From 0fed5dbb3d8b62eaac6555dbc7b8c8626b62d580 Mon Sep 17 00:00:00 2001
From: Faustin <faustin.boitel@bordeaux-inp.fr>
Date: Sun, 18 Sep 2022 02:21:46 +0200
Subject: [PATCH 1/5] NEW: possibility to select scopes with checkbox for oauth
 tokens

---
 htdocs/admin/oauth.php                        | 44 +++++++++++++------
 htdocs/admin/oauthlogintokens.php             |  2 +-
 htdocs/core/lib/oauth.lib.php                 | 22 +++-------
 .../modules/oauth/google_oauthcallback.php    |  9 ++--
 htdocs/langs/en_US/oauth.lang                 |  3 +-
 htdocs/langs/fr_FR/oauth.lang                 |  2 +
 6 files changed, 46 insertions(+), 36 deletions(-)

diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php
index 1f2966b05b1..a9ce5118342 100644
--- a/htdocs/admin/oauth.php
+++ b/htdocs/admin/oauth.php
@@ -24,6 +24,8 @@
  * \brief       Setup page to configure oauth access api
  */
 
+use Sabre\VObject\Component\Available;
+
 // Load Dolibarr environment
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
@@ -85,7 +87,12 @@ if ($action == 'update') {
 				}
 			}
 			if (GETPOSTISSET($constvalue.'_SCOPE')) {
-				if (!dolibarr_set_const($db, $constvalue.'_SCOPE', GETPOST($constvalue.'_SCOPE'), 'chaine', 0, '', $conf->entity)) {
+				$scopestring = implode(',', GETPOST($constvalue.'_SCOPE'));
+				if (!dolibarr_set_const($db, $constvalue.'_SCOPE', $scopestring, 'chaine', 0, '', $conf->entity)) {
+					$error++;
+				}
+			} else {
+				if (!dolibarr_set_const($db, $constvalue.'_SCOPE', '', 'chaine', 0, '', $conf->entity)) {
 					$error++;
 				}
 			}
@@ -161,6 +168,7 @@ $i = 0;
 // Define $listinsetup
 foreach ($conf->global as $key => $val) {
 	if (!empty($val) && preg_match('/^OAUTH_.*_ID$/', $key)) {
+		print '<script>console.log("'.$key.'" + " => " + "'.$val.'" );</script>';
 		$provider = preg_replace('/_ID$/', '', $key);
 		$listinsetup[] = array(
 			$provider.'_NAME',
@@ -172,6 +180,7 @@ foreach ($conf->global as $key => $val) {
 	}
 }
 
+
 // $list is defined into oauth.lib.php to the list of supporter OAuth providers.
 foreach ($listinsetup as $key) {
 	$supported = 0;
@@ -186,6 +195,8 @@ foreach ($listinsetup as $key) {
 	$keyforsupportedoauth2array = preg_replace('/-.*$/', '', $keyforsupportedoauth2array);
 	$keyforsupportedoauth2array = 'OAUTH_'.$keyforsupportedoauth2array.'_NAME';
 
+
+
 	if (in_array($keyforsupportedoauth2array, array_keys($supportedoauth2array))) {
 		$supported = 1;
 	}
@@ -252,20 +263,25 @@ foreach ($listinsetup as $key) {
 
