Code comment on OAUth ahtent

2026-01-06 00:53:00 +01:00 · 2020-02-16 21:16:00 +01:00
parent 20797920d7
commit 4b5cda5cd2
4 changed files with 33 additions and 9 deletions
--- a/dev/dolibarr_changes.txt
+++ b/dev/dolibarr_changes.txt
@@ -253,6 +253,24 @@ PARSEDOWN
 	$shortage = 4 - $len % 4;
 OAUTH
 -----
 Add into Class Google of file OAuth2/Service/Google:
    // LDR CHANGE Add approval_prompt to force the prompt if value is set to 'force' so it force return of a "refresh token" in addition to "standard token"
    public $approvalPrompt='auto';
    public function setApprouvalPrompt($prompt)
    {
        if (!in_array($prompt, array('auto', 'force'), true)) {
            // @todo Maybe could we rename this exception
            throw new InvalidAccessTypeException('Invalid approuvalPrompt, expected either auto or force.');
        }
        $this->approvalPrompt = $prompt;
    }
 JEDITABLE.JS
 ------------
--- a/htdocs/admin/oauthlogintokens.php
+++ b/htdocs/admin/oauthlogintokens.php
@@ -24,7 +24,7 @@
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/oauth.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/oauth.lib.php';			// This define $list
 require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
 use OAuth\Common\Storage\DoliStorage;
@@ -128,6 +128,9 @@ $head = oauthadmin_prepare_head();
 dol_fiche_head($head, 'tokengeneration', '', -1, 'technic');
 if (GETPOST('error')) {
 	setEventMessages(GETPOST('error'), null, 'errors');
 }
 if ($mode == 'setup' && $user->admin)
 {
@@ -144,17 +147,21 @@ if ($mode == 'setup' && $user->admin)
        if ($key[0] == 'OAUTH_GITHUB_NAME')
        {
            $OAUTH_SERVICENAME = 'GitHub';
-            $state='user,public_repo'; 	// List of keys that will be converted into scopes (from constants 'SCOPE_state_in_uppercase' in file of service)
+            // List of keys that will be converted into scopes (from constants 'SCOPE_state_in_uppercase' in file of service).
-            $urltorenew = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?state='.$state.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
+            // We pass this param list in to 'state' because we need it before and after the redirect.
            $shortscope='user,public_repo';
            $urltorenew = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?shortscope='.$shortscope.'&state='.$shortscope.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
            $urltodelete = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?action=delete&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
            $urltocheckperms = 'https://github.com/settings/applications/';
        }
        elseif ($key[0] == 'OAUTH_GOOGLE_NAME')
        {
            $OAUTH_SERVICENAME = 'Google';
-            $state='userinfo_email,userinfo_profile,cloud_print'; 	// List of keys that will be converted into scopes (from constants 'SCOPE_state_in_uppercase' in file of service)
+            // List of keys that will be converted into scopes (from constants 'SCOPE_state_in_uppercase' in file of service).
-            //$state.=',gmail_full';
+            // We pass this param list in to 'state' because we need it before and after the redirect.
-            $urltorenew = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?state='.$state.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
+            $shortscope='userinfo_email,userinfo_profile,cloud_print';
            //$scope.=',gmail_full';
            $urltorenew = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?shortscope='.$shortscope.'&state='.$shortscope.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
            $urltodelete = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?action=delete&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
            $urltocheckperms = 'https://security.google.com/settings/security/permissions';
        }
--- a/htdocs/core/modules/oauth/github_oauthcallback.php
+++ b/htdocs/core/modules/oauth/github_oauthcallback.php
@@ -71,7 +71,7 @@ $credentials = new Credentials(
 );
 $requestedpermissionsarray=array();
-if (GETPOST('state')) $requestedpermissionsarray=explode(',', GETPOST('state'));       // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to retrieve some parameters back
+if (GETPOST('state')) $requestedpermissionsarray=explode(',', GETPOST('state'));       // Example: 'user'. 'state' parameter is standard to retrieve some parameters back
 if ($action != 'delete' && empty($requestedpermissionsarray))
 {
    print 'Error, parameter state is not defined';
@@ -93,7 +93,6 @@ $langs->load("oauth");
 * Actions
 */
 if ($action == 'delete')
 {
    $storage->clearToken('GitHub');
--- a/htdocs/core/modules/oauth/google_oauthcallback.php
+++ b/htdocs/core/modules/oauth/google_oauthcallback.php
@@ -71,7 +71,7 @@ $credentials = new Credentials(
 );
 $requestedpermissionsarray=array();
-if (GETPOST('state')) $requestedpermissionsarray=explode(',', GETPOST('state'));       // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to retrieve some parameters back
+if (GETPOST('state')) $requestedpermissionsarray=explode(',', GETPOST('state'));       // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to store a hash value and can be used to retrieve some parameters back
 if ($action != 'delete' && empty($requestedpermissionsarray))
 {
    print 'Error, parameter state is not defined';