Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-03 23:52:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix several problems into OAuth2 module.

Browse Source
This commit is contained in:
Laurent Destailleur
2017-01-06 19:58:38 +01:00
parent 4002ec9fd5
commit 9cfc8d4095
9 changed files with 412 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

225
htdocs/admin/oauthlogintokens.php
View File

@@ -104,6 +104,11 @@ if ($action == 'setvalue' && $user->admin)
* View * View
*/ */
// Define $urlwithroot
$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
$form = new Form($db); $form = new Form($db);
llxHeader('',$langs->trans("PrintingSetup")); llxHeader('',$langs->trans("PrintingSetup"));
@@ -127,70 +132,191 @@ if ($mode == 'setup' && $user->admin)
if (in_array($key[0], array_keys($supportedoauth2array))) $supported=1; if (in_array($key[0], array_keys($supportedoauth2array))) $supported=1;
if (! $supported) continue; // show only supported if (! $supported) continue; // show only supported
$OAUTH_SERVICENAME='Unknown';
if ($key[0] == 'OAUTH_GITHUB_NAME')
{
$OAUTH_SERVICENAME='GitHub';
$urltorenew=$urlwithroot.'/core/modules/oauth/github_oauthcallback.php?state=user,public_repo&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
$urltodelete=$urlwithroot.'/core/modules/oauth/github_oauthcallback.php?action=delete&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
$urltocheckperms='https://github.com/settings/applications/';
}
if ($key[0] == 'OAUTH_GOOGLE_NAME')
{
$OAUTH_SERVICENAME='Google';
$urltorenew=$urlwithroot.'/core/modules/oauth/google_oauthcallback.php?state=userinfo_email,userinfo_profile,cloud_print&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
$urltodelete=$urlwithroot.'/core/modules/oauth/google_oauthcallback.php?action=delete&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
$urltocheckperms='https://security.google.com/settings/security/permissions';
}
// Show value of token
$tokenobj=null;
// Token
require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php';
require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php';
// Dolibarr storage
$storage = new DoliStorage($db, $conf);
try
{
$tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME);
}
catch(Exception $e)
{
// Return an error if token not found
}
// Set other properties
$refreshtoken=false;
$expiredat='';
$expire = false;
// Is token expired or will token expire in the next 30 seconds
if (is_object($tokenobj)) {
$expire = ($tokenobj->getEndOfLife() !== $tokenobj::EOL_NEVER_EXPIRES && $tokenobj->getEndOfLife() !== $tokenobj::EOL_UNKNOWN && time() > ($tokenobj->getEndOfLife() - 30));
}
// Token expired so we refresh it
if (is_object($tokenobj) && $expire) {
try {
// il faut sauvegarder le refresh token car le provider ne le donne qu'une seule fois
$refreshtoken = $tokenobj->getRefreshToken();
$tokenobj = $apiService->refreshAccessToken($tokenobj);
$tokenobj->setRefreshToken($refreshtoken);
$storage->storeAccessToken($OAUTH_SERVICENAME, $tokenobj);
} catch (Exception $e) {
setEventMessages($e->getMessage(), null, 'errors');
}
}
if ($key[1] != '' && $key[2] != '') {
if (is_object($tokenobj)) {
$refreshtoken = $tokenobj->getRefreshToken();
$endoflife = $tokenobj->getEndOfLife();
if ($endoflife == $tokenobj::EOL_NEVER_EXPIRES)
{
$expiredat = $langs->trans("Never");
}
elseif ($endoflife == $tokenobj::EOL_UNKNOWN)
{
$expiredat = $langs->trans("Unknown");
}
else
{
$expiredat=dol_print_date($endoflife, "dayhour");
}
}
}
$submit_enabled=0;
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?mode=setup&amp;driver='.$driver.'" autocomplete="off">'; print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?mode=setup&amp;driver='.$driver.'" autocomplete="off">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="setconst">'; print '<input type="hidden" name="action" value="setconst">';
print '<table class="noborder" width="100%">'."\n"; print '<table class="noborder" width="100%">'."\n";
$var=true;
$var=false;
print '<tr class="liste_titre">'; print '<tr class="liste_titre">';
print '<th>'.$langs->trans("Parameters").'</th>'; print '<th class="titlefieldcreate">'.$langs->trans($key[0]).'</th>';
print '<th>'.$langs->trans("Value").'</th>'; print '<th></th>';
print '<th>&nbsp;</th>'; print '<th></th>';
print "</tr>\n"; print "</tr>\n";
$submit_enabled=0;
print '<tr '.$bc[$var].'>'; print '<tr '.$bc[$var].'>';
print '<td'.($key['required']?' class=required':'').'>'.$langs->trans($key['varname']).'</td>'; print '<td'.($key['required']?' class="required"':'').'>';
