dolibarr  x.y.z
oauth.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2015-2018 Frederic France <frederic.france@netlogic.fr>
3  * Copyright (C) 2016 RaphaĆ«l Doursenaud <rdoursenaud@gpcsolutions.fr>
4  * Copyright (C) 2022 Laurent Destailleur <eldy@users.sourceforge.net>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <https://www.gnu.org/licenses/>.
18  */
19 
27 // Load Dolibarr environment
28 require '../main.inc.php';
29 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
30 require_once DOL_DOCUMENT_ROOT.'/core/lib/oauth.lib.php';
31 
32 // $supportedoauth2array is defined into oauth.lib.php
33 
34 // Define $urlwithroot
35 $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
36 $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
37 //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
38 
39 // Load translation files required by the page
40 $langs->loadLangs(array('admin', 'oauth', 'modulebuilder'));
41 
42 // Security check
43 if (!$user->admin) {
44  accessforbidden();
45 }
46 
47 $action = GETPOST('action', 'aZ09');
48 $provider = GETPOST('provider', 'aZ09');
49 $label = GETPOST('label', 'aZ09');
50 
51 $error = 0;
52 
53 
54 /*
55  * Actions
56  */
57 
58 if ($action == 'add') { // $provider is OAUTH_XXX
59  if ($provider && $provider != '-1') {
60  $constname = strtoupper($provider).($label ? '-'.$label : '').'_ID';
61 
62  if (getDolGlobalString($constname)) {
63  setEventMessages($langs->trans("AOAuthEntryForThisProviderAndLabelAlreadyHasAKey"), null, 'errors');
64  $error++;
65  } else {
66  dolibarr_set_const($db, $constname, $langs->trans('ToComplete'), 'chaine', 0, '', $conf->entity);
67  setEventMessages($langs->trans("OAuthProviderAdded"), null);
68  }
69  }
70 }
71 if ($action == 'update') {
72  foreach ($conf->global as $key => $val) {
73  if (!empty($val) && preg_match('/^OAUTH_.+_ID$/', $key)) {
74  $constvalue = str_replace('_ID', '', $key);
75  if (!dolibarr_set_const($db, $constvalue.'_ID', GETPOST($constvalue.'_ID'), 'chaine', 0, '', $conf->entity)) {
76  $error++;
77  }
78  // If we reset this provider, we also remove the secret
79  if (!dolibarr_set_const($db, $constvalue.'_SECRET', GETPOST($constvalue.'_ID') ? GETPOST($constvalue.'_SECRET') : '', 'chaine', 0, '', $conf->entity)) {
80  $error++;
81  }
82  if (GETPOSTISSET($constvalue.'_URLAUTHORIZE')) {
83  if (!dolibarr_set_const($db, $constvalue.'_URLAUTHORIZE', GETPOST($constvalue.'_URLAUTHORIZE'), 'chaine', 0, '', $conf->entity)) {
84  $error++;
85  }
86  }
87  if (GETPOSTISSET($constvalue.'_SCOPE')) {
88  if (is_array(GETPOST($constvalue.'_SCOPE'))) {
89  $scopestring = implode(',', GETPOST($constvalue.'_SCOPE'));
90  } else {
91  $scopestring = GETPOST($constvalue.'_SCOPE');
92  }
93  if (!dolibarr_set_const($db, $constvalue.'_SCOPE', $scopestring, 'chaine', 0, '', $conf->entity)) {
94  $error++;
95  }
96  } else {
97  if (!dolibarr_set_const($db, $constvalue.'_SCOPE', '', 'chaine', 0, '', $conf->entity)) {
98  $error++;
99  }
100  }
101  }
102  }
103 
104 
105  if (!$error) {
106  setEventMessages($langs->trans("SetupSaved"), null);
107  } else {
108  setEventMessages($langs->trans("Error"), null, 'errors');
109  }
110 }
111 
112 if ($action == 'confirm_delete') {
113  $provider = GETPOST('provider', 'aZ09');
114  $label = GETPOST('label');
115 
116  $globalkey = empty($provider) ? $label : $label.'-'.$provider;
117 
118  if (getDolGlobalString($globalkey.'_ID') && getDolGlobalString($globalkey.'_SECRET')) { // If ID and secret exist, we delete first the token
119  $backtourl = DOL_URL_ROOT.'/admin/oauth.php?action=delete_entry&provider='.$provider.'&label='.$label.'&token='.newToken();
