--- /tmp/dsg/dolibarr/htdocs/core/modules/oauth/github_19.0.3_github_oauthcallback.php +++ /tmp/dsg/dolibarr/htdocs/core/modules/oauth/client_github_oauthcallback.php @@ -2 +2 @@ -/* Copyright (C) 2022 Laurent Destailleur +/* @@ -25 +24,0 @@ -// Load Dolibarr environment @@ -38 +37,2 @@ -$action = GETPOST('action', 'aZ09'); + +$action = GETPOST('action', 'alpha'); @@ -40,4 +39,0 @@ -$keyforprovider = GETPOST('keyforprovider', 'aZ09'); -if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) { - $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"]; -} @@ -59 +55 @@ -/** @var \OAuth\ServiceFactory $serviceFactory An OAuth service factory. */ +/** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */ @@ -68 +64 @@ -$storage = new DoliStorage($db, $conf, $keyforprovider); +$storage = new DoliStorage($db, $conf); @@ -71,2 +66,0 @@ -$keyforparamid = 'OAUTH_GITHUB'.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; -$keyforparamsecret = 'OAUTH_GITHUB'.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET'; @@ -74,3 +68,3 @@ - getDolGlobalString($keyforparamid), - getDolGlobalString($keyforparamsecret), - $currentUri->getAbsoluteUri() + $conf->global->OAUTH_GITHUB_ID, + $conf->global->OAUTH_GITHUB_SECRET, + $currentUri->getAbsoluteUri() @@ -80,6 +74,5 @@ -if (GETPOST('state')) { - $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back -} -if ($action != 'delete' && empty($requestedpermissionsarray)) { - print 'Error, parameter state is not defined'; - exit; +if (GETPOST('state')) $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back +if ($action != 'delete' && empty($requestedpermissionsarray)) +{ + print 'Error, parameter state is not defined'; + exit; @@ -89,0 +83 @@ +/** @var $apiService Service */ @@ -97,7 +90,0 @@ -if (!getDolGlobalString($keyforparamid)) { - accessforbidden('Setup of service is not complete. Customer ID is missing'); -} -if (!getDolGlobalString($keyforparamsecret)) { - accessforbidden('Setup of service is not complete. Secret key is missing'); -} - @@ -109,2 +96,3 @@ -if ($action == 'delete') { - $storage->clearToken('GitHub'); +if ($action == 'delete') +{ + $storage->clearToken('GitHub'); @@ -112 +100 @@ - setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); + setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); @@ -114,2 +102,2 @@ - header('Location: '.$backtourl); - exit(); + header('Location: '.$backtourl); + exit(); @@ -118 +106,2 @@ -if (GETPOST('code')) { // We are coming from oauth provider page +if (!empty($_GET['code'])) // We are coming from oauth provider page +{ @@ -122 +111,2 @@ - dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)); + dol_syslog("We are coming from the oauth provider page"); + //llxHeader('',$langs->trans("OAuthSetup")); @@ -124,4 +114,2 @@ - // This was a callback request from service, get the token - try { - //var_dump($state); - //var_dump($apiService); // OAuth\OAuth2\Service\GitHub + //$linkback=''.$langs->trans("BackToModuleList").''; + //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup'); @@ -129,3 +117,4 @@ - //$token = $apiService->requestAccessToken(GETPOST('code'), $state); - $token = $apiService->requestAccessToken(GETPOST('code')); - // Github is a service that does not need state to be stored as second paramater of requestAccessToken + //dol_fiche_head(); + // retrieve the CSRF state parameter + $state = isset($_GET['state']) ? $_GET['state'] : null; + //print ''; @@ -133,3 +122,5 @@ - // Into constructor of GitHub, the call - // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri) - // has not the ending parameter to true like the Google class constructor. + // This was a callback request from service, get the token + try { + //var_dump($_GET['code']); + //var_dump($state); + //var_dump($apiService); // OAuth\OAuth2\Service\GitHub @@ -137 +128,6 @@ - setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token + //$token = $apiService->requestAccessToken($_GET['code'], $state); + $token = $apiService->requestAccessToken($_GET['code']); + // Github is a service that does not need state to be stored. + // Into constructor of GitHub, the call + // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri) + // has not the ending parameter to true like the Google class constructor. @@ -139,2 +135 @@ - $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; - unset($_SESSION["backtourlsavedbeforeoauthjump"]); + setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token @@ -142,3 +137,2 @@ - if (empty($backtourl)) { - $backtourl = DOL_URL_ROOT.'