mirror of
https://github.com/salesagility/SuiteCRM.git
synced 2024-12-22 12:28:31 +00:00
375 lines
11 KiB
PHP
375 lines
11 KiB
PHP
<?php
|
|
/**
|
|
*
|
|
* SugarCRM Community Edition is a customer relationship management program developed by
|
|
* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
|
|
*
|
|
* SuiteCRM is an extension to SugarCRM Community Edition developed by SalesAgility Ltd.
|
|
* Copyright (C) 2011 - 2022 SalesAgility Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU Affero General Public License version 3 as published by the
|
|
* Free Software Foundation with the addition of the following permission added
|
|
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
|
|
* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
|
|
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
* details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License along with
|
|
* this program; if not, see http://www.gnu.org/licenses or write to the Free
|
|
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301 USA.
|
|
*
|
|
* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
|
|
* SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
|
|
*
|
|
* The interactive user interfaces in modified source and object code versions
|
|
* of this program must display Appropriate Legal Notices, as required under
|
|
* Section 5 of the GNU Affero General Public License version 3.
|
|
*
|
|
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
|
|
* these Appropriate Legal Notices must retain the display of the "Powered by
|
|
* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
|
|
* reasonably feasible for technical reasons, the Appropriate Legal Notices must
|
|
* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
|
|
*/
|
|
|
|
if (!defined('sugarEntry') || !sugarEntry) {
|
|
die('Not A Valid Entry Point');
|
|
}
|
|
|
|
use League\OAuth2\Client\Provider\AbstractProvider;
|
|
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
|
|
use League\OAuth2\Client\Provider\GenericProvider;
|
|
use League\OAuth2\Client\Token\AccessTokenInterface;
|
|
|
|
require_once __DIR__ . '/ExternalOAuthProviderConnectorInterface.php';
|
|
|
|
#[\AllowDynamicProperties]
|
|
abstract class ExternalOAuthProviderConnector implements ExternalOAuthProviderConnectorInterface
|
|
{
|
|
/**
|
|
* @var string
|
|
*/
|
|
public $providerId;
|
|
|
|
/**
|
|
* @param string $providerId
|
|
*/
|
|
public function __construct(string $providerId)
|
|
{
|
|
$this->providerId = $providerId;
|
|
}
|
|
|
|
/**
|
|
* @inheritDoc
|
|
*/
|
|
public function getProviderID(): string
|
|
{
|
|
return $this->providerId;
|
|
}
|
|
|
|
/**
|
|
* Get Provider
|
|
* @param string $requestClientId
|
|
* @param string $requestClientSecret
|
|
* @return AbstractProvider|null
|
|
*/
|
|
public function getProvider(string $requestClientId, string $requestClientSecret): ?AbstractProvider
|
|
{
|
|
|
|
$config = $this->getProviderConfig();
|
|
|
|
if (empty($config)) {
|
|
return null;
|
|
}
|
|
|
|
$paramsToSet = [
|
|
'clientId' => $this->getClientID($requestClientId, $config),
|
|
'clientSecret' => $this->getClientSecret($requestClientSecret, $config),
|
|
'redirectUri' => $this->getRedirectUri($config),
|
|
];
|
|
|
|
$params = [];
|
|
|
|
foreach ($paramsToSet as $key => $value) {
|
|
if (!empty($value)) {
|
|
$params[$key] = $value;
|
|
}
|
|
}
|
|
|
|
