dolibarr  17.0.4
microsoft_oauthcallback.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2022 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2015 Frederic France <frederic.france@free.fr>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <https://www.gnu.org/licenses/>.
17  */
18 
25 // Load Dolibarr environment
26 require '../../../main.inc.php';
27 require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php';
28 use OAuth\Common\Storage\DoliStorage;
29 use OAuth\Common\Consumer\Credentials;
30 use OAuth\OAuth2\Service\GitHub;
31 
32 // Define $urlwithroot
33 $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
34 $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
35 //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
36 
37 
38 $action = GETPOST('action', 'aZ09');
39 $backtourl = GETPOST('backtourl', 'alpha');
40 $keyforprovider = GETPOST('keyforprovider', 'aZ09');
41 if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) {
42  $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"];
43 }
44 $genericstring = 'MICROSOFT';
45 
46 
50 $uriFactory = new \OAuth\Common\Http\Uri\UriFactory();
51 //$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);
52 //$currentUri->setQuery('');
53 $currentUri = $uriFactory->createFromAbsolute($urlwithroot.'/core/modules/oauth/microsoft_oauthcallback.php');
54 
55 
61 $serviceFactory = new \OAuth\ServiceFactory();
62 $httpClient = new \OAuth\Common\Http\Client\CurlClient();
63 // TODO Set options for proxy and timeout
64 // $params=array('CURLXXX'=>value, ...)
65 //$httpClient->setCurlParameters($params);
66 $serviceFactory->setHttpClient($httpClient);
67 
68 // Dolibarr storage
69 $storage = new DoliStorage($db, $conf, $keyforprovider);
70 
71 // Setup the credentials for the requests
72 $keyforparamid = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_ID';
73 $keyforparamsecret = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET';
74 $keyforparamtenant = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_TENANT';
75 $credentials = new Credentials(
76  getDolGlobalString($keyforparamid),
77  getDolGlobalString($keyforparamsecret),
78  $currentUri->getAbsoluteUri()
79 );
80 
81 $state = GETPOST('state');
82 
83 $requestedpermissionsarray = array();
84 if ($state) {
85  $requestedpermissionsarray = explode(',', $state); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back
86 }
87 if ($action != 'delete' && empty($requestedpermissionsarray)) {
88  print 'Error, parameter state is not defined';
89  exit;
90 }
91 //var_dump($requestedpermissionsarray);exit;
92 
93 // Instantiate the Api service using the credentials, http client and storage mechanism for the token
94 // ucfirst(strtolower($genericstring)) must be the name of a class into OAuth/OAuth2/Services/Xxxx
95 // $requestedpermissionsarray contains list of scopes.
96 // Conversion into URL is done by Reflection on constant with name SCOPE_scope_in_uppercase
97 try {
98  $apiService = $serviceFactory->createService(ucfirst(strtolower($genericstring)), $credentials, $storage, $requestedpermissionsarray);
99 } catch (Exception $e) {
100  print $e->getMessage();
101  exit;
102 }
103 /*
104 var_dump($genericstring.($keyforprovider ? '-'.$keyforprovider : ''));
105 var_dump($credentials);
106 var_dump($storage);
107 var_dump($requestedpermissionsarray);
108 */
109 
110 if (empty($apiService)) {
111  print 'Error, failed to create serviceFactory';
112  exit;
113 }
114 
115 // access type needed to have oauth provider refreshing token
116 //$apiService->setAccessType('offline');
117 
118 $langs->load("oauth");
119 
120 if (!getDolGlobalString($keyforparamid)) {
121  accessforbidden('Setup of service is not complete. Customer ID is missing');
122 }
123 if (!getDolGlobalString($keyforparamsecret)) {
124  accessforbidden('Setup of service is not complete. Secret key is missing');
125 }
126 
127 
128 /*
129  * Actions
130  */
131 
132 if ($action == 'delete') {
133  $storage->clearToken($genericstring);
134 
135  setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs');
136 
137  header('Location: '.$backtourl);
138  exit();
139 }
140 
141 //dol_syslog("GET=".join(',', $_GET));
142 
143 
144 if (GETPOST('code') || GETPOST('error')) { // We are coming from oauth provider page
145  // We should have
146  //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16))
147 
148  dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)." error=".GETPOST('error'));
149 
150  // This was a callback request from service, get the token
151  try {
152  //var_dump($state);
153  //var_dump($apiService); // OAuth\OAuth2\Service\Microsoft
154 
155  if (GETPOST('error')) {
156  setEventMessages(GETPOST('error').' '.GETPOST('error_description'), null, 'errors');
157  } else {
158  //print GETPOST('code');exit;
159 
160  //$token = $apiService->requestAccessToken(GETPOST('code'), $state);
161  $token = $apiService->requestAccessToken(GETPOST('code'));
162  // Microsoft is a service that does not need state to be stored as second paramater of requestAccessToken
163 
164  //print $token->getAccessToken().'<br><br>';
165  //print $token->getExtraParams()['id_token'].'<br>';
166  //print $token->getRefreshToken().'<br>';exit;
167 
168  setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token
169  }
170 
171  $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"];
172  unset($_SESSION["backtourlsavedbeforeoauthjump"]);
173 
174  header('Location: '.$backtourl);
175  exit();
176  } catch (Exception $e) {
177  print $e->getMessage();
178  }
179 } else {
180  // If we enter this page without 'code' parameter, we arrive here. This is the case when we want to get the redirect
181  // to the OAuth provider login page.
182  $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl;
183  $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider;
184  $_SESSION['oauthstateanticsrf'] = $state;
185 
186  //if (!preg_match('/^forlogin/', $state)) {
187  // $apiService->setApprouvalPrompt('auto');
188  //}
189 
190  // This may create record into oauth_state before the header redirect.
191  // Creation of record with state in this tables depend on the Provider used (see its constructor).
192  if ($state) {
193  $url = $apiService->getAuthorizationUri(array('state' => $state));
194  } else {
195  $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated
196  }
197 
198  // Show url to get authorization
199  //var_dump((string) $url);exit;
200  dol_syslog("Redirect to url=".$url);
201 
202  // we go on oauth provider authorization page
203  header('Location: '.$url);
204  exit();
205 }
206 
207 
208 /*
209  * View
210  */
211 
212 // No view at all, just actions
213 
214 $db->close();
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='')
Set event messages in dol_events session object.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
if(!function_exists('utf8_encode')) if(!function_exists('utf8_decode')) getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_trunc($string, $size=40, $trunc='right', $stringencoding='UTF-8', $nodot=0, $display=0)
Truncate a string to a particular length adding '…' if string larger than length.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
$uriFactory
Create a new instance of the URI class with the current URI, stripping the query string.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.