print '<td>'.$langs->trans($key['info']).'</td>'; //var_dump($key);
print $langs->trans("OAuthIDSecret").'</td>';
print '<td>';
print $langs->trans("SeePreviousTab");
print '</td>';
print '<td>'; print '<td>';
if ($key['varname'] == 'PRINTGCP_TOKEN_ACCESS')
{
// Delete remote tokens
if (! empty($key['delete'])) print '<a class="button" href="'.$key['delete'].'">'.$langs->trans('DeleteAccess').'</a><br><br>';
// Request remote token
print '<a class="button" href="'.$key['renew'].'">'.$langs->trans('RequestAccess').'</a><br><br>';
// Check remote access
print $langs->trans("ToCheckDeleteTokenOnProvider", $OAUTH_SERVICENAME_GOOGLE).': <a href="https://security.google.com/settings/security/permissions" target="_google">https://security.google.com/settings/security/permissions</a>';
}
print '</td>'; print '</td>';
print '</tr>'."\n"; print '</tr>'."\n";
// Show value of token $var = ! $var;
if ($key['varname'] == 'PRINTGCP_TOKEN_ACCESS') print '<tr '.$bc[$var].'>';
print '<td'.($key['required']?' class="required"':'').'>';
//var_dump($key);
print $langs->trans("IsTokenGenerated");
print '</td>';
print '<td>';
if (is_object($tokenobj)) print $langs->trans("HasAccessToken");
else print $langs->trans("NoAccessToken");
print '</td>';
print '<td>';
// Links to delete/checks token
if (is_object($tokenobj))
{ {
// Token //test on $storage->hasAccessToken($OAUTH_SERVICENAME) ?
print '<tr '.$bc[$var].'>'; print '<a class="button" href="'.$urltodelete.'">'.$langs->trans('DeleteAccess').'</a><br><br>';
print '<td>'.$langs->trans("Token").'</td>';
print '<td>';
// Dolibarr storage
$storage = new DoliStorage($db, $conf);
try
{
$tokenobj = $storage->retrieveAccessToken($OAUTH_SERVICENAME_GOOGLE);
}
catch(Exception $e)
{
// Return an error if token not found
}
if (is_object($tokenobj))
{
//var_dump($tokenobj);
print $tokenobj->getAccessToken().'<br>';
//print 'Refresh: '.$tokenobj->getRefreshToken().'<br>';
//print 'EndOfLife: '.$tokenobj->getEndOfLife().'<br>';
//var_dump($tokenobj->getExtraParams());
/*print '<br>Extra: <br><textarea class="quatrevingtpercent">';
print ''.join(',',$tokenobj->getExtraParams());
print '</textarea>';*/
}
print '</td>';
print '<td>';
print '</td>';
print '</tr>'."\n";
} }
// Request remote token
print '<a class="button" href="'.$urltorenew.'">'.$langs->trans('RequestAccess').'</a><br><br>';
// Check remote access
if ($urltocheckperms)
{
print $langs->trans("ToCheckDeleteTokenOnProvider", $OAUTH_SERVICENAME).': <a href="'.$urltocheckperms.'" target="_'.strtolower($OAUTH_SERVICENAME).'">'.$urltocheckperms.'</a>';
}
print '</td>';
print '</tr>';
$var = ! $var;
print '<tr '.$bc[$var].'>';
print '<td'.($key['required']?' class="required"':'').'>';
//var_dump($key);
print $langs->trans("Token").'</td>';
print '<td colspan="2">';
if (is_object($tokenobj))
{
//var_dump($tokenobj);
print $tokenobj->getAccessToken().'<br>';
//print 'Refresh: '.$tokenobj->getRefreshToken().'<br>';
//print 'EndOfLife: '.$tokenobj->getEndOfLife().'<br>';
//var_dump($tokenobj->getExtraParams());
/*print '<br>Extra: <br><textarea class="quatrevingtpercent">';
print ''.join(',',$tokenobj->getExtraParams());
print '</textarea>';*/
}
print '</td>';
print '</tr>'."\n";
if (is_object($tokenobj))
{
// Token refresh
$var = ! $var;
print '<tr '.$bc[$var].'>';
print '<td'.($key['required']?' class="required"':'').'>';
//var_dump($key);
print $langs->trans("TOKEN_REFRESH").'</td>';
print '<td colspan="2">';
print yn($refreshtoken);
print '</td>';
print '</tr>';
// Token expired
$var = ! $var;
print '<tr '.$bc[$var].'>';
print '<td'.($key['required']?' class="required"':'').'>';
//var_dump($key);
print $langs->trans("TOKEN_EXPIRED").'</td>';
print '<td colspan="2">';
print yn($expire);
print '</td>';
print '</tr>';
// Token expired at
$var = ! $var;
print '<tr '.$bc[$var].'>';
print '<td'.($key['required']?' class="required"':'').'>';
//var_dump($key);
print $langs->trans("TOKEN_EXPIRE_AT").'</td>';
print '<td colspan="2">';
print $expiredat;
print '</td>';
print '</tr>';
}
print '</table>'; print '</table>';
if (! empty($driver)) if (! empty($driver))
@@ -199,7 +325,8 @@ if ($mode == 'setup' && $user->admin)
print '<div class="center"><input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("Modify")).'"></div>'; print '<div class="center"><input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("Modify")).'"></div>';
} }
} }
print '</form>'; print '</form>';
} }