$params = array_merge($params, $this->getExtraProviderParams($config));
|
|
|
|
return new GenericProvider($params);
|
|
}
|
|
|
|
/**
|
|
* @inheritDoc
|
|
*/
|
|
public function getAuthorizeURL(string $requestClientId, string $requestClientSecret): string
|
|
{
|
|
$provider = $this->getProvider($requestClientId, $requestClientSecret);
|
|
$config = $this->getProviderConfig();
|
|
|
|
if ($provider === null || empty($config)) {
|
|
return '';
|
|
}
|
|
|
|
$authUrl = $provider->getAuthorizationUrl($this->getAuthorizeURLOptions($config));
|
|
$_SESSION['oauth2state'] = $provider->getState();
|
|
|
|
return $authUrl;
|
|
}
|
|
|
|
/**
|
|
* @inheritDoc
|
|
* @throws IdentityProviderException
|
|
*/
|
|
public function getAccessToken(string $code): ?AccessTokenInterface
|
|
{
|
|
$config = $this->getProviderConfig();
|
|
$provider = $this->getProvider('', '');
|
|
|
|
if ($provider === null || empty($config)) {
|
|
return null;
|
|
}
|
|
|
|
$options = [
|
|
'code' => $code,
|
|
];
|
|
|
|
$options = array_merge_recursive($options, $this->getAccessTokenRequestOptions($config));
|
|
|
|
return $provider->getAccessToken(
|
|
$this->getAccessTokenRequestGrant($config),
|
|
$options
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @inheritDoc
|
|
*/
|
|
public function refreshAccessToken(string $refreshToken): ?AccessTokenInterface
|
|
{
|
|
$config = $this->getProviderConfig();
|
|
$provider = $this->getProvider('', '');
|
|
|
|
if ($provider === null || empty($config)) {
|
|
return null;
|
|
}
|
|
|
|
$options = [
|
|
'refresh_token' => $refreshToken,
|
|
];
|
|
|
|
$options = array_merge_recursive($options, $this->getRefreshTokenRequestOptions($config));
|
|
|
|
return $provider->getAccessToken(
|
|
$this->getRefreshTokenRequestGrant($config),
|
|
$options
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Get provider config
|
|
* @return array
|
|
*/
|
|
public function getProviderConfig(): array
|
|
{
|
|
$providerId = $this->getProviderID();
|
|
|
|
if (empty($providerId)) {
|
|
return [];
|
|
}
|
|
|
|
/** @var ExternalOAuthProvider $providerBean */
|
|
$providerBean = BeanFactory::getBean('ExternalOAuthProvider', $providerId);
|
|
|
|
if (empty($providerBean)) {
|
|
return [];
|
|
}
|
|
|
|
return $providerBean->getConfigArray();
|
|
}
|
|
|
|
/**
|
|
* Get applicable client id
|
|
* @param string $requestClientId
|
|
* @param array $providerConfig
|
|
* @return string
|
|
*/
|
|
public function getClientID(string $requestClientId, array $providerConfig): string
|
|
{
|
|
|
|
$clientId = $requestClientId ?? '';
|
|
if (!empty($_SESSION['external_oauth_client_id'])) {
|
|
$clientId = $_SESSION['external_oauth_client_id'];
|
|
} elseif (empty($clientId) && !empty($providerConfig['client_id'])) {
|
|
$clientId = $providerConfig['client_id'];
|
|
}
|
|
|
|
return $clientId;
|
|
}
|
|
|
|
/**
|
|
* Get applicable client secret
|
|
* @param string $requestClientSecret
|
|
* @param array $providerConfig
|
|
* @return string
|
|
*/
|
|
public function getClientSecret(string $requestClientSecret, array $providerConfig): string
|
|
{
|
|
|
|
$clientSecret = $requestClientSecret ?? '';
|
|
if (!empty($_SESSION['external_oauth_client_secret'])) {
|
|
$clientSecret = $_SESSION['external_oauth_client_secret'];
|
|
} elseif (empty($clientSecret) && !empty($providerConfig['client_secret'])) {
|
|
$clientSecret = $providerConfig['client_secret'];
|
|
}
|
|
|
|
return $clientSecret;
