2024-09-06 20:28:06 +08:00

500 lines
19 KiB
PHP

<?php
/* Copyright (C) 2015-2018 Frederic France <frederic.france@netlogic.fr>
* Copyright (C) 2016 Raphaël Doursenaud <rdoursenaud@gpcsolutions.fr>
* Copyright (C) 2022 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/admin/oauth.php
* \ingroup oauth
* \brief Setup page to configure oauth access api
*/
// Load Dolibarr environment
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/oauth.lib.php';
$supportedoauth2array = getSupportedOauth2Array();
// Define $urlwithroot
$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
// Load translation files required by the page
$langs->loadLangs(array('admin', 'oauth', 'modulebuilder'));
// Security check
if (!$user->admin) {
accessforbidden();
}
$action = GETPOST('action', 'aZ09');
$provider = GETPOST('provider', 'aZ09');
$label = GETPOST('label', 'aZ09');
$servicetoeditname = GETPOST('servicetoeditname', 'aZ09');
$error = 0;
/*
* Actions
*/
if ($action == 'add') { // $provider is OAUTH_XXX
if ($provider && $provider != '-1') {
$constname = strtoupper($provider).($label ? '-'.$label : '').'_ID';
if (getDolGlobalString($constname)) {
setEventMessages($langs->trans("AOAuthEntryForThisProviderAndLabelAlreadyHasAKey"), null, 'errors');
$error++;
} else {
dolibarr_set_const($db, $constname, $langs->trans('ToComplete'), 'chaine', 0, '', $conf->entity);
setEventMessages($langs->trans("OAuthProviderAdded"), null);
}
}
}
if ($action == 'update') {
foreach ($conf->global as $key => $val) {
if (!empty($val) && preg_match('/^OAUTH_.+_ID$/', $key)) {
$constvalue = str_replace('_ID', '', $key);
$newconstvalue = $constvalue;
if (GETPOSTISSET($constvalue.'_NAME')) {
$newconstvalue = preg_replace('/-.*$/', '', $constvalue).'-'.GETPOST($constvalue.'_NAME');
}
if (GETPOSTISSET($constvalue.'_ID')) {
if (!dolibarr_set_const($db, $newconstvalue.'_ID', GETPOST($constvalue.'_ID'), 'chaine', 0, '', $conf->entity)) {
$error++;
}
}
// If we reset this provider, we also remove the secret
if (GETPOSTISSET($constvalue.'_SECRET')) {
if (!dolibarr_set_const($db, $newconstvalue.'_SECRET', GETPOST($constvalue.'_ID') ? GETPOST($constvalue.'_SECRET') : '', 'chaine', 0, '', $conf->entity)) {
$error++;
}
}
if (GETPOSTISSET($constvalue.'_URL')) {
if (!dolibarr_set_const($db, $newconstvalue.'_URL', GETPOST($constvalue.'_URL'), 'chaine', 0, '', $conf->entity)) {
$error++;
}
}
if (GETPOSTISSET($constvalue.'_URLAUTHORIZE')) {
if (!dolibarr_set_const($db, $newconstvalue.'_URLAUTHORIZE', GETPOST($constvalue.'_URLAUTHORIZE'), 'chaine', 0, '', $conf->entity)) {
$error++;
}
}
if (GETPOSTISSET($constvalue.'_TENANT')) {
if (!dolibarr_set_const($db, $constvalue.'_TENANT', GETPOST($constvalue.'_TENANT'), 'chaine', 0, '', $conf->entity)) {
$error++;
}
}
if (GETPOSTISSET($constvalue.'_SCOPE')) {
if (is_array(GETPOST($constvalue.'_SCOPE'))) {
$scopestring = implode(',', GETPOST($constvalue.'_SCOPE'));
} else {
$scopestring = GETPOST($constvalue.'_SCOPE');
}
if (!dolibarr_set_const($db, $newconstvalue.'_SCOPE', $scopestring, 'chaine', 0, '', $conf->entity)) {
$error++;
}
} elseif ($newconstvalue !== $constvalue) {
if (!dolibarr_set_const($db, $newconstvalue.'_SCOPE', '', 'chaine', 0, '', $conf->entity)) {
$error++;
}
}
// If name changed, we have to delete old const and proceed few other changes
if ($constvalue !== $newconstvalue) {
