie_fournisseur as cs"; } $sql .= " WHERE f.fk_statut in (1,2)"; $sql .= " AND f.type IN (0,2)"; @@ -266,9 +266,9 @@ if ($modecompta == 'CREANCES-DETTES') { $sql .= ", ".MAIN_DB_PREFIX."paiementfourn as p"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; if ($selected_cat === -2) { // Without any category - $sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."categorie_societe as cs ON s.rowid = cs.fk_soc"; + $sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."categorie_fournisseur as cs ON s.rowid = cs.fk_soc"; } elseif ($selected_cat) { // Into a specific category - $sql .= ", ".MAIN_DB_PREFIX."categorie as c, ".MAIN_DB_PREFIX."categorie_societe as cs"; + $sql .= ", ".MAIN_DB_PREFIX."categorie as c, ".MAIN_DB_PREFIX."categorie_fournisseur as cs"; } $sql .= " WHERE p.rowid = pf.fk_paiementfourn"; $sql .= " AND pf.fk_facturefourn = f.rowid"; From 3dc8937ad32c52de4a7c9c7b1798b9c1b2eeed58 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 7 Feb 2023 00:11:33 +0100 Subject: [PATCH 27/42] Provide an object for computed extrafields --- htdocs/core/class/commonobject.class.php | 2 ++ htdocs/core/lib/functions.lib.php | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index f91f34c0867..7baa35d0f27 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -6066,6 +6066,8 @@ abstract class CommonObject if (!empty($extrafields->attributes[$this->table_element]) && !empty($extrafields->attributes[$this->table_element]['computed'][$key])) { //var_dump($conf->disable_compute); if (empty($conf->disable_compute)) { + global $objectoffield; // We set a global variable to $objectoffield so + $objectoffield = $this; // we can use it inside computed formula $this->array_options["options_".$key] = dol_eval($extrafields->attributes[$this->table_element]['computed'][$key], 1, 0, ''); } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index f9adc7bcf40..9bff1a8e49e 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -8599,10 +8599,12 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1, $onlysimplestring = '1' // Only global variables can be changed by eval function and returned to caller global $db, $langs, $user, $conf, $website, $websitepage; global $action, $mainmenu, $leftmenu; + global $mysoc; + global $objectoffield; + + // Old variables used global $rights; global $object; - global $mysoc; - global $obj; // To get $obj used into list when dol_eval is used for computed fields and $obj is not yet $object global $soc; // For backward compatibility From bce55fc3b4252c5f012df34700c21e18c02120a3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 7 Feb 2023 01:40:20 +0100 Subject: [PATCH 28/42] Trans --- htdocs/langs/en_US/admin.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 28d2c7593fc..009dd47dbb5 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -451,7 +451,7 @@ ExtrafieldCheckBox=Checkboxes ExtrafieldCheckBoxFromList=Checkboxes from table ExtrafieldLink=Link to an object ComputedFormula=Computed field -ComputedFormulaDesc=You can enter here a formula using other properties of object or any PHP coding to get a dynamic computed value. You can use any PHP compatible formulas including the "?" condition operator, and following global object: $db, $conf, $langs, $mysoc, $user, $object.
WARNING: Only some properties of $object may be available. If you need a properties not loaded, just fetch yourself the object into your formula like in the second example.
Using a computed field means you can't enter yourself any value from interface. Also, if there is a syntax error, the formula may return nothing.

Example of formula:
$object->id < 10 ? round($object->id / 2, 2): ($object->id + 2 * $user->id) * (int) substr($mysoc->zip, 1, 2)

Example to reload object
(($reloadedobj = new Societe($db)) && ($reloadedobj->fetchNoCompute($obj->id ? $obj->id: ($obj->rowid ? $obj->rowid: $object->id)) > 0)) ? $reloadedobj->array_options['options_extrafieldkey'] * $reloadedobj->capital / 5: '-1'

Other example of formula to force load of object and its parent object:
(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: 'Parent project not found' +ComputedFormulaDesc=You can enter here a formula using other properties of object or any PHP coding to get a dynamic computed value. You can use any PHP compatible formulas including the "?" condition operator, and following global object: $db, $conf, $langs, $mysoc, $user, $objectoffield.
WARNING: If you need properties of an object not loaded, just fetch yourself the object into your formula like in the second example.
Using a computed field means you can't enter yourself any value from interface. Also, if there is a syntax error, the formula may return nothing.

Example of formula:
$objectoffield->id < 10 ? round($objectoffield->id / 2, 2): ($objectoffield->id + 2 * $user->id) * (int) substr($mysoc->zip, 1, 2)

Example to reload object
(($reloadedobj = new Societe($db)) && ($reloadedobj->fetchNoCompute($objectoffield->id) > 0 ? $reloadedobj->array_options['options_extrafieldkey'] * $reloadedobj->capital / 5: '-1')

Other example of formula to force load of object and its parent object:
(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($objectoffield->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: 'Parent project not found' Computedpersistent=Store computed field ComputedpersistentDesc=Computed extra fields will be stored in the database, however, the value will only be recalculated when the object of this field is changed. If the computed field depends on other objects or global data this value might be wrong!! ExtrafieldParamHelpPassword=Leaving this field blank means this value will be stored without encryption (field must be only hidden with star on screen).
Set 'auto' to use the default encryption rule to save password into database (then value read will be the hash only, no way to retrieve original value) From 7553a99fcb2d2469848ca1175054081a91fb1822 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 7 Feb 2023 01:43:38 +0100 Subject: [PATCH 29/42] Doc --- ChangeLog | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4da3132248c..1b877e2b4b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,15 +3,6 @@ English Dolibarr ChangeLog -------------------------------------------------------------- -***** ChangeLog for 18.0.0 compared to 17.0.0 ***** - -WARNING: - -Following changes may create regressions for some external modules, but were necessary to make Dolibarr better: -* The deprecated method escapeunderscore() of database handlers has been removed. You must use escapeforlike instead. - - - ***** ChangeLog for 17.0.0 compared to 16.0.0 ***** @@ -218,7 +209,8 @@ Following changes may create regressions for some external modules, but were nec * Tables llx_prelevement_facture and llx_prelevement_facture_demande have been renamed into llx_prelevement and llx_prelevement_demande. * Rename MAIN_LIST_ALLOW_NOTES into MAIN_LIST_HIDE_NOTES and rename MAIN_LIST_ALLOW_PRIVATE_NOTES into MAIN_LIST_HIDE_PRIVATE_NOTES * Rename the substitution for "project label" instead of "project title" in substitution variables - +* You must use "$objectoffield" to manipulate the current object inside the formulare of computed custom extrafields instead of $obj/$object. + ***** ChangeLog for 16.0.4 compared to 16.0.3 ***** From 7c4858fdc3ae5d42db94b4a63582aa788666b115 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 7 Feb 2023 11:05:09 +0100 Subject: [PATCH 30/42] Add page with help for ingoing email setup --- htdocs/admin/mails_ingoing.php | 137 +++++++++++++++++++++++++++++++++ htdocs/core/lib/admin.lib.php | 5 ++ htdocs/langs/en_US/mails.lang | 1 + 3 files changed, 143 insertions(+) create mode 100644 htdocs/admin/mails_ingoing.php diff --git a/htdocs/admin/mails_ingoing.php b/htdocs/admin/mails_ingoing.php new file mode 100644 index 00000000000..010d933821e --- /dev/null +++ b/htdocs/admin/mails_ingoing.php @@ -0,0 +1,137 @@ + + * Copyright (C) 2009-2012 Regis Houssin + * Copyright (C) 2013 Juanjo Menent + * Copyright (C) 2016 Jonathan TISSEAU + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/admin/mails_ingoing.php + * \brief Page to setup emails entry + */ + +// Load Dolibarr environment +require '../main.inc.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + +// Load translation files required by the page +$langs->loadLangs(array("companies", "products", "admin", "mails", "other", "errors")); + +$action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel', 'aZ09'); + +$trackid = GETPOST('trackid'); + +if (!$user->admin) { + accessforbidden(); +} + + +/* + * Actions + */ + +if ($action == 'update' && !$cancel) { +} + + + +/* + * View + */ + +$form = new Form($db); + +$linuxlike = 1; +if (preg_match('/^win/i', PHP_OS)) { + $linuxlike = 0; +} +if (preg_match('/^mac/i', PHP_OS)) { + $linuxlike = 0; +} + + +//$wikihelp = 'EN:Setup_EMails|FR:Paramétrage_EMails|ES:Configuración_EMails'; +$wikihelp = ''; +llxHeader('', $langs->trans("Setup"), $wikihelp); + +print load_fiche_titre($langs->trans("EMailsSetup"), '', 'title_setup'); + +$head = email_admin_prepare_head(); + +// List of sending methods +$listofmethods = array(); +$listofmethods['mail'] = 'PHP mail function'; +$listofmethods['smtps'] = 'SMTP/SMTPS socket library'; +if (version_compare(phpversion(), '7.0', '>=')) { + $listofmethods['swiftmailer'] = 'Swift Mailer socket library'; +} + +// List of oauth services +$oauthservices = array(); + +foreach ($conf->global as $key => $val) { + if (!empty($val) && preg_match('/^OAUTH_.*_ID$/', $key)) { + $key = preg_replace('/^OAUTH_/', '', $key); + $key = preg_replace('/_ID$/', '', $key); + if (preg_match('/^.*-/', $key)) { + $name = preg_replace('/^.*-/', '', $key); + } else { + $name = $langs->trans("NoName"); + } + $provider = preg_replace('/-.*$/', '', $key); + $provider = ucfirst(strtolower($provider)); + + $oauthservices[$key] = $name." (".$provider.")"; + } +} + +print dol_get_fiche_head($head, 'common_ingoing', '', -1); + +print '
'; +print ''.$langs->trans("EMailsInGoingDesc", $langs->transnoentitiesnoconv("EmailCollector"))."
\n"; +print "

\n"; + +/* +print '
'; // You can use div-table-responsive-no-min if you dont need reserved height for your table +print '
'.$langs->trans("Ref").'
'.$langs->trans("Ref").'
'.$langs->trans("Label").'
'.$langs->trans("Label").'
'.$langs->trans("Status").' ('.$langs->trans("Sell").')'; print '
'.$langs->trans("Status").' ('.$langs->trans("Buy").')'; print '
'.$langs->trans("ManageLotSerial").''; $statutarray = array('0' => $langs->trans("ProductStatusNotOnBatch"), '1' => $langs->trans("ProductStatusOnBatch"), '2' => $langs->trans("ProductStatusOnSerial")); - print $form->selectarray('status_batch', $statutarray, $object->status_batch); + print $form->selectarray('status_batch', $statutarray, (GETPOSTISSET('status_batch') ? GETPOST('status_batch') : $object->status_batch)); print '
'.$langs->trans("DefaultWarehouse").''; print img_picto($langs->trans("DefaultWarehouse"), 'stock', 'class="pictofixedwidth"'); - print $formproduct->selectWarehouses($object->fk_default_warehouse, 'fk_default_warehouse', 'warehouseopen', 1); + print $formproduct->selectWarehouses((GETPOSTISSET('fk_default_warehouse') ? GETPOST('fk_default_warehouse') : $object->fk_default_warehouse), 'fk_default_warehouse', 'warehouseopen', 1); print ' '; print '
'.$form->textwithpicto($langs->trans("NatureOfProductShort"), $langs->trans("NatureOfProductDesc")).''; - print $formproduct->selectProductNature('finished', $object->finished); + print $formproduct->selectProductNature('finished', (GETPOSTISSET('finished') ? GETPOST('finished') : $object->finished)); print '
'.$form->textwithpicto($langs->trans("DefaultBOM"), $langs->trans("DefaultBOMDesc", $langs->transnoentitiesnoconv("Finished"))).''; $bomkey = "Bom:bom/class/bom.class.php:0:t.status=1 AND t.fk_product=".((int) $object->id); - print $form->selectForForms($bomkey, 'fk_default_bom', $object->fk_default_bom, 1); + print $form->selectForForms($bomkey, 'fk_default_bom', (GETPOSTISSET('fk_default_bom') ? GETPOST('fk_default_bom') : $object->fk_default_bom), 1); print '
'.$langs->trans("Weight").''; - print ' '; - print $formproduct->selectMeasuringUnits("weight_units", "weight", $object->weight_units, 0, 2); + print ' '; + print $formproduct->selectMeasuringUnits("weight_units", "weight", (GETPOSTISSET('weight_units') ? GETPOST('weight_units') : $object->weight_units), 0, 2); print '
'.$langs->trans("Length").' x '.$langs->trans("Width").' x '.$langs->trans("Height").''; - print 'x'; - print 'x'; - print ' '; - print $formproduct->selectMeasuringUnits("size_units", "size", $object->length_units, 0, 2); + print 'x'; + print 'x'; + print ' '; + print $formproduct->selectMeasuringUnits("size_units", "size", (GETPOSTISSET('size_units') ? GETPOST('size_units') : $object->length_units), 0, 2); print '
'.$langs->trans("Surface").''; - print ' '; - print $formproduct->selectMeasuringUnits("surface_units", "surface", $object->surface_units, 0, 2); + print ' '; + print $formproduct->selectMeasuringUnits("surface_units", "surface", (GETPOSTISSET('surface_units') ? GETPOST('surface_units') : $object->volume), 0, 2); print '
'.$langs->trans("Volume").''; - print ' '; - print $formproduct->selectMeasuringUnits("volume_units", "volume", $object->volume_units, 0, 2); + print ' '; + print $formproduct->selectMeasuringUnits("volume_units", "volume", (GETPOSTISSET('volume_units') ? GETPOST('volume_units') : $volume_units), 0, 2); print '
'.$langs->trans("NetMeasure").''; - print ' '; - print $formproduct->selectMeasuringUnits("net_measure_units", "", $object->net_measure_units, 0, 0); + print ' '; + print $formproduct->selectMeasuringUnits("net_measure_units", "", (GETPOSTISSET('net_measure') ? GETPOST('net_measure') : $object->net_measure), 0, 0); print '
'.$langs->trans("CustomCode").'