120  $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
121  $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT;
122  $callbacktodel = $urlwithroot;
123  if ($label == 'OAUTH_GOOGLE') {
124  $callbacktodel .= '/core/modules/oauth/google_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
125  } elseif ($label == 'OAUTH_GITHUB') {
126  $callbacktodel .= '/core/modules/oauth/github_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
127  } elseif ($label == 'OAUTH_STRIPE_LIVE') {
128  $callbacktodel .= '/core/modules/oauth/stripelive_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
129  } elseif ($label == 'OAUTH_STRIPE_TEST') {
130  $callbacktodel .= '/core/modules/oauth/stripetest_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
131  } elseif ($label == 'OAUTH_OTHER') {
132  $callbacktodel .= '/core/modules/oauth/generic_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
133  }
134  header("Location: ".$callbacktodel);
135  exit;
136  } else {
137  $action = 'delete_entry';
138  }
139 }
140 
141 if ($action == 'delete_entry') {
142  $provider = GETPOST('provider', 'aZ09');
143  $label = GETPOST('label');
144 
145  $globalkey = empty($provider) ? $label : $label.'-'.$provider;
146 
147  if (!dolibarr_del_const($db, $globalkey.'_NAME', $conf->entity) || !dolibarr_del_const($db, $globalkey.'_ID', $conf->entity) || !dolibarr_del_const($db, $globalkey.'_SECRET', $conf->entity) || !dolibarr_del_const($db, $globalkey.'_URLAUTHORIZE', $conf->entity) || !dolibarr_del_const($db, $globalkey.'_SCOPE', $conf->entity)) {
148  setEventMessages($langs->trans("ErrorInEntryDeletion"), null, 'errors');
149  $error++;
150  } else {
151  setEventMessages($langs->trans("EntryDeleted"), null);
152  }
153 }
154 
155 /*
156  * View
157  */
158 
159 llxHeader();
160 
161 $form = new Form($db);
162 // Confirmation of action process
163 if ($action == 'delete') {
164  $formquestion = array();
165  $formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?provider='.GETPOST('provider').'&label='.GETPOST('label'), $langs->trans('OAuthServiceConfirmDeleteTitle'), $langs->trans('OAuthServiceConfirmDeleteMessage'), 'confirm_delete', $formquestion, 0, 1, 220);
166  print $formconfirm;
167 }
168 
169 
170 $linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
171 print load_fiche_titre($langs->trans('ConfigOAuth'), $linkback, 'title_setup');
172 
173 print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
174 print '<input type="hidden" name="token" value="'.newToken().'">';
175 print '<input type="hidden" name="action" value="add">';
176 
177 $head = oauthadmin_prepare_head();
178 
179 print dol_get_fiche_head($head, 'services', '', -1, '');
180 
181 
182 print '<span class="opacitymedium">'.$langs->trans("ListOfSupportedOauthProviders").'</span><br><br>';
183 
184 
185 print '<select name="provider" id="provider" class="minwidth150">';
186 print '<option name="-1" value="-1">'.$langs->trans("OAuthProvider").'</option>';
187 foreach ($list as $key) {
188  $supported = 0;
189  $keyforsupportedoauth2array = $key[0];
190 
191  if (in_array($keyforsupportedoauth2array, array_keys($supportedoauth2array))) {
192  $supported = 1;
193  }
194  if (!$supported) {
195  continue; // show only supported
196  }
197 
198  $i++;
199  print '<option name="'.$keyforsupportedoauth2array.'" value="'.str_replace('_NAME', '', $keyforsupportedoauth2array).'">'.$supportedoauth2array[$keyforsupportedoauth2array]['name'].'</option>'."\n";
200 }
201 print '</select>';
202 print ajax_combobox('provider');
203 print ' <input type="text" name="label" value="" placeholder="'.$langs->trans("Label").'" pattern="^\S+$" title="'.$langs->trans("SpaceOrSpecialCharAreNotAllowed").'">';