8
htdocs/core/lib/oauth.lib.php
View File

@@ -26,9 +26,13 @@
// Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth) // Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth)
$supportedoauth2array=array( $supportedoauth2array=array(
'OAUTH_GOOGLE_NAME'=>'google', 'OAUTH_GOOGLE_NAME'=>'google',
'OAUTH_GITHUB_NAME'=>'github'
); );
if ($conf->global->MAIN_FEATURES_LEVEL >= 2)
{
$supportedoauth2array['OAUTH_GITHUB_NAME']='github';
}
$supportedoauth2array['OAUTH_GITHUB_NAME']='github';
// API access parameters OAUTH // API access parameters OAUTH
$list = array ( $list = array (
array( array(
@@ -264,7 +268,7 @@ function oauthadmin_prepare_head()
$h++; $h++;
$head[$h][0] = dol_buildpath('/admin/oauthlogintokens.php', 1); $head[$h][0] = dol_buildpath('/admin/oauthlogintokens.php', 1);
$head[$h][1] = $langs->trans("ManualTokenGeneration"); $head[$h][1] = $langs->trans("TokenManager");
$head[$h][2] = 'tokengeneration'; $head[$h][2] = 'tokengeneration';
$h++; $h++;

171
htdocs/core/modules/oauth/github_oauthcallback.php Normal file
View File

@@ -0,0 +1,171 @@
<?php
/*
* Copyright (C) 2015 Frederic France <frederic.france@free.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/core/modules/oauth/github_oauthcallback.php
* \ingroup oauth
* \brief Page to get oauth callback
*/
require '../../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php';
use OAuth\Common\Storage\DoliStorage;
use OAuth\Common\Consumer\Credentials;
use OAuth\OAuth2\Service\GitHub;
// Define $urlwithroot
$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
$action = GETPOST('action', 'alpha');
$backtourl = GETPOST('backtourl', 'alpha');
/**
* Create a new instance of the URI class with the current URI, stripping the query string
*/
$uriFactory = new \OAuth\Common\Http\Uri\UriFactory();
//$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);
//$currentUri->setQuery('');
$currentUri = $uriFactory->createFromAbsolute($urlwithroot.'/core/modules/oauth/github_oauthcallback.php');
/**
* Load the credential for the service
*/
/** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */
$serviceFactory = new \OAuth\ServiceFactory();
$httpClient = new \OAuth\Common\Http\Client\CurlClient();
// TODO Set options for proxy and timeout
// $params=array('CURLXXX'=>value, ...)
//$httpClient->setCurlParameters($params);
$serviceFactory->setHttpClient($httpClient);
// Dolibarr storage
$storage = new DoliStorage($db, $conf);
// Setup the credentials for the requests
$credentials = new Credentials(
$conf->global->OAUTH_GITHUB_ID,
$conf->global->OAUTH_GITHUB_SECRET,
$currentUri->getAbsoluteUri()
);
$requestedpermissionsarray=array();
if (GETPOST('state')) $requestedpermissionsarray=explode(',', GETPOST('state')); // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to retrieve some parameters back
if ($action != 'delete' && empty($requestedpermissionsarray))
{
print 'Error, parameter state is not defined';
exit;
}
//var_dump($requestedpermissionsarray);exit;
// Instantiate the Api service using the credentials, http client and storage mechanism for the token
/** @var $apiService Service */
$apiService = $serviceFactory->createService('GitHub', $credentials, $storage, $requestedpermissionsarray);
// access type needed to have oauth provider refreshing token
//$apiService->setAccessType('offline');
$langs->load("oauth");
/*
* Actions
*/
if ($action == 'delete')
{
$storage->clearToken('GitHub');
setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs');
header('Location: ' . $backtourl);
exit();
}
if (! empty($_GET['code'])) // We are coming from oauth provider page
{
//llxHeader('',$langs->trans("OAuthSetup"));
//$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php">'.$langs->trans("BackToModuleList").'</a>';
//print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup');
//dol_fiche_head();
// retrieve the CSRF state parameter
$state = isset($_GET['state']) ? $_GET['state'] : null;
//print '<table>';
