Skip to content

Commit

Permalink
Merge pull request osTicket#265 from protich/auth-oauth/resource_owner
Browse files Browse the repository at this point in the history 
Reviewed-By: protich <peter@osticket.com>, JediKev <kevin@enhancesoft.com>
  • Loading branch information
@JediKev
JediKev authored Mar 7, 2023
2 parents d866053 + 029c4c9 commit 4d95ec8
Showing 1 changed file with 29 additions and 12 deletions.
41 changes: 29 additions & 12 deletions auth-oauth2/oauth2.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,6 @@ trait OAuth2AuthenticationTrait {
private $provider;
// debug mode flag
private $debug = false;
// Strict flag
// TODO: Make it configurable (checkbox)
private $strict = false;

// SESSION store for data like AuthNRequestID
private $session;
Expand Down Expand Up @@ -109,10 +106,6 @@ function callback($resp, $ref=null) {
}
}

private function isStrict() {
return (bool) $this->strict;
}

function getId() {
return static::$id;
}
Expand Down Expand Up @@ -277,6 +270,14 @@ class OAuth2EmailAuthBackend implements OAuth2AuthBackend {
const ERR_EMAIL_MISMATCH = 2;
const ERR_REFRESH_TOKEN = 3;

private function isStrict() {
// TODO: Require osTicket v1.18 and delegate strict checking to
// the email account ($this->account->isStrict())
// For now the flag is being set via the provider by overloading
// backend id
return ($this->provider && $this->provider->isStrict());
}

function getEmailId() {
return $this->account->getEmailId();
}
Expand Down Expand Up @@ -313,11 +314,18 @@ public function callback($resp, $ref=null) {

if (!isset($attrs['email']))
$errors[$err] = $this->error_msg(self::ERR_EMAIL_ATTR, $attrs);
elseif ($this->isStrict() && !$this->signIn($attrs))
$errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs);
elseif (!$info['refresh_token'])
$errors[$err] = $this->error_msg(self::ERR_REFRESH_TOKEN);
elseif (!$this->updateCredentials($info, $errors))
elseif (!$this->signIn($attrs) && $this->isStrict()) {
// On strict mode email mismatch is an error
// TODO: Move Strict checking to osTiket core on
// credentials update.
$errors[$err] = $this->error_msg(self::ERR_EMAIL_MISMATCH, $attrs);
}
// Update the credentials if no validation errors
if (!$errors
&& !$this->updateCredentials($info, $errors)
&& !isset($errors[$err]))
$errors[$err] = $this->error_msg(self::ERR_UNKNOWN);
}
} catch (Exception $ex) {
Expand Down Expand Up @@ -385,11 +393,18 @@ abstract class OAuth2ProviderBackend extends OAuth2AuthorizationBackend {
private $plugin_id;
static $defaults = [];

// Strict flag
private $strict = false;

function __construct($options=[]) {
if (isset($options['plugin_id']))
$this->plugin_id = (int) $options['plugin_id'];
}

function isStrict() {
return (bool) $this->strict;
}

function getId() {
return static::$id;
}
Expand Down Expand Up @@ -445,14 +460,16 @@ function addPluginInstance($vars, &$errors) {
}

function getEmailAuthBackend($id) {
list($auth, $a, $i) = self::parseId($id);
list($auth, $a, $i, $strict) = self::parseId($id);
if (!strcasecmp($auth, $this->getId())
&& ($plugin=$this->getPlugin())
&& $plugin->isActive()
&& ($instance=$this->getPluginInstance((int) $i))
&& ($config=$instance->getConfig())
&& ($account=EmailAccount::lookup((int) $a))
&& $account->isEnabled()) {
// Set strict flag
$this->strict = (bool) $strict;
$bk = new OAuth2EmailAuthBackend($config, $this);
$bk->account = $account;
return $bk;
Expand Down Expand Up @@ -533,7 +550,7 @@ protected function getAuthorizationParameters(array $options) {
}


class GenericOauth2Provider extends Oauth2ProviderBackend {
class GenericOauth2Provider extends OAuth2ProviderBackend {
static $id = 'oauth2:other';
static $name = 'OAuth2 - Other';
static $defaults = [];
Expand Down

0 comments on commit 4d95ec8

Please sign in to comment.