forked from Wavyzz/dolibarr
Merge pull request #22321 from fboitel/NEW-scope-checkbox-oauth
NEW: possibility to select scopes with checkbox for oauth tokens
This commit is contained in:
Laurent Destailleur
@@ -23,6 +23,7 @@
|
|||||||
* \brief Setup page to configure oauth access api
|
* \brief Setup page to configure oauth access api
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
// Load Dolibarr environment
|
// Load Dolibarr environment
|
||||||
require '../main.inc.php';
|
require '../main.inc.php';
|
||||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
|
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
|
||||||
@@ -84,7 +85,12 @@ if ($action == 'update') {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (GETPOSTISSET($constvalue.'_SCOPE')) {
|
if (GETPOSTISSET($constvalue.'_SCOPE')) {
|
||||||
if (!dolibarr_set_const($db, $constvalue.'_SCOPE', GETPOST($constvalue.'_SCOPE'), 'chaine', 0, '', $conf->entity)) {
|
$scopestring = implode(',', GETPOST($constvalue.'_SCOPE'));
|
||||||
|
if (!dolibarr_set_const($db, $constvalue.'_SCOPE', $scopestring, 'chaine', 0, '', $conf->entity)) {
|
||||||
|
$error++;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (!dolibarr_set_const($db, $constvalue.'_SCOPE', '', 'chaine', 0, '', $conf->entity)) {
|
||||||
$error++;
|
$error++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -263,13 +269,31 @@ if (count($listinsetup) > 0) {
|
|||||||
print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
|
print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
|
||||||
print '</td></tr>';
|
print '</td></tr>';
|
||||||
} else {
|
} else {
|
||||||
|
$availablescopes = array_flip(explode(',', $supportedoauth2array[$keyforsupportedoauth2array]['availablescopes']));
|
||||||
|
$currentscopes = explode(',', getDolGlobalString($key[4]));
|
||||||
|
$scopestodispay = array();
|
||||||
|
foreach ($availablescopes as $keyscope => $valscope) {
|
||||||
|
if (in_array($keyscope, $currentscopes)) {
|
||||||
|
$scopestodispay[$keyscope] = 1;
|
||||||
|
} else {
|
||||||
|
$scopestodispay[$keyscope] = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Api Scope
|
||||||
print '<tr class="oddeven value">';
|
print '<tr class="oddeven value">';
|
||||||
print '<td>'.$langs->trans("Scopes").'</td>';
|
print '<td>'.$langs->trans("Scopes").'</td>';
|
||||||
print '<td>';
|
print '<td>';
|
||||||
//print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
|
foreach ($scopestodispay as $scope => $val) {
|
||||||
print $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
|
print '<input type="checkbox" name="'.$key[4].'[]" value="'.$scope.'"'.($val ? ' checked' : '').'>';
|
||||||
|
print '<label style="margin-right: 10px" for="'.$key[4].'">'.$scope.'</label>';
|
||||||
|
}
|
||||||
print '</td></tr>';
|
print '</td></tr>';
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
print '<tr class="oddeven value">';
|
||||||
|
print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
|
||||||
|
print '<td>'.$langs->trans("FeatureNotYetSupported").'</td>';
|
||||||
|
print '</td></tr>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -172,7 +172,7 @@ if ($mode == 'setup' && $user->admin) {
|
|||||||
|
|
||||||
$OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : ''));
|
$OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : ''));
|
||||||
|
|
||||||
$shortscope = $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
|
$shortscope = '';
|
||||||
if (getDolGlobalString($key[4])) {
|
if (getDolGlobalString($key[4])) {
|
||||||
$shortscope = getDolGlobalString($key[4]);
|
$shortscope = getDolGlobalString($key[4]);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,29 +23,17 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
$shortscopegoogle = 'userinfo_email,userinfo_profile';
|
|
||||||
$shortscopegoogle .= ',openid,email,profile'; // For openid connect
|
|
||||||
if (!empty($conf->printing->enabled)) {
|
|
||||||
$shortscopegoogle .= ',cloud_print';
|
|
||||||
}
|
|
||||||
if (!empty($conf->global->OAUTH_GOOGLE_GSUITE)) {
|
|
||||||
$shortscopegoogle .= ',admin_directory_user';
|
|
||||||
}
|
|
||||||
if (!empty($conf->global->OAUTH_GOOGLE_GMAIL)) {
|
|
||||||
$shortscopegoogle.=',gmail_full';
|
|
||||||
}
|
|
||||||
|
|
||||||
// Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth)
|
// Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth)
|
||||||
$supportedoauth2array = array(
|
$supportedoauth2array = array(
|
||||||
'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'defaultscope'=>$shortscopegoogle),
|
'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'availablescopes'=> 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print,admin_directory_user,gmail_full'),
|
||||||
);
|
);
|
||||||
if (!empty($conf->stripe->enabled)) {
|
if (!empty($conf->stripe->enabled)) {
|
||||||
$supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
|
$supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'availablescopes'=>'read_write');
|
||||||
$supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
|
$supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'availablescopes'=>'read_write');
|
||||||
}
|
}
|
||||||
$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'defaultscope'=>'user,public_repo');
|
$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'availablescopes'=>'user,public_repo');
|
||||||
if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) {
|
if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) {
|
||||||
$supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'defaultscope'=>'ToComplete');
|
$supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'availablescopes'=>'Standard');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -89,10 +89,13 @@ if ($state) {
|
|||||||
$requestedpermissionsarray = explode(',', $statewithscopeonly); // Example: 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print'.
|
$requestedpermissionsarray = explode(',', $statewithscopeonly); // Example: 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print'.
|
||||||
$statewithanticsrfonly = preg_replace('/^.*\-/', '', $state);
|
$statewithanticsrfonly = preg_replace('/^.*\-/', '', $state);
|
||||||
}
|
}
|
||||||
if ($action != 'delete' && empty($requestedpermissionsarray)) {
|
|
||||||
print 'Error, parameter state is not defined';
|
if ($action != 'delete' && (empty($statewithscopeonly) || empty($requestedpermissionsarray))) {
|
||||||
exit;
|
setEventMessages($langs->trans('ScopeUndefined'), null, 'errors');
|
||||||
|
header('Location: '.$backtourl);
|
||||||
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
//var_dump($requestedpermissionsarray);exit;
|
//var_dump($requestedpermissionsarray);exit;
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -37,3 +37,4 @@ OAuthProviderAdded=OAuth provider added
|
|||||||
AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists
|
AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists
|
||||||
URLOfServiceForAuthorization=URL provided by OAuth service for authentication
|
URLOfServiceForAuthorization=URL provided by OAuth service for authentication
|
||||||
Scopes=Scopes
|
Scopes=Scopes
|
||||||
|
ScopeUndefined=Scope undefined (see previous tab)
|
||||||
@@ -34,3 +34,5 @@ OAUTH_ID=ID OAuth
|
|||||||
OAUTH_SECRET=Code secret OAuth
|
OAUTH_SECRET=Code secret OAuth
|
||||||
OAuthProviderAdded=Fournisseur OAuth ajouté
|
OAuthProviderAdded=Fournisseur OAuth ajouté
|
||||||
AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=Une entrée OAuth pour ce fournisseur et ce libellé existe déjà
|
AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=Une entrée OAuth pour ce fournisseur et ce libellé existe déjà
|
||||||
|
ScopeUndefined=Portée non définie (voir onglet précédent)
|
||||||
|
Scopes=Portées
|
||||||
Reference in New Issue
Block a user