 	// TODO Move this into token generation
 	if ($supported) {
-		if ($keyforsupportedoauth2array == 'OAUTH_OTHER_NAME') {
-			print '<tr class="oddeven value">';
-			print '<td>'.$langs->trans("Scopes").'</td>';
-			print '<td>';
-			print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
-			print '</td></tr>';
-		} else {
-			print '<tr class="oddeven value">';
-			print '<td>'.$langs->trans("Scopes").'</td>';
-			print '<td>';
-			//print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
-			print $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
-			print '</td></tr>';
+		$availablescopes = array_flip(explode(',', $supportedoauth2array[$keyforsupportedoauth2array]['availablescopes']));
+		$currentscopes = explode(',', getDolGlobalString($key[4]));
+		$scopestodispay = array();
+		foreach ($availablescopes as $keyscope => $valscope) {
+			if (in_array($keyscope, $currentscopes)) {
+				$scopestodispay[$keyscope] = 1;
+			} else {
+				$scopestodispay[$keyscope] = 0;
+			}
 		}
+		// Api Scope
+		print '<tr class="oddeven value">';
+		print '<td>'.$langs->trans("Scopes").'</td>';
+		print '<td>';
+		foreach ($scopestodispay as $scope => $val) {
+			print '<input type="checkbox" name="'.$key[4].'[]" value="'.$scope.'"'.($val ? ' checked' : '').'>';
+			print '<label style="margin-right: 10px" for="'.$key[4].'">'.$scope.'</label>';
+		}
+		print '</td></tr>';
 	}
 }
 
diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php
index 62162616a1a..fa1fd18f049 100644
--- a/htdocs/admin/oauthlogintokens.php
+++ b/htdocs/admin/oauthlogintokens.php
@@ -172,7 +172,7 @@ if ($mode == 'setup' && $user->admin) {
 
 		$OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : ''));
 
-		$shortscope = $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
+		$shortscope = '';
 		if (getDolGlobalString($key[4])) {
 			$shortscope = getDolGlobalString($key[4]);
 		}
diff --git a/htdocs/core/lib/oauth.lib.php b/htdocs/core/lib/oauth.lib.php
index bacd8135739..d48775fe84e 100644
--- a/htdocs/core/lib/oauth.lib.php
+++ b/htdocs/core/lib/oauth.lib.php
@@ -23,29 +23,17 @@
  */
 
 
-$shortscopegoogle = 'userinfo_email,userinfo_profile';
-$shortscopegoogle .= ',openid,email,profile';	// For openid connect
-if (!empty($conf->printing->enabled)) {
-	$shortscopegoogle .= ',cloud_print';
-}
-if (!empty($conf->global->OAUTH_GOOGLE_GSUITE)) {
-	$shortscopegoogle .= ',admin_directory_user';
-}
-if (!empty($conf->global->OAUTH_GOOGLE_GMAIL)) {
-	$shortscopegoogle.=',gmail_full';
-}
-
 // Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth)
 $supportedoauth2array = array(
-	'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'defaultscope'=>$shortscopegoogle),
+	'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'availablescopes'=> 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print,admin_directory_user,gmail_full'),
 );
 if (!empty($conf->stripe->enabled)) {
-	$supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
-	$supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
+	$supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'availablescopes'=>'read_write');
+	$supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'availablescopes'=>'read_write');
 }
-$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'defaultscope'=>'user,public_repo');
+$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'availablescopes'=>'user,public_repo');
 if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) {
-	$supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'defaultscope'=>'ToComplete');
+	$supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'availablescopes'=>'Standard');
 }
 
 
diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php
index f30d73c2d4e..b993cbdd81e 100644
--- a/htdocs/core/modules/oauth/google_oauthcallback.php
+++ b/htdocs/core/modules/oauth/google_oauthcallback.php
@@ -89,10 +89,13 @@ if ($state) {
 	$requestedpermissionsarray = explode(',', $statewithscopeonly); // Example: 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print'.
 	$statewithanticsrfonly = preg_replace('/^.*\-/', '', $state);
 }
-if ($action != 'delete' && empty($requestedpermissionsarray)) {
-	print 'Error, parameter state is not defined';
-	exit;
+
+if ($action != 'delete' && (empty($statewithscopeonly) || empty($requestedpermissionsarray))) {
+	setEventMessages($langs->trans('ScopeUndefined'), null, 'errors');
+	header('Location: '.$backtourl);
+	exit();
 }
+
 //var_dump($requestedpermissionsarray);exit;
 