// This was a callback request from service, get the token
try {
//var_dump($_GET['code']);
//var_dump($state);
//var_dump($apiService); // OAuth\OAuth2\Service\GitHub
//$token = $apiService->requestAccessToken($_GET['code'], $state);
$token = $apiService->requestAccessToken($_GET['code']);
// Github is a service that does not need state yo be stored.
// Into constructor of GitHub, the call
// parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri)
// has not the ending parameter to true like the Google class constructor.
setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token
} catch (Exception $e) {
print $e->getMessage();
}
$backtourl = $_SESSION["backtourlsavedbeforeoauthjump"];
unset($_SESSION["backtourlsavedbeforeoauthjump"]);
header('Location: ' . $backtourl);
exit();
}
else // If entry on page with no parameter, we arrive here
{
$_SESSION["backtourlsavedbeforeoauthjump"]=$backtourl;
// This may create record into oauth_state before the header redirect.
// Creation of record with state in this tables depend on the Provider used (see its constructor).
if (GETPOST('state'))
{
$url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state')));
}
else
{
$url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated
}
// we go on oauth provider authorization page
header('Location: ' . $url);
exit();
}
/*
* View
*/
// No view at all, just actions
$db->close();

12
htdocs/core/modules/oauth/google_oauthcallback.php
View File

@@ -17,7 +17,7 @@
*/ */
/** /**
* \file htdocs/core/modules/oauth/getoauthcallback.php * \file htdocs/core/modules/oauth/google_oauthcallback.php
* \ingroup oauth * \ingroup oauth
* \brief Page to get oauth callback * \brief Page to get oauth callback
*/ */
@@ -83,7 +83,7 @@ if ($action != 'delete' && empty($requestedpermissionsarray))
/** @var $apiService Service */ /** @var $apiService Service */
$apiService = $serviceFactory->createService('Google', $credentials, $storage, $requestedpermissionsarray); $apiService = $serviceFactory->createService('Google', $credentials, $storage, $requestedpermissionsarray);
// access type needed for google refresh token // access type needed to have oauth provider refreshing token
$apiService->setAccessType('offline'); $apiService->setAccessType('offline');
$langs->load("oauth"); $langs->load("oauth");
@@ -104,7 +104,7 @@ if ($action == 'delete')
exit(); exit();
} }
if (! empty($_GET['code'])) // We are coming from Google oauth page if (! empty($_GET['code'])) // We are coming from oauth provider page
{ {
//llxHeader('',$langs->trans("OAuthSetup")); //llxHeader('',$langs->trans("OAuthSetup"));
@@ -121,6 +121,7 @@ if (! empty($_GET['code'])) // We are coming from Google oauth page
//var_dump($_GET['code']); //var_dump($_GET['code']);
//var_dump($state); //var_dump($state);
//var_dump($apiService); // OAuth\OAuth2\Service\Google //var_dump($apiService); // OAuth\OAuth2\Service\Google
$token = $apiService->requestAccessToken($_GET['code'], $state); $token = $apiService->requestAccessToken($_GET['code'], $state);
setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token
@@ -138,6 +139,8 @@ else // If entry on page with no parameter, we arrive here
{ {
$_SESSION["backtourlsavedbeforeoauthjump"]=$backtourl; $_SESSION["backtourlsavedbeforeoauthjump"]=$backtourl;
// This may create record into oauth_state before the header redirect.
// Creation of record with state in this tables depend on the Provider used (see its constructor).
if (GETPOST('state')) if (GETPOST('state'))
{ {
$url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state'))); $url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state')));
@@ -146,7 +149,8 @@ else // If entry on page with no parameter, we arrive here
{ {
$url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated
} }
// we go on google authorization page
// we go on oauth provider authorization page
header('Location: ' . $url); header('Location: ' . $url);
exit(); exit();
} }