'.$langs->trans("CustomCode").'
'.$langs->trans("CountryOrigin").''; @@ -1970,6 +1970,11 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $arrayselected[] = $cat->id; } } + if (GETPOSTISSET('categories', 'array')) { + foreach (GETPOST('categories', 'array') as $cat) { + $arrayselected[] = $cat; + } + } print img_picto('', 'category').$form->multiselectarray('categories', $cate_arbo, $arrayselected, '', 0, 'quatrevingtpercent widthcentpercentminusx', 0, 0); print "
'.$langs->trans("ProductAccountancySellCode").''; - print $formaccounting->select_account($object->accountancy_code_sell, 'accountancy_code_sell', 1, '', 1, 1, 'minwidth150 maxwidth300'); + print $formaccounting->select_account((GETPOSTISSET('accountancy_code_sell') ? GETPOST('accountancy_code_sell') : $object->accountancy_code_sell), 'accountancy_code_sell', 1, '', 1, 1, 'minwidth150 maxwidth300'); print '
'.$langs->trans("ProductAccountancySellIntraCode").''; - print $formaccounting->select_account($object->accountancy_code_sell_intra, 'accountancy_code_sell_intra', 1, '', 1, 1, 'minwidth150 maxwidth300'); + print $formaccounting->select_account((GETPOSTISSET('accountancy_code_sell_intra') ? GETPOST('accountancy_code_sell_intra') : $object->accountancy_code_sell_intra), 'accountancy_code_sell_intra', 1, '', 1, 1, 'minwidth150 maxwidth300'); print '
'.$langs->trans("ProductAccountancySellExportCode").''; - print $formaccounting->select_account($object->accountancy_code_sell_export, 'accountancy_code_sell_export', 1, '', 1, 1, 'minwidth150 maxwidth300'); + print $formaccounting->select_account((GETPOSTISSET('accountancy_code_sell_export') ? GETPOST('accountancy_code_sell_export') : $object->accountancy_code_sell_export), 'accountancy_code_sell_export', 1, '', 1, 1, 'minwidth150 maxwidth300'); print '
'.$langs->trans("ProductAccountancyBuyCode").''; - print $formaccounting->select_account($object->accountancy_code_buy, 'accountancy_code_buy', 1, '', 1, 1, 'minwidth150 maxwidth300'); + print $formaccounting->select_account((GETPOSTISSET('accountancy_code_buy') ? GETPOST('accountancy_code_buy') : $object->accountancy_code_buy), 'accountancy_code_buy', 1, '', 1, 1, 'minwidth150 maxwidth300'); print '
'.$langs->trans("ProductAccountancyBuyIntraCode").''; - print $formaccounting->select_account($object->accountancy_code_buy_intra, 'accountancy_code_buy_intra', 1, '', 1, 1, 'minwidth150 maxwidth300'); + print $formaccounting->select_account((GETPOSTISSET('accountancy_code_buy_intra') ? GETPOST('accountancy_code_buy_intra') : $object->accountancy_code_buy_intra), 'accountancy_code_buy_intra', 1, '', 1, 1, 'minwidth150 maxwidth300'); print '
'.$langs->trans("ProductAccountancyBuyExportCode").''; - print $formaccounting->select_account($object->accountancy_code_buy_export, 'accountancy_code_buy_export', 1, '', 1, 1, 'minwidth150 maxwidth300'); + print $formaccounting->select_account((GETPOSTISSET('accountancy_code_buy_export') ? GETPOST('accountancy_code_buy_export') : $object->accountancy_code_buy_export), 'accountancy_code_buy_export', 1, '', 1, 1, 'minwidth150 maxwidth300'); print '
'.$langs->trans("ProductAccountancySellCode").''; + print ''; print '
'.$langs->trans("ProductAccountancySellIntraCode").''; + print ''; print '
'.$langs->trans("ProductAccountancySellExportCode").''; + print ''; print '
'.$langs->trans("ProductAccountancyBuyCode").''; + print ''; print '
'.$langs->trans("ProductAccountancyBuyIntraCode").''; + print ''; print '
'.$langs->trans("ProductAccountancyBuyExportCode").''; + print ''; print '
'.$langs->trans("Surface").''; print ' '; - print $formproduct->selectMeasuringUnits("surface_units", "surface", (GETPOSTISSET('surface_units') ? GETPOST('surface_units') : $object->volume), 0, 2); + print $formproduct->selectMeasuringUnits("surface_units", "surface", (GETPOSTISSET('surface_units') ? GETPOST('surface_units') : $object->surface_units), 0, 2); print '
'.$langs->trans("Status").' ('.$langs->trans("Sell").')'; print '
'.$langs->trans("Status").' ('.$langs->trans("Buy").')'; print ' '; - print '  '; + print ' 
'; +print ''; + +print '
'; + +print '
'; // You can use div-table-responsive-no-min if you dont need reserved height for your table +print '
'.$langs->trans("Parameter").''.$langs->trans("Value").'
'; + +// SMTPS oauth service +if (in_array(getDolGlobalString('MAIN_MAIL_SENDMODE', 'mail'), array('smtps', 'swiftmailer')) && getDolGlobalString('MAIN_MAIL_SMTPS_AUTH_TYPE') === "XOAUTH2") { + $text = $oauthservices[$conf->global->MAIN_MAIL_SMTPS_OAUTH_SERVICE]; + if (empty($text)) { + $text = $langs->trans("Undefined").img_warning(); + } + print ''; +} + +print '
'.$langs->trans("MAIN_MAIL_SMTPS_OAUTH_SERVICE").''.$text.'
'; +print ''; +*/ + +print dol_get_fiche_end(); + + +// End of page +llxFooter(); +$db->close(); diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 71bcc082961..b3ee5dc259a 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -2054,6 +2054,11 @@ function email_admin_prepare_head() $head[$h][2] = 'templates'; $h++; + $head[$h][0] = DOL_URL_ROOT."/admin/mails_ingoing.php"; + $head[$h][1] = $langs->trans("InGoingEmailSetup", $langs->transnoentitiesnoconv("EMailing")); + $head[$h][2] = 'common_ingoing'; + $h++; + complete_head_from_modules($conf, $langs, null, $head, $h, 'email_admin', 'remove'); return $head; diff --git a/htdocs/langs/en_US/mails.lang b/htdocs/langs/en_US/mails.lang index f83637c9c40..a112de8ceb2 100644 --- a/htdocs/langs/en_US/mails.lang +++ b/htdocs/langs/en_US/mails.lang @@ -179,3 +179,4 @@ RecordCreatedByEmailCollector=Record created by the Email Collector %s from emai DefaultBlacklistMailingStatus=Default value for field '%s' when creating a new contact DefaultStatusEmptyMandatory=Empty but mandatory WarningLimitSendByDay=WARNING: The setup or contract of your instance limits your number of emails per day to %s. Trying to send more may result in having your instance slow down or suspended. Please contact your support if you need a higher quota. +EMailsInGoingDesc=Incoming emails are managed by the module %s. You must enable and configure it if you need to support ingoing emails. From c545b98a24deb842c72bc303d41b66a0cdfe059a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 7 Feb 2023 11:39:29 +0100 Subject: [PATCH 31/42] The Use of PHP-IMAP lib must be enabled from interface --- htdocs/admin/emailcollector_list.php | 60 +++++++++++++++++----------- htdocs/langs/en_US/admin.lang | 1 + 2 files changed, 38 insertions(+), 23 deletions(-) diff --git a/htdocs/admin/emailcollector_list.php b/htdocs/admin/emailcollector_list.php index fb09143412f..de18b57b297 100644 --- a/htdocs/admin/emailcollector_list.php +++ b/htdocs/admin/emailcollector_list.php @@ -273,25 +273,6 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $object); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; - -/* If a group by is required -$sql.= " GROUP BY "; -foreach ($object->fields as $key => $val) { - $sql .= "t.".$db->escape($key).", "; -} -// Add fields from extrafields -if (!empty($extrafields->attributes[$object->table_element]['label'])) { - foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { - $sql .= ($extrafields->attributes[$object->table_element]['type'][$key] != 'separate' ? "ef.".$key.', ' : ''); - } -} -// Add where from hooks -$parameters=array(); -$reshook = $hookmanager->executeHooks('printFieldListGroupBy', $parameters, $object); // Note that $action and $object may have been modified by hook -$sql .= $hookmanager->resPrint; -$sql = preg_replace('/,\s*$/', '', $sql); -*/ - // Count total nb of records $nbtotalofrecords = ''; if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) { @@ -333,6 +314,22 @@ if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $ llxHeader('', $title, $help_url, '', 0, 0, $morejs, $morecss, '', ''); + +$linkback = ''.$langs->trans("BackToModuleList").''; +print load_fiche_titre($title, $linkback, 'title_setup'); + + +$head = array(); +$h = 0; +$head[$h][0] = DOL_URL_ROOT."/admin/emailcollector_list.php"; +$head[$h][1] = $langs->trans("Setup"); +$head[$h][2] = 'common'; +$h++; + +print dol_get_fiche_head($head, 'common', '', -1); + + + $arrayofselected = is_array($toselect) ? $toselect : array(); $param = ''; @@ -388,11 +385,9 @@ print ''; print ''; print ''; -$linkback = ''.$langs->trans("BackToModuleList").''; - $newcardbutton = dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', 'emailcollector_card.php?action=create&backtopage='.urlencode($_SERVER['PHP_SELF']), '', $permissiontoadd); -print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'email', 0, $newcardbutton.' '.$linkback, '', $limit, 0, 0, 1); +print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'email', 0, $newcardbutton, '', $limit, 0, 0, 1); // Add code for pre mass action (confirmation or email presend form) /*$topicmail=""; @@ -699,7 +694,22 @@ print ''.$langs->trans("Parameter").''; print ''; print "\n"; -// Hide e-mail headers from collected messages +// MAIN_IMAP_USE_PHPIMAP: Enable use of the PHP Imap library +print ''; +//print $form->textwithpicto($langs->trans("MAIN_IMAP_USE_PHPIMAP"), $langs->transnoentitiesnoconv("MAIN_IMAP_USE_PHPIMAPDesc")); +print $langs->trans("MAIN_IMAP_USE_PHPIMAP"); +print ''; +print ''; +if ($conf->use_javascript_ajax) { + print ajax_constantonoff('MAIN_IMAP_USE_PHPIMAP'); +} else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $form->selectarray("MAIN_IMAP_USE_PHPIMAP", $arrval, $conf->global->MAIN_IMAP_USE_PHPIMAP); +} +print ''; +print ''; + +// MAIN_EMAILCOLLECTOR_MAIL_WITHOUT_HEADER: Hide e-mail headers from collected messages print ''.$form->textwithpicto($langs->trans("EmailCollectorHideMailHeaders"), $langs->transnoentitiesnoconv("EmailCollectorHideMailHeadersHelp")).''; print ''; if ($conf->use_javascript_ajax) { @@ -738,6 +748,10 @@ if (in_array('builddoc', $arrayofmassactions) && ($nbtotalofrecords === '' || $n print $formfile->showdocuments('massfilesarea_emailcollector', '', $filedir, $urlsource, 0, $delallowed, '', 1, 1, 0, 48, 1, $param, $title, '', '', '', null, $hidegeneratedfilelistifempty); } + +dol_get_fiche_end(); + + // End of page llxFooter(); $db->close(); diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 009dd47dbb5..66210ef9d52 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2348,3 +2348,4 @@ AllowExternalDownload=Allow external download (without login, using a shared lin DeadlineDayVATSubmission=Deadline day for vat submission on the next month MaxNumberOfAttachementOnForms=Max number of joinded files in a form IfDefinedUseAValueBeetween=If defined, use a value between %s and %s +MAIN_IMAP_USE_PHPIMAP=Use the PHP-IMAP library for IMAP instead of native PHP IMAP. This also allow the use of OAuth2 connection for IMAP. \ No newline at end of file From 2190dcc9f7e390d6e739fb3450dbd080c0f74c00 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 7 Feb 2023 13:40:28 +0100 Subject: [PATCH 32/42] Fix status of website --- htdocs/website/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 3aa1b622f6e..3a625818ba4 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -2807,7 +2807,7 @@ if (!GETPOST('hide_websitemenu')) { $atleastonepage = (is_array($array) && count($array) > 0); $websitepage = new WebSitePage($db); - if ($pageid > 0 && ($action == 'preview' || $action == 'createfromclone' || $action == 'createpagefromclone')) { + if ($pageid > 0) { $websitepage->fetch($pageid); } From e71ad2e23bd937ee3d448c365a997f3357dfd63a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 7 Feb 2023 20:12:53 +0100 Subject: [PATCH 33/42] Maxi debug of OAuth module --- htdocs/admin/oauth.php | 21 +- htdocs/admin/oauthlogintokens.php | 31 ++- htdocs/core/lib/functions.lib.php | 4 +- htdocs/core/lib/oauth.lib.php | 12 +- .../modules/oauth/generic_oauthcallback.php | 49 ++-- .../modules/oauth/github_oauthcallback.php | 23 +- .../modules/oauth/google_oauthcallback.php | 5 +- .../modules/oauth/microsoft_oauthcallback.php | 211 ++++++++++++++++++ .../oauth/stripelive_oauthcallback.php | 27 +-- .../oauth/stripetest_oauthcallback.php | 27 +-- .../OAuth/Common/Storage/DoliStorage.php | 6 + .../OAuth/OAuth2/Service/AbstractService.php | 4 +- .../OAuth/OAuth2/Service/Microsoft.php | 64 +++--- htdocs/langs/en_US/admin.lang | 3 +- htdocs/langs/en_US/mails.lang | 1 - htdocs/langs/en_US/oauth.lang | 1 + 16 files changed, 348 insertions(+), 141 deletions(-) create mode 100644 htdocs/core/modules/oauth/microsoft_oauthcallback.php diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php index 217dfd63cc9..2425f12d9bd 100644 --- a/htdocs/admin/oauth.php +++ b/htdocs/admin/oauth.php @@ -84,6 +84,11 @@ if ($action == 'update') { $error++; } } + if (GETPOSTISSET($constvalue.'_TENANT')) { + if (!dolibarr_set_const($db, $constvalue.'_TENANT', GETPOST($constvalue.'_TENANT'), 'chaine', 0, '', $conf->entity)) { + $error++; + } + } if (GETPOSTISSET($constvalue.'_SCOPE')) { if (is_array(GETPOST($constvalue.'_SCOPE'))) { $scopestring = implode(',', GETPOST($constvalue.'_SCOPE')); @@ -128,6 +133,8 @@ if ($action == 'confirm_delete') { $callbacktodel .= '/core/modules/oauth/stripelive_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl); } elseif ($label == 'OAUTH_STRIPE_TEST') { $callbacktodel .= '/core/modules/oauth/stripetest_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl); + } elseif ($label == 'OAUTH_MICROSOFT') { + $callbacktodel .= '/core/modules/oauth/microsoft_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl); } elseif ($label == 'OAUTH_OTHER') { $callbacktodel .= '/core/modules/oauth/generic_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl); } @@ -242,8 +249,10 @@ if (count($listinsetup) > 0) { $keyforsupportedoauth2array = preg_replace('/^OAUTH_/', '', $keyforsupportedoauth2array); $keyforsupportedoauth2array = preg_replace('/_NAME$/', '', $keyforsupportedoauth2array); if (preg_match('/^.