/'; - } + $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; + unset($_SESSION["backtourlsavedbeforeoauthjump"]); @@ -146,9 +140,9 @@ - header('Location: '.$backtourl); - exit(); - } catch (Exception $e) { - print $e->getMessage(); - } -} else { // If entry on page with no parameter, we arrive here - $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; - $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider; - $_SESSION['oauthstateanticsrf'] = $state; + header('Location: '.$backtourl); + exit(); + } catch (Exception $e) { + print $e->getMessage(); + } +} +else // If entry on page with no parameter, we arrive here +{ + $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; @@ -156,7 +150,10 @@ - // This may create record into oauth_state before the header redirect. - // Creation of record with state in this tables depend on the Provider used (see its constructor). - if (GETPOST('state')) { - $url = $apiService->getAuthorizationUri(array('state' => GETPOST('state'))); - } else { - $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated - } + // This may create record into oauth_state before the header redirect. + // Creation of record with state in this tables depend on the Provider used (see its constructor). + if (GETPOST('state')) + { + $url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state'))); + } + else + { + $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated + } @@ -164,3 +161,3 @@ - // we go on oauth provider authorization page - header('Location: '.$url); - exit(); + // we go on oauth provider authorization page + header('Location: '.$url); + exit(); --- /tmp/dsg/dolibarr/htdocs/core/modules/oauth/github_19.0.3_google_oauthcallback.php +++ /tmp/dsg/dolibarr/htdocs/core/modules/oauth/client_google_oauthcallback.php @@ -2 +2 @@ -/* Copyright (C) 2022 Laurent Destailleur +/* @@ -19,4 +18,0 @@ -// This page is used as callback for token generation of an OAUTH request. -// This page can also be used to make the process to login and get token as described here: -// https://developers.google.com/identity/protocols/oauth2/openid-connect#server-flow - @@ -29,12 +24,0 @@ -// Force keyforprovider -$forlogin = 0; -if (!empty($_GET['state']) && preg_match('/^forlogin-/', $_GET['state'])) { - $forlogin = 1; - $_GET['keyforprovider'] = 'Login'; -} - -if (!defined('NOLOGIN') && $forlogin) { - define("NOLOGIN", 1); // This means this output page does not require to be logged. -} - -// Load Dolibarr environment @@ -48 +31,0 @@ -global $dolibarr_main_url_root; @@ -53 +35,0 @@ -$langs->load("oauth"); @@ -55 +37,2 @@ -$action = GETPOST('action', 'aZ09'); + +$action = GETPOST('action', 'alpha'); @@ -57,5 +39,0 @@ -$keyforprovider = GETPOST('keyforprovider', 'aZ09'); -if (!GETPOSTISSET('keyforprovider') && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) { - // If we are coming from the Oauth page - $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"]; -} @@ -77 +55 @@ -/** @var \OAuth\ServiceFactory $serviceFactory An OAuth service factory. */ +/** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */ @@ -84,0 +63,3 @@ +// Dolibarr storage +$storage = new DoliStorage($db, $conf); + @@ -86,2 +66,0 @@ -$keyforparamid = 'OAUTH_GOOGLE'.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; -$keyforparamsecret = 'OAUTH_GOOGLE'.