Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-14 08:54:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX Oauth login

Browse Source
This commit is contained in:
Laurent Destailleur
2024-04-11 14:32:02 +02:00
parent c12a9a9d50
commit d86f5c83f0
4 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/core/login/functions_googleoauth.php
View File

@@ -115,6 +115,7 @@ function check_user_password_googleoauth($usertotest, $passwordtotest, $entityto
// If googleoauth_login has been set (by google_oauthcallback after a successful OAUTH2 request on openid scope
if (!empty($_SESSION['googleoauth_receivedlogin']) && dol_verifyHash($conf->file->instance_unique_id.$usertotest, $_SESSION['googleoauth_receivedlogin'], '0')) {
dol_syslog("Login received by Google OAuth was validated by callback page and saved crypted into session. This login is ".$usertotest);
unset($_SESSION['googleoauth_receivedlogin']);
$login = $usertotest;
}

2
htdocs/core/modules/oauth/google_oauthcallback.php
View File

@@ -152,7 +152,7 @@ if ($action == 'delete') {
}
if (!GETPOST('code')) {
dol_syslog("Page is called without code parameter defined");
dol_syslog("Page is called without the 'code' parameter defined");
// If we enter this page without 'code' parameter, it means we click on the link from login page and we want to get the redirect
// to the OAuth provider login page.

5
htdocs/core/tpl/login.tpl.php
View File

@@ -74,10 +74,13 @@ if (preg_match('/'.preg_quote('core/modules/oauth', '/').'/', $php_self)) {
$php_self = DOL_URL_ROOT.'/index.php?mainmenu=home';
}
$php_self = preg_replace('/(\?|&|&)action=[^&]+/', '\1', $php_self);
$php_self = preg_replace('/(\?|&|&)actionlogin=[^&]+/', '\1', $php_self);
$php_self = preg_replace('/(\?|&|&)afteroauthloginreturn=[^&]+/', '\1', $php_self);
$php_self = preg_replace('/(\?|&|&)username=[^&]*/', '\1', $php_self);
$php_self = preg_replace('/(\?|&|&)entity=\d+/', '\1', $php_self);
$php_self = preg_replace('/(\?|&|&)massaction=[^&]+/', '\1', $php_self);
$php_self = preg_replace('/(\?|&|&)token=[^&]+/', '\1', $php_self);
$php_self = preg_replace('/(&)+/', '&', $php_self);
// Javascript code on logon page only to detect user tz, dst_observed, dst_first, dst_second
$arrayofjs = array(
@@ -374,7 +377,7 @@ if (isset($conf->file->main_authentication) && preg_match('/google/', $conf->fil
*/
print '<input type="hidden" name="beforeoauthloginredirect" id="beforeoauthloginredirect" value="">';
print '<a class="alogin" href="#" onclick="jQuery(\'#beforeoauthloginredirect\').val(\'google\'); $(this).closest(\'form\').submit();">';
print '<a class="alogin" href="#" onclick="console.log(\'Set beforeoauthloginredirect value\'); jQuery(\'#beforeoauthloginredirect\').val(\'google\'); $(this).closest(\'form\').submit(); return false;">';
print '<div class="loginbuttonexternal">';
print img_picto('', 'google', 'class="pictofixedwidth"');
print $langs->trans("LoginWith", "Google");

11
htdocs/main.inc.php
View File

@@ -876,9 +876,13 @@ if (!defined('NOLOGIN')) {
// $authmode is an array for example: array('0'=>'dolibarr', '1'=>'googleoauth');
$oauthmodetotestarray = array('google');
foreach ($oauthmodetotestarray as $oauthmodetotest) {
if (in_array($oauthmodetotest.'oauth', $authmode) && GETPOST('beforeoauthloginredirect') != $oauthmodetotest) {
// If we did not click on the link to use OAuth authentication, we do not try it.
dol_syslog("User did not click on link for OAuth so we disable check using googleoauth");
if (in_array($oauthmodetotest.'oauth', $authmode)) { // This is an authmode that is currently qualified. Do we have to remove it ?
// If we click on the link to use OAuth authentication or if we goes after callback return, we do nothing
if (GETPOST('beforeoauthloginredirect') == $oauthmodetotest || GETPOST('afteroauthloginreturn')) {
// TODO Use: if (GETPOST('beforeoauthloginredirect') == $oauthmodetotest || GETPOST('afteroauthloginreturn') == $oauthmodetotest) {
continue;
}
dol_syslog("User did not click on link for OAuth or is not on the OAuth return, so we disable check using ".$oauthmodetotest);
foreach ($authmode as $tmpkey => $tmpval) {
if ($tmpval == $oauthmodetotest.'oauth') {
unset($authmode[$tmpkey]);
@@ -888,6 +892,7 @@ if (!defined('NOLOGIN')) {
}
}
// Check login for all qualified modes in array $authmode.
$login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode);
if ($login === '--bad-login-validity--') {
$login = '';