21
htdocs/core/modules/printing/printgcp.modules.php
View File

@@ -66,6 +66,7 @@ class printing_printgcp extends PrintingDriver
$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root)); $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
$this->db = $db; $this->db = $db;
if (!$conf->oauth->enabled) { if (!$conf->oauth->enabled) {
@@ -117,10 +118,28 @@ class printing_printgcp extends PrintingDriver
$this->conf[] = array('varname'=>'PRINTGCP_INFO', 'info'=>'GoogleAuthConfigured', 'type'=>'info'); $this->conf[] = array('varname'=>'PRINTGCP_INFO', 'info'=>'GoogleAuthConfigured', 'type'=>'info');
$this->conf[] = array('varname'=>'PRINTGCP_TOKEN_ACCESS', 'info'=>$access, 'type'=>'info', 'renew'=>$urlwithroot.'/core/modules/oauth/google_oauthcallback.php?state=userinfo_email,userinfo_profile,cloud_print&backtourl='.urlencode(DOL_URL_ROOT.'/printing/admin/printing.php?mode=setup&driver=printgcp'), 'delete'=>($storage->hasAccessToken($this->OAUTH_SERVICENAME_GOOGLE)?$urlwithroot.'/core/modules/oauth/google_oauthcallback.php?action=delete&backtourl='.urlencode(DOL_URL_ROOT.'/printing/admin/printing.php?mode=setup&driver=printgcp'):'')); $this->conf[] = array('varname'=>'PRINTGCP_TOKEN_ACCESS', 'info'=>$access, 'type'=>'info', 'renew'=>$urlwithroot.'/core/modules/oauth/google_oauthcallback.php?state=userinfo_email,userinfo_profile,cloud_print&backtourl='.urlencode(DOL_URL_ROOT.'/printing/admin/printing.php?mode=setup&driver=printgcp'), 'delete'=>($storage->hasAccessToken($this->OAUTH_SERVICENAME_GOOGLE)?$urlwithroot.'/core/modules/oauth/google_oauthcallback.php?action=delete&backtourl='.urlencode(DOL_URL_ROOT.'/printing/admin/printing.php?mode=setup&driver=printgcp'):''));
if ($token_ok) { if ($token_ok) {
$expiredat='';
$refreshtoken = $token->getRefreshToken(); $refreshtoken = $token->getRefreshToken();
$endoflife=$token->getEndOfLife();
if ($endoflife == $token::EOL_NEVER_EXPIRES)
{
$expiredat = $langs->trans("Never");
}
elseif ($endoflife == $token::EOL_UNKNOWN)
{
$expiredat = $langs->trans("Unknown");
}
else
{
$expiredat=dol_print_date($endoflife, "dayhour");
}
$this->conf[] = array('varname'=>'TOKEN_REFRESH', 'info'=>((! empty($refreshtoken))?'Yes':'No'), 'type'=>'info'); $this->conf[] = array('varname'=>'TOKEN_REFRESH', 'info'=>((! empty($refreshtoken))?'Yes':'No'), 'type'=>'info');
$this->conf[] = array('varname'=>'TOKEN_EXPIRED', 'info'=>($expire?'Yes':'No'), 'type'=>'info'); $this->conf[] = array('varname'=>'TOKEN_EXPIRED', 'info'=>($expire?'Yes':'No'), 'type'=>'info');
$this->conf[] = array('varname'=>'TOKEN_EXPIRE_AT', 'info'=>(dol_print_date($token->getEndOfLife(), "dayhour")), 'type'=>'info'); $this->conf[] = array('varname'=>'TOKEN_EXPIRE_AT', 'info'=>($expiredat), 'type'=>'info');
} }
/* /*
if ($storage->hasAccessToken($this->OAUTH_SERVICENAME_GOOGLE)) { if ($storage->hasAccessToken($this->OAUTH_SERVICENAME_GOOGLE)) {