204 print ' <input type="submit" class="button small" name="add" value="'.$langs->trans("Add").'">';
205 
206 print '<br>';
207 print '<br>';
208 
209 print dol_get_fiche_end();
210 
211 print '</form>';
212 
213 $listinsetup = [];
214 // Define $listinsetup
215 foreach ($conf->global as $key => $val) {
216  if (!empty($val) && preg_match('/^OAUTH_.*_ID$/', $key)) {
217  $provider = preg_replace('/_ID$/', '', $key);
218  $listinsetup[] = array(
219  $provider.'_NAME',
220  $provider.'_ID',
221  $provider.'_SECRET',
222  $provider.'_URLAUTHORIZE', // For custom oauth links
223  $provider.'_SCOPE' // For custom oauth links
224  );
225  }
226 }
227 
228 
229 if (count($listinsetup) > 0) {
230  print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
231  print '<input type="hidden" name="token" value="'.newToken().'">';
232  print '<input type="hidden" name="action" value="update">';
233 
234  print '<div class="div-table-responsive-no-min">';
235 
236  $i = 0;
237 
238  // $list is defined into oauth.lib.php to the list of supporter OAuth providers.
239  foreach ($listinsetup as $key) {
240  $supported = 0;
241  $keyforsupportedoauth2array = $key[0]; // May be OAUTH_GOOGLE_NAME or OAUTH_GOOGLE_xxx_NAME
242  $keyforsupportedoauth2array = preg_replace('/^OAUTH_/', '', $keyforsupportedoauth2array);
243  $keyforsupportedoauth2array = preg_replace('/_NAME$/', '', $keyforsupportedoauth2array);
244  if (preg_match('/^.*-/', $keyforsupportedoauth2array)) {
245  $keyforprovider = preg_replace('/^.*-/', '', $keyforsupportedoauth2array);
246  } else {
247  $keyforprovider = '';
248  }
249  $keyforsupportedoauth2array = preg_replace('/-.*$/', '', $keyforsupportedoauth2array);
250  $keyforsupportedoauth2array = 'OAUTH_'.$keyforsupportedoauth2array.'_NAME';
251 
252  if (in_array($keyforsupportedoauth2array, array_keys($supportedoauth2array))) {
253  $supported = 1;
254  }
255  if (!$supported) {
256  continue; // show only supported
257  }
258 
259  $i++;
260 
261  print '<table class="noborder centpercent">';
262 
263  // OAUTH service name
264  $label = $langs->trans($keyforsupportedoauth2array);
265  print '<tr class="liste_titre'.($i > 1 ? ' liste_titre_add' : '').'">';
266  print '<td class="titlefieldcreate">';
267  print img_picto('', $supportedoauth2array[$keyforsupportedoauth2array]['picto'], 'class="pictofixedwidth"');
268  if ($label == $keyforsupportedoauth2array) {
269  print $supportedoauth2array[$keyforsupportedoauth2array]['name'];
270  } else {
271  print $label;
272  }
273  if ($keyforprovider) {
274  print ' (<b>'.$keyforprovider.'</b>)';
275  } else {
276  print ' (<b>'.$langs->trans("NoName").'</b>)';
277  }
278  print '</td>';
279  print '<td>';
280  if (!empty($supportedoauth2array[$keyforsupportedoauth2array]['urlforcredentials'])) {
281  print $langs->trans("OAUTH_URL_FOR_CREDENTIAL", $supportedoauth2array[$keyforsupportedoauth2array]['urlforcredentials']);
282  }
283  print '</td>';
284 
285  // Delete
286  print '<td>';
287  $label = preg_replace('/_NAME$/', '', $keyforsupportedoauth2array);
288  print '<a href="'.$_SERVER["PHP_SELF"].'?action=delete&token='.newToken().'&provider='.urlencode($keyforprovider).'&label='.urlencode($label).'">';
289  print img_picto('', 'delete');
290  print '</a>';
291 
292  print '</form>';
293  print '</td>';
294 
295  print '</tr>';
296 
297  if ($supported) {
298  $redirect_uri = $urlwithroot.'/core/modules/oauth/'.$supportedoauth2array[$keyforsupportedoauth2array]['callbackfile'].'_oauthcallback.php';
299  print '<tr class="oddeven value">';
300  print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
