diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php
index 070d7125c52..e98bb9a4fde 100644
--- a/htdocs/admin/oauth.php
+++ b/htdocs/admin/oauth.php
@@ -23,6 +23,7 @@
* \brief Setup page to configure oauth access api
*/
+
// Load Dolibarr environment
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
@@ -84,7 +85,12 @@ if ($action == 'update') {
}
}
if (GETPOSTISSET($constvalue.'_SCOPE')) {
- if (!dolibarr_set_const($db, $constvalue.'_SCOPE', GETPOST($constvalue.'_SCOPE'), 'chaine', 0, '', $conf->entity)) {
+ $scopestring = implode(',', GETPOST($constvalue.'_SCOPE'));
+ if (!dolibarr_set_const($db, $constvalue.'_SCOPE', $scopestring, 'chaine', 0, '', $conf->entity)) {
+ $error++;
+ }
+ } else {
+ if (!dolibarr_set_const($db, $constvalue.'_SCOPE', '', 'chaine', 0, '', $conf->entity)) {
$error++;
}
}
@@ -263,13 +269,31 @@ if (count($listinsetup) > 0) {
print '';
print '';
} else {
+ $availablescopes = array_flip(explode(',', $supportedoauth2array[$keyforsupportedoauth2array]['availablescopes']));
+ $currentscopes = explode(',', getDolGlobalString($key[4]));
+ $scopestodispay = array();
+ foreach ($availablescopes as $keyscope => $valscope) {
+ if (in_array($keyscope, $currentscopes)) {
+ $scopestodispay[$keyscope] = 1;
+ } else {
+ $scopestodispay[$keyscope] = 0;
+ }
+ }
+ // Api Scope
print '';
print '| '.$langs->trans("Scopes").' | ';
print '';
- //print '';
- print $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
+ foreach ($scopestodispay as $scope => $val) {
+ print '';
+ print '';
+ }
print ' |
';
}
+ } else {
+ print '';
+ print '| '.$langs->trans("UseTheFollowingUrlAsRedirectURI").' | ';
+ print ''.$langs->trans("FeatureNotYetSupported").' | ';
+ print '
';
}
}
diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php
index 62162616a1a..fa1fd18f049 100644
--- a/htdocs/admin/oauthlogintokens.php
+++ b/htdocs/admin/oauthlogintokens.php
@@ -172,7 +172,7 @@ if ($mode == 'setup' && $user->admin) {
$OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : ''));
- $shortscope = $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
+ $shortscope = '';
if (getDolGlobalString($key[4])) {
$shortscope = getDolGlobalString($key[4]);
}
diff --git a/htdocs/core/lib/oauth.lib.php b/htdocs/core/lib/oauth.lib.php
index bacd8135739..d48775fe84e 100644
--- a/htdocs/core/lib/oauth.lib.php
+++ b/htdocs/core/lib/oauth.lib.php
@@ -23,29 +23,17 @@
*/
-$shortscopegoogle = 'userinfo_email,userinfo_profile';
-$shortscopegoogle .= ',openid,email,profile'; // For openid connect
-if (!empty($conf->printing->enabled)) {
- $shortscopegoogle .= ',cloud_print';
-}
-if (!empty($conf->global->OAUTH_GOOGLE_GSUITE)) {
- $shortscopegoogle .= ',admin_directory_user';
-}
-if (!empty($conf->global->OAUTH_GOOGLE_GMAIL)) {
- $shortscopegoogle.=',gmail_full';
-}
-
// Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth)
$supportedoauth2array = array(
- 'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'defaultscope'=>$shortscopegoogle),
+ 'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'availablescopes'=> 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print,admin_directory_user,gmail_full'),
);
if (!empty($conf->stripe->enabled)) {
- $supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
- $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
+ $supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'availablescopes'=>'read_write');
+ $supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'availablescopes'=>'read_write');
}
-$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'defaultscope'=>'user,public_repo');
+$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'availablescopes'=>'user,public_repo');
if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) {
- $supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'defaultscope'=>'ToComplete');
+ $supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'availablescopes'=>'Standard');
}
diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php
index f30d73c2d4e..b993cbdd81e 100644
--- a/htdocs/core/modules/oauth/google_oauthcallback.php
+++ b/htdocs/core/modules/oauth/google_oauthcallback.php
@@ -89,10 +89,13 @@ if ($state) {
$requestedpermissionsarray = explode(',', $statewithscopeonly); // Example: 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print'.
$statewithanticsrfonly = preg_replace('/^.*\-/', '', $state);
}
-if ($action != 'delete' && empty($requestedpermissionsarray)) {
- print 'Error, parameter state is not defined';
- exit;
+
+if ($action != 'delete' && (empty($statewithscopeonly) || empty($requestedpermissionsarray))) {
+ setEventMessages($langs->trans('ScopeUndefined'), null, 'errors');
+ header('Location: '.$backtourl);
+ exit();
}
+
//var_dump($requestedpermissionsarray);exit;
diff --git a/htdocs/langs/en_US/oauth.lang b/htdocs/langs/en_US/oauth.lang
index b7f7c0c2c1a..661ecc45e4f 100644
--- a/htdocs/langs/en_US/oauth.lang
+++ b/htdocs/langs/en_US/oauth.lang
@@ -36,4 +36,5 @@ OAUTH_SECRET=OAuth secret
OAuthProviderAdded=OAuth provider added
AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists
URLOfServiceForAuthorization=URL provided by OAuth service for authentication
-Scopes=Scopes
\ No newline at end of file
+Scopes=Scopes
+ScopeUndefined=Scope undefined (see previous tab)
\ No newline at end of file
diff --git a/htdocs/langs/fr_FR/oauth.lang b/htdocs/langs/fr_FR/oauth.lang
index 493cf00deb9..70b98cd0cd0 100644
--- a/htdocs/langs/fr_FR/oauth.lang
+++ b/htdocs/langs/fr_FR/oauth.lang
@@ -34,3 +34,5 @@ OAUTH_ID=ID OAuth
OAUTH_SECRET=Code secret OAuth
OAuthProviderAdded=Fournisseur OAuth ajouté
AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=Une entrée OAuth pour ce fournisseur et ce libellé existe déjà
+ScopeUndefined=Portée non définie (voir onglet précédent)
+Scopes=Portées
\ No newline at end of file