*-/', $keyforsupportedoauth2array)) { + $keybeforeprovider = preg_replace('/-.*$/', '', $keyforsupportedoauth2array); $keyforprovider = preg_replace('/^.*-/', '', $keyforsupportedoauth2array); } else { + $keybeforeprovider = $keyforsupportedoauth2array; $keyforprovider = ''; } $keyforsupportedoauth2array = preg_replace('/-.*$/', '', $keyforsupportedoauth2array); @@ -337,6 +346,16 @@ if (count($listinsetup) > 0) { print ''; print ''; + // Tenant + if ($keybeforeprovider == 'MICROSOFT') { + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + } + // TODO Move this into token generation ? if ($supported) { if ($keyforsupportedoauth2array == 'OAUTH_OTHER_NAME') { @@ -386,7 +405,7 @@ if (count($listinsetup) > 0) { print ''; - print $form->buttonsSaveCancel("Modify", ''); + print $form->buttonsSaveCancel("Save", ''); print ''; } diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php index 9a0532880cd..d6fcc9e0f7c 100644 --- a/htdocs/admin/oauthlogintokens.php +++ b/htdocs/admin/oauthlogintokens.php @@ -162,8 +162,10 @@ if ($mode == 'setup' && $user->admin) { $keyforsupportedoauth2array = preg_replace('/^OAUTH_/', '', $keyforsupportedoauth2array); $keyforsupportedoauth2array = preg_replace('/_NAME$/', '', $keyforsupportedoauth2array); if (preg_match('/^.*-/', $keyforsupportedoauth2array)) { + $keybeforeprovider = preg_replace('/-.*$/', '', $keyforsupportedoauth2array); $keyforprovider = preg_replace('/^.*-/', '', $keyforsupportedoauth2array); } else { + $keybeforeprovider = $keyforsupportedoauth2array; $keyforprovider = ''; } $keyforsupportedoauth2array = preg_replace('/-.*$/', '', $keyforsupportedoauth2array); @@ -179,13 +181,12 @@ if ($mode == 'setup' && $user->admin) { $state = $shortscope; // TODO USe a better state // Define $urltorenew, $urltodelete, $urltocheckperms - // TODO Use array $supportedoauth2array if ($keyforsupportedoauth2array == 'OAUTH_GITHUB_NAME') { // List of keys that will be converted into scopes (from constants 'SCOPE_state_in_uppercase' in file of service). // We pass this param list in to 'state' because we need it before and after the redirect. // Note: github does not accept csrf key inside the state parameter (only known values) - $urltorenew = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.$shortscope.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); + $urltorenew = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($shortscope).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltodelete = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?action=delete&token='.newToken().'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltocheckperms = 'https://github.com/settings/applications/'; } elseif ($keyforsupportedoauth2array == 'OAUTH_GOOGLE_NAME') { @@ -195,17 +196,9 @@ if ($mode == 'setup' && $user->admin) { $urltorenew = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'-'.$oauthstateanticsrf.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltodelete = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?action=delete&token='.newToken().'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltocheckperms = 'https://security.google.com/settings/security/permissions'; - } elseif ($keyforsupportedoauth2array == 'OAUTH_STRIPE_TEST_NAME') { - $urltorenew = $urlwithroot.'/core/modules/oauth/stripetest_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); - $urltodelete = ''; - $urltocheckperms = ''; - } elseif ($keyforsupportedoauth2array == 'OAUTH_STRIPE_LIVE_NAME') { - $urltorenew = $urlwithroot.'/core/modules/oauth/stripelive_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); - $urltodelete = ''; - $urltocheckperms = ''; - } elseif ($keyforsupportedoauth2array = 'OAUTH_OTHER_NAME') { - $urltorenew = $urlwithroot.'/core/modules/oauth/generic_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); - $urltodelete = ''; + } elseif (!empty($supportedoauth2array[$keyforsupportedoauth2array]['returnurl'])) { + $urltorenew = $urlwithroot.$supportedoauth2array[$keyforsupportedoauth2array]['returnurl'].'?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); + $urltodelete = $urlwithroot.$supportedoauth2array[$keyforsupportedoauth2array]['returnurl'].'?action=delete&token='.newToken().'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php'); $urltocheckperms = ''; } else { $urltorenew = ''; @@ -220,17 +213,19 @@ if ($mode == 'setup' && $user->admin) { $urltodelete .= '&keyforprovider='.urlencode($keyforprovider); } - // Show value of token $tokenobj = null; // Token require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php'; // Dolibarr storage - $storage = new DoliStorage($db, $conf); + $storage = new DoliStorage($db, $conf, $keyforprovider); try { + // $OAUTH_SERVICENAME is for example 'Google-keyforprovider' + print $OAUTH_SERVICENAME; $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); } catch (Exception $e) { // Return an error if token not found + //print $e->getMessage(); } // Set other properties @@ -321,7 +316,11 @@ if ($mode == 'setup' && $user->admin) { // Links to delete/checks token if (is_object($tokenobj)) { //test on $storage->hasAccessToken($OAUTH_SERVICENAME) ? - print ''.$langs->trans('DeleteAccess').'
'; + if ($urltodelete) { + print ''.$langs->trans('DeleteAccess').'
'; + } else { + print ''.$langs->trans('GoOnTokenProviderToDeleteToken').'
'; + } } // Request remote token if ($urltorenew) { diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index d47b71d39cf..e94b9d5e4c0 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -4102,7 +4102,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ 'paiment', 'paragraph', 'play', 'pdf', 'phone', 'phoning', 'phoning_mobile', 'phoning_fax', 'playdisabled', 'previous', 'poll', 'pos', 'printer', 'product', 'propal', 'proposal', 'puce', 'stock', 'resize', 'service', 'stats', 'trip', 'security', 'setup', 'share-alt', 'sign-out', 'split', 'stripe', 'stripe-s', 'switch_off', 'switch_on', 'switch_on_red', 'tools', 'unlink', 'uparrow', 'user', 'user-tie', 'vcard', 'wrench', - 'github', 'google', 'jabber', 'skype', 'twitter', 'facebook', 'linkedin', 'instagram', 'snapchat', 'youtube', 'google-plus-g', 'whatsapp', + 'github', 'google', 'jabber', 'microsoft', 'skype', 'twitter', 'facebook', 'linkedin', 'instagram', 'snapchat', 'youtube', 'google-plus-g', 'whatsapp', 'chevron-left', 'chevron-right', 'chevron-down', 'chevron-top', 'commercial', 'companies', 'generic', 'home', 'hrm', 'members', 'products', 'invoicing', 'partnership', 'payment', 'payment_vat', 'pencil-ruler', 'preview', 'project', 'projectpub', 'projecttask', 'question', 'refresh', 'region', @@ -4123,7 +4123,7 @@ function img_picto($titlealt, $picto, $moreatt = '', $pictoisfullpath = false, $ if (in_array($pictowithouttext, array('card', 'bell', 'clock', 'establishment', 'generic', 'minus-square', 'object_generic', 'pdf', 'plus-square', 'timespent', 'note', 'off', 'on', 'object_bookmark', 'bookmark', 'vcard'))) { $fa = 'far'; } - if (in_array($pictowithouttext, array('black-tie', 'github', 'google', 'skype', 'twitter', 'facebook', 'linkedin', 'instagram', 'snapchat', 'stripe', 'stripe-s', 'youtube', 'google-plus-g', 'whatsapp'))) { + if (in_array($pictowithouttext, array('black-tie', 'github', 'google', 'microsoft', 'skype', 'twitter', 'facebook', 'linkedin', 'instagram', 'snapchat', 'stripe', 'stripe-s', 'youtube', 'google-plus-g', 'whatsapp'))) { $fa = 'fab'; } diff --git a/htdocs/core/lib/oauth.lib.php b/htdocs/core/lib/oauth.lib.php index 83359ef1c65..4f504196b47 100644 --- a/htdocs/core/lib/oauth.lib.php +++ b/htdocs/core/lib/oauth.lib.php @@ -25,15 +25,17 @@ // Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth) $supportedoauth2array = array( - 'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'availablescopes'=> 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print,admin_directory_user,gmail_full'), + 'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'availablescopes'=> 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print,admin_directory_user,gmail_full', 'returnurl'=>'/core/modules/oauth/google_oauthcallback.php'), ); if (isModEnabled('stripe')) { - $supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'availablescopes'=>'read_write'); - $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'availablescopes'=>'read_write'); + $supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'availablescopes'=>'read_write', 'returnurl'=>'/core/modules/oauth/stripetest_oauthcallback.php'); + $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'availablescopes'=>'read_write', 'returnurl'=>'/core/modules/oauth/stripelive_oauthcallback.php'); } -$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'availablescopes'=>'user,public_repo'); +$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'availablescopes'=>'user,public_repo', 'returnurl'=>'/core/modules/oauth/github_oauthcallback.php'); if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) { - $supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'availablescopes'=>'Standard'); + $supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'availablescopes'=>'Standard', 'returnurl'=>'/core/modules/oauth/generic_oauthcallback.php'); + // See https://learn.microsoft.com/fr-fr/azure/active-directory/develop/quickstart-register-app#register-an-application + $supportedoauth2array['OAUTH_MICROSOFT_NAME'] = array('callbackfile' => 'microsoft', 'picto' => 'microsoft', 'urlforapp' => 'OAUTH_MICROSOFT_DESC', 'name'=>'Microsoft', 'urlforcredentials'=>'https://portal.azure.com/', 'availablescopes'=>'openid,offline_access,profile,email,IMAP.AccessAsUser.All', 'returnurl'=>'/core/modules/oauth/microsoft_oauthcallback.php'); } diff --git a/htdocs/core/modules/oauth/generic_oauthcallback.php b/htdocs/core/modules/oauth/generic_oauthcallback.php index 34422111d5d..a394c7f4986 100644 --- a/htdocs/core/modules/oauth/generic_oauthcallback.php +++ b/htdocs/core/modules/oauth/generic_oauthcallback.php @@ -66,7 +66,7 @@ $httpClient = new \OAuth\Common\Http\Client\CurlClient(); $serviceFactory->setHttpClient($httpClient); // Dolibarr storage -$storage = new DoliStorage($db, $conf); +$storage = new DoliStorage($db, $conf, $keyforprovider); // Setup the credentials for the requests $keyforparamid = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; @@ -77,9 +77,11 @@ $credentials = new Credentials( $currentUri->getAbsoluteUri() ); +$state = GETPOST('state'); + $requestedpermissionsarray = array(); -if (GETPOST('state')) { - $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back +if ($state) { + $requestedpermissionsarray = explode(',', $state); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back } if ($action != 'delete' && empty($requestedpermissionsarray)) { print 'Error, parameter state is not defined'; @@ -88,7 +90,8 @@ if ($action != 'delete' && empty($requestedpermissionsarray)) { //var_dump($requestedpermissionsarray);exit; // Instantiate the Api service using the credentials, http client and storage mechanism for the token -$apiService = $serviceFactory->createService($genericstring, $credentials, $storage, $requestedpermissionsarray); +// ucfirst(strtolower($genericstring)) must be the name of a class into OAuth/OAuth2/Services/Xxxx +$apiService = $serviceFactory->createService(ucfirst(strtolower($genericstring)), $credentials, $storage, $requestedpermissionsarray); /* var_dump($genericstring.($keyforprovider ? '-'.$keyforprovider : '')); @@ -128,35 +131,25 @@ if ($action == 'delete') { exit(); } -if (GETPOST('code')) { // We are coming from oauth provider page +if (GETPOST('code') || GETPOST('error')) { // We are coming from oauth provider page // We should have //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16)) - dol_syslog("We are coming from the oauth provider page"); - //llxHeader('',$langs->trans("OAuthSetup")); - - //$linkback=''.$langs->trans("BackToModuleList").''; - //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup'); - - //print dol_get_fiche_head(); - // retrieve the CSRF state parameter - $state = GETPOSTISSET('state') ? GETPOST('state') : null; - //print ''; + dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)." error=".GETPOST('error')); // This was a callback request from service, get the token try { - //var_dump($_GET['code']); //var_dump($state); - //var_dump($apiService); // OAuth\OAuth2\Service\GitHub + //var_dump($apiService); // OAuth\OAuth2\Service\Xxx - //$token = $apiService->requestAccessToken(GETPOST('code'), $state); - $token = $apiService->requestAccessToken(GETPOST('code')); - // Github is a service that does not need state to be stored. - // Into constructor of GitHub, the call - // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri) - // has not the ending parameter to true like the Google class constructor. + if (GETPOST('error')) { + setEventMessages(GETPOST('error').' '.GETPOST('error_description'), null, 'errors'); + } else { + //$token = $apiService->requestAccessToken(GETPOST('code'), $state); + $token = $apiService->requestAccessToken(GETPOST('code')); - setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token + setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token + } $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; unset($_SESSION["backtourlsavedbeforeoauthjump"]); @@ -166,15 +159,17 @@ if (GETPOST('code')) { // We are coming from oauth provider page } catch (Exception $e) { print $e->getMessage(); } -} else { // If entry on page with no parameter, we arrive here +} else { + // If we enter this page without 'code' parameter, we arrive here. This is the case when we want to get the redirect + // to the OAuth provider login page. $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider; $_SESSION['oauthstateanticsrf'] = $state; // This may create record into oauth_state before the header redirect. // Creation of record with state in this tables depend on the Provider used (see its constructor). - if (GETPOST('state')) { - $url = $apiService->getAuthorizationUri(array('state' => GETPOST('state'))); + if ($state) { + $url = $apiService->getAuthorizationUri(array('state' => $state)); } else { $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated } diff --git a/htdocs/core/modules/oauth/github_oauthcallback.php b/htdocs/core/modules/oauth/github_oauthcallback.php index 24140718880..7656a1cda37 100644 --- a/htdocs/core/modules/oauth/github_oauthcallback.php +++ b/htdocs/core/modules/oauth/github_oauthcallback.php @@ -65,7 +65,7 @@ $httpClient = new \OAuth\Common\Http\Client\CurlClient(); $serviceFactory->setHttpClient($httpClient); // Dolibarr storage -$storage = new DoliStorage($db, $conf); +$storage = new DoliStorage($db, $conf, $keyforprovider); // Setup the credentials for the requests $keyforparamid = 'OAUTH_GITHUB'.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; @@ -115,30 +115,21 @@ if ($action == 'delete') { exit(); } -if (!empty($_GET['code'])) { // We are coming from oauth provider page +if (GETPOST('code')) { // We are coming from oauth provider page // We should have //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16)) - dol_syslog("We are coming from the oauth provider page"); - //llxHeader('',$langs->trans("OAuthSetup")); - - //$linkback=''.$langs->trans("BackToModuleList").''; - //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup'); - - //print dol_get_fiche_head(); - // retrieve the CSRF state parameter - $state = isset($_GET['state']) ? $_GET['state'] : null; - //print '
'; + dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)); // This was a callback request from service, get the token try { - //var_dump($_GET['code']); //var_dump($state); //var_dump($apiService); // OAuth\OAuth2\Service\GitHub - //$token = $apiService->requestAccessToken($_GET['code'], $state); - $token = $apiService->requestAccessToken($_GET['code']); - // Github is a service that does not need state to be stored. + //$token = $apiService->requestAccessToken(GETPOST('code'), $state); + $token = $apiService->requestAccessToken(GETPOST('code')); + // Github is a service that does not need state to be stored as second paramater of requestAccessToken + // Into constructor of GitHub, the call // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri) // has not the ending parameter to true like the Google class constructor. diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php index ed0caa1a4ff..c26187e4475 100644 --- a/htdocs/core/modules/oauth/google_oauthcallback.php +++ b/htdocs/core/modules/oauth/google_oauthcallback.php @@ -137,7 +137,7 @@ if ($action == 'delete') { } if (GETPOST('code')) { // We are coming from oauth provider page. - dol_syslog("We are coming from the oauth provider page keyforprovider=".$keyforprovider); + dol_syslog("We are coming from the oauth provider page keyforprovider=".$keyforprovider." code=".dol_trunc(GETPOST('code'), 5)); // We must validate that the $state is the same than the one into $_SESSION['oauthstateanticsrf'], return error if not. if (isset($_SESSION['oauthstateanticsrf']) && $state != $_SESSION['oauthstateanticsrf']) { @@ -146,7 +146,6 @@ if (GETPOST('code')) { // We are coming from oauth provider page. } else { // This was a callback request from service, get the token try { - //var_dump($_GET['code']); //var_dump($state); //var_dump($apiService); // OAuth\OAuth2\Service\Google @@ -193,7 +192,7 @@ if (GETPOST('code')) { // We are coming from oauth provider page. } } } else { - // If we enter this page without 'code' parameter, we arrive here. this is the case when we want to get the redirect + // If we enter this page without 'code' parameter, we arrive here. This is the case when we want to get the redirect // to the OAuth provider login page. $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider; diff --git a/htdocs/core/modules/oauth/microsoft_oauthcallback.php b/htdocs/core/modules/oauth/microsoft_oauthcallback.php new file mode 100644 index 00000000000..ed47eec06e1 --- /dev/null +++ b/htdocs/core/modules/oauth/microsoft_oauthcallback.php @@ -0,0 +1,211 @@ + + * Copyright (C) 2015 Frederic France + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file htdocs/core/modules/oauth/microsoft_oauthcallback.php + * \ingroup oauth + * \brief Page to get oauth callback + */ + +// Load Dolibarr environment +require '../../../main.inc.php'; +require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php'; +use OAuth\Common\Storage\DoliStorage; +use OAuth\Common\Consumer\Credentials; +use OAuth\OAuth2\Service\GitHub; + +// Define $urlwithroot +$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); +$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file +//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current + + +$action = GETPOST('action', 'aZ09'); +$backtourl = GETPOST('backtourl', 'alpha'); +$keyforprovider = GETPOST('keyforprovider', 'aZ09'); +if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) { + $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"]; +} +$genericstring = 'MICROSOFT'; + + +/** + * Create a new instance of the URI class with the current URI, stripping the query string + */ +$uriFactory = new \OAuth\Common\Http\Uri\UriFactory(); +//$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER); +//$currentUri->setQuery(''); +$currentUri = $uriFactory->createFromAbsolute($urlwithroot.'/core/modules/oauth/microsoft_oauthcallback.php'); + + +/** + * Load the credential for the service + */ + +/** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */ +$serviceFactory = new \OAuth\ServiceFactory(); +$httpClient = new \OAuth\Common\Http\Client\CurlClient(); +// TODO Set options for proxy and timeout +// $params=array('CURLXXX'=>value, ...) +//$httpClient->setCurlParameters($params); +$serviceFactory->setHttpClient($httpClient); + +// Dolibarr storage +$storage = new DoliStorage($db, $conf, $keyforprovider); + +// Setup the credentials for the requests +$keyforparamid = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; +$keyforparamsecret = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET'; +$keyforparamtenant = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_TENANT'; +$credentials = new Credentials( + getDolGlobalString($keyforparamid), + getDolGlobalString($keyforparamsecret), + $currentUri->getAbsoluteUri() +); + +$state = GETPOST('state'); + +$requestedpermissionsarray = array(); +if ($state) { + $requestedpermissionsarray = explode(',', $state); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back +} +if ($action != 'delete' && empty($requestedpermissionsarray)) { + print 'Error, parameter state is not defined'; + exit; +} +//var_dump($requestedpermissionsarray);exit; + +// Instantiate the Api service using the credentials, http client and storage mechanism for the token +// ucfirst(strtolower($genericstring)) must be the name of a class into OAuth/OAuth2/Services/Xxxx +// $requestedpermissionsarray contains list of scopes. +// Conversion into URL is done by Reflection on constant with name SCOPE_scope_in_uppercase +try { + $apiService = $serviceFactory->createService(ucfirst(strtolower($genericstring)), $credentials, $storage, $requestedpermissionsarray); +} catch (Exception $e) { + print $e->getMessage(); + exit; +} +/* +var_dump($genericstring.($keyforprovider ? '-'.$keyforprovider : '')); +var_dump($credentials); +var_dump($storage); +var_dump($requestedpermissionsarray); +*/ + +if (empty($apiService)) { + print 'Error, failed to create serviceFactory'; + exit; +} + +// access type needed to have oauth provider refreshing token +//$apiService->setAccessType('offline'); + +$langs->load("oauth"); + +if (!getDolGlobalString($keyforparamid)) { + accessforbidden('Setup of service is not complete. Customer ID is missing'); +} +if (!getDolGlobalString($keyforparamsecret)) { + accessforbidden('Setup of service is not complete. Secret key is missing'); +} + + +/* + * Actions + */ + +if ($action == 'delete') { + $storage->clearToken($genericstring); + + setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); + + header('Location: '.$backtourl); + exit(); +} + +//dol_syslog("GET=".join(',', $_GET)); + + +if (GETPOST('code') || GETPOST('error')) { // We are coming from oauth provider page + // We should have + //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16)) + + dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)." error=".GETPOST('error')); + + // This was a callback request from service, get the token + try { + //var_dump($state); + //var_dump($apiService); // OAuth\OAuth2\Service\Microsoft + + if (GETPOST('error')) { + setEventMessages(GETPOST('error').' '.GETPOST('error_description'), null, 'errors'); + } else { + $apiService->tenant = getDolGlobalString($keyforparamtenant); + + //$token = $apiService->requestAccessToken(GETPOST('code'), $state); + $token = $apiService->requestAccessToken(GETPOST('code')); + // Microsoft is a service that does not need state to be stored as second paramater of requestAccessToken + + setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token + } + + $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; + unset($_SESSION["backtourlsavedbeforeoauthjump"]); + + header('Location: '.$backtourl); + exit(); + } catch (Exception $e) { + print $e->getMessage(); + } +} else { + // If we enter this page without 'code' parameter, we arrive here. This is the case when we want to get the redirect + // to the OAuth provider login page. + $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; + $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider; + $_SESSION['oauthstateanticsrf'] = $state; + + //if (!preg_match('/^forlogin/', $state)) { + // $apiService->setApprouvalPrompt('auto'); + //} + $apiService->tenant = getDolGlobalString($keyforparamtenant); + + // This may create record into oauth_state before the header redirect. + // Creation of record with state in this tables depend on the Provider used (see its constructor). + if ($state) { + $url = $apiService->getAuthorizationUri(array('state' => $state)); + } else { + $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated + } + + // Show url to get authorization + //var_dump((string) $url);exit; + dol_syslog("Redirect to url=".$url); + + // we go on oauth provider authorization page + header('Location: '.$url); + exit(); +} + + +/* + * View + */ + +// No view at all, just actions + +$db->close(); diff --git a/htdocs/core/modules/oauth/stripelive_oauthcallback.php b/htdocs/core/modules/oauth/stripelive_oauthcallback.php index ef35b6573cc..bc16b44461a 100644 --- a/htdocs/core/modules/oauth/stripelive_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripelive_oauthcallback.php @@ -65,7 +65,7 @@ $httpClient = new \OAuth\Common\Http\Client\CurlClient(); $serviceFactory->setHttpClient($httpClient); // Dolibarr storage -$storage = new DoliStorage($db, $conf); +$storage = new DoliStorage($db, $conf, $keyforprovider); // Setup the credentials for the requests $keyforparamid = 'OAUTH_STRIPE_LIVE'.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; @@ -121,33 +121,20 @@ if ($action == 'delete') { exit(); } -if (!empty($_GET['code'])) { // We are coming from oauth provider page +if (GETPOST('code')) { // We are coming from oauth provider page // We should have //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16)) - dol_syslog("We are coming from the oauth provider page"); - //llxHeader('',$langs->trans("OAuthSetup")); - - //$linkback=''.$langs->trans("BackToModuleList").''; - //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup'); - - //print dol_get_fiche_head(); - // retrieve the CSRF state parameter - $state = isset($_GET['state']) ? $_GET['state'] : null; - //print '
'; + dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)); // This was a callback request from service, get the token try { - //var_dump($_GET['code']); //var_dump($state); - //var_dump($apiService); // OAuth\OAuth2\Service\GitHub + //var_dump($apiService); // OAuth\OAuth2\Service\Stripe - //$token = $apiService->requestAccessToken($_GET['code'], $state); - $token = $apiService->requestAccessToken($_GET['code']); - // Github is a service that does not need state to be stored. - // Into constructor of GitHub, the call - // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri) - // has not the ending parameter to true like the Google class constructor. + //$token = $apiService->requestAccessToken(GETPOST('code'), $state); + $token = $apiService->requestAccessToken(GETPOST('code')); + // Stripe is a service that does not need state to be stored as second paramater of requestAccessToken setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token diff --git a/htdocs/core/modules/oauth/stripetest_oauthcallback.php b/htdocs/core/modules/oauth/stripetest_oauthcallback.php index a5d481dbef5..12d133da14c 100644 --- a/htdocs/core/modules/oauth/stripetest_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripetest_oauthcallback.php @@ -65,7 +65,7 @@ $httpClient = new \OAuth\Common\Http\Client\CurlClient(); $serviceFactory->setHttpClient($httpClient); // Dolibarr storage -$storage = new DoliStorage($db, $conf); +$storage = new DoliStorage($db, $conf, $keyforprovider); // Setup the credentials for the requests $keyforparamid = 'OAUTH_STRIPE_TEST'.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; @@ -121,33 +121,20 @@ if ($action == 'delete') { exit(); } -if (!empty($_GET['code'])) { // We are coming from oauth provider page +if (GETPOST('code')) { // We are coming from oauth provider page // We should have //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16)) - dol_syslog("We are coming from the oauth provider page"); - //llxHeader('',$langs->trans("OAuthSetup")); - - //$linkback=''.$langs->trans("BackToModuleList").''; - //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup'); - - //print dol_get_fiche_head(); - // retrieve the CSRF state parameter - $state = isset($_GET['state']) ? $_GET['state'] : null; - //print '
'; + dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)); // This was a callback request from service, get the token try { - //var_dump($_GET['code']); //var_dump($state); - //var_dump($apiService); // OAuth\OAuth2\Service\GitHub + //var_dump($apiService); // OAuth\OAuth2\Service\Stripe - //$token = $apiService->requestAccessToken($_GET['code'], $state); - $token = $apiService->requestAccessToken($_GET['code']); - // Github is a service that does not need state to be stored. - // Into constructor of GitHub, the call - // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri) - // has not the ending parameter to true like the Google class constructor. + //$token = $apiService->requestAccessToken(GETPOST('code'), $state); + $token = $apiService->requestAccessToken(GETPOST('code')); + // Stripe is a service that does not need state to be stored as second paramater of requestAccessToken setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token diff --git a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php index 3e09e53fbe6..cf280262e99 100644 --- a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php +++ b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php @@ -126,6 +126,9 @@ class DoliStorage implements TokenStorageInterface $sql.= " SET token = '".$this->db->escape($serializedToken)."'"; $sql.= " WHERE rowid = ".((int) $obj['rowid']); $resql = $this->db->query($sql); + if (!$resql) { + dol_print_error($this->db); + } } else { // save $sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, token, entity, datec)"; @@ -133,6 +136,9 @@ class DoliStorage implements TokenStorageInterface $sql .= " '".$this->db->idate(dol_now())."'"; $sql .= ")"; $resql = $this->db->query($sql); + if (!$resql) { + dol_print_error($this->db); + } } //print $sql; diff --git a/htdocs/includes/OAuth/OAuth2/Service/AbstractService.php b/htdocs/includes/OAuth/OAuth2/Service/AbstractService.php index 996506afbec..0de0219306a 100644 --- a/htdocs/includes/OAuth/OAuth2/Service/AbstractService.php +++ b/htdocs/includes/OAuth/OAuth2/Service/AbstractService.php @@ -56,8 +56,8 @@ abstract class AbstractService extends BaseAbstractService implements ServiceInt $this->stateParameterInAuthUrl = $stateParameterInAutUrl; foreach ($scopes as $scope) { - if (!$this->isValidScope($scope)) { - throw new InvalidScopeException('Scope ' . $scope . ' is not valid for service ' . get_class($this)); + if (!$this->isValidScope($scope)) { + throw new InvalidScopeException('Scope ' . $scope . ' is not valid for service ' . get_class($this)); } } diff --git a/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php b/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php index c815b22bd44..b1b6a042c01 100644 --- a/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php +++ b/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php @@ -12,30 +12,35 @@ use OAuth\Common\Http\Uri\UriInterface; class Microsoft extends AbstractService { - const SCOPE_BASIC = 'wl.basic'; - const SCOPE_OFFLINE = 'wl.offline_access'; - const SCOPE_SIGNIN = 'wl.signin'; - const SCOPE_BIRTHDAY = 'wl.birthday'; - const SCOPE_CALENDARS = 'wl.calendars'; - const SCOPE_CALENDARS_UPDATE = 'wl.calendars_update'; - const SCOPE_CONTACTS_BIRTHDAY = 'wl.contacts_birthday'; - const SCOPE_CONTACTS_CREATE = 'wl.contacts_create'; - const SCOPE_CONTACTS_CALENDARS = 'wl.contacts_calendars'; - const SCOPE_CONTACTS_PHOTOS = 'wl.contacts_photos'; - const SCOPE_CONTACTS_SKYDRIVE = 'wl.contacts_skydrive'; - const SCOPE_EMAILS = 'wl.emails'; - const SCOPE_EVENTS_CREATE = 'wl.events_create'; - const SCOPE_MESSENGER = 'wl.messenger'; - const SCOPE_PHONE_NUMBERS = 'wl.phone_numbers'; - const SCOPE_PHOTOS = 'wl.photos'; - const SCOPE_POSTAL_ADDRESSES = 'wl.postal_addresses'; - const SCOPE_SHARE = 'wl.share'; - const SCOPE_SKYDRIVE = 'wl.skydrive'; - const SCOPE_SKYDRIVE_UPDATE = 'wl.skydrive_update'; - const SCOPE_WORK_PROFILE = 'wl.work_profile'; - const SCOPE_APPLICATIONS = 'wl.applications'; - const SCOPE_APPLICATIONS_CREATE = 'wl.applications_create'; - const SCOPE_IMAP = 'wl.imap'; + const SCOPE_BASIC = 'basic'; + const SCOPE_OFFLINE_ACCESS = 'offline_access'; + const SCOPE_SIGNIN = 'signin'; + const SCOPE_BIRTHDAY = 'birthday'; + const SCOPE_CALENDARS = 'calendars'; + const SCOPE_CALENDARS_UPDATE = 'calendars_update'; + const SCOPE_CONTACTS_BIRTHDAY = 'contacts_birthday'; + const SCOPE_CONTACTS_CREATE = 'contacts_create'; + const SCOPE_CONTACTS_CALENDARS = 'contacts_calendars'; + const SCOPE_CONTACTS_PHOTOS = 'contacts_photos'; + const SCOPE_CONTACTS_SKYDRIVE = 'contacts_skydrive'; + const SCOPE_EMAIL = 'email'; + const SCOPE_EVENTS_CREATE = 'events_create'; + const SCOPE_MESSENGER = 'messenger'; + const SCOPE_OPENID = 'openid'; + const SCOPE_PHONE_NUMBERS = 'phone_numbers'; + const SCOPE_PHOTOS = 'photos'; + const SCOPE_POSTAL_ADDRESSES = 'postal_addresses'; + const SCOPE_PROFILE = 'profile'; + const SCOPE_SHARE = 'share'; + const SCOPE_SKYDRIVE = 'skydrive'; + const SCOPE_SKYDRIVE_UPDATE = 'skydrive_update'; + const SCOPE_WORK_PROFILE = 'work_profile'; + const SCOPE_APPLICATIONS = 'applications'; + const SCOPE_APPLICATIONS_CREATE = 'applications_create'; + const SCOPE_IMAP = 'imap'; + const SOCPE_IMAP_AccessAsUser_All='IMAP.AccessAsUser.All'; + + public string $tenant; /** * MS uses some magical not officialy supported scope to get even moar info like full emailaddresses. @@ -48,7 +53,8 @@ class Microsoft extends AbstractService * * Considering this scope is not officially supported: use with care */ - const SCOPE_CONTACTS_EMAILS = 'wl.contacts_emails'; + const SCOPE_CONTACTS_EMAILS = 'contacts_emails'; + public function __construct( CredentialsInterface $credentials, @@ -69,7 +75,9 @@ class Microsoft extends AbstractService */ public function getAuthorizationEndpoint() { - return new Uri('https://login.live.com/oauth20_authorize.srf'); + //return new Uri('https://login.live.com/oauth20_authorize.srf'); + //return new Uri('https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize'); + return new Uri('https://login.microsoftonline.com/'.$this->tenant.'/oauth2/v2.0/authorize'); } /** @@ -77,7 +85,9 @@ class Microsoft extends AbstractService */ public function getAccessTokenEndpoint() { - return new Uri('https://login.live.com/oauth20_token.srf'); + //return new Uri('https://login.live.com/oauth20_token.srf'); + //return new Uri('https://login.microsoftonline.com/organizations/oauth2/v2.0/token'); + return new Uri('https://login.microsoftonline.com/'.$this->tenant.'/oauth2/v2.0/token'); } /** diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 66210ef9d52..29551ac0874 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2348,4 +2348,5 @@ AllowExternalDownload=Allow external download (without login, using a shared lin DeadlineDayVATSubmission=Deadline day for vat submission on the next month MaxNumberOfAttachementOnForms=Max number of joinded files in a form IfDefinedUseAValueBeetween=If defined, use a value between %s and %s -MAIN_IMAP_USE_PHPIMAP=Use the PHP-IMAP library for IMAP instead of native PHP IMAP. This also allow the use of OAuth2 connection for IMAP. \ No newline at end of file +EMailsInGoingDesc=Incoming emails are managed by the module %s. You must enable and configure it if you need to support ingoing emails. +MAIN_IMAP_USE_PHPIMAP=Use the PHP-IMAP library for IMAP instead of native PHP IMAP. This also allow the use of OAuth2 connection for IMAP (module OAuth must also be activated). diff --git a/htdocs/langs/en_US/mails.lang b/htdocs/langs/en_US/mails.lang index a112de8ceb2..f83637c9c40 100644 --- a/htdocs/langs/en_US/mails.lang +++ b/htdocs/langs/en_US/mails.lang @@ -179,4 +179,3 @@ RecordCreatedByEmailCollector=Record created by the Email Collector %s from emai DefaultBlacklistMailingStatus=Default value for field '%s' when creating a new contact DefaultStatusEmptyMandatory=Empty but mandatory WarningLimitSendByDay=WARNING: The setup or contract of your instance limits your number of emails per day to %s. Trying to send more may result in having your instance slow down or suspended. Please contact your support if you need a higher quota. -EMailsInGoingDesc=Incoming emails are managed by the module %s. You must enable and configure it if you need to support ingoing emails. diff --git a/htdocs/langs/en_US/oauth.lang b/htdocs/langs/en_US/oauth.lang index 01bb08e38bd..e773c470b30 100644 --- a/htdocs/langs/en_US/oauth.lang +++ b/htdocs/langs/en_US/oauth.lang @@ -33,6 +33,7 @@ OAUTH_STRIPE_TEST_NAME=OAuth Stripe Test OAUTH_STRIPE_LIVE_NAME=OAuth Stripe Live OAUTH_ID=OAuth ID OAUTH_SECRET=OAuth secret +OAUTH_TENANT=OAuth tenant OAuthProviderAdded=OAuth provider added AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists URLOfServiceForAuthorization=URL provided by OAuth service for authentication From d82a8dc7b137a07d93561c8bf9bb270146b0033a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 7 Feb 2023 20:35:11 +0100 Subject: [PATCH 34/42] Trans --- htdocs/langs/en_US/admin.lang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 29551ac0874..46339a7bf6d 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2349,4 +2349,4 @@ DeadlineDayVATSubmission=Deadline day for vat submission on the next month MaxNumberOfAttachementOnForms=Max number of joinded files in a form IfDefinedUseAValueBeetween=If defined, use a value between %s and %s EMailsInGoingDesc=Incoming emails are managed by the module %s. You must enable and configure it if you need to support ingoing emails. -MAIN_IMAP_USE_PHPIMAP=Use the PHP-IMAP library for IMAP instead of native PHP IMAP. This also allow the use of OAuth2 connection for IMAP (module OAuth must also be activated). +MAIN_IMAP_USE_PHPIMAP=Use the PHP-IMAP library for IMAP instead of native PHP IMAP. This also allows the use of an OAuth2 connection for IMAP (module OAuth must also be activated). From 411fbc1a045e877d3849e203bdd0cdf52cb69e7e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 8 Feb 2023 00:13:42 +0100 Subject: [PATCH 35/42] FIX Bug in php-imap library. Fatal error if imap connet fails --- .../webklex/php-imap/src/Connection/Protocols/Protocol.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/includes/webklex/php-imap/src/Connection/Protocols/Protocol.php b/htdocs/includes/webklex/php-imap/src/Connection/Protocols/Protocol.php index ef01d46ec9b..6087ac55b75 100644 --- a/htdocs/includes/webklex/php-imap/src/Connection/Protocols/Protocol.php +++ b/htdocs/includes/webklex/php-imap/src/Connection/Protocols/Protocol.php @@ -190,7 +190,7 @@ abstract class Protocol implements ProtocolInterface { STREAM_CLIENT_CONNECT, stream_context_create($this->defaultSocketOptions($transport)) ); - stream_set_timeout($stream, $timeout); + //stream_set_timeout($stream, $timeout); // Hang id $strem empty and already done line 199 if (!$stream) { throw new ConnectionFailedException($errstr, $errno); From 310fd4e369c5c38d8d99384f2c71e4d5d3e5d6e0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 8 Feb 2023 01:28:14 +0100 Subject: [PATCH 36/42] Debug IMAP-PHP for MS --- htdocs/admin/emailcollector_card.php | 205 +++++++++--------- htdocs/admin/oauthlogintokens.php | 6 +- htdocs/core/class/CMailFile.class.php | 4 +- htdocs/core/lib/oauth.lib.php | 2 +- htdocs/core/lib/security.lib.php | 3 +- .../modules/oauth/google_oauthcallback.php | 2 + .../modules/oauth/microsoft_oauthcallback.php | 4 +- .../modules/printing/printgcp.modules.php | 19 +- .../class/emailcollector.class.php | 2 +- .../OAuth/Common/Storage/DoliStorage.php | 63 +++++- .../OAuth/OAuth2/Service/Microsoft.php | 21 +- htdocs/printing/admin/printing.php | 4 +- 12 files changed, 204 insertions(+), 131 deletions(-) diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php index 8dfafb19b63..462839245fa 100644 --- a/htdocs/admin/emailcollector_card.php +++ b/htdocs/admin/emailcollector_card.php @@ -107,6 +107,7 @@ $permissiondellink = $user->admin; // Used by the include of actions_dellink.inc $permissiontoadd = $user->admin; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php $debuginfo = ''; +$error = 0; /* @@ -121,8 +122,6 @@ if ($reshook < 0) { } if (empty($reshook)) { - $error = 0; - $permissiontoadd = 1; $permissiontodelete = 1; if (empty($backtopage)) { @@ -397,104 +396,112 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $connectstringsource = ''; $connectstringtarget = ''; - if (function_exists('imap_open')) { - // Note: $object->host has been loaded by the fetch - $usessl = 1; + // Note: $object->host has been loaded by the fetch + $usessl = 1; - $connectstringserver = $object->getConnectStringIMAP($usessl); + $connectstringserver = $object->getConnectStringIMAP($usessl); - if ($action == 'scan') { - if (!empty($conf->global->MAIN_IMAP_USE_PHPIMAP)) { - if ($object->acces_type == 1) { - // Mode OAUth2 with PHP-IMAP - require_once DOL_DOCUMENT_ROOT.'/core/lib/oauth.lib.php'; // define $supportedoauth2array - $keyforsupportedoauth2array = $object->oauth_service; - if (preg_match('/^.*-/', $keyforsupportedoauth2array)) { - $keyforprovider = preg_replace('/^.*-/', '', $keyforsupportedoauth2array); - } else { - $keyforprovider = ''; - } - $keyforsupportedoauth2array = preg_replace('/-.*$/', '', $keyforsupportedoauth2array); - $keyforsupportedoauth2array = 'OAUTH_'.$keyforsupportedoauth2array.'_NAME'; - - $OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : '')); - - require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php'; - //$debugtext = "Host: ".$this->host."