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET'; @@ -89,3 +68,3 @@ - getDolGlobalString($keyforparamid), - getDolGlobalString($keyforparamsecret), - $currentUri->getAbsoluteUri() + $conf->global->OAUTH_GOOGLE_ID, + $conf->global->OAUTH_GOOGLE_SECRET, + $currentUri->getAbsoluteUri() @@ -94,4 +72,0 @@ -$state = GETPOST('state'); -$statewithscopeonly = ''; -$statewithanticsrfonly = ''; - @@ -99,5 +74,5 @@ -if ($state) { - // 'state' parameter is standard to store a hash value and can be used to retrieve some parameters back - $statewithscopeonly = preg_replace('/\-.*$/', '', preg_replace('/^forlogin-/', '', $state)); - $requestedpermissionsarray = explode(',', $statewithscopeonly); // Example: 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print'. - $statewithanticsrfonly = preg_replace('/^.*\-/', '', $state); +if (GETPOST('state')) $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to store a hash value and can be used to retrieve some parameters back +if ($action != 'delete' && empty($requestedpermissionsarray)) +{ + print 'Error, parameter state is not defined'; + exit; @@ -105,13 +79,0 @@ - -// Add a test to check that the state parameter is provided into URL when we make the first call to ask the redirect or when we receive the callback -// but not when callback was ok and we recall the page -if ($action != 'delete' && !GETPOST('afteroauthloginreturn', 'int') && (empty($statewithscopeonly) || empty($requestedpermissionsarray))) { - dol_syslog("state or statewithscopeonly and/or requestedpermissionsarray are empty"); - setEventMessages($langs->trans('ScopeUndefined'), null, 'errors'); - if (empty($backtourl)) { - $backtourl = DOL_URL_ROOT.'/'; - } - header('Location: '.$backtourl); - exit(); -} - @@ -119,4 +80,0 @@ - - -// Dolibarr storage -$storage = new DoliStorage($db, $conf, $keyforprovider); @@ -126,0 +85 @@ +/** @var $apiService Service */ @@ -132,0 +92 @@ +$apiService->setApprouvalPrompt('force'); @@ -134,6 +94 @@ -if (!getDolGlobalString($keyforparamid)) { - accessforbidden('Setup of service '.$keyforparamid.' is not complete. Customer ID is missing'); -} -if (!getDolGlobalString($keyforparamsecret)) { - accessforbidden('Setup of service '.$keyforparamid.' is not complete. Secret key is missing'); -} +$langs->load("oauth"); @@ -146,2 +100,0 @@ -if ($action == 'delete') { - $storage->clearToken('Google'); @@ -149 +102,3 @@ - setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); +if ($action == 'delete') +{ + $storage->clearToken('Google'); @@ -151,2 +106,4 @@ - header('Location: '.$backtourl); - exit(); + setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); + + header('Location: '.$backtourl); + exit(); @@ -155,2 +112,4 @@ -if (!GETPOST('code')) { - dol_syslog("Page is called without the 'code' parameter defined"); +if (!empty($_GET['code'])) // We are coming from oauth provider page +{ + dol_syslog("We are coming from the oauth provider page"); + //llxHeader('',$langs->trans("OAuthSetup")); @@ -158,5 +117,2 @@ - // If we enter this page without 'code' parameter, it means we click on the link from login page and we want to get the redirect - // to the OAuth provider login page. - $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; - $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider; - $_SESSION['oauthstateanticsrf'] = $state; + //$linkback=''.$langs->trans("BackToModuleList").''; + //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup'); @@ -164,17 +120,4 @@ - // Save more data into session - // Not required. All data are saved into $_SESSION['datafromloginform'] when form is posted with a click on Login with - // Google with param actionlogin=login and beforeoauthloginredirect=google, by the functions_googleoauth.php. - /* - if (!empty($_POST["tz"])) { - $_SESSION["tz"] = $_POST["tz"]; - } - if (!empty($_POST["tz_string"])) { - $_SESSION["tz_string"] = $_POST["tz_string"]; - } - if (!empty($_POST["dst_first"])) { - $_SESSION["dst_first"] = $_POST["dst_first"]; - } - if (!empty($_POST["dst_second"])) { - $_SESSION["dst_second"] = $_POST["dst_second"]; - } - */ + //dol_fiche_head(); + // retrieve the CSRF state parameter + $state = isset($_GET['state']) ? $_GET['state'] : null; + //print '