 
diff --git a/htdocs/langs/en_US/oauth.lang b/htdocs/langs/en_US/oauth.lang
index b7f7c0c2c1a..661ecc45e4f 100644
--- a/htdocs/langs/en_US/oauth.lang
+++ b/htdocs/langs/en_US/oauth.lang
@@ -36,4 +36,5 @@ OAUTH_SECRET=OAuth secret
 OAuthProviderAdded=OAuth provider added
 AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists
 URLOfServiceForAuthorization=URL provided by OAuth service for authentication
-Scopes=Scopes
\ No newline at end of file
+Scopes=Scopes
+ScopeUndefined=Scope undefined (see previous tab)
\ No newline at end of file
diff --git a/htdocs/langs/fr_FR/oauth.lang b/htdocs/langs/fr_FR/oauth.lang
index 493cf00deb9..70b98cd0cd0 100644
--- a/htdocs/langs/fr_FR/oauth.lang
+++ b/htdocs/langs/fr_FR/oauth.lang
@@ -34,3 +34,5 @@ OAUTH_ID=ID OAuth
 OAUTH_SECRET=Code secret OAuth
 OAuthProviderAdded=Fournisseur OAuth ajouté
 AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=Une entrée OAuth pour ce fournisseur et ce libellé existe déjà
+ScopeUndefined=Portée non définie (voir onglet précédent)
+Scopes=Portées
\ No newline at end of file

From f2fe369bb523cf72fb3a6c3a9375b997514139a1 Mon Sep 17 00:00:00 2001
From: Faustin <faustin.boitel@bordeaux-inp.fr>
Date: Sun, 18 Sep 2022 02:25:53 +0200
Subject: [PATCH 2/5] unwanted code line

---
 htdocs/admin/oauth.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php
index a9ce5118342..45a51c89060 100644
--- a/htdocs/admin/oauth.php
+++ b/htdocs/admin/oauth.php
@@ -24,7 +24,6 @@
  * \brief       Setup page to configure oauth access api
  */
 
-use Sabre\VObject\Component\Available;
 
 // Load Dolibarr environment
 require '../main.inc.php';

From a2aee527e40655e624a219a342d80cdf243d9f8c Mon Sep 17 00:00:00 2001
From: Faustin <faustin.boitel@bordeaux-inp.fr>
Date: Sun, 18 Sep 2022 02:27:25 +0200
Subject: [PATCH 3/5] unwanted code line

---
 htdocs/admin/oauth.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php
index 45a51c89060..bb7fabd1963 100644
--- a/htdocs/admin/oauth.php
+++ b/htdocs/admin/oauth.php
@@ -167,7 +167,6 @@ $i = 0;
 // Define $listinsetup
 foreach ($conf->global as $key => $val) {
 	if (!empty($val) && preg_match('/^OAUTH_.*_ID$/', $key)) {
-		print '<script>console.log("'.$key.'" + " => " + "'.$val.'" );</script>';
 		$provider = preg_replace('/_ID$/', '', $key);
 		$listinsetup[] = array(
 			$provider.'_NAME',

From 240990c022908a6912ff0e57b5e611370c7d1727 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 19 Sep 2022 17:41:58 +0200
Subject: [PATCH 4/5] Update oauth.php

---
 htdocs/admin/oauth.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php
index 5ea646e0511..77a187d2cde 100644
--- a/htdocs/admin/oauth.php
+++ b/htdocs/admin/oauth.php
@@ -228,6 +228,26 @@ if (count($listinsetup) > 0) {
 		print '</td>';
 		print '</tr>';
 
