d8/dd3/functions__openid__connect_8php_source.html

 <?php

 /* Copyright (C) 2022 Jeritiana Ravelojaona <jeritiana.rav@smartone.ai>

  * Copyright (C) 2024   MDW             <mdeweerd@users.noreply.github.com>

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

  * the Free Software Foundation; either version 3 of the License, or

  * (at your option) any later version.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU General Public License for more details.

  *

  * You should have received a copy of the GNU General Public License

  * along with this program. If not, see <https://www.gnu.org/licenses/>.

  */


 include_once DOL_DOCUMENT_ROOT.'/core/lib/geturl.lib.php';


 function check_user_password_openid_connect($usertotest, $passwordtotest, $entitytotest)

 {

   global $db, $conf, $langs;


   // Force master entity in transversal mode

   $entity = $entitytotest;

   if (isModEnabled('multicompany') && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')) {

     $entity = 1;

   }


   $login = '';


   dol_syslog("functions_openid_connect::check_user_password_openid_connect usertotest=".$usertotest." passwordtotest=".preg_replace('/./', '*', $passwordtotest)." entitytotest=".$entitytotest);


   // Step 1 is done by user: request an authorization code


   if (GETPOSTISSET('username')) {

     // OIDC does not require credentials here: pass on to next auth handler

     $_SESSION["dol_loginmesg"] = "Not an OpenID Connect flow";

     dol_syslog("functions_openid_connect::check_user_password_openid_connect not an OIDC flow");

   } elseif (GETPOSTISSET('code')) {

     $auth_code = GETPOST('code', 'aZ09');

     dol_syslog("functions_openid_connect::check_user_password_openid_connect code=".$auth_code);


     // Step 2: turn the authorization code into an access token, using client_secret

     $auth_param = [

       'grant_type'    => 'authorization_code',

       'client_id'     => getDolGlobalString('MAIN_AUTHENTICATION_OIDC_CLIENT_ID'),

       'client_secret' => getDolGlobalString('MAIN_AUTHENTICATION_OIDC_CLIENT_SECRET'),

       'code'          => $auth_code,

       'redirect_uri'  => getDolGlobalString('MAIN_AUTHENTICATION_OIDC_REDIRECT_URL')

     ];


     $token_response = getURLContent($conf->global->MAIN_AUTHENTICATION_OIDC_TOKEN_URL, 'POST', http_build_query($auth_param));

     $token_content = json_decode($token_response['content']);

     dol_syslog("functions_openid_connect::check_user_password_openid_connect /token=".print_r($token_response, true), LOG_DEBUG);


     if (property_exists($token_content, 'access_token')) {

       // Step 3: retrieve user info using token

       $userinfo_headers = array('Authorization: Bearer '.$token_content->access_token);

       $userinfo_response = getURLContent($conf->global->MAIN_AUTHENTICATION_OIDC_USERINFO_URL, 'GET', '', 1, $userinfo_headers);

       $userinfo_content = json_decode($userinfo_response['content']);


       dol_syslog("functions_openid_connect::check_user_password_openid_connect /userinfo=".print_r($userinfo_response, true), LOG_DEBUG);


       // Get the user attribute (claim) matching the Dolibarr login

       $login_claim = 'email'; // default

       if (getDolGlobalString('MAIN_AUTHENTICATION_OIDC_LOGIN_CLAIM')) {

         $login_claim = getDolGlobalString('MAIN_AUTHENTICATION_OIDC_LOGIN_CLAIM');

       }


       if (property_exists($userinfo_content, $login_claim)) {

         // Success: retrieve claim to return to Dolibarr as login

         $sql = 'SELECT login, entity, datestartvalidity, dateendvalidity';

         $sql .= ' FROM '.MAIN_DB_PREFIX.'user';

         $sql .= " WHERE login = '".$db->escape($userinfo_content->$login_claim)."'";

         $sql .= ' AND entity IN (0,'.(array_key_exists('dol_entity', $_SESSION) ? ((int) $_SESSION["dol_entity"]) : 1).')';


         dol_syslog("functions_openid::check_user_password_openid", LOG_DEBUG);


         $resql = $db->query($sql);

         if ($resql) {

           $obj = $db->fetch_object($resql);

           if ($obj) {

             // Note: Test on date validity is done later natively with isNotIntoValidityDateRange() by core after calling checkLoginPassEntity() that call this method

             $login = $obj->login;

           }

         }

       } elseif ($userinfo_content->error) {

         // Got user info response but content is an error

         $_SESSION["dol_loginmesg"] = "Error in OAuth 2.0 flow (".$userinfo_content->error_description.")";

       } elseif ($userinfo_response['http_code'] == 200) {

         // Claim does not exist

         $_SESSION["dol_loginmesg"] = "OpenID Connect claim not found: ".$login_claim;

       } elseif ($userinfo_response['curl_error_no']) {

         // User info request error

         $_SESSION["dol_loginmesg"] = "Network error: ".$userinfo_response['curl_error_msg']." (".$userinfo_response['curl_error_no'].")";

       } else {

         // Other user info request error

         $_SESSION["dol_loginmesg"] = "Userinfo request error (".$userinfo_response['http_code'].")";

       }

     } elseif ($token_content->error) {

       // Got token response but content is an error

       $_SESSION["dol_loginmesg"] = "Error in OAuth 2.0 flow (".$token_content->error_description.")";

     } elseif ($token_response['curl_error_no']) {

       // Token request error

       $_SESSION["dol_loginmesg"] = "Network error: ".$token_response['curl_error_msg']." (".$token_response['curl_error_no'].")";

     } else {

       // Other token request error

       $_SESSION["dol_loginmesg"] = "Token request error (".$token_response['http_code'].")";

     }

   } else {

     // No code received

     $_SESSION["dol_loginmesg"] = "Error in OAuth 2.0 flow (no code received)";

   }


   dol_syslog("functions_openid_connect::check_user_password_openid_connect END");


   return !empty($login) ? $login : false;

 }

$sql
if(isModEnabled('invoice') && $user->hasRight('facture', 'lire')) if((isModEnabled('fournisseur') &&!getDolGlobalString('MAIN_USE_NEW_SUPPLIERMOD') && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') && $user->hasRight('don', 'lire')) if(isModEnabled('tax') && $user->hasRight('tax', 'charges', 'lire')) if(isModEnabled('invoice') &&isModEnabled('order') && $user->hasRight("commande", "lire") &&!getDolGlobalString('WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER')) $sql
Social contributions to pay.
Definition: index.php:745

GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:745

GETPOSTISSET
GETPOSTISSET($paramname)
Return true if we are in a context of submitting the parameter $paramname from a POST of a form.
Definition: functions.lib.php:645

getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition: functions.lib.php:208

isModEnabled
isModEnabled($module)
Is Dolibarr module enabled.
Definition: functions.lib.php:305

dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:2085

check_user_password_openid_connect
check_user_password_openid_connect($usertotest, $passwordtotest, $entitytotest)
Check validity of user/password/entity If test is ko, reason must be filled into $_SESSION["dol_login...
Definition: functions_openid_connect.php:38

getURLContent
getURLContent($url, $postorget='GET', $param='', $followlocation=1, $addheaders=array(), $allowedschemes=array('http', 'https'), $localurl=0, $ssl_verifypeer=-1)
Function to get a content from an URL (use proxy if proxy defined).
Definition: geturl.lib.php:42