'; @@ -182,3 +125,5 @@ - if ($forlogin) { - $apiService->setApprouvalPrompt('force'); - } + // This was a callback request from service, get the token + try { + //var_dump($_GET['code']); + //var_dump($state); + //var_dump($apiService); // OAuth\OAuth2\Service\Google @@ -186,8 +131 @@ - // This may create record into oauth_state before the header redirect. - // Creation of record with state in this tables depend on the Provider used (see its constructor). - if ($state) { - $url = $apiService->getAuthorizationUri(array('state' => $state)); - } else { - $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated - } - // The redirect_uri is included into this $url + $token = $apiService->requestAccessToken($_GET['code'], $state); @@ -195,2 +133 @@ - // Add more param - $url .= '&nonce='.bin2hex(random_bytes(64/8)); + setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token @@ -198,3 +135,2 @@ - if ($forlogin) { - // TODO Add param hd. What is it for ? - //$url .= 'hd=xxx'; + $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; + unset($_SESSION["backtourlsavedbeforeoauthjump"]); @@ -202,3 +138,9 @@ - if (GETPOST('username')) { - $url .= '&login_hint='.urlencode(GETPOST('username')); - } + header('Location: '.$backtourl); + exit(); + } catch (Exception $e) { + print $e->getMessage(); + } +} +else // If entry on page with no parameter, we arrive here +{ + $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; @@ -206 +148,10 @@ - // Check that the redirect_uri that wil be used is same than url of current domain + // This may create record into oauth_state before the header redirect. + // Creation of record with state in this tables depend on the Provider used (see its constructor). + if (GETPOST('state')) + { + $url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state'))); + } + else + { + $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated + } @@ -208,173 +159,3 @@ - // Define $urlwithroot - global $dolibarr_main_url_root; - $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); - $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file - //$urlwithroot = DOL_MAIN_URL_ROOT; // This is to use same domain name than current - - include DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php'; - $currentrooturl = getRootURLFromURL(DOL_MAIN_URL_ROOT); - $externalrooturl = getRootURLFromURL($urlwithroot); - - if ($currentrooturl != $externalrooturl) { - $langs->load("errors"); - setEventMessages($langs->trans("ErrorTheUrlOfYourDolInstanceDoesNotMatchURLIntoOAuthSetup", $currentrooturl, $externalrooturl), null, 'errors'); - $url = DOL_URL_ROOT; - } - } - - // we go on oauth provider authorization page - header('Location: '.$url); - exit(); -} else { - // We are coming from the return of an OAuth2 provider page. - dol_syslog("We are coming from the oauth provider page keyforprovider=".$keyforprovider." code=".dol_trunc(GETPOST('code'), 5)); - - // We must validate that the $state is the same than the one into $_SESSION['oauthstateanticsrf'], return error if not. - if (isset($_SESSION['oauthstateanticsrf']) && $state != $_SESSION['oauthstateanticsrf']) { - //var_dump($_SESSION['oauthstateanticsrf']);exit; - print 'Value for state='.dol_escape_htmltag($state).' differs from value in $_SESSION["oauthstateanticsrf"]. Code is refused.'; - unset($_SESSION['oauthstateanticsrf']); - } else { - // This was a callback request from service, get the token - try { - //var_dump($state); - //var_dump($apiService); // OAuth\OAuth2\Service\Google - //dol_syslog("_GET=".var_export($_GET, true)); - - $errorincheck = 0; - - $db->begin(); - - // This requests the token from the received OAuth code (call of the https://oauth2.googleapis.com/token endpoint) - // Result is stored into object managed by class DoliStorage into includes/OAuth/Common/Storage/DoliStorage.php, so into table llx_oauth_token - $token = $apiService->requestAccessToken(GETPOST('code'), $state); - - // Note: The extraparams has the 'id_token' than contains a lot of information about the user. - $extraparams = $token->getExtraParams(); - $jwt = explode('.', $extraparams['id_token']); - - $username = ''; - $useremail = ''; - - // Extract the middle part, base64 decode, then json_decode it - if (!empty($jwt[1])) { - $userinfo = json_decode(base64_decode($jwt[1]), true); - - dol_syslog("userinfo=".var_export($userinfo, true)); - - $useremail = $userinfo['email']; - - /* - $useremailverified = $userinfo['email_verified']; - $useremailuniq = $userinfo['sub']; - $username = $userinfo['name']; - $userfamilyname = $userinfo['family_name']; - $usergivenname = $userinfo['given_name']; - $hd = $userinfo['hd']; - */ - - // We should make the steps of validation of id_token - - // Verify that the state is the one expected - // TODO - - // Verify that the ID token is properly signed by the issuer. Google-issued tokens are signed using one of the certificates found at the URI specified in the jwks_uri metadata value of the Discovery document. - // TODO - - // Verify that email is a verified email - /*if (empty($userinfo['email_verified'])) { - setEventMessages($langs->trans('Bad value for email, emai lwas not verified by Google'), null, 'errors'); - $errorincheck++; - }*/ - - // Verify that the value of the iss claim in the ID token is equal to https://accounts.google.com or accounts.google.com. - if ($userinfo['iss'] != 'accounts.google.com' && $userinfo['iss'] != 'https://accounts.google.com') { - setEventMessages($langs->trans('Bad value for returned userinfo[iss]'), null, 'errors'); - $errorincheck++; - } - - // Verify that the value of the aud claim in the ID token is equal to your app's client ID. - if ($userinfo['aud'] != getDolGlobalString($keyforparamid)) { - setEventMessages($langs->trans('Bad value for returned userinfo[aud]'), null, 'errors'); - $errorincheck++; - } - - // Verify that the expiry time (exp claim) of the ID token has not passed. - if ($userinfo['exp'] <= dol_now()) { - setEventMessages($langs->trans('Bad value for returned userinfo[exp]. Token expired.'), null, 'errors'); - $errorincheck++; - } - - // If you specified a hd parameter value in the request, verify that the ID token has a hd claim that matches an accepted G Suite hosted domain. - // $userinfo['hd'] is the domain name of Gmail account. - // TODO - } - - if (!$errorincheck) { - // If call back to url for a OAUTH2 login - if ($forlogin) { - dol_syslog("we received the login/email to log to, it is ".$useremail); - - $tmparray = (empty($_SESSION['datafromloginform']) ? array() : $_SESSION['datafromloginform']); - $entitytosearchuser = (isset($tmparray['entity']) ? $tmparray['entity'] : -1); - - // Delete the token - $storage->clearToken('Google'); - - $tmpuser = new User($db); - $res = $tmpuser->fetch(0, '', '', 0, $entitytosearchuser, $useremail, 0, 1); // Load user. Can load with email_oauth2. - - if ($res > 0) { - $username = $tmpuser->login; - - $_SESSION['googleoauth_receivedlogin'] = dol_hash($conf->file->instance_unique_id.$username, '0'); - dol_syslog('We set $_SESSION[\'googleoauth_receivedlogin\']='.$_SESSION['googleoauth_receivedlogin']); - } else { - $errormessage = "Failed to login using Google. User with the Email '".$useremail."' was not found"; - if ($entitytosearchuser > 0) { - $errormessage .= ' ('.$langs->trans("Entity").' '.$entitytosearchuser.')'; - } - $_SESSION["dol_loginmesg"] = $errormessage; - $errorincheck++; - - dol_syslog($errormessage); - } - } - } else { - // If call back to url for a OAUTH2 login - if ($forlogin) { - $_SESSION["dol_loginmesg"] = "Failed to login using Google. OAuth callback URL retreives a token with non valid data"; - $errorincheck++; - } - } - - if (!$errorincheck) { - $db->commit(); - } else { - $db->rollback(); - } - - $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; - unset($_SESSION["backtourlsavedbeforeoauthjump"]); - - if (empty($backtourl)) { - $backtourl = DOL_URL_ROOT.'/'; - } - - // If call back to this url was for a OAUTH2 login - if ($forlogin) { - // _SESSION['googleoauth_receivedlogin'] has been set to the key to validate the next test by function_googleoauth(), so we can make the redirect - $backtourl .