dolibarr_del_const($db, $constvalue.'_ID', $conf->entity);
dolibarr_del_const($db, $constvalue.'_SECRET', $conf->entity);
dolibarr_del_const($db, $constvalue.'_URL', $conf->entity);
dolibarr_del_const($db, $constvalue.'_URLAUTHORIZE', $conf->entity);
dolibarr_del_const($db, $constvalue.'_SCOPE', $conf->entity);
// Update name of token
$oldname = preg_replace('/^OAUTH_/', '', $constvalue);
$oldprovider = ucfirst(strtolower(preg_replace('/-.*$/', '', $oldname)));
$oldlabel = preg_replace('/^.*-/', '', $oldname);
$newlabel = preg_replace('/^.*-/', '', $newconstvalue);
$sql = "UPDATE ".MAIN_DB_PREFIX."oauth_token";
$sql.= " SET service = '".$db->escape($oldprovider."-".$newlabel)."'";
$sql.= " WHERE service = '".$db->escape($oldprovider."-".$oldlabel)."'";
$resql = $db->query($sql);
if (!$resql) {
$error++;
}
// Update other const that was using the renamed key as token (might not be exhaustive)
if (getDolGlobalString('MAIN_MAIL_SMTPS_OAUTH_SERVICE') == $oldname) {
if (!dolibarr_set_const($db, 'MAIN_MAIL_SMTPS_OAUTH_SERVICE', strtoupper($oldprovider).'-'.$newlabel, 'chaine', 0, '', $conf->entity)) {
$error++;
}
}
}
}
}
if (!$error) {
setEventMessages($langs->trans("SetupSaved"), null);
} else {
setEventMessages($langs->trans("Error"), null, 'errors');
}
}
if ($action == 'confirm_delete') {
$provider = GETPOST('provider', 'aZ09');
$label = GETPOST('label');
$globalkey = empty($provider) ? $label : $label.'-'.$provider;
if (getDolGlobalString($globalkey.'_ID') && getDolGlobalString($globalkey.'_SECRET')) { // If ID and secret exist, we delete first the token
$backtourl = DOL_URL_ROOT.'/admin/oauth.php?action=delete_entry&provider='.$provider.'&label='.$label.'&token='.newToken();
$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT;
$callbacktodel = $urlwithroot;
if ($label == 'OAUTH_GOOGLE') {
$callbacktodel .= '/core/modules/oauth/google_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
} elseif ($label == 'OAUTH_GITHUB') {
$callbacktodel .= '/core/modules/oauth/github_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
} elseif ($label == 'OAUTH_STRIPE_LIVE') {
$callbacktodel .= '/core/modules/oauth/stripelive_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
} elseif ($label == 'OAUTH_STRIPE_TEST') {
$callbacktodel .= '/core/modules/oauth/stripetest_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
} elseif ($label == 'OAUTH_MICROSOFT') {
$callbacktodel .= '/core/modules/oauth/microsoft_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
} elseif ($label == 'OAUTH_MICROSOFT2') {
$callbacktodel .= '/core/modules/oauth/microsoft2_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
} elseif ($label == 'OAUTH_GENERIC') {
$callbacktodel .= '/core/modules/oauth/generic_oauthcallback.php?action=delete&keyforprovider='.$provider.'&token='.newToken().'&backtourl='.urlencode($backtourl);
}
header("Location: ".$callbacktodel);
exit;
} else {
$action = 'delete_entry';
}
}
if ($action == 'delete_entry') {
$provider = GETPOST('provider', 'aZ09');
$label = GETPOST('label');
$globalkey = empty($provider) ? $label : $label.'-'.$provider;
if (!dolibarr_del_const($db, $globalkey.'_NAME', $conf->entity)
|| !dolibarr_del_const($db, $globalkey.'_ID', $conf->entity)
|| !dolibarr_del_const($db, $globalkey.'_SECRET', $conf->entity)
|| !dolibarr_del_const($db, $globalkey.'_URL', $conf->entity)
|| !dolibarr_del_const($db, $globalkey.'_URLAUTHORIZE', $conf->entity)