Port: ".$this->port."
Login: ".$this->login."
Password: ".$this->password."
access type: ".$this->acces_type."
oauth service: ".$this->oauth_service."
Max email per collect: ".$this->maxemailpercollect; - //dol_syslog($debugtext); - - $storage = new DoliStorage($db, $conf); - - try { - $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); - $expire = true; - // Is token expired or will token expire in the next 30 seconds - // if (is_object($tokenobj)) { - // $expire = ($tokenobj->getEndOfLife() !== -9002 && $tokenobj->getEndOfLife() !== -9001 && time() > ($tokenobj->getEndOfLife() - 30)); - // } - // Token expired so we refresh it - if (is_object($tokenobj) && $expire) { - $credentials = new Credentials( - getDolGlobalString('OAUTH_'.$object->oauth_service.'_ID'), - getDolGlobalString('OAUTH_'.$object->oauth_service.'_SECRET'), - getDolGlobalString('OAUTH_'.$object->oauth_service.'_URLAUTHORIZE') - ); - $serviceFactory = new \OAuth\ServiceFactory(); - $oauthname = explode('-', $OAUTH_SERVICENAME); - // ex service is Google-Emails we need only the first part Google - $apiService = $serviceFactory->createService($oauthname[0], $credentials, $storage, array()); - // We have to save the token because Google give it only once - $refreshtoken = $tokenobj->getRefreshToken(); - $tokenobj = $apiService->refreshAccessToken($tokenobj); - $tokenobj->setRefreshToken($refreshtoken); - $storage->storeAccessToken($OAUTH_SERVICENAME, $tokenobj); - } - $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); - if (is_object($tokenobj)) { - $token = $tokenobj->getAccessToken(); - } else { - $object->error = "Token not found"; - return -1; - } - } catch (Exception $e) { - print $e->getMessage(); - } - - $cm = new ClientManager(); - $client = $cm->make([ - 'host' => $object->host, - 'port' => $object->port, - 'encryption' => 'ssl', - 'validate_cert' => true, - 'protocol' => 'imap', - 'username' => $object->login, - 'password' => $token, - 'authentication' => "oauth", - ]); + if ($action == 'scan') { + if (!empty($conf->global->MAIN_IMAP_USE_PHPIMAP)) { + if ($object->acces_type == 1) { + // Mode OAUth2 with PHP-IMAP + require_once DOL_DOCUMENT_ROOT.'/core/lib/oauth.lib.php'; // define $supportedoauth2array + $keyforsupportedoauth2array = $object->oauth_service; + if (preg_match('/^.*-/', $keyforsupportedoauth2array)) { + $keyforprovider = preg_replace('/^.*-/', '', $keyforsupportedoauth2array); } else { - // Mode login/pass with PHP-IMAP - $cm = new ClientManager(); - $client = $cm->make([ - 'host' => $object->host, - 'port' => $object->port, - 'encryption' => 'ssl', - 'validate_cert' => true, - 'protocol' => 'imap', - 'username' => $object->login, - 'password' => $object->password, - 'authentication' => "login", - ]); + $keyforprovider = ''; } + $keyforsupportedoauth2array = preg_replace('/-.*$/', '', $keyforsupportedoauth2array); + $keyforsupportedoauth2array = 'OAUTH_'.$keyforsupportedoauth2array.'_NAME'; + + $OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : '')); + + require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php'; + //$debugtext = "Host: ".$this->host."
Port: ".$this->port."
Login: ".$this->login."
Password: ".$this->password."
access type: ".$this->acces_type."
oauth service: ".$this->oauth_service."
Max email per collect: ".$this->maxemailpercollect; + //dol_syslog($debugtext); + + $storage = new DoliStorage($db, $conf, $keyforprovider); + + try { + $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); + $expire = true; + // Is token expired or will token expire in the next 30 seconds + // if (is_object($tokenobj)) { + // $expire = ($tokenobj->getEndOfLife() !== -9002 && $tokenobj->getEndOfLife() !== -9001 && time() > ($tokenobj->getEndOfLife() - 30)); + // } + // Token expired so we refresh it + if (is_object($tokenobj) && $expire) { + $credentials = new Credentials( + getDolGlobalString('OAUTH_'.$object->oauth_service.'_ID'), + getDolGlobalString('OAUTH_'.$object->oauth_service.'_SECRET'), + getDolGlobalString('OAUTH_'.$object->oauth_service.'_URLAUTHORIZE') + ); + $serviceFactory = new \OAuth\ServiceFactory(); + $oauthname = explode('-', $OAUTH_SERVICENAME); + // ex service is Google-Emails we need only the first part Google + $apiService = $serviceFactory->createService($oauthname[0], $credentials, $storage, array()); + // We have to save the token because Google give it only once + $refreshtoken = $tokenobj->getRefreshToken(); + $tokenobj = $apiService->refreshAccessToken($tokenobj); + $tokenobj->setRefreshToken($refreshtoken); + $storage->storeAccessToken($OAUTH_SERVICENAME, $tokenobj); + } + $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); + if (is_object($tokenobj)) { + $token = $tokenobj->getAccessToken(); + } else { + $error++; + $morehtml .= "Token not found"; + } + } catch (Exception $e) { + $error++; + $morehtml .= $e->getMessage(); + } + + if (empty($object->login)) { + $error++; + $morehtml .= 'Error: Login is empty. Must be email owner when using MAIN_IMAP_USE_PHPIMAP and OAuth.'; + } + + $cm = new ClientManager(); + $client = $cm->make([ + 'host' => $object->host, + 'port' => $object->port, + 'encryption' => 'ssl', + 'validate_cert' => true, + 'protocol' => 'imap', + 'username' => $object->login, + 'password' => $token, + 'authentication' => "oauth", + ]); + } else { + // Mode login/pass with PHP-IMAP + $cm = new ClientManager(); + $client = $cm->make([ + 'host' => $object->host, + 'port' => $object->port, + 'encryption' => 'ssl', + 'validate_cert' => true, + 'protocol' => 'imap', + 'username' => $object->login, + 'password' => $object->password, + 'authentication' => "login", + ]); + } + if (!$error) { try { $client->connect(); - } catch (ConnectionFailedException $e) { - print $e->getMessage(); - } - $f = $client->getFolders(false, $object->source_directory); - $nbemail = $f[0]->examine()["exists"]; - $morehtml .= $nbemail; - } else { + $f = $client->getFolders(false, $object->source_directory); + $nbemail = $f[0]->examine()["exists"]; + $morehtml .= $nbemail; + } catch (ConnectionFailedException $e) { + $morehtml .= 'ConnectionFailedException '.$e->getMessage(); + } + } + } else { + if (function_exists('imap_open')) { try { if ($sourcedir) { //$connectstringsource = $connectstringserver.imap_utf7_encode($sourcedir); @@ -521,7 +528,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea //dol_syslog("end imap_open connection=".var_export($connection, true)); } catch (Exception $e) { - print $e->getMessage(); + $morehtml .= $e->getMessage(); } if (!$connection) { @@ -540,16 +547,16 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea dol_syslog("Imap close"); imap_close($connection); } + } else { + $morehtml .= 'IMAP functions not available on your PHP. '; } - } else { - $morehtml .= ''.img_picto('', 'refresh', 'class="paddingrightonly"').$langs->trans("Refresh").''; } - - $morehtml .= $form->textwithpicto('', 'connect string '.$connectstringserver); } else { - $morehtml .= 'IMAP functions not available on your PHP. '; + $morehtml .= ''.img_picto('', 'refresh', 'class="paddingrightonly"').$langs->trans("Refresh").''; } + $morehtml .= $form->textwithpicto('', 'connect string '.$connectstringserver); + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref.'
'.$morehtml.'
', '', 0, '', '', 0, ''); print '
'; diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php index d6fcc9e0f7c..5c0ecdb007d 100644 --- a/htdocs/admin/oauthlogintokens.php +++ b/htdocs/admin/oauthlogintokens.php @@ -221,8 +221,11 @@ if ($mode == 'setup' && $user->admin) { $storage = new DoliStorage($db, $conf, $keyforprovider); try { // $OAUTH_SERVICENAME is for example 'Google-keyforprovider' - print $OAUTH_SERVICENAME; + print ''."\n"; $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); + //print $storage->token.'
'; + //print $tokenobj->getExtraParams()['id_token'].'
'; + //print $tokenobj->getAccessToken().'
'; } catch (Exception $e) { // Return an error if token not found //print $e->getMessage(); @@ -342,7 +345,6 @@ if ($mode == 'setup' && $user->admin) { print '
'; print ''; print '
'; if (is_object($tokenobj)) { - //var_dump($tokenobj); $tokentoshow = $tokenobj->getAccessToken(); print ''.showValueWithClipboardCPButton($tokentoshow, 1, dol_trunc($tokentoshow, 32)).'
'; //print 'Refresh: '.$tokenobj->getRefreshToken().'
'; diff --git a/htdocs/core/class/CMailFile.class.php b/htdocs/core/class/CMailFile.class.php index a7a87e1ce6e..f6611669556 100644 --- a/htdocs/core/class/CMailFile.class.php +++ b/htdocs/core/class/CMailFile.class.php @@ -908,7 +908,7 @@ class CMailFile require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php'; - $storage = new DoliStorage($db, $conf); + $storage = new DoliStorage($db, $conf, $keyforprovider); try { $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); $expire = false; @@ -1030,7 +1030,7 @@ class CMailFile require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php'; - $storage = new DoliStorage($db, $conf); + $storage = new DoliStorage($db, $conf, $keyforprovider); try { $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); diff --git a/htdocs/core/lib/oauth.lib.php b/htdocs/core/lib/oauth.lib.php index 4f504196b47..2074485cd6e 100644 --- a/htdocs/core/lib/oauth.lib.php +++ b/htdocs/core/lib/oauth.lib.php @@ -35,7 +35,7 @@ $supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', ' if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) { $supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'availablescopes'=>'Standard', 'returnurl'=>'/core/modules/oauth/generic_oauthcallback.php'); // See https://learn.microsoft.com/fr-fr/azure/active-directory/develop/quickstart-register-app#register-an-application - $supportedoauth2array['OAUTH_MICROSOFT_NAME'] = array('callbackfile' => 'microsoft', 'picto' => 'microsoft', 'urlforapp' => 'OAUTH_MICROSOFT_DESC', 'name'=>'Microsoft', 'urlforcredentials'=>'https://portal.azure.com/', 'availablescopes'=>'openid,offline_access,profile,email,IMAP.AccessAsUser.All', 'returnurl'=>'/core/modules/oauth/microsoft_oauthcallback.php'); + $supportedoauth2array['OAUTH_MICROSOFT_NAME'] = array('callbackfile' => 'microsoft', 'picto' => 'microsoft', 'urlforapp' => 'OAUTH_MICROSOFT_DESC', 'name'=>'Microsoft', 'urlforcredentials'=>'https://portal.azure.com/', 'availablescopes'=>'openid,offline_access,profile,email,IMAP.AccessAsUser.All,SMTP.Send,Mail.Read,Mail.Send', 'returnurl'=>'/core/modules/oauth/microsoft_oauthcallback.php'); } diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 51c3434a456..a097ba23e3e 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -119,6 +119,7 @@ function dolGetRandomBytes($length) function dolEncrypt($chain, $key = '', $ciphering = "AES-256-CTR") { global $dolibarr_main_instance_unique_id; + global $dolibarr_disable_dolcrypt_for_debug; if ($chain === '' || is_null($chain)) { return ''; @@ -136,7 +137,7 @@ function dolEncrypt($chain, $key = '', $ciphering = "AES-256-CTR") $newchain = $chain; - if (function_exists('openssl_encrypt')) { + if (function_exists('openssl_encrypt') && empty($dolibarr_disable_dolcrypt_for_debug)) { $ivlen = 16; if (function_exists('openssl_cipher_iv_length')) { $ivlen = openssl_cipher_iv_length($ciphering); diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php index c26187e4475..bd59e513ddf 100644 --- a/htdocs/core/modules/oauth/google_oauthcallback.php +++ b/htdocs/core/modules/oauth/google_oauthcallback.php @@ -217,6 +217,8 @@ if (GETPOST('code')) { // We are coming from oauth provider page. //$url .= 'hd=xxx'; } + //var_dump($url);exit; + // we go on oauth provider authorization page header('Location: '.$url); exit(); diff --git a/htdocs/core/modules/oauth/microsoft_oauthcallback.php b/htdocs/core/modules/oauth/microsoft_oauthcallback.php index ed47eec06e1..4ff573725f3 100644 --- a/htdocs/core/modules/oauth/microsoft_oauthcallback.php +++ b/htdocs/core/modules/oauth/microsoft_oauthcallback.php @@ -155,10 +155,9 @@ if (GETPOST('code') || GETPOST('error')) { // We are coming from oauth provi if (GETPOST('error')) { setEventMessages(GETPOST('error').' '.GETPOST('error_description'), null, 'errors'); } else { - $apiService->tenant = getDolGlobalString($keyforparamtenant); - //$token = $apiService->requestAccessToken(GETPOST('code'), $state); $token = $apiService->requestAccessToken(GETPOST('code')); + //print $token; // Microsoft is a service that does not need state to be stored as second paramater of requestAccessToken setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token @@ -182,7 +181,6 @@ if (GETPOST('code') || GETPOST('error')) { // We are coming from oauth provi //if (!preg_match('/^forlogin/', $state)) { // $apiService->setApprouvalPrompt('auto'); //} - $apiService->tenant = getDolGlobalString($keyforparamtenant); // This may create record into oauth_state before the header redirect. // Creation of record with state in this tables depend on the Provider used (see its constructor). diff --git a/htdocs/core/modules/printing/printgcp.modules.php b/htdocs/core/modules/printing/printgcp.modules.php index c04d3ac9ca5..c1b6ba6c86e 100644 --- a/htdocs/core/modules/printing/printgcp.modules.php +++ b/htdocs/core/modules/printing/printgcp.modules.php @@ -116,10 +116,12 @@ class printing_printgcp extends PrintingDriver 'type'=>'info', ); } else { + $keyforprovider = ''; // @FIXME + $this->google_id = getDolGlobalString('OAUTH_GOOGLE_ID'); $this->google_secret = getDolGlobalString('OAUTH_GOOGLE_SECRET'); // Token storage - $storage = new DoliStorage($this->db, $this->conf); + $storage = new DoliStorage($this->db, $this->conf, $keyforprovider); //$storage->clearToken($this->OAUTH_SERVICENAME_GOOGLE); // Setup the credentials for the requests $credentials = new Credentials( @@ -254,8 +256,11 @@ class printing_printgcp extends PrintingDriver public function getlistAvailablePrinters() { $ret = array(); + + $keyforprovider = ''; // @FIXME + // Token storage - $storage = new DoliStorage($this->db, $this->conf); + $storage = new DoliStorage($this->db, $this->conf, $keyforprovider); // Setup the credentials for the requests $credentials = new Credentials( $this->google_id, @@ -392,8 +397,11 @@ class printing_printgcp extends PrintingDriver 'content' => base64_encode($contents), // encode file content as base64 'contentType' => $contenttype, ); + + $keyforprovider = ''; // @FIXME + // Dolibarr Token storage - $storage = new DoliStorage($this->db, $this->conf); + $storage = new DoliStorage($this->db, $this->conf, $keyforprovider); // Setup the credentials for the requests $credentials = new Credentials( $this->google_id, @@ -441,8 +449,11 @@ class printing_printgcp extends PrintingDriver $error = 0; $html = ''; + + $keyforprovider = ''; // @FIXME + // Token storage - $storage = new DoliStorage($this->db, $this->conf); + $storage = new DoliStorage($this->db, $this->conf, $keyforprovider); // Setup the credentials for the requests $credentials = new Credentials( $this->google_id, diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index 2c23f6e0475..2002adafd86 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -1082,7 +1082,7 @@ class EmailCollector extends CommonObject //$debugtext = "Host: ".$this->host."