= '?actionlogin=login&afteroauthloginreturn=1'.($username ? '&username='.urlencode($username) : '').'&token='.newToken(); - if (!empty($tmparray['entity'])) { - $backtourl .= '&entity='.$tmparray['entity']; - } - } - - dol_syslog("Redirect now on backtourl=".$backtourl); - - header('Location: '.$backtourl); - exit(); - } catch (Exception $e) { - print $e->getMessage(); - } - } + // we go on oauth provider authorization page + header('Location: '.$url); + exit(); @@ -388 +169 @@ -// No view at all, just actions, so we reach this line only on error. +// No view at all, just actions --- /tmp/dsg/dolibarr/htdocs/core/modules/oauth/github_19.0.3_stripelive_oauthcallback.php +++ /tmp/dsg/dolibarr/htdocs/core/modules/oauth/client_stripelive_oauthcallback.php @@ -2 +2 @@ -/* Copyright (C) 2022 Laurent Destailleur +/* @@ -25 +24,0 @@ -// Load Dolibarr environment @@ -38 +37,2 @@ -$action = GETPOST('action', 'aZ09'); + +$action = GETPOST('action', 'alpha'); @@ -40,4 +39,0 @@ -$keyforprovider = GETPOST('keyforprovider', 'aZ09'); -if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) { - $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"]; -} @@ -59 +55 @@ -/** @var \OAuth\ServiceFactory $serviceFactory An OAuth service factory. */ +/** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */ @@ -68 +64 @@ -$storage = new DoliStorage($db, $conf, $keyforprovider); +$storage = new DoliStorage($db, $conf); @@ -71,2 +66,0 @@ -$keyforparamid = 'OAUTH_STRIPE_LIVE'.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; -$keyforparamsecret = 'OAUTH_STRIPE_LIVE'.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET'; @@ -74,3 +68,3 @@ - getDolGlobalString($keyforparamid), - getDolGlobalString($keyforparamsecret), - $currentUri->getAbsoluteUri() + $conf->global->OAUTH_STRIPE_LIVE_ID, + $conf->global->STRIPE_LIVE_SECRET_KEY, + $currentUri->getAbsoluteUri() @@ -80,3 +74 @@ -if (GETPOST('state')) { - $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to retrieve some parameters back -} +if (GETPOST('state')) $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to retrieve some parameters back @@ -85,2 +77,2 @@ - print 'Error, parameter state is not defined'; - exit; + print 'Error, parameter state is not defined'; + exit; @@ -90,0 +83 @@ +/** @var $apiService Service */ @@ -93,2 +86 @@ -$servicesuffix = ($keyforprovider ? '-'.$keyforprovider : ''); -$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token SET service = 'StripeLive".$db->escape($servicesuffix)."', entity = ".((int) $conf->entity); +$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token set service='StripeLive', entity=".$conf->entity; @@ -102,7 +93,0 @@ -if (!getDolGlobalString($keyforparamid)) { - accessforbidden('Setup of service is not complete. Customer ID is missing'); -} -if (!getDolGlobalString($keyforparamsecret)) { - accessforbidden('Setup of service is not complete. Secret key is missing'); -} - @@ -115,2 +100,3 @@ -if ($action == 'delete') { - $storage->clearToken('StripeLive'); +if ($action == 'delete') +{ + $storage->clearToken('StripeLive'); @@ -118 +104 @@ - setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); + setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); @@ -120,6 +106,2 @@ - if (empty($backtourl)) { - $backtourl = DOL_URL_ROOT.'/'; - } - - header('Location: '.$backtourl); - exit(); + header('Location: '.$backtourl); + exit(); @@ -128 +110,2 @@ -if (GETPOST('code')) { // We are coming from oauth provider page +if (!empty($_GET['code'])) // We are coming from oauth provider page +{ @@ -132 +115,2 @@ - dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)); + dol_syslog("We are coming from the oauth provider page"); + //llxHeader('',$langs->trans("OAuthSetup")); @@ -134,4 +118,2 @@ - // This was a callback request from service, get the token - try { - //var_dump($state); - //var_dump($apiService); // OAuth\OAuth2\Service\Stripe + //$linkback=''.$langs->trans("BackToModuleList").''; + //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup'); @@ -139,3 +121,4 @@ - //$token = $apiService->requestAccessToken(GETPOST('code'), $state); - $token = $apiService->requestAccessToken(GETPOST('code')); - // Stripe is a service that does not need state to be stored as second paramater of requestAccessToken + //dol_fiche_head(); + // retrieve the CSRF state parameter + $state = isset($_GET['state']) ? $_GET['state'] : null; + //print '
