db/d64/generic__oauthcallback_8php_source.html

 <?php

 /* Copyright (C) 2022       Laurent Destailleur  <eldy@users.sourceforge.net>

  * Copyright (C) 2015       Frederic France      <frederic.france@free.fr>

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

  * the Free Software Foundation; either version 3 of the License, or

  * (at your option) any later version.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU General Public License for more details.

  *

  * You should have received a copy of the GNU General Public License

  * along with this program. If not, see <https://www.gnu.org/licenses/>.

  */


 // Load Dolibarr environment

 require '../../../main.inc.php';

 require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php';

 use OAuth\Common\Storage\DoliStorage;

 use OAuth\Common\Consumer\Credentials;

 use OAuth\OAuth2\Service\GitHub;


 // Define $urlwithroot

 $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));

 $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file

 //$urlwithroot=DOL_MAIN_URL_ROOT;         // This is to use same domain name than current


 $action = GETPOST('action', 'aZ09');

 $backtourl = GETPOST('backtourl', 'alpha');

 $keyforprovider = GETPOST('keyforprovider', 'aZ09');

 if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) {

   $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"];

 }

 $genericstring = 'OTHER';


 $uriFactory = new \OAuth\Common\Http\Uri\UriFactory();

 //$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);

 //$currentUri->setQuery('');

 $currentUri = $uriFactory->createFromAbsolute($urlwithroot.'/core/modules/oauth/generic_oauthcallback.php');


 $serviceFactory = new \OAuth\ServiceFactory();

 $httpClient = new \OAuth\Common\Http\Client\CurlClient();

 // TODO Set options for proxy and timeout

 // $params=array('CURLXXX'=>value, ...)

 //$httpClient->setCurlParameters($params);

 $serviceFactory->setHttpClient($httpClient);


 // Dolibarr storage

 $storage = new DoliStorage($db, $conf, $keyforprovider);


 // Setup the credentials for the requests

 $keyforparamid = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_ID';

 $keyforparamsecret = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET';

 $credentials = new Credentials(

   getDolGlobalString($keyforparamid),

   getDolGlobalString($keyforparamsecret),

   $currentUri->getAbsoluteUri()

 );


 $state = GETPOST('state');


 $requestedpermissionsarray = array();

 if ($state) {

   $requestedpermissionsarray = explode(',', $state); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back

 }

 if ($action != 'delete' && empty($requestedpermissionsarray)) {

   print 'Error, parameter state is not defined';

   exit;

 }

 //var_dump($requestedpermissionsarray);exit;


 // Instantiate the Api service using the credentials, http client and storage mechanism for the token

 // ucfirst(strtolower($genericstring)) must be the name of a class into OAuth/OAuth2/Services/Xxxx

 $apiService = $serviceFactory->createService(ucfirst(strtolower($genericstring)), $credentials, $storage, $requestedpermissionsarray);


 /*

 var_dump($genericstring.($keyforprovider ? '-'.$keyforprovider : ''));

 var_dump($credentials);

 var_dump($storage);

 var_dump($requestedpermissionsarray);

 */


 if (empty($apiService)) {

   print 'Error, failed to create serviceFactory';

   exit;

 }


 // access type needed to have oauth provider refreshing token

 //$apiService->setAccessType('offline');


 $langs->load("oauth");


 if (!getDolGlobalString($keyforparamid)) {

   accessforbidden('Setup of service is not complete. Customer ID is missing');

 }

 if (!getDolGlobalString($keyforparamsecret)) {

   accessforbidden('Setup of service is not complete. Secret key is missing');

 }


 /*

  * Actions

  */


 if ($action == 'delete') {

   $storage->clearToken($genericstring);


   setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs');


   if (empty($backtourl)) {

     $backtourl = DOL_URL_ROOT.'/';

   }


   header('Location: '.$backtourl);

   exit();

 }


 if (GETPOST('code') || GETPOST('error')) {     // We are coming from oauth provider page

   // We should have

   //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16))


   dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)." error=".GETPOST('error'));


   // This was a callback request from service, get the token

   try {

     //var_dump($state);

     //var_dump($apiService);      // OAuth\OAuth2\Service\Xxx


     if (GETPOST('error')) {

       setEventMessages(GETPOST('error').' '.GETPOST('error_description'), null, 'errors');

     } else {

       //$token = $apiService->requestAccessToken(GETPOST('code'), $state);

       $token = $apiService->requestAccessToken(GETPOST('code'));


       setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token

     }


     $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"];

     unset($_SESSION["backtourlsavedbeforeoauthjump"]);


     header('Location: '.$backtourl);

     exit();

   } catch (Exception $e) {

     print $e->getMessage();

   }

 } else {

   // If we enter this page without 'code' parameter, we arrive here. This is the case when we want to get the redirect

   // to the OAuth provider login page.

   $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl;

   $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider;

   $_SESSION['oauthstateanticsrf'] = $state;


   // This may create record into oauth_state before the header redirect.

   // Creation of record with state in this tables depend on the Provider used (see its constructor).

   if ($state) {

     $url = $apiService->getAuthorizationUri(array('state' => $state));

   } else {

     $url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated

   }


   // we go on oauth provider authorization page

   header('Location: '.$url);

   exit();

 }


 /*

  * View

  */


 // No view at all, just actions


 $db->close();

Exception

GETPOST
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
Definition: functions.lib.php:614

setEventMessages
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0)
Set event messages in dol_events session object.
Definition: functions.lib.php:8727

dol_trunc
dol_trunc($string, $size=40, $trunc='right', $stringencoding='UTF-8', $nodot=0, $display=0)
Truncate a string to a particular length adding '…' if string larger than length.
Definition: functions.lib.php:4106

getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition: functions.lib.php:142

dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1788

$uriFactory
$uriFactory
Create a new instance of the URI class with the current URI, stripping the query string.
Definition: generic_oauthcallback.php:50

accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition: security.lib.php:1185