Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-07 01:58:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Maxi debug of OAuth module. Solve tons of problems.

Browse Source
This commit is contained in:
Laurent Destailleur
2022-06-27 22:35:58 +02:00
parent 3eec5f0e69
commit 34464ac92b
13 changed files with 468 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
htdocs/core/modules/oauth/github_oauthcallback.php
View File

@@ -34,9 +34,12 @@ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domai
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
$action = GETPOST('action', 'aZ09');
$backtourl = GETPOST('backtourl', 'alpha');
$keyforprovider = GETPOST('keyforprovider', 'aZ09');
if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) {
$keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"];
}
/**
@@ -64,9 +67,11 @@ $serviceFactory->setHttpClient($httpClient);
$storage = new DoliStorage($db, $conf);
// Setup the credentials for the requests
$keyforparamid = 'OAUTH_GITHUB'.($keyforprovider ? '-'.$keyforprovider : '').'_ID';
$keyforparamsecret = 'OAUTH_GITHUB'.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET';
$credentials = new Credentials(
$conf->global->OAUTH_GITHUB_ID,
$conf->global->OAUTH_GITHUB_SECRET,
getDolGlobalString($keyforparamid),
getDolGlobalString($keyforparamsecret),
$currentUri->getAbsoluteUri()
);
@@ -81,13 +86,20 @@ if ($action != 'delete' && empty($requestedpermissionsarray)) {
//var_dump($requestedpermissionsarray);exit;
// Instantiate the Api service using the credentials, http client and storage mechanism for the token
$apiService = $serviceFactory->createService('GitHub', $credentials, $storage, $requestedpermissionsarray);
$apiService = $serviceFactory->createService('GitHub'.($keyforprovider ? '-'.$keyforprovider : ''), $credentials, $storage, $requestedpermissionsarray);
// access type needed to have oauth provider refreshing token
//$apiService->setAccessType('offline');
$langs->load("oauth");
if (!getDolGlobalString($keyforparamid)) {
accessforbidden('Setup of service is not complete. Customer ID is missing');
}
if (!getDolGlobalString($keyforparamsecret)) {
accessforbidden('Setup of service is not complete. Secret key is missing');
}
/*
* Actions
@@ -140,14 +152,15 @@ if (!empty($_GET['code'])) { // We are coming from oauth provider page
} catch (Exception $e) {
print $e->getMessage();
}
} else // If entry on page with no parameter, we arrive here
{
} else { // If entry on page with no parameter, we arrive here
$_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl;
$_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider;
$_SESSION['oauthstateanticsrf'] = $state;
// This may create record into oauth_state before the header redirect.
// Creation of record with state in this tables depend on the Provider used (see its constructor).
if (GETPOST('state')) {
$url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state')));
$url = $apiService->getAuthorizationUri(array('state' => GETPOST('state')));
} else {
$url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated
}