301  print '<td><input style="width: 80%" type="text" name="uri'.$keyforsupportedoauth2array.'" id="uri'.$keyforsupportedoauth2array.$keyforprovider.'" value="'.$redirect_uri.'" disabled>';
302  print ajax_autoselect('uri'.$keyforsupportedoauth2array.$keyforprovider);
303  print '</td>';
304  print '<td></td>';
305  print '</tr>';
306 
307  if ($keyforsupportedoauth2array == 'OAUTH_OTHER_NAME') {
308  print '<tr class="oddeven value">';
309  print '<td>'.$langs->trans("URLOfServiceForAuthorization").'</td>';
310  print '<td><input style="width: 80%" type="text" name="'.$key[3].'" value="'.getDolGlobalString($key[3]).'" >';
311  print '</td>';
312  print '<td></td>';
313  print '</tr>';
314  }
315  } else {
316  print '<tr class="oddeven value">';
317  print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
318  print '<td>'.$langs->trans("FeatureNotYetSupported").'</td>';
319  print '</td>';
320  print '<td></td>';
321  print '</tr>';
322  }
323 
324  // Api Id
325  print '<tr class="oddeven value">';
326  print '<td><label for="'.$key[1].'">'.$langs->trans("OAUTH_ID").'</label></td>';
327  print '<td><input type="text" size="100" id="'.$key[1].'" name="'.$key[1].'" value="'.getDolGlobalString($key[1]).'">';
328  print '</td>';
329  print '<td></td>';
330  print '</tr>';
331 
332  // Api Secret
333  print '<tr class="oddeven value">';
334  print '<td><label for="'.$key[2].'">'.$langs->trans("OAUTH_SECRET").'</label></td>';
335  print '<td><input type="password" size="100" id="'.$key[2].'" name="'.$key[2].'" value="'.getDolGlobalString($key[2]).'">';
336  print '</td>';
337  print '<td></td>';
338  print '</tr>';
339 
340  // TODO Move this into token generation ?
341  if ($supported) {
342  if ($keyforsupportedoauth2array == 'OAUTH_OTHER_NAME') {
343  print '<tr class="oddeven value">';
344  print '<td>'.$langs->trans("Scopes").'</td>';
345  print '<td>';
346  print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
347  print '</td>';
348  print '<td></td>';
349  print '</tr>';
350  } else {
351  $availablescopes = array_flip(explode(',', $supportedoauth2array[$keyforsupportedoauth2array]['availablescopes']));
352  $currentscopes = explode(',', getDolGlobalString($key[4]));
353  $scopestodispay = array();
354  foreach ($availablescopes as $keyscope => $valscope) {
355  if (in_array($keyscope, $currentscopes)) {
356  $scopestodispay[$keyscope] = 1;
357  } else {
358  $scopestodispay[$keyscope] = 0;
359  }
360  }
361  // Api Scope
362  print '<tr class="oddeven value">';
363  print '<td>'.$langs->trans("Scopes").'</td>';
364  print '<td>';
365  foreach ($scopestodispay as $scope => $val) {
366  print '<input type="checkbox" id="'.$keyforprovider.$scope.'" name="'.$key[4].'[]" value="'.$scope.'"'.($val ? ' checked' : '').'>';
367  print '<label style="margin-right: 10px" for="'.$keyforprovider.$scope.'">'.$scope.'</label>';
368  }
369  print '</td>';
370  print '<td></td>';
371  print '</tr>';
372  }
373  } else {
374  print '<tr class="oddeven value">';
375  print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
376  print '<td>'.$langs->trans("FeatureNotYetSupported").'</td>';
377  print '</td>';
378  print '<td></td>';
379  print '</tr>';
380  }
381 
382  print '</table>'."\n";
383 
384  print '<br>';
385  }
386 
387  print '</div>';
388 
389  print $form->buttonsSaveCancel("Modify", '');
390 
391  print '</form>';
392 }
393 
394 // End of page
395 llxFooter();
396 $db->close();
dolibarr_set_const
dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $note='', $entity=1)
Insert a parameter (key,value) into database (delete old key then insert it again).