'; @@ -143 +126,5 @@ - setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token + // This was a callback request from service, get the token + try { + //var_dump($_GET['code']); + //var_dump($state); + //var_dump($apiService); // OAuth\OAuth2\Service\GitHub @@ -145,2 +132,6 @@ - $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; - unset($_SESSION["backtourlsavedbeforeoauthjump"]); + //$token = $apiService->requestAccessToken($_GET['code'], $state); + $token = $apiService->requestAccessToken($_GET['code']); + // Github is a service that does not need state to be stored. + // Into constructor of GitHub, the call + // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri) + // has not the ending parameter to true like the Google class constructor. @@ -148,9 +139 @@ - header('Location: '.$backtourl); - exit(); - } catch (Exception $e) { - print $e->getMessage(); - } -} else { // If entry on page with no parameter, we arrive here - $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; - $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider; - $_SESSION['oauthstateanticsrf'] = $state; + setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token @@ -158,9 +141,2 @@ - // This may create record into oauth_state before the header redirect. - // Creation of record with state in this tables depend on the Provider used (see its constructor). - if (GETPOST('state')) { - $url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state'))); - } else { - //$url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated - //https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_AX27ut70tJ1j6eyFCV3ObEXhNOo2jY6V&scope=read_write - $url = 'https://connect.stripe.com/oauth/authorize?response_type=code&client_id=' . getDolGlobalString($keyforparamid).'&scope=read_write'; - } + $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; + unset($_SESSION["backtourlsavedbeforeoauthjump"]); @@ -168,3 +144,9 @@ - if (empty($url)) { - $url = DOL_URL_ROOT.'/'; - } + header('Location: '.$backtourl); + exit(); + } catch (Exception $e) { + print $e->getMessage(); + } +} +else // If entry on page with no parameter, we arrive here +{ + $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; @@ -172,3 +154,16 @@ - // we go on oauth provider authorization page - header('Location: '.$url); - exit(); + // This may create record into oauth_state before the header redirect. + // Creation of record with state in this tables depend on the Provider used (see its constructor). + if (GETPOST('state')) + { + $url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state'))); + } + else + { + //$url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated + //https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_AX27ut70tJ1j6eyFCV3ObEXhNOo2jY6V&scope=read_write + $url = 'https://connect.stripe.com/oauth/authorize?response_type=code&client_id='.$conf->global->OAUTH_STRIPE_LIVE_ID.'&scope=read_write'; + } + + // we go on oauth provider authorization page + header('Location: '.$url); + exit(); --- /tmp/dsg/dolibarr/htdocs/core/modules/oauth/github_19.0.3_stripetest_oauthcallback.php +++ /tmp/dsg/dolibarr/htdocs/core/modules/oauth/client_stripetest_oauthcallback.php @@ -2 +2 @@ -/* Copyright (C) 2022 Laurent Destailleur +/* @@ -25 +24,0 @@ -// Load Dolibarr environment @@ -38 +37,2 @@ -$action = GETPOST('action', 'aZ09'); + +$action = GETPOST('action', 'alpha'); @@ -40,4 +39,0 @@ -$keyforprovider = GETPOST('keyforprovider', 'aZ09'); -if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) { - $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"]; -} @@ -59 +55 @@ -/** @var \OAuth\ServiceFactory $serviceFactory An OAuth service factory. */ +/** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */ @@ -68 +64 @@ -$storage = new DoliStorage($db, $conf, $keyforprovider); +$storage = new DoliStorage($db, $conf); @@ -71,2 +66,0 @@ -$keyforparamid = 'OAUTH_STRIPE_TEST'.