19
htdocs/includes/OAuth/Common/Storage/DoliStorage.php
View File

@@ -97,7 +97,7 @@ class DoliStorage implements TokenStorageInterface
$this->tokens = array(); $this->tokens = array();
} }
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."oauth_token"; $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."oauth_token";
$sql.= " WHERE service='".$service."' AND entity=1"; $sql.= " WHERE service='".$this->db->escape($service)."' AND entity=1";
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if (! $resql) if (! $resql)
{ {
@@ -113,7 +113,7 @@ class DoliStorage implements TokenStorageInterface
} else { } else {
// save // save
$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, token, entity)"; $sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token (service, token, entity)";
$sql.= " VALUES ('".$service."', '".$this->db->escape($serializedToken)."', 1)"; $sql.= " VALUES ('".$this->db->escape($service)."', '".$this->db->escape($serializedToken)."', 1)";
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
} }
//print $sql; //print $sql;
@@ -130,7 +130,7 @@ class DoliStorage implements TokenStorageInterface
// get from db // get from db
dol_syslog("hasAccessToken service=".$service); dol_syslog("hasAccessToken service=".$service);
$sql = "SELECT token FROM ".MAIN_DB_PREFIX."oauth_token"; $sql = "SELECT token FROM ".MAIN_DB_PREFIX."oauth_token";
$sql.= " WHERE service='".$service."'"; $sql.= " WHERE service='".$this->db->escape($service)."'";
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if (! $resql) if (! $resql)
{ {
@@ -159,7 +159,7 @@ class DoliStorage implements TokenStorageInterface
// unset($tokens[$service]); // unset($tokens[$service]);
$sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token"; $sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token";
$sql.= " WHERE service='".$service."'"; $sql.= " WHERE service='".$this->db->escape($service)."'";
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
//} //}
@@ -189,7 +189,7 @@ class DoliStorage implements TokenStorageInterface
} }
throw new AuthorizationStateNotFoundException('State not found in conf, are you sure you stored it?'); throw new AuthorizationStateNotFoundException('State not found in db, are you sure you stored it?');
} }
/** /**
@@ -207,7 +207,7 @@ class DoliStorage implements TokenStorageInterface
$this->states[$service] = $state; $this->states[$service] = $state;
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."oauth_state"; $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."oauth_state";
$sql.= " WHERE service='".$service."' AND entity=1"; $sql.= " WHERE service='".$this->db->escape($service)."' AND entity=1";
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if (! $resql) if (! $resql)
{ {
@@ -223,7 +223,7 @@ class DoliStorage implements TokenStorageInterface
} else { } else {
// save // save
$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_state (service, state, entity)"; $sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_state (service, state, entity)";
$sql.= " VALUES ('".$service."', '".$state."', 1)"; $sql.= " VALUES ('".$this->db->escape($service)."', '".$this->db->escape($state)."', 1)";
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
} }
@@ -236,9 +236,10 @@ class DoliStorage implements TokenStorageInterface
*/ */
public function hasAuthorizationState($service) public function hasAuthorizationState($service)
{ {
// get from db // get state from db
dol_syslog("get state from db");
$sql = "SELECT state FROM ".MAIN_DB_PREFIX."oauth_state"; $sql = "SELECT state FROM ".MAIN_DB_PREFIX."oauth_state";
$sql.= " WHERE service='".$service."'"; $sql.= " WHERE service='".$this->db->escape($service)."'";
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
$result = $this->db->fetch_array($resql); $result = $this->db->fetch_array($resql);
$states[$service] = $result[state]; $states[$service] = $result[state];

