From 618d8e6468ba8c1cd948ef155e5c18c639d4d787 Mon Sep 17 00:00:00 2001 From: Dennis Lassiter Date: Wed, 24 Jan 2024 14:38:54 +0100 Subject: [PATCH 1/2] =?UTF-8?q?N=C2=B05775=20-=20Allow=20configuration=20o?= =?UTF-8?q?f=20OAuth=20client=20on=20MS=20Azure=20with=20single=20tenant?= =?UTF-8?q?=20(#553)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add Tenant-Support for Azure OAuthClient * Improvement: Make tenant required * Improvment: Removed check for null-value Since last commit, the "tenant"-field either set to a custom value or "common" by default. It is not allowed to be null * Add field description --------- Co-authored-by: Molkobain --- .../datamodel.itop-oauth-client.xml | 14 +++++++++++--- .../en.dict.itop-oauth-client.php | 2 ++ .../Client/OAuth/OAuthClientProviderAzure.php | 3 ++- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml b/datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml index c1efa7281..53893cba8 100644 --- a/datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml +++ b/datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml @@ -339,6 +339,11 @@ no true + + tenant + common + false +
@@ -364,15 +369,18 @@ 50 - + 60 - + 70 - + 80 + + 90 + diff --git a/datamodels/2.x/itop-oauth-client/en.dict.itop-oauth-client.php b/datamodels/2.x/itop-oauth-client/en.dict.itop-oauth-client.php index b64e1c838..f11877a21 100644 --- a/datamodels/2.x/itop-oauth-client/en.dict.itop-oauth-client.php +++ b/datamodels/2.x/itop-oauth-client/en.dict.itop-oauth-client.php @@ -93,6 +93,8 @@ Dict::Add('EN US', 'English', 'English', array( 'Class:OAuthClientAzure/Attribute:used_for_smtp+' => 'At least one OAuth client must have this flag to “Yes”, if you want iTop to use it for sending mails', 'Class:OAuthClientAzure/Attribute:used_for_smtp/Value:yes' => 'Yes', 'Class:OAuthClientAzure/Attribute:used_for_smtp/Value:no' => 'No', + 'Class:OAuthClientAzure/Attribute:tenant' => 'Tenant', + 'Class:OAuthClientAzure/Attribute:tenant+' => 'Tenant ID of the configured application. For multi-tenant application, use common.', )); // diff --git a/sources/Core/Authentication/Client/OAuth/OAuthClientProviderAzure.php b/sources/Core/Authentication/Client/OAuth/OAuthClientProviderAzure.php index 667d5875a..e77141d72 100644 --- a/sources/Core/Authentication/Client/OAuth/OAuthClientProviderAzure.php +++ b/sources/Core/Authentication/Client/OAuth/OAuthClientProviderAzure.php @@ -20,8 +20,9 @@ class OAuthClientProviderAzure extends OAuthClientProviderAbstract 'clientId' => $oOAuthClient->Get('client_id'), 'clientSecret' => $oOAuthClient->Get('client_secret'), 'redirectUri' => $oOAuthClient->Get('redirect_url'), + 'tenant' => $oOAuthClient->Get('tenant'), ]; $this->oVendorProvider = new Azure($aOptions, $collaborators); } -} \ No newline at end of file +} From 1b3a2c8470ac51790120df5cd1ea452d86853ae7 Mon Sep 17 00:00:00 2001 From: Molkobain Date: Wed, 24 Jan 2024 14:49:51 +0100 Subject: [PATCH 2/2] =?UTF-8?q?N=C2=B05775=20-=20Show=20error=20message=20?= =?UTF-8?q?to=20user=20in=20case=20of=20issue=20during=20token=20generatio?= =?UTF-8?q?n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../2.x/itop-oauth-client/assets/js/oauth_connect.js | 2 ++ .../src/Controller/AjaxOauthClientController.php | 10 ++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/datamodels/2.x/itop-oauth-client/assets/js/oauth_connect.js b/datamodels/2.x/itop-oauth-client/assets/js/oauth_connect.js index 4cc1c85d1..35dc4f391 100644 --- a/datamodels/2.x/itop-oauth-client/assets/js/oauth_connect.js +++ b/datamodels/2.x/itop-oauth-client/assets/js/oauth_connect.js @@ -92,6 +92,8 @@ const OAuthConnect = function(sClass, sId, sAjaxUri) { function (oData) { if (oData.status === 'success') { oOpenSignInWindow(oData.data.authorization_url, 'OAuth authorization') + } else { + alert(oData.error_description); } } ); diff --git a/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php b/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php index 4ec94b2f6..bfb47282b 100644 --- a/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php +++ b/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php @@ -10,6 +10,7 @@ use cmdbAbstractObject; use Combodo\iTop\Application\TwigBase\Controller\Controller; use Combodo\iTop\Core\Authentication\Client\OAuth\OAuthClientProviderFactory; use Dict; +use Exception; use IssueLog; use League\OAuth2\Client\Provider\Exception\IdentityProviderException; use MetaModel; @@ -31,8 +32,13 @@ class AjaxOauthClientController extends Controller $aResult = ['status' => 'success', 'data' => []]; - $sAuthorizationUrl = OAuthClientProviderFactory::GetAuthorizationUrl($oOAuthClient); - $aResult['data']['authorization_url'] = $sAuthorizationUrl; + try { + $sAuthorizationUrl = OAuthClientProviderFactory::GetAuthorizationUrl($oOAuthClient); + $aResult['data']['authorization_url'] = $sAuthorizationUrl; + } catch (Exception $oException) { + $aResult['status'] = 'error'; + $aResult['error_description'] = $oException->getMessage(); + } $this->DisplayJSONPage($aResult); }