+		if ($supported) {
+			$redirect_uri = $urlwithroot.'/core/modules/oauth/'.$supportedoauth2array[$keyforsupportedoauth2array]['callbackfile'].'_oauthcallback.php';
+			print '<tr class="oddeven value">';
+			print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
+			print '<td><input style="width: 80%" type"text" name="uri'.$keyforsupportedoauth2array.'" value="'.$redirect_uri.'" disabled>';
+			print '</td></tr>';
+
+			if ($keyforsupportedoauth2array == 'OAUTH_OTHER_NAME') {
+				print '<tr class="oddeven value">';
+				print '<td>'.$langs->trans("URLOfServiceForAuthorization").'</td>';
+				print '<td><input style="width: 80%" type"text" name="'.$key[3].'" value="'.getDolGlobalString($key[3]).'" >';
+				print '</td></tr>';
+			}
+		} else {
+			print '<tr class="oddeven value">';
+			print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
+			print '<td>'.$langs->trans("FeatureNotYetSupported").'</td>';
+			print '</td></tr>';
+		}
+		
 		// Api Id
 		print '<tr class="oddeven value">';
 		print '<td><label for="'.$key[1].'">'.$langs->trans("OAUTH_ID").'</label></td>';

From 2b9b6d6789237c89eb238f45388a13ffff318e8f Mon Sep 17 00:00:00 2001
From: stickler-ci <support@stickler-ci.com>
Date: Mon, 19 Sep 2022 15:46:42 +0000
Subject: [PATCH 5/5] Fixing style errors.

---
 htdocs/admin/oauth.php | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php
index 77a187d2cde..e98bb9a4fde 100644
--- a/htdocs/admin/oauth.php
+++ b/htdocs/admin/oauth.php
@@ -247,7 +247,7 @@ if (count($listinsetup) > 0) {
 			print '<td>'.$langs->trans("FeatureNotYetSupported").'</td>';
 			print '</td></tr>';
 		}
-		
+
 		// Api Id
 		print '<tr class="oddeven value">';
 		print '<td><label for="'.$key[1].'">'.$langs->trans("OAUTH_ID").'</label></td>';
@@ -269,25 +269,25 @@ if (count($listinsetup) > 0) {
 				print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
 				print '</td></tr>';
 			} else {
-        $availablescopes = array_flip(explode(',', $supportedoauth2array[$keyforsupportedoauth2array]['availablescopes']));
-        $currentscopes = explode(',', getDolGlobalString($key[4]));
-        $scopestodispay = array();
-        foreach ($availablescopes as $keyscope => $valscope) {
-          if (in_array($keyscope, $currentscopes)) {
-            $scopestodispay[$keyscope] = 1;
-          } else {
-            $scopestodispay[$keyscope] = 0;
-          }
-        }
-        // Api Scope
-        print '<tr class="oddeven value">';
-        print '<td>'.$langs->trans("Scopes").'</td>';
-        print '<td>';
-        foreach ($scopestodispay as $scope => $val) {
-          print '<input type="checkbox" name="'.$key[4].'[]" value="'.$scope.'"'.($val ? ' checked' : '').'>';
-          print '<label style="margin-right: 10px" for="'.$key[4].'">'.$scope.'</label>';
-        }
-        print '</td></tr>';
+				$availablescopes = array_flip(explode(',', $supportedoauth2array[$keyforsupportedoauth2array]['availablescopes']));
+				$currentscopes = explode(',', getDolGlobalString($key[4]));
+				$scopestodispay = array();
+				foreach ($availablescopes as $keyscope => $valscope) {
+					if (in_array($keyscope, $currentscopes)) {
+						$scopestodispay[$keyscope] = 1;
+					} else {
+						$scopestodispay[$keyscope] = 0;
+					}
+				}
+				// Api Scope
+				print '<tr class="oddeven value">';
+				print '<td>'.$langs->trans("Scopes").'</td>';
+				print '<td>';
+				foreach ($scopestodispay as $scope => $val) {
+					print '<input type="checkbox" name="'.$key[4].'[]" value="'.$scope.'"'.($val ? ' checked' : '').'>';
+					print '<label style="margin-right: 10px" for="'.$key[4].'">'.$scope.'</label>';
+				}
+				print '</td></tr>';
 			}
 		} else {
 			print '<tr class="oddeven value">';