Definition: admin.lib.php:632
dolibarr_del_const
dolibarr_del_const($db, $name, $entity=1)
Delete a constant.
Definition: admin.lib.php:556
ajax_combobox
ajax_combobox($htmlname, $events=array(), $minLengthToAutocomplete=0, $forcefocus=0, $widthTypeOfAutocomplete='resolve', $idforemptyvalue='-1', $morecss='')
Convert a html select field into an ajax combobox.
Definition: ajax.lib.php:449
llxHeader
if(!defined('NOREQUIRESOC')) if(!defined('NOREQUIRETRAN')) if(!defined('NOTOKENRENEWAL')) if(!defined('NOREQUIREMENU')) if(!defined('NOREQUIREHTML')) if(!defined('NOREQUIREAJAX')) llxHeader()
Empty header.
Definition: wrapper.php:56
llxFooter
llxFooter()
Empty footer.
Definition: wrapper.php:70
Form
Class to manage generation of HTML components Only common components must be here.
Definition: html.form.class.php:53
$form
if($cancel &&! $id) if($action=='add' &&! $cancel) if($action=='delete') if($id) $form
Actions.
Definition: card.php:143
load_fiche_titre
load_fiche_titre($titre, $morehtmlright='', $picto='generic', $pictoisfullpath=0, $id='', $morecssontable='', $morehtmlcenter='')
Load a title with picto.
Definition: functions.lib.php:5323
dol_get_fiche_head
dol_get_fiche_head($links=array(), $active='', $title='', $notab=0, $picto='', $pictoisfullpath=0, $morehtmlright='', $morecss='', $limittoshow=0, $moretabssuffix='')
Show tabs of a record.
Definition: functions.lib.php:1841
dol_get_fiche_end
dol_get_fiche_end($notab=0)
Return tab footer of a card.
Definition: functions.lib.php:2037
setEventMessages
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='')
Set event messages in dol_events session object.
Definition: functions.lib.php:8418
img_picto
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
Definition: functions.lib.php:3989
ajax_autoselect
ajax_autoselect($htmlname, $addlink='', $textonlink='Link')
Make content of an input box selected when we click into input field.
Definition: functions.lib.php:9985
newToken
newToken()
Return the value of token currently saved into session with name 'newtoken'.
Definition: functions.lib.php:11192
GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:517
getDolGlobalString
if(!function_exists('utf8_encode')) if(!function_exists('utf8_decode')) getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition: functions.lib.php:82
GETPOSTISSET
GETPOSTISSET($paramname)
Return true if we are in a context of submitting the parameter $paramname from a POST of a form.
Definition: functions.lib.php:418
$formconfirm
$formconfirm
if ($action == 'delbookkeepingyear') {
Definition: listbyaccount.php:634
oauthadmin_prepare_head
oauthadmin_prepare_head()
Return array of tabs to used on pages to setup cron module.
Definition: oauth.lib.php:278
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1084
Generated on Wed Jan 4 2023 18:05:13 for dolibarr by Doxygen 1.9.1