Port: ".$this->port."
Login: ".$this->login."
Password: ".$this->password."
access type: ".$this->acces_type."
oauth service: ".$this->oauth_service."
Max email per collect: ".$this->maxemailpercollect; //dol_syslog($debugtext); - $storage = new DoliStorage($db, $conf); + $storage = new DoliStorage($db, $conf, $keyforprovider); try { $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); diff --git a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php index cf280262e99..60af1f631c6 100644 --- a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php +++ b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php @@ -57,6 +57,8 @@ class DoliStorage implements TokenStorageInterface private $key; //private $stateKey; private $keyforprovider; + public $token; + private $tenant; public $state; public $date_creation; @@ -73,6 +75,7 @@ class DoliStorage implements TokenStorageInterface $this->db = $db; $this->conf = $conf; $this->keyforprovider = $keyforprovider; + $this->token = ''; $this->tokens = array(); $this->states = array(); //$this->key = $key; @@ -96,7 +99,7 @@ class DoliStorage implements TokenStorageInterface /** * {@inheritDoc} */ - public function storeAccessToken($service, TokenInterface $token) + public function storeAccessToken($service, TokenInterface $tokenobj) { global $conf; @@ -104,16 +107,25 @@ class DoliStorage implements TokenStorageInterface //var_dump($token); dol_syslog("storeAccessToken service=".$service); - include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; - $serializedToken = dolEncrypt(serialize($token)); + $servicepluskeyforprovider = $service; + if (!empty($this->keyforprovider)) { + // We clean the keyforprovider after the - to be sure it is not present + $servicepluskeyforprovider = preg_replace('/\-'.preg_quote($this->keyforprovider, '/').'$/', '', $servicepluskeyforprovider); + // Now we add the keyforprovider + $servicepluskeyforprovider .= '-'.$this->keyforprovider; + } - $this->tokens[$service] = $token; + include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; + $serializedToken = serialize($tokenobj); if (!is_array($this->tokens)) { $this->tokens = array(); } + + $this->tokens[$service] = $tokenobj; + $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."oauth_token"; - $sql .= " WHERE service = '".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."'"; + $sql .= " WHERE service = '".$this->db->escape($servicepluskeyforprovider)."'"; $sql .= " AND entity IN (".getEntity('oauth_token').")"; $resql = $this->db->query($sql); if (! $resql) { @@ -123,7 +135,7 @@ class DoliStorage implements TokenStorageInterface if ($obj) { // update $sql = "UPDATE ".MAIN_DB_PREFIX."oauth_token"; - $sql.= " SET token = '".$this->db->escape($serializedToken)."'"; + $sql.= " SET token = '".$this->db->escape(dolEncrypt($serializedToken))."'"; $sql.= " WHERE rowid = ".((int) $obj['rowid']); $resql = $this->db->query($sql); if (!$resql) { @@ -132,7 +144,7 @@ class DoliStorage implements TokenStorageInterface } else { // save $sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, token, entity, datec)"; - $sql .= " VALUES ('".$this->db->escape($service.($this->keyforprovider?'-'.$this->keyforprovider:''))."', '".$this->db->escape($serializedToken)."', ".((int) $conf->entity).", "; + $sql .= " VALUES ('".$this->db->escape($servicepluskeyforprovider)."', '".$this->db->escape(dolEncrypt($serializedToken))."', ".((int) $conf->entity).", "; $sql .= " '".$this->db->idate(dol_now())."'"; $sql .= ")"; $resql = $this->db->query($sql); @@ -147,15 +159,26 @@ class DoliStorage implements TokenStorageInterface } /** - * {@inheritDoc} + * Load token and other data from a $service + * Note: Token load are cumulated into array ->tokens when other properties are erased by last loaded token. + * + * @return void */ public function hasAccessToken($service) { // get from db dol_syslog("hasAccessToken service=".$service); + $servicepluskeyforprovider = $service; + if (!empty($this->keyforprovider)) { + // We clean the keyforprovider after the - to be sure it is not present + $servicepluskeyforprovider = preg_replace('/\-'.preg_quote($this->keyforprovider, '/').'$/', '', $servicepluskeyforprovider); + // Now we add the keyforprovider + $servicepluskeyforprovider .= '-'.$this->keyforprovider; + } + $sql = "SELECT token, datec, tms, state FROM ".MAIN_DB_PREFIX."oauth_token"; - $sql .= " WHERE service = '".$this->db->escape($service.(empty($this->keyforprovider) ? '' : '-'.$this->keyforprovider))."'"; + $sql .= " WHERE service = '".$this->db->escape($servicepluskeyforprovider)."'"; $sql .= " AND entity IN (".getEntity('oauth_token').")"; $resql = $this->db->query($sql); if (! $resql) { @@ -164,18 +187,20 @@ class DoliStorage implements TokenStorageInterface $result = $this->db->fetch_array($resql); if ($result) { include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; - $token = unserialize(dolDecrypt($result['token'])); + $tokenobj = unserialize(dolDecrypt($result['token'])); + $this->token = dolDecrypt($result['token']); $this->date_creation = $this->db->jdate($result['datec']); $this->date_modification = $this->db->jdate($result['tms']); $this->state = $result['state']; } else { - $token = ''; + $tokenobj = ''; + $this->token = ''; $this->date_creation = null; $this->date_modification = null; $this->state = ''; } - $this->tokens[$service] = $token; + $this->tokens[$service] = $tokenobj; return is_array($this->tokens) && isset($this->tokens[$service]) @@ -331,4 +356,18 @@ class DoliStorage implements TokenStorageInterface // allow chaining return $this; } + + /** + * Return the token + * + * @return string String for the tenant used to create the token + */ + public function getTenant() + { + // Set/Reset tenant now so it will be defined for. + // TODO We must store it into the table llx_oauth_token + $this->tenant = getDolGlobalString('OAUTH_MICROSOFT'.($this->keyforprovider ? '-'.$this->keyforprovider : '').'_TENANT'); + + return $this->tenant; + } } diff --git a/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php b/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php index b1b6a042c01..e94799b81cf 100644 --- a/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php +++ b/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php @@ -38,9 +38,13 @@ class Microsoft extends AbstractService const SCOPE_APPLICATIONS = 'applications'; const SCOPE_APPLICATIONS_CREATE = 'applications_create'; const SCOPE_IMAP = 'imap'; - const SOCPE_IMAP_AccessAsUser_All='IMAP.AccessAsUser.All'; + const SOCPE_IMAP_ACCESSASUSERALL = 'IMAP.AccessAsUser.All'; + const SOCPE_SMTPSEND = 'SMTP.Send'; + const SOCPE_MAILREAD = 'Mail.Read'; + const SOCPE_MAILSEND = 'Mail.Send'; + + protected $storage; - public string $tenant; /** * MS uses some magical not officialy supported scope to get even moar info like full emailaddresses. @@ -65,6 +69,8 @@ class Microsoft extends AbstractService ) { parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri); + $this->storage = $storage; + if (null === $baseApiUri) { $this->baseApiUri = new Uri('https://apis.live.net/v5.0/'); } @@ -75,9 +81,11 @@ class Microsoft extends AbstractService */ public function getAuthorizationEndpoint() { - //return new Uri('https://login.live.com/oauth20_authorize.srf'); + $tenant = $this->storage->getTenant(); + + //return new Uri('https://login.live.com/oauth20_authorize.srf'); //return new Uri('https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize'); - return new Uri('https://login.microsoftonline.com/'.$this->tenant.'/oauth2/v2.0/authorize'); + return new Uri('https://login.microsoftonline.com/'.$tenant.'/oauth2/v2.0/authorize'); } /** @@ -85,9 +93,11 @@ class Microsoft extends AbstractService */ public function getAccessTokenEndpoint() { + $tenant = $this->storage->getTenant(); + //return new Uri('https://login.live.com/oauth20_token.srf'); //return new Uri('https://login.microsoftonline.com/organizations/oauth2/v2.0/token'); - return new Uri('https://login.microsoftonline.com/'.$this->tenant.'/oauth2/v2.0/token'); + return new Uri('https://login.microsoftonline.com/'.$tenant.'/oauth2/v2.0/token'); } /** @@ -110,6 +120,7 @@ class Microsoft extends AbstractService } elseif (isset($data['error'])) { throw new TokenResponseException('Error in retrieving token: "' . $data['error'] . '"'); } + //print $data['access_token'];exit; $token = new StdOAuth2Token(); $token->setAccessToken($data['access_token']); diff --git a/htdocs/printing/admin/printing.php b/htdocs/printing/admin/printing.php index fb8426abc1b..ed856024d63 100644 --- a/htdocs/printing/admin/printing.php +++ b/htdocs/printing/admin/printing.php @@ -201,13 +201,15 @@ if ($mode == 'setup' && $user->admin) { $i++; if ($key['varname'] == 'PRINTGCP_TOKEN_ACCESS') { + $keyforprovider = ''; // @BUG This must be set + // Token print '
'.$langs->trans("Token").''; $tokenobj = null; // Dolibarr storage - $storage = new DoliStorage($db, $conf); + $storage = new DoliStorage($db, $conf, $keyforprovider); try { $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME_GOOGLE); } catch (Exception $e) { From 4cf21314105bec6a9af63194d7ef0947945318e4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 8 Feb 2023 01:52:28 +0100 Subject: [PATCH 37/42] Enable MS OAuth --- htdocs/core/lib/oauth.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/oauth.lib.php b/htdocs/core/lib/oauth.lib.php index 2074485cd6e..b2e59a9b87a 100644 --- a/htdocs/core/lib/oauth.lib.php +++ b/htdocs/core/lib/oauth.lib.php @@ -32,10 +32,10 @@ if (isModEnabled('stripe')) { $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'availablescopes'=>'read_write', 'returnurl'=>'/core/modules/oauth/stripelive_oauthcallback.php'); } $supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'availablescopes'=>'user,public_repo', 'returnurl'=>'/core/modules/oauth/github_oauthcallback.php'); +$supportedoauth2array['OAUTH_MICROSOFT_NAME'] = array('callbackfile' => 'microsoft', 'picto' => 'microsoft', 'urlforapp' => 'OAUTH_MICROSOFT_DESC', 'name'=>'Microsoft', 'urlforcredentials'=>'https://portal.azure.com/', 'availablescopes'=>'openid,offline_access,profile,email,IMAP.AccessAsUser.All,SMTP.Send,Mail.Read,Mail.Send', 'returnurl'=>'/core/modules/oauth/microsoft_oauthcallback.php'); if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) { $supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'availablescopes'=>'Standard', 'returnurl'=>'/core/modules/oauth/generic_oauthcallback.php'); // See https://learn.microsoft.com/fr-fr/azure/active-directory/develop/quickstart-register-app#register-an-application - $supportedoauth2array['OAUTH_MICROSOFT_NAME'] = array('callbackfile' => 'microsoft', 'picto' => 'microsoft', 'urlforapp' => 'OAUTH_MICROSOFT_DESC', 'name'=>'Microsoft', 'urlforcredentials'=>'https://portal.azure.com/', 'availablescopes'=>'openid,offline_access,profile,email,IMAP.AccessAsUser.All,SMTP.Send,Mail.Read,Mail.Send', 'returnurl'=>'/core/modules/oauth/microsoft_oauthcallback.php'); } From 47128f2ccc5efe5d3e4d3733c23b9866c7f44127 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 8 Feb 2023 04:40:13 +0100 Subject: [PATCH 38/42] Debug v17 --- htdocs/admin/emailcollector_card.php | 16 ++++++++++++++++ htdocs/core/lib/oauth.lib.php | 2 +- .../modules/oauth/microsoft_oauthcallback.php | 7 ++++++- .../class/emailcollector.class.php | 4 +++- .../OAuth/Common/Http/Client/StreamClient.php | 1 + .../OAuth/OAuth2/Service/AbstractService.php | 2 ++ .../includes/OAuth/OAuth2/Service/Microsoft.php | 5 +++-- htdocs/includes/webklex/php-imap/src/Client.php | 1 + htdocs/langs/en_US/oauth.lang | 2 +- 9 files changed, 34 insertions(+), 6 deletions(-) diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php index 462839245fa..10e7ea300f8 100644 --- a/htdocs/admin/emailcollector_card.php +++ b/htdocs/admin/emailcollector_card.php @@ -421,10 +421,13 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea //$debugtext = "Host: ".$this->host."
