Merge pull request #22321 from fboitel/NEW-scope-checkbox-oauth

NEW: possibility to select scopes with checkbox for oauth tokens
2025-12-12 12:31:26 +01:00 · 2022-09-19 19:27:27 +02:00
parent daeb1eed03 2b9b6d6789
commit 1c56ffa0c4
6 changed files with 43 additions and 25 deletions
--- a/htdocs/admin/oauth.php
+++ b/htdocs/admin/oauth.php
@@ -23,6 +23,7 @@
 * \brief       Setup page to configure oauth access api
 */
 // Load Dolibarr environment
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
@@ -84,7 +85,12 @@ if ($action == 'update') {
 				}
 			}
 			if (GETPOSTISSET($constvalue.'_SCOPE')) {
-				if (!dolibarr_set_const($db, $constvalue.'_SCOPE', GETPOST($constvalue.'_SCOPE'), 'chaine', 0, '', $conf->entity)) {
+				$scopestring = implode(',', GETPOST($constvalue.'_SCOPE'));
 				if (!dolibarr_set_const($db, $constvalue.'_SCOPE', $scopestring, 'chaine', 0, '', $conf->entity)) {
 					$error++;
 				}
 			} else {
 				if (!dolibarr_set_const($db, $constvalue.'_SCOPE', '', 'chaine', 0, '', $conf->entity)) {
 					$error++;
 				}
 			}
@@ -263,13 +269,31 @@ if (count($listinsetup) > 0) {
 				print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
 				print '</td></tr>';
 			} else {
 				$availablescopes = array_flip(explode(',', $supportedoauth2array[$keyforsupportedoauth2array]['availablescopes']));
 				$currentscopes = explode(',', getDolGlobalString($key[4]));
 				$scopestodispay = array();
 				foreach ($availablescopes as $keyscope => $valscope) {
 					if (in_array($keyscope, $currentscopes)) {
 						$scopestodispay[$keyscope] = 1;
 					} else {
 						$scopestodispay[$keyscope] = 0;
 					}
 				}
 				// Api Scope
 				print '<tr class="oddeven value">';
 				print '<td>'.$langs->trans("Scopes").'</td>';
 				print '<td>';
-				//print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
+				foreach ($scopestodispay as $scope => $val) {
-				print $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
+					print '<input type="checkbox" name="'.$key[4].'[]" value="'.$scope.'"'.($val ? ' checked' : '').'>';
 					print '<label style="margin-right: 10px" for="'.$key[4].'">'.$scope.'</label>';
 				}
 				print '</td></tr>';
 			}
 		} else {
 			print '<tr class="oddeven value">';
 			print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
 			print '<td>'.$langs->trans("FeatureNotYetSupported").'</td>';
 			print '</td></tr>';
 		}
 	}
--- a/htdocs/admin/oauthlogintokens.php
+++ b/htdocs/admin/oauthlogintokens.php
@@ -172,7 +172,7 @@ if ($mode == 'setup' && $user->admin) {
 		$OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : ''));
-		$shortscope = $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
+		$shortscope = '';
 		if (getDolGlobalString($key[4])) {
 			$shortscope = getDolGlobalString($key[4]);
 		}
--- a/htdocs/core/lib/oauth.lib.php
+++ b/htdocs/core/lib/oauth.lib.php
@@ -23,29 +23,17 @@
 */
 $shortscopegoogle = 'userinfo_email,userinfo_profile';
 $shortscopegoogle .= ',openid,email,profile';	// For openid connect
 if (!empty($conf->printing->enabled)) {
 	$shortscopegoogle .= ',cloud_print';
 }
 if (!empty($conf->global->OAUTH_GOOGLE_GSUITE)) {
 	$shortscopegoogle .= ',admin_directory_user';
 }
 if (!empty($conf->global->OAUTH_GOOGLE_GMAIL)) {
 	$shortscopegoogle.=',gmail_full';
 }
 // Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth)
 $supportedoauth2array = array(
-	'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'defaultscope'=>$shortscopegoogle),
+	'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'availablescopes'=> 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print,admin_directory_user,gmail_full'),
 );
 if (!empty($conf->stripe->enabled)) {
-	$supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
+	$supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'availablescopes'=>'read_write');
-	$supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
+	$supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'availablescopes'=>'read_write');
 }
-$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'defaultscope'=>'user,public_repo');
+$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'availablescopes'=>'user,public_repo');
 if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) {
-	$supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'defaultscope'=>'ToComplete');
+	$supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'availablescopes'=>'Standard');
 }
--- a/htdocs/core/modules/oauth/google_oauthcallback.php
+++ b/htdocs/core/modules/oauth/google_oauthcallback.php
@@ -89,10 +89,13 @@ if ($state) {
 	$requestedpermissionsarray = explode(',', $statewithscopeonly); // Example: 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print'.
 	$statewithanticsrfonly = preg_replace('/^.*\-/', '', $state);
 }
-if ($action != 'delete' && empty($requestedpermissionsarray)) {
+
-	print 'Error, parameter state is not defined';
+if ($action != 'delete' && (empty($statewithscopeonly) || empty($requestedpermissionsarray))) {
-	exit;
+	setEventMessages($langs->trans('ScopeUndefined'), null, 'errors');
 	header('Location: '.$backtourl);
 	exit();
 }
 //var_dump($requestedpermissionsarray);exit;
--- a/htdocs/langs/en_US/oauth.lang
+++ b/htdocs/langs/en_US/oauth.lang
@@ -36,4 +36,5 @@ OAUTH_SECRET=OAuth secret
 OAuthProviderAdded=OAuth provider added
 AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists
 URLOfServiceForAuthorization=URL provided by OAuth service for authentication
-Scopes=Scopes
+Scopes=Scopes
 ScopeUndefined=Scope undefined (see previous tab)
--- a/htdocs/langs/fr_FR/oauth.lang
+++ b/htdocs/langs/fr_FR/oauth.lang
@@ -34,3 +34,5 @@ OAUTH_ID=ID OAuth
 OAUTH_SECRET=Code secret OAuth
 OAuthProviderAdded=Fournisseur OAuth ajouté
 AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=Une entrée OAuth pour ce fournisseur et ce libellé existe déjà
 ScopeUndefined=Portée non définie (voir onglet précédent)
 Scopes=Portées