|| !dolibarr_del_const($db, $globalkey.'_SCOPE', $conf->entity)) {
setEventMessages($langs->trans("ErrorInEntryDeletion"), null, 'errors');
$error++;
} else {
setEventMessages($langs->trans("EntryDeleted"), null);
}
}
/*
* View
*/
$form = new Form($db);
$title = $langs->trans('ConfigOAuth');
$help_url = 'EN:Module_OAuth|FR:Module_OAuth_FR|ES:Módulo_OAuth_ES';
llxHeader('', $title, $help_url, '', 0, 0, '', '', '', 'mod-admin page-oauth');
// Confirmation of action process
if ($action == 'delete') {
$formquestion = array();
$formconfirm = $form->formconfirm($_SERVER["PHP_SELF"].'?provider='.GETPOST('provider').'&label='.GETPOST('label'), $langs->trans('OAuthServiceConfirmDeleteTitle'), $langs->trans('OAuthServiceConfirmDeleteMessage'), 'confirm_delete', $formquestion, 0, 1, 220);
print $formconfirm;
}
$linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($title, $linkback, 'title_setup');
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="add">';
$head = oauthadmin_prepare_head();
print dol_get_fiche_head($head, 'services', '', -1, '');
print '<span class="opacitymedium">'.$langs->trans("ListOfSupportedOauthProviders").'</span><br><br>';
print '<select name="provider" id="provider" class="minwidth150">';
print '<option name="-1" value="-1">'.$langs->trans("OAuthProvider").'</option>';
$list = getAllOauth2Array();
// TODO Make a loop directly on getSupportedOauth2Array() and remove getAllOauth2Array()
foreach ($list as $key) {
$supported = 0;
$keyforsupportedoauth2array = $key[0];
if (in_array($keyforsupportedoauth2array, array_keys($supportedoauth2array))) {
$supported = 1;
}
if (!$supported) {
continue; // show only supported
}
print '<option name="'.$keyforsupportedoauth2array.'" value="'.str_replace('_NAME', '', $keyforsupportedoauth2array).'">';
$keyforsupportedoauth2array = preg_replace('/^OAUTH_/', '', $keyforsupportedoauth2array);
$keyforsupportedoauth2array = preg_replace('/_NAME$/', '', $keyforsupportedoauth2array);
$keyforsupportedoauth2array = preg_replace('/-.*$/', '', $keyforsupportedoauth2array);
$keyforsupportedoauth2array = 'OAUTH_'.$keyforsupportedoauth2array.'_NAME';
$label = $langs->trans($keyforsupportedoauth2array);
if ($label == $keyforsupportedoauth2array) {
print $supportedoauth2array[$keyforsupportedoauth2array]['name'];
} else {
print $label;
}
print'</option>'."\n";
}
print '</select>';
print ajax_combobox('provider');
print ' <input type="text" name="label" value="" placeholder="'.$langs->trans("Label").'" pattern="^\S+$" title="'.$langs->trans("SpaceOrSpecialCharAreNotAllowed").'">';
print ' <input type="submit" class="button small" name="add" value="'.$langs->trans("Add").'">';
print '<br>';
print '<br>';
print dol_get_fiche_end();
print '</form>';
$listinsetup = [];
// Define $listinsetup
foreach ($conf->global as $key => $val) {
if (!empty($val) && preg_match('/^OAUTH_.*_ID$/', $key)) {
$provider = preg_replace('/_ID$/', '', $key);
$listinsetup[] = array(
$provider.'_NAME',
$provider.'_ID',
$provider.'_SECRET',
$provider.'_URL', // For custom oauth links
$provider.'_SCOPE' // For custom oauth links
);
}
}
if (count($listinsetup) > 0) {
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="update">';
print '<div class="div-table-responsive-no-min">';
$i = 0;
// $list is defined into oauth.lib.php to the list of supporter OAuth providers.
