27 include_once DOL_DOCUMENT_ROOT.
'/core/lib/geturl.lib.php';
40 global $db, $conf, $langs;
43 $entity = $entitytotest;
50 dol_syslog(
"functions_openid_connect::check_user_password_openid_connect usertotest=".$usertotest.
" passwordtotest=".preg_replace(
'/./',
'*', $passwordtotest).
" entitytotest=".$entitytotest);
56 $_SESSION[
"dol_loginmesg"] =
"Not an OpenID Connect flow";
57 dol_syslog(
"functions_openid_connect::check_user_password_openid_connect not an OIDC flow");
59 $auth_code =
GETPOST(
'code',
'aZ09');
60 dol_syslog(
"functions_openid_connect::check_user_password_openid_connect code=".$auth_code);
64 'grant_type' =>
'authorization_code',
71 $token_response =
getURLContent($conf->global->MAIN_AUTHENTICATION_OIDC_TOKEN_URL,
'POST', http_build_query($auth_param));
72 $token_content = json_decode($token_response[
'content']);
73 dol_syslog(
"functions_openid_connect::check_user_password_openid_connect /token=".print_r($token_response,
true), LOG_DEBUG);
75 if (property_exists($token_content,
'access_token')) {
77 $userinfo_headers = array(
'Authorization: Bearer '.$token_content->access_token);
78 $userinfo_response =
getURLContent($conf->global->MAIN_AUTHENTICATION_OIDC_USERINFO_URL,
'GET',
'', 1, $userinfo_headers);
79 $userinfo_content = json_decode($userinfo_response[
'content']);
81 dol_syslog(
"functions_openid_connect::check_user_password_openid_connect /userinfo=".print_r($userinfo_response,
true), LOG_DEBUG);
84 $login_claim =
'email';
89 if (property_exists($userinfo_content, $login_claim)) {
91 $sql =
'SELECT login, entity, datestartvalidity, dateendvalidity';
92 $sql .=
' FROM '.MAIN_DB_PREFIX.
'user';
93 $sql .=
" WHERE login = '".$db->escape($userinfo_content->$login_claim).
"'";
94 $sql .=
' AND entity IN (0,'.(array_key_exists(
'dol_entity', $_SESSION) ? ((int) $_SESSION[
"dol_entity"]) : 1).
')';
96 dol_syslog(
"functions_openid::check_user_password_openid", LOG_DEBUG);
98 $resql = $db->query(
$sql);
100 $obj = $db->fetch_object($resql);
103 $login = $obj->login;
106 } elseif ($userinfo_content->error) {
108 $_SESSION[
"dol_loginmesg"] =
"Error in OAuth 2.0 flow (".$userinfo_content->error_description.
")";
109 } elseif ($userinfo_response[
'http_code'] == 200) {
111 $_SESSION[
"dol_loginmesg"] =
"OpenID Connect claim not found: ".$login_claim;
112 } elseif ($userinfo_response[
'curl_error_no']) {
114 $_SESSION[
"dol_loginmesg"] =
"Network error: ".$userinfo_response[
'curl_error_msg'].
" (".$userinfo_response[
'curl_error_no'].
")";
117 $_SESSION[
"dol_loginmesg"] =
"Userinfo request error (".$userinfo_response[
'http_code'].
")";
119 } elseif ($token_content->error) {
121 $_SESSION[
"dol_loginmesg"] =
"Error in OAuth 2.0 flow (".$token_content->error_description.
")";
122 } elseif ($token_response[
'curl_error_no']) {
124 $_SESSION[
"dol_loginmesg"] =
"Network error: ".$token_response[
'curl_error_msg'].
" (".$token_response[
'curl_error_no'].
")";
127 $_SESSION[
"dol_loginmesg"] =
"Token request error (".$token_response[
'http_code'].
")";
131 $_SESSION[
"dol_loginmesg"] =
"Error in OAuth 2.0 flow (no code received)";
134 dol_syslog(
"functions_openid_connect::check_user_password_openid_connect END");
136 return !empty($login) ? $login :
false;
if(isModEnabled('invoice') && $user->hasRight('facture', 'lire')) if((isModEnabled('fournisseur') &&!getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') && $user->hasRight('don', 'lire')) if(isModEnabled('tax') && $user->hasRight('tax', 'charges', 'lire')) if(isModEnabled('invoice') &&isModEnabled('order') && $user->hasRight("commande", "lire") &&!getDolGlobalString('WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER')) $sql
Social contributions to pay.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
GETPOSTISSET($paramname)
Return true if we are in a context of submitting the parameter $paramname from a POST of a form.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
isModEnabled($module)
Is Dolibarr module enabled.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
check_user_password_openid_connect($usertotest, $passwordtotest, $entitytotest)
Check validity of user/password/entity If test is ko, reason must be filled into $_SESSION["dol_login...
getURLContent($url, $postorget='GET', $param='', $followlocation=1, $addheaders=array(), $allowedschemes=array('http', 'https'), $localurl=0, $ssl_verifypeer=-1)
Function to get a content from an URL (use proxy if proxy defined).