Port: ".$this->port."
Login: ".$this->login."
Password: ".$this->password."
access type: ".$this->acces_type."
oauth service: ".$this->oauth_service."
Max email per collect: ".$this->maxemailpercollect; //dol_syslog($debugtext); + $token = ''; + $storage = new DoliStorage($db, $conf, $keyforprovider); try { $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); + $expire = true; // Is token expired or will token expire in the next 30 seconds // if (is_object($tokenobj)) { @@ -439,11 +442,15 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea ); $serviceFactory = new \OAuth\ServiceFactory(); $oauthname = explode('-', $OAUTH_SERVICENAME); + // ex service is Google-Emails we need only the first part Google $apiService = $serviceFactory->createService($oauthname[0], $credentials, $storage, array()); + // We have to save the token because Google give it only once $refreshtoken = $tokenobj->getRefreshToken(); + //var_dump($tokenobj); $tokenobj = $apiService->refreshAccessToken($tokenobj); + $tokenobj->setRefreshToken($refreshtoken); $storage->storeAccessToken($OAUTH_SERVICENAME, $tokenobj); } @@ -491,6 +498,15 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea } if (!$error) { try { + // To emulate the command connect, you can run + // openssl s_client -crlf -connect outlook.office365.com:993 + // TAG1 AUTHENTICATE XOAUTH2 dXN... + // TO Get debug log, you can set protected $debug = true; in Protocol.php file + // + // A MS bug make this not working ! + // See https://github.com/MicrosoftDocs/office-developer-exchange-docs/issues/100 + // See github.com/MicrosoftDocs/office-developer-exchange-docs/issues/87 + // See github.com/Webklex/php-imap/issues/81 $client->connect(); $f = $client->getFolders(false, $object->source_directory); diff --git a/htdocs/core/lib/oauth.lib.php b/htdocs/core/lib/oauth.lib.php index b2e59a9b87a..8a81d9a80e5 100644 --- a/htdocs/core/lib/oauth.lib.php +++ b/htdocs/core/lib/oauth.lib.php @@ -32,7 +32,7 @@ if (isModEnabled('stripe')) { $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'availablescopes'=>'read_write', 'returnurl'=>'/core/modules/oauth/stripelive_oauthcallback.php'); } $supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'availablescopes'=>'user,public_repo', 'returnurl'=>'/core/modules/oauth/github_oauthcallback.php'); -$supportedoauth2array['OAUTH_MICROSOFT_NAME'] = array('callbackfile' => 'microsoft', 'picto' => 'microsoft', 'urlforapp' => 'OAUTH_MICROSOFT_DESC', 'name'=>'Microsoft', 'urlforcredentials'=>'https://portal.azure.com/', 'availablescopes'=>'openid,offline_access,profile,email,IMAP.AccessAsUser.All,SMTP.Send,Mail.Read,Mail.Send', 'returnurl'=>'/core/modules/oauth/microsoft_oauthcallback.php'); +$supportedoauth2array['OAUTH_MICROSOFT_NAME'] = array('callbackfile' => 'microsoft', 'picto' => 'microsoft', 'urlforapp' => 'OAUTH_MICROSOFT_DESC', 'name'=>'Microsoft', 'urlforcredentials'=>'https://portal.azure.com/', 'availablescopes'=>'openid,offline_access,profile,email,User.Read,https://outlook.office365.com/IMAP.AccessAsUser.All,https://outlook.office365.com/SMTP.Send', 'returnurl'=>'/core/modules/oauth/microsoft_oauthcallback.php'); if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) { $supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'availablescopes'=>'Standard', 'returnurl'=>'/core/modules/oauth/generic_oauthcallback.php'); // See https://learn.microsoft.com/fr-fr/azure/active-directory/develop/quickstart-register-app#register-an-application diff --git a/htdocs/core/modules/oauth/microsoft_oauthcallback.php b/htdocs/core/modules/oauth/microsoft_oauthcallback.php index 4ff573725f3..bf057676cf3 100644 --- a/htdocs/core/modules/oauth/microsoft_oauthcallback.php +++ b/htdocs/core/modules/oauth/microsoft_oauthcallback.php @@ -155,11 +155,16 @@ if (GETPOST('code') || GETPOST('error')) { // We are coming from oauth provi if (GETPOST('error')) { setEventMessages(GETPOST('error').' '.GETPOST('error_description'), null, 'errors'); } else { + //print GETPOST('code');exit; + //$token = $apiService->requestAccessToken(GETPOST('code'), $state); $token = $apiService->requestAccessToken(GETPOST('code')); - //print $token; // Microsoft is a service that does not need state to be stored as second paramater of requestAccessToken + //print $token->getAccessToken().'

'; + //print $token->getExtraParams()['id_token'].'
'; + //print $token->getRefreshToken().'
';exit; + setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token } diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index 2002adafd86..0168d8f86c6 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -1082,10 +1082,13 @@ class EmailCollector extends CommonObject //$debugtext = "Host: ".$this->host."
Port: ".$this->port."
Login: ".$this->login."
Password: ".$this->password."
access type: ".$this->acces_type."
oauth service: ".$this->oauth_service."
Max email per collect: ".$this->maxemailpercollect; //dol_syslog($debugtext); + $token = ''; + $storage = new DoliStorage($db, $conf, $keyforprovider); try { $tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME); + $expire = true; // Is token expired or will token expire in the next 30 seconds // if (is_object($tokenobj)) { @@ -1122,7 +1125,6 @@ class EmailCollector extends CommonObject return -1; } - $cm = new ClientManager(); $client = $cm->make([ 'host' => $this->host, diff --git a/htdocs/includes/OAuth/Common/Http/Client/StreamClient.php b/htdocs/includes/OAuth/Common/Http/Client/StreamClient.php index d81fee88202..9849afd4a32 100644 --- a/htdocs/includes/OAuth/Common/Http/Client/StreamClient.php +++ b/htdocs/includes/OAuth/Common/Http/Client/StreamClient.php @@ -57,6 +57,7 @@ class StreamClient extends AbstractClient } $extraHeaders['Content-length'] = 'Content-length: '.strlen($requestBody); + //var_dump($requestBody); var_dump($extraHeaders);var_dump($method);exit; $context = $this->generateStreamContext($requestBody, $extraHeaders, $method); $level = error_reporting(0); diff --git a/htdocs/includes/OAuth/OAuth2/Service/AbstractService.php b/htdocs/includes/OAuth/OAuth2/Service/AbstractService.php index 0de0219306a..b6f89118d83 100644 --- a/htdocs/includes/OAuth/OAuth2/Service/AbstractService.php +++ b/htdocs/includes/OAuth/OAuth2/Service/AbstractService.php @@ -223,6 +223,8 @@ abstract class AbstractService extends BaseAbstractService implements ServiceInt $parameters, $this->getExtraOAuthHeaders() ); + //print $responseBody;exit; // We must have a result "{"token_type":"Bearer","scope... + $token = $this->parseAccessTokenResponse($responseBody); $this->storage->storeAccessToken($this->service(), $token); diff --git a/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php b/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php index e94799b81cf..6c3b18b3c0f 100644 --- a/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php +++ b/htdocs/includes/OAuth/OAuth2/Service/Microsoft.php @@ -38,8 +38,9 @@ class Microsoft extends AbstractService const SCOPE_APPLICATIONS = 'applications'; const SCOPE_APPLICATIONS_CREATE = 'applications_create'; const SCOPE_IMAP = 'imap'; - const SOCPE_IMAP_ACCESSASUSERALL = 'IMAP.AccessAsUser.All'; - const SOCPE_SMTPSEND = 'SMTP.Send'; + const SOCPE_IMAP_ACCESSASUSERALL = 'https://outlook.office365.com/IMAP.AccessAsUser.All'; + const SOCPE_SMTPSEND = 'https://outlook.office365.com/SMTP.Send'; + const SOCPE_USERREAD = 'User.Read'; const SOCPE_MAILREAD = 'Mail.Read'; const SOCPE_MAILSEND = 'Mail.Send'; diff --git a/htdocs/includes/webklex/php-imap/src/Client.php b/htdocs/includes/webklex/php-imap/src/Client.php index 15944e4c646..85c537f16fa 100755 --- a/htdocs/includes/webklex/php-imap/src/Client.php +++ b/htdocs/includes/webklex/php-imap/src/Client.php @@ -353,6 +353,7 @@ class Client { } catch (Exceptions\RuntimeException $e) { throw new ConnectionFailedException("connection setup failed - run exception", 0, $e); } + $this->authenticate(); return $this; diff --git a/htdocs/langs/en_US/oauth.lang b/htdocs/langs/en_US/oauth.lang index e773c470b30..9d4791a9f63 100644 --- a/htdocs/langs/en_US/oauth.lang +++ b/htdocs/langs/en_US/oauth.lang @@ -31,7 +31,7 @@ OAUTH_GITHUB_SECRET=OAuth GitHub Secret OAUTH_URL_FOR_CREDENTIAL=Go to this page to create or get your OAuth ID and Secret OAUTH_STRIPE_TEST_NAME=OAuth Stripe Test OAUTH_STRIPE_LIVE_NAME=OAuth Stripe Live -OAUTH_ID=OAuth ID +OAUTH_ID=OAuth Client ID OAUTH_SECRET=OAuth secret OAUTH_TENANT=OAuth tenant OAuthProviderAdded=OAuth provider added From 34b4cad448eae6d66fd8e90744d8c5adcc61d1e6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 8 Feb 2023 13:18:32 +0100 Subject: [PATCH 39/42] Complete trans --- htdocs/core/modules/modOauth.class.php | 2 +- htdocs/langs/en_US/admin.lang | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/core/modules/modOauth.class.php b/htdocs/core/modules/modOauth.class.php index d93a715f1e7..e7c23d30455 100644 --- a/htdocs/core/modules/modOauth.class.php +++ b/htdocs/core/modules/modOauth.class.php @@ -51,7 +51,7 @@ class modOauth extends DolibarrModules // Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module) $this->name = preg_replace('/^mod/i', '', get_class($this)); // Module description, used if translation string 'ModuleXXXDesc' not found (where XXX is value of numeric property 'numero' of module) - $this->description = "Enable OAuth authentication"; + $this->description = "Enable OAuth2 authentication"; // Possible values for version are: 'development', 'experimental', 'dolibarr' or 'dolibarr_deprecated' or version $this->version = 'dolibarr'; $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 46339a7bf6d..f20065556bf 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -700,6 +700,8 @@ Module62000Name=Incoterms Module62000Desc=Add features to manage Incoterms Module63000Name=Resources Module63000Desc=Manage resources (printers, cars, rooms, ...) for allocating to events +Module66000Name=Enable OAuth2 authentication +Module66000Desc=Provide a tool to generate and manage OAuth2 tokens. The token can then be used by some other modules. Module94160Name=Receptions Permission11=Read customer invoices Permission12=Create/modify customer invoices From cdaeaae047025cf05d7e067a9111c1d100e650f3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 8 Feb 2023 13:32:15 +0100 Subject: [PATCH 40/42] Fix search on dolistore --- htdocs/admin/modules.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index dc639a4ecf0..953d8f85a68 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -1041,7 +1041,7 @@ if ($mode == 'marketplace') { print '
'; - print '
'; + print ''; ?> From 6cf792438d5bbd35d45655265b67ba462fdc89ba Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 8 Feb 2023 13:48:17 +0100 Subject: [PATCH 41/42] Fix permission --- htdocs/core/lib/invoice.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index f4aca8ef9a7..dfe6f78092c 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -281,8 +281,8 @@ function getNumberInvoicesPieChart($mode) { global $conf, $db, $langs, $user; - if (($mode == 'customers' && isModEnabled('facture') && !empty($user->rights->facture->lire)) - || ($mode == 'suppliers' && (isModEnabled('fournisseur') || isModEnabled('supplier_invoice')) && !empty($user->rights->facture->lire)) + if (($mode == 'customers' && isModEnabled('facture') && $user->hasRight('facture', 'lire')) + || ($mode == 'suppliers' && (isModEnabled('fournisseur') || isModEnabled('supplier_invoice')) && $user->hasRight('fournisseur', 'facture', 'lire')) ) { include DOL_DOCUMENT_ROOT.'/theme/'.$conf->theme.'/theme_vars.inc.php'; From 7d57cfb767f11fa9307371efccc5114c955fb47f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 8 Feb 2023 14:04:50 +0100 Subject: [PATCH 42/42] Missing doc --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1b877e2b4b4..189bcd41004 100644 --- a/ChangeLog +++ b/ChangeLog @@ -210,7 +210,7 @@ Following changes may create regressions for some external modules, but were nec * Rename MAIN_LIST_ALLOW_NOTES into MAIN_LIST_HIDE_NOTES and rename MAIN_LIST_ALLOW_PRIVATE_NOTES into MAIN_LIST_HIDE_PRIVATE_NOTES * Rename the substitution for "project label" instead of "project title" in substitution variables * You must use "$objectoffield" to manipulate the current object inside the formulare of computed custom extrafields instead of $obj/$object. - +* Making a global search is sending the parameter using always the name search_all (instead of sometimes sall and search_all) ***** ChangeLog for 16.0.4 compared to 16.0.3 *****