foreach ($listinsetup as $key) {
$supported = 0;
$keyforsupportedoauth2array = $key[0]; // May be OAUTH_GOOGLE_NAME or OAUTH_GOOGLE_xxx_NAME
$keyforsupportedoauth2array = preg_replace('/^OAUTH_/', '', $keyforsupportedoauth2array);
$keyforsupportedoauth2array = preg_replace('/_NAME$/', '', $keyforsupportedoauth2array);
if (preg_match('/^.*-/', $keyforsupportedoauth2array)) {
$keybeforeprovider = preg_replace('/-.*$/', '', $keyforsupportedoauth2array);
$keyforprovider = preg_replace('/^.*-/', '', $keyforsupportedoauth2array);
} else {
$keybeforeprovider = $keyforsupportedoauth2array;
$keyforprovider = '';
}
$keyforsupportedoauth2array = preg_replace('/-.*$/', '', $keyforsupportedoauth2array);
$keyforsupportedoauth2array = 'OAUTH_'.$keyforsupportedoauth2array.'_NAME';
if (in_array($keyforsupportedoauth2array, array_keys($supportedoauth2array))) {
$supported = 1;
}
if (!$supported) {
continue; // show only supported
}
$i++;
print '<table class="noborder centpercent">';
// OAUTH service name
$label = $langs->trans($keyforsupportedoauth2array);
print '<tr class="liste_titre'.($i > 1 ? ' liste_titre_add' : '').'">';
print '<td class="titlefieldcreate">';
print img_picto('', $supportedoauth2array[$keyforsupportedoauth2array]['picto'], 'class="pictofixedwidth"');
if ($label == $keyforsupportedoauth2array) {
print $supportedoauth2array[$keyforsupportedoauth2array]['name'];
} else {
print $label;
}
if ($servicetoeditname == $key[0]) {
print ' (<input style="width: 20%" type="text" name="'.$key[0].'" value="'.$keyforprovider.'" >)';
} elseif ($keyforprovider) {
print ' (<b>'.$keyforprovider.'</b>)';
} else {
print ' (<b>'.$langs->trans("NoName").'</b>)';
}
if (!($servicetoeditname == $key[0])) {
print '<a class="editfielda reposition" href="'.$_SERVER["PHP_SELF"].'?token='.newToken().'&servicetoeditname='.urlencode($key[0]).'">'.img_edit($langs->transnoentitiesnoconv('Edit'), 1).'</a>';
}
print '</td>';
print '<td>';
if (!empty($supportedoauth2array[$keyforsupportedoauth2array]['urlforcredentials'])) {
print $langs->trans("OAUTH_URL_FOR_CREDENTIAL", $supportedoauth2array[$keyforsupportedoauth2array]['urlforcredentials']);
}
print '</td>';
// Delete
print '<td>';
$label = preg_replace('/_NAME$/', '', $keyforsupportedoauth2array);
print '<a href="'.$_SERVER["PHP_SELF"].'?action=delete&token='.newToken().'&provider='.urlencode($keyforprovider).'&label='.urlencode($label).'">';
print img_picto('', 'delete');
print '</a>';
print '</form>';
print '</td>';
print '</tr>';
if ($supported) {
$redirect_uri = $urlwithroot.'/core/modules/oauth/'.$supportedoauth2array[$keyforsupportedoauth2array]['callbackfile'].'_oauthcallback.php';
print '<tr class="oddeven value">';
print '<td>'.$form->textwithpicto($langs->trans("RedirectURL"), $langs->trans("UseTheFollowingUrlAsRedirectURI")).'</td>';
print '<td><input style="width: 80%" type="text" name="uri'.$keyforsupportedoauth2array.'" id="uri'.$keyforsupportedoauth2array.$keyforprovider.'" value="'.$redirect_uri.'" disabled>';
print ajax_autoselect('uri'.$keyforsupportedoauth2array.$keyforprovider);
print '</td>';
print '<td></td>';
print '</tr>';
if ($keyforsupportedoauth2array == 'OAUTH_GENERIC_NAME') {
print '<tr class="oddeven value">';
print '<td>';
$tooltiphelp = $langs->trans("Example").'<br>https://mastodon.example.com<br>https://mastodon.social';