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; -$keyforparamsecret = 'OAUTH_STRIPE_TEST'.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET'; @@ -74,2 +68,2 @@ - getDolGlobalString($keyforparamid), - getDolGlobalString($keyforparamsecret), + $conf->global->OAUTH_STRIPE_TEST_ID, + $conf->global->STRIPE_TEST_SECRET_KEY, @@ -80,3 +74 @@ -if (GETPOST('state')) { - $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to retrieve some parameters back -} +if (GETPOST('state')) $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to retrieve some parameters back @@ -85,2 +77,2 @@ - print 'Error, parameter state is not defined'; - exit; + print 'Error, parameter state is not defined'; + exit; @@ -90,0 +83 @@ +/** @var $apiService Service */ @@ -93,2 +86 @@ -$servicesuffix = ($keyforprovider ? '-'.$keyforprovider : ''); -$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token SET service = 'StripeTest".$db->escape($servicesuffix)."', entity = ".((int) $conf->entity); +$sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token set service='StripeTest', entity=".$conf->entity; @@ -102,7 +93,0 @@ -if (!getDolGlobalString($keyforparamid)) { - accessforbidden('Setup of service is not complete. Customer ID is missing'); -} -if (!getDolGlobalString($keyforparamsecret)) { - accessforbidden('Setup of service is not complete. Secret key is missing'); -} - @@ -115 +100,2 @@ -if ($action == 'delete') { +if ($action == 'delete') +{ @@ -124 +110,2 @@ -if (GETPOST('code')) { // We are coming from oauth provider page +if (!empty($_GET['code'])) // We are coming from oauth provider page +{ @@ -128 +115,10 @@ - dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)); + dol_syslog("We are coming from the oauth provider page"); + //llxHeader('',$langs->trans("OAuthSetup")); + + //$linkback=''.$langs->trans("BackToModuleList").''; + //print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup'); + + //dol_fiche_head(); + // retrieve the CSRF state parameter + $state = isset($_GET['state']) ? $_GET['state'] : null; + //print '
'; @@ -131,0 +128 @@ + //var_dump($_GET['code']); @@ -133 +130 @@ - //var_dump($apiService); // OAuth\OAuth2\Service\Stripe + //var_dump($apiService); // OAuth\OAuth2\Service\GitHub @@ -135,3 +132,6 @@ - //$token = $apiService->requestAccessToken(GETPOST('code'), $state); - $token = $apiService->requestAccessToken(GETPOST('code')); - // Stripe is a service that does not need state to be stored as second paramater of requestAccessToken + //$token = $apiService->requestAccessToken($_GET['code'], $state); + $token = $apiService->requestAccessToken($_GET['code']); + // Github is a service that does not need state to be stored. + // Into constructor of GitHub, the call + // parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri) + // has not the ending parameter to true like the Google class constructor. @@ -144,4 +143,0 @@ - if (empty($backtourl)) { - $backtourl = DOL_URL_ROOT.'/'; - } - @@ -153 +149,3 @@ -} else { // If entry on page with no parameter, we arrive here +} +else // If entry on page with no parameter, we arrive here +{ @@ -155,2 +152,0 @@ - $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider; - $_SESSION['oauthstateanticsrf'] = $state; @@ -160 +156,2 @@ - if (GETPOST('state')) { + if (GETPOST('state')) + { @@ -162 +159,3 @@ - } else { + } + else + { @@ -165,5 +164 @@ - $url = 'https://connect.stripe.com/oauth/authorize?response_type=code&client_id=' . getDolGlobalString($keyforparamid).'&scope=read_write'; - } - - if (empty($url)) { - $url = DOL_URL_ROOT.'/'; + $url = 'https://connect.stripe.com/oauth/authorize?response_type=code&client_id='.$conf->global->OAUTH_STRIPE_TEST_ID.'&scope=read_write';