Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-04 08:02:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX oauth authent must be done only on click on link

Browse Source 
Better message for notification denied.
This commit is contained in:
Laurent Destailleur
2024-02-09 13:32:44 +01:00
parent 290cb8447a
commit 0f53fe10d1
4 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/js/lib_notification.js.php
View File

@@ -212,7 +212,7 @@ function check_events() {
result = 1;
} else {
console.log("Cancel check_events() with dolnotif_nb_test_for_page="+dolnotif_nb_test_for_page+". Check is useless because javascript Notification.permission is "+Notification.permission+" (blocked manualy or web site is not https).");
console.log("Cancel check_events() with dolnotif_nb_test_for_page="+dolnotif_nb_test_for_page+". Check is useless because javascript Notification.permission is "+Notification.permission+" (blocked manualy or web site is not https or browser is in Private mode).");
result = 2; // We return a positive so the repeated check will done even if authroization is not yet allowed may be after this check)
}

2
htdocs/core/modules/oauth/google_oauthcallback.php
View File

@@ -163,7 +163,7 @@ if (!GETPOST('code')) {
// Save more data into session
// Not required. All data are saved into $_SESSION['datafromloginform'] when form is posted with a click on Login with
// Google with param actionlogin=login and beforeoauthloginredirect=1, by the functions_googleoauth.php.
// Google with param actionlogin=login and beforeoauthloginredirect=google, by the functions_googleoauth.php.
/*
if (!empty($_POST["tz"])) {
$_SESSION["tz"] = $_POST["tz"];

2
htdocs/core/tpl/login.tpl.php
View File

@@ -375,7 +375,7 @@ if (isset($conf->file->main_authentication) && preg_match('/google/', $conf->fil
*/
print '<input type="hidden" name="beforeoauthloginredirect" id="beforeoauthloginredirect" value="">';
print '<a class="alogin" href="#" onclick="jQuery(\'#beforeoauthloginredirect\').val(1); $(this).closest(\'form\').submit();">';
print '<a class="alogin" href="#" onclick="jQuery(\'#beforeoauthloginredirect\').val(\'google\'); $(this).closest(\'form\').submit();">';
print '<div class="loginbuttonexternal">';
print img_picto('', 'google', 'class="pictofixedwidth"');
print $langs->trans("LoginWith", "Google");

20
htdocs/main.inc.php
View File

@@ -680,10 +680,11 @@ if (is_array($modulepart)) {
}
/*
/*
* Phase authentication / login
*/
$login = '';
$login = '';
if (!defined('NOLOGIN')) {
// $authmode lists the different method of identification to be tested in order of preference.
// Example: 'http', 'dolibarr', 'ldap', 'http,forceuser', '...'
@@ -817,7 +818,7 @@ if (!defined('NOLOGIN')) {
if (GETPOST('openid_mode', 'alpha', 1)) { // For openid_connect ?
$goontestloop = true;
}
if (GETPOST('beforeoauthloginredirect', 'int') || GETPOST('afteroauthloginreturn')) { // For oauth login
if (GETPOST('beforeoauthloginredirect') || GETPOST('afteroauthloginreturn')) { // For oauth login
$goontestloop = true;
}
if (!empty($_COOKIE['login_dolibarr'])) { // TODO For ? Remove this ?
@@ -827,7 +828,7 @@ if (!defined('NOLOGIN')) {
if (!is_object($langs)) { // This can occurs when calling page with NOREQUIRETRAN defined, however we need langs for error messages.
include_once DOL_DOCUMENT_ROOT.'/core/class/translate.class.php';
$langs = new Translate("", $conf);
$langcode = (GETPOST('lang', 'aZ09', 1) ?GETPOST('lang', 'aZ09', 1) : (!getDolGlobalString('MAIN_LANG_DEFAULT') ? 'auto' : $conf->global->MAIN_LANG_DEFAULT));
$langcode = (GETPOST('lang', 'aZ09', 1) ?GETPOST('lang', 'aZ09', 1) : getDolGlobalString('MAIN_LANG_DEFAULT', 'auto'));
if (defined('MAIN_LANG_DEFAULT')) {
$langcode = constant('MAIN_LANG_DEFAULT');
}
@@ -837,8 +838,17 @@ if (!defined('NOLOGIN')) {
// Validation of login/pass/entity
// If ok, the variable login will be returned
// If error, we will put error message in session under the name dol_loginmesg
// Note authmode is an array for example: array('0'=>'dolibarr', '1'=>'googleoauth');
if ($test && $goontestloop && (GETPOST('actionlogin', 'aZ09') == 'login' || $dolibarr_main_authentication != 'dolibarr')) {
// Loop on each test mode defined into $authmode
// $authmode is an array for example: array('0'=>'dolibarr', '1'=>'googleoauth');
if (in_array('googleoauth', $authmode)) {
if (GETPOST('beforeoauthloginredirect') != 'google') {
// If we did not click on the link to use OAuth authentication, we do not try it.
dol_syslog("User did not click on link for OAuth so we disable check using googleoauth");
unset($authmode['googleoauth']);
}
}
$login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode);
if ($login === '--bad-login-validity--') {
$login = '';