From 287f6bf91f0c53224abaf657154ff6b7cebb0dc6 Mon Sep 17 00:00:00 2001
From: Carlos Ruiz <carg67@gmail.com>
Date: Wed, 7 Jul 2021 17:30:33 +0200
Subject: [PATCH] IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and
 other mail system) (#771)

* IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and other mail system)

Split processToken in two public methods to allow calling from external interfaces

* Add suggestion from druiz
---
 .../model/MAuthorizationCredential.java       | 57 +++++++++++++------
 1 file changed, 41 insertions(+), 16 deletions(-)

diff --git a/org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java b/org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java
index c6714da033..d3988dbd73 100644
--- a/org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java
+++ b/org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java
@@ -55,7 +55,7 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
 	/**
 	 * 
 	 */
-	private static final long serialVersionUID = -2433704480923324032L;
+	private static final long serialVersionUID = -3318054439833405030L;
 
 	/**
 	 * Create empty Authorization Credential
@@ -106,10 +106,32 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
 				msg = "Process instance parameter for Scopes not found";
 				return msg;
 			}
+			MPInstanceLog pilog = pinstance.addLog(null, 0, null, null, MAuthorizationAccount.Table_ID, 0);
+			msg = processToken(Env.getCtx(), code, paramScope.getP_String(), pilog);
+		} catch (Exception ex) {
+			ex.printStackTrace();
+			msg = Msg.getMsg(getCtx(), "Error") + ex.getLocalizedMessage();
+			return msg;
+		}
+
+		return msg;
+	}
+
+	/**
+	 * Create or Update an Account based on the token received
+	 * @param ctx
+	 * @param code
+	 * @param paramScope
+	 * @param pilog
+	 * @return String message indicating success
+	 */
+	public String processToken(Properties ctx, String code, String paramScope, MPInstanceLog pilog) {
+		String msg = null;
+		try {
 			String clientId = getAuthorizationClientId();
 			String clientSecret = getAuthorizationClientSecret();
 			Timestamp ts = new Timestamp(System.currentTimeMillis());
-			MAuthorizationProvider ap = new MAuthorizationProvider(getCtx(), getAD_AuthorizationProvider_ID(), get_TrxName());
+			MAuthorizationProvider ap = new MAuthorizationProvider(ctx, getAD_AuthorizationProvider_ID(), get_TrxName());
 			AuthorizationCodeTokenRequest request = new AuthorizationCodeTokenRequest(new NetHttpTransport(),
 					GsonFactory.getDefaultInstance(),
 					new GenericUrl(ap.getTokenEndpoint()), code);
@@ -123,23 +145,23 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
 				email = (String) idtoken.getPayload().get("email");
 			}
 			if (email == null) {
-				msg = Msg.parseTranslation(getCtx(), "@Error@ @OAuthProcessToken_CouldNotGetEMail@");
+				msg = Msg.parseTranslation(ctx, "@Error@ @OAuthProcessToken_CouldNotGetEMail@");
 				return msg;
 			}
 
 			boolean newAccount = false;
 			MAuthorizationAccount account = null;
-			Query query = new Query(Env.getCtx(), MAuthorizationAccount.Table_Name, "AD_Client_ID=? AND AD_User_ID=? AND EMail=? AND AD_AuthorizationCredential_ID=?", get_TrxName());
-			query.setParameters(Env.getAD_Client_ID(Env.getCtx()), Env.getAD_User_ID(Env.getCtx()), email, getAD_AuthorizationCredential_ID());
+			Query query = new Query(ctx, MAuthorizationAccount.Table_Name, "AD_Client_ID=? AND AD_User_ID=? AND EMail=? AND AD_AuthorizationCredential_ID=?", get_TrxName());
+			query.setParameters(Env.getAD_Client_ID(ctx), Env.getAD_User_ID(ctx), email, getAD_AuthorizationCredential_ID());
 			account = query.setOnlyActiveRecords(true).first();
 			if (account == null) {
-				account = new MAuthorizationAccount(Env.getCtx(), 0, get_TrxName());
+				account = new MAuthorizationAccount(ctx, 0, get_TrxName());
 				account.setEMail(email);
 				account.setAD_AuthorizationCredential_ID(getAD_AuthorizationCredential_ID());
-				account.setAD_User_ID(Env.getAD_User_ID(Env.getCtx()));				
+				account.setAD_User_ID(Env.getAD_User_ID(ctx));
 				newAccount = true;
 			}
-			account.setAD_AuthorizationScopes(paramScope.getP_String());
+			account.setAD_AuthorizationScopes(paramScope);
 
 			account.setAccessToken(tokenResponse.getAccessToken());
 			account.setAccessTokenTimestamp(ts);
@@ -156,7 +178,7 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
 
 			if (tokenResponse.getRefreshToken() == null && account.getRefreshToken() == null) {
 				//revoke access and ask for retry
-				MAuthorizationProvider provider = new MAuthorizationProvider(getCtx(), getAD_AuthorizationProvider_