|
|
}
|
|
|
|
/**
|
|
* Get applicable redirect uri
|
|
* @param array $providerConfig
|
|
* @return string
|
|
*/
|
|
public function getRedirectUri(array $providerConfig): string
|
|
{
|
|
return $providerConfig['redirect_uri'] ?? '';
|
|
}
|
|
|
|
/**
|
|
* Get extra provider params
|
|
* @param array $providerConfig
|
|
* @return array
|
|
*/
|
|
public function getExtraProviderParams(array $providerConfig): array
|
|
{
|
|
return $providerConfig['extra_provider_params'] ?? [];
|
|
}
|
|
|
|
/**
|
|
* Get options for building the authorize url
|
|
* @param array $providerConfig
|
|
* @return array
|
|
*/
|
|
public function getAuthorizeURLOptions(array $providerConfig): array
|
|
{
|
|
return $providerConfig['authorize_url_options'] ?? [];
|
|
}
|
|
|
|
/**
|
|
* Get options for the get token call
|
|
* @param array $providerConfig
|
|
* @return array
|
|
*/
|
|
public function getAccessTokenRequestOptions(array $providerConfig): array
|
|
{
|
|
return $providerConfig['get_token_request_options'] ?? [];
|
|
}
|
|
|
|
/**
|
|
* Get grant for access token request
|
|
* @param array $providerConfig
|
|
* @return string
|
|
*/
|
|
public function getAccessTokenRequestGrant(array $providerConfig): string
|
|
{
|
|
return $providerConfig['get_token_request_grant'] ?? 'authorization_code';
|
|
}
|
|
|
|
/**
|
|
* Get options for the refresh token call
|
|
* @param array $providerConfig
|
|
* @return array
|
|
*/
|
|
public function getRefreshTokenRequestOptions(array $providerConfig): array
|
|
{
|
|
return $providerConfig['refresh_token_request_options'] ?? [];
|
|
}
|
|
|
|
/**
|
|
* Get grant for refresh token request
|
|
* @param array $providerConfig
|
|
* @return string
|
|
*/
|
|
public function getRefreshTokenRequestGrant(array $providerConfig): string
|
|
{
|
|
return $providerConfig['refresh_token_request_grant'] ?? 'refresh_token';
|
|
}
|
|
|
|
/**
|
|
* Get token mapping configuration
|
|
* @return array|mixed
|
|
*/
|
|
protected function getTokenMapping()
|
|
{
|
|
$config = $this->getProviderConfig();
|
|
$tokenMapping = [];
|
|
|
|
if (!empty($config)) {
|
|
$tokenMapping = $config['token_mapping'] ?? [];
|
|
}
|
|
|
|
return $tokenMapping;
|
|
}
|
|
|
|
/**
|
|
* Get value from nested array using the given path
|
|
* @param array $data
|
|
* @param string $path
|
|
* @return array|mixed|null
|
|
*/
|
|
public function getArrayValue(array $data, string $path)
|
|
{
|
|
|
|
if (empty($path)) {
|
|
return null;
|
|
}
|
|
|
|
$indexes = explode('.', $path);
|
|
|
|
if (empty($indexes)) {
|
|
return null;
|
|
}
|
|
|
|
$result = $data;
|
|
|
|
foreach ($indexes as $index) {
|
|
$result = $result[$index] ?? [];
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* Map token according to token mapping configuration
|
|
* @param AccessTokenInterface $token
|
|
* @param $tokenMapping
|
|
* @return array
|
|
*/
|
|
protected function mapTokenDynamically(AccessTokenInterface $token, $tokenMapping): array
|
|
{
|
|
$tokenData = [
|
|
'access_token' => $token->getToken(),
|
|
'expires_in' => $token->getExpires(),
|
|
'refresh_token' => $token->getRefreshToken(),
|
|
'values' => $token->getValues(),
|
|
];
|
|
|
|
$mapped = [];
|
|
foreach ($tokenMapping as $tokenEntryKey => $tokenEntryValuePath) {
|
|
$mapped[$tokenEntryKey] = $this->getArrayValue($tokenData, $tokenEntryValuePath) ?? '';
|
|
}
|
|
|
|
return $mapped;
|
|
}
|
|
|
|
}
|