print $form->textwithpicto($langs->trans("URLOfOAuthServiceEndpoints"), $tooltiphelp);
print '</td>';
print '<td><input style="width: 80%" type="text" name="'.$key[3].'" value="'.getDolGlobalString($key[3]).'" >';
print '</td>';
print '<td></td>';
print '</tr>';
}
} else {
print '<tr class="oddeven value">';
print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
print '<td>'.$langs->trans("FeatureNotYetSupported").'</td>';
print '</td>';
print '<td></td>';
print '</tr>';
}
// Api Id
print '<tr class="oddeven value">';
print '<td><label for="'.$key[1].'">'.$langs->trans("OAUTH_ID").'</label></td>';
print '<td><input type="text" size="100" id="'.$key[1].'" name="'.$key[1].'" value="'.getDolGlobalString($key[1]).'">';
print '</td>';
print '<td></td>';
print '</tr>';
// Api Secret
print '<tr class="oddeven value">';
print '<td><label for="'.$key[2].'">'.$langs->trans("OAUTH_SECRET").'</label></td>';
print '<td><input type="password" size="100" id="'.$key[2].'" name="'.$key[2].'" value="'.getDolGlobalString($key[2]).'">';
print '</td>';
print '<td></td>';
print '</tr>';
// Tenant
if ($keybeforeprovider == 'MICROSOFT' || $keybeforeprovider == 'MICROSOFT2') {
print '<tr class="oddeven value">';
print '<td><label for="'.$key[2].'">'.$langs->trans("OAUTH_TENANT").'</label></td>';
print '<td><input type="text" size="100" id="OAUTH_'.$keybeforeprovider.($keyforprovider ? '-'.$keyforprovider : '').'_TENANT" name="OAUTH_'.$keybeforeprovider.($keyforprovider ? '-'.$keyforprovider : '').'_TENANT" value="'.getDolGlobalString('OAUTH_'.$keybeforeprovider.($keyforprovider ? '-'.$keyforprovider : '').'_TENANT').'">';
print '</td>';
print '<td></td>';
print '</tr>';
}
// TODO Move this into token generation ?
if ($supported) {
if ($keyforsupportedoauth2array == 'OAUTH_GENERIC_NAME') {
print '<tr class="oddeven value">';
print '<td>';
print $form->textwithpicto($langs->trans("Scopes"), $langs->trans("ScopesDesc"));
print '</td>';
print '<td>';
print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
print '</td>';
print '<td></td>';
print '</tr>';
} else {
$availablescopes = array_flip(explode(',', $supportedoauth2array[$keyforsupportedoauth2array]['availablescopes']));
$currentscopes = explode(',', getDolGlobalString($key[4]));
$scopestodispay = array();
foreach ($availablescopes as $keyscope => $valscope) {
if (in_array($keyscope, $currentscopes)) {
$scopestodispay[$keyscope] = 1;
} else {
$scopestodispay[$keyscope] = 0;
}
}
// Api Scope
print '<tr class="oddeven value">';
print '<td>'.$langs->trans("Scopes").'</td>';
print '<td>';
foreach ($scopestodispay as $scope => $val) {
print '<input type="checkbox" id="'.$keyforprovider.$scope.'" name="'.$key[4].'[]" value="'.$scope.'"'.($val ? ' checked' : '').'>';
print '<label style="margin-right: 10px" for="'.$keyforprovider.$scope.'">'.$scope.'</label>';
}
print '</td>';
print '<td></td>';
print '</tr>';
}
} else {
print '<tr class="oddeven value">';
print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
print '<td>'.$langs->trans("FeatureNotYetSupported").'</td>';
print '</td>';
print '<td></td>';
print '</tr>';
}
print '</table>'."\n";
print '<br>';
}
print '</div>';
print $form->buttonsSaveCancel("Save", '');
print '</form>';
}
// End of page
llxFooter();
$db->close();