From 8fa616f440b700e3ffab929e32fc3c91a176b16a Mon Sep 17 00:00:00 2001 From: Eric Espie Date: Wed, 10 Aug 2022 14:57:26 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B05395=20-=20Errors=20from=20OAuth=20serve?= =?UTF-8?q?rs=20for=20email=20are=20not=20well=20handled?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../en.dict.itop-oauth-client.php | 1 + .../fr.dict.itop-oauth-client.php | 1 + .../Controller/AjaxOauthClientController.php | 72 ++++++++++++++----- .../OAuth/OAuthLandingController.php | 2 +- 4 files changed, 59 insertions(+), 17 deletions(-) diff --git a/datamodels/2.x/itop-oauth-client/en.dict.itop-oauth-client.php b/datamodels/2.x/itop-oauth-client/en.dict.itop-oauth-client.php index 350afaa01..5c3a66132 100644 --- a/datamodels/2.x/itop-oauth-client/en.dict.itop-oauth-client.php +++ b/datamodels/2.x/itop-oauth-client/en.dict.itop-oauth-client.php @@ -21,6 +21,7 @@ Dict::Add('EN US', 'English', 'English', [ 'itop-oauth-client:Message:MissingToken' => 'Generate access token before using this OAuth client', 'itop-oauth-client:Message:TokenCreated' => 'Access token created', 'itop-oauth-client:Message:TokenRecreated' => 'Access token regenerated', + 'itop-oauth-client:Message:TokenError' => 'Access token not generated due to server error', 'OAuthClient:Name/UseForSMTPMustBeUnique' => 'The combination Login (%1$s) and Use for SMTP (%2$s) has already be used for OAuth Client', diff --git a/datamodels/2.x/itop-oauth-client/fr.dict.itop-oauth-client.php b/datamodels/2.x/itop-oauth-client/fr.dict.itop-oauth-client.php index 3d5f84836..339538d52 100644 --- a/datamodels/2.x/itop-oauth-client/fr.dict.itop-oauth-client.php +++ b/datamodels/2.x/itop-oauth-client/fr.dict.itop-oauth-client.php @@ -21,6 +21,7 @@ Dict::Add('FR FR', 'French', 'Français', [ 'itop-oauth-client:Message:MissingToken' => 'Générez le jeton d\'accès avant d\'utiliser ce client OAuth', 'itop-oauth-client:Message:TokenCreated' => 'Le jeton d\'accès à été créé', 'itop-oauth-client:Message:TokenRecreated' => 'Le jeton d\'accès à été renouvelé', + 'itop-oauth-client:Message:TokenError' => 'Le jeton d\'accès n\'a pas été généré à cause d`une erreur serveur', 'OAuthClient:Name/UseForSMTPMustBeUnique' => 'La combinaison Login (%1$s) and Utilisé pour SMTP (%2$s) a déjà été utilisée pour OAuth Client', diff --git a/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php b/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php index 51367d34e..65523046b 100644 --- a/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php +++ b/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php @@ -49,26 +49,66 @@ class AjaxOauthClientController extends Controller $sRedirectUrl = utils::ReadParam('redirect_url', '', false, 'raw'); - $sRedirectUrlQuery = parse_url($sRedirectUrl)['query']; + $aResult = []; + $aResult['status'] = 'error'; + $aURL = parse_url($sRedirectUrl); + if (isset($aURL['query'])) { + $sRedirectUrlQuery = $aURL['query']; + $aQuery = []; + parse_str($sRedirectUrlQuery, $aQuery); + if (isset($aQuery['error'])) { + $aResult['status'] = 'error'; + if (isset($aQuery['error_description'])) { + $aResult['error_description'] = $aQuery['error_description']; + } + } + if (isset($aQuery['code'])) { + $sCode = $aQuery['code']; + $oAccessToken = OAuthClientProviderFactory::GetAccessTokenFromCode($oOAuthClient, $sCode); - $aQuery = []; - parse_str($sRedirectUrlQuery, $aQuery); - $sCode = $aQuery['code']; - $oAccessToken = OAuthClientProviderFactory::GetAccessTokenFromCode($oOAuthClient, $sCode); + $oOAuthClient->SetAccessToken($oAccessToken); - $oOAuthClient->SetAccessToken($oAccessToken); - cmdbAbstractObject::SetSessionMessage( - $sClass, - $sId, - "$sClass:$sId:TokenCreated", - $bIsCreation ? Dict::S('itop-oauth-client:Message:TokenCreated') : Dict::S('itop-oauth-client:Message:TokenRecreated'), - 'ok', - 1, - true - ); - $aResult = ['status' => 'success']; + $aResult['status'] = 'success'; + } + } else { + $aResult['status'] = 'error'; + $aResult['error_description'] = 'Redirect URL Format not recognized'; + } + + switch ($aResult['status']) { + case 'success': + cmdbAbstractObject::SetSessionMessage( + $sClass, + $sId, + "$sClass:$sId:TokenCreated", + $bIsCreation ? Dict::S('itop-oauth-client:Message:TokenCreated') : Dict::S('itop-oauth-client:Message:TokenRecreated'), + 'ok', + 1, + true + ); + if ($bIsCreation) { + IssueLog::Info("Token created for $sClass:$sId"); + } else { + IssueLog::Info("Token recreated for $sClass:$sId"); + } + break; + + case 'error': + cmdbAbstractObject::SetSessionMessage( + $sClass, + $sId, + "$sClass:$sId:TokenError", + $aResult['error_description'] ?? Dict::S('itop-oauth-client:Message:TokenError'), + 'error', + 1, + true + ); + IssueLog::Error("Token creation failed for $sClass:$sId", null, $aResult); + break; + } + $aResult['data'] = utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=details&class=$sClass&id=$sId"; $this->DisplayJSONPage($aResult); diff --git a/sources/Controller/OAuth/OAuthLandingController.php b/sources/Controller/OAuth/OAuthLandingController.php index 3c3fd7c77..4b869d8c1 100644 --- a/sources/Controller/OAuth/OAuthLandingController.php +++ b/sources/Controller/OAuth/OAuthLandingController.php @@ -8,6 +8,6 @@ class OAuthLandingController extends Controller { public function OperationLanding() { - $this->DisplayPage([]); + $this->DisplayAjaxPage([]); } } \ No newline at end of file