9
htdocs/langs/en_US/oauth.lang
View File

@@ -2,15 +2,20 @@
ConfigOAuth=Oauth Configuration ConfigOAuth=Oauth Configuration
OAuthServices=OAuth services OAuthServices=OAuth services
ManualTokenGeneration=Manual token generation ManualTokenGeneration=Manual token generation
TokenManager=Token manager
IsTokenGenerated=Is token generated ?
NoAccessToken=No access token saved into local database NoAccessToken=No access token saved into local database
HasAccessToken=A token was generated and saved into local database HasAccessToken=A token was generated and saved into local database
NewTokenStored=Token received ans saved NewTokenStored=Token received and saved
ToCheckDeleteTokenOnProvider=To check/delete authorization saved by %s OAuth provider ToCheckDeleteTokenOnProvider=Click here to check/delete authorization saved by %s OAuth provider
TokenDeleted=Token deleted TokenDeleted=Token deleted
RequestAccess=Click here to request/renew access and receive a new token to save RequestAccess=Click here to request/renew access and receive a new token to save
DeleteAccess=Click here to delete token DeleteAccess=Click here to delete token
UseTheFollowingUrlAsRedirectURI=Use the following URL as the Redirect URI when creating your credential on your OAuth provider: UseTheFollowingUrlAsRedirectURI=Use the following URL as the Redirect URI when creating your credential on your OAuth provider:
ListOfSupportedOauthProviders=Enter here credential provided by your OAuth2 provider. Only supported OAuth2 providers are visible here. This setup may be used by other modules that need OAuth2 authentication. ListOfSupportedOauthProviders=Enter here credential provided by your OAuth2 provider. Only supported OAuth2 providers are visible here. This setup may be used by other modules that need OAuth2 authentication.
OAuthSetupForLogin=Page to generate an OAuth token
SeePreviousTab=See previous tab
OAuthIDSecret=OAuth ID and Secret
TOKEN_REFRESH=Token Refresh Present TOKEN_REFRESH=Token Refresh Present
TOKEN_EXPIRED=Token expired TOKEN_EXPIRED=Token expired
TOKEN_EXPIRE_AT=Token expire at TOKEN_EXPIRE_AT=Token expire at

2
htdocs/langs/en_US/printing.lang
View File

@@ -46,6 +46,6 @@ IPP_Media=Printer media
IPP_Supported=Type of media IPP_Supported=Type of media
DirectPrintingJobsDesc=This page lists printing jobs found for available printers. DirectPrintingJobsDesc=This page lists printing jobs found for available printers.
GoogleAuthNotConfigured=Google OAuth setup not done. Enable module OAuth and set a Google ID/Secret. GoogleAuthNotConfigured=Google OAuth setup not done. Enable module OAuth and set a Google ID/Secret.
GoogleAuthConfigured=Google OAuth credentials found into setup of module OAuth. GoogleAuthConfigured=Google OAuth credentials were found into setup of module OAuth.
PrintingDriverDescprintgcp=Configuration variables for printing driver Google Cloud Print. PrintingDriverDescprintgcp=Configuration variables for printing driver Google Cloud Print.
PrintTestDescprintgcp=List of Printers for Google Cloud Print. PrintTestDescprintgcp=List of Printers for Google Cloud Print.

17
htdocs/printing/admin/printing.php
View File

@@ -161,9 +161,19 @@ if ($mode == 'setup' && $user->admin)
break; break;
case "info": // Google Api setup or Google OAuth Token case "info": // Google Api setup or Google OAuth Token
print '<tr '.$bc[$var].'>'; print '<tr '.$bc[$var].'>';
print '<td'.($key['required']?' class=required':'').'>'.$langs->trans($key['varname']).'</td>'; print '<td'.($key['required']?' class=required':'').'>';
if ($key['varname'] == 'PRINTGCP_TOKEN_ACCESS')
{
print $langs->trans("IsTokenGenerated");
}
else
{
print $langs->trans($key['varname']);
}
print '</td>';
print '<td>'.$langs->trans($key['info']).'</td>'; print '<td>'.$langs->trans($key['info']).'</td>';
print '<td>'; print '<td>';
//var_dump($key);
if ($key['varname'] == 'PRINTGCP_TOKEN_ACCESS') if ($key['varname'] == 'PRINTGCP_TOKEN_ACCESS')
{ {
// Delete remote tokens // Delete remote tokens
@@ -187,7 +197,8 @@ if ($mode == 'setup' && $user->admin)
// Token // Token
print '<tr '.$bc[$var].'>'; print '<tr '.$bc[$var].'>';
print '<td>'.$langs->trans("Token").'</td>'; print '<td>'.$langs->trans("Token").'</td>';
print '<td>'; print '<td colspan="2">';
$tokenobj=null;
// Dolibarr storage // Dolibarr storage
$storage = new DoliStorage($db, $conf); $storage = new DoliStorage($db, $conf);
try try
@@ -210,8 +221,6 @@ if ($mode == 'setup' && $user->admin)
print '</textarea>';*/ print '</textarea>';*/
} }
print '</td>'; print '</td>';
print '<td>';
print '</td>';
print '</tr>'."\n"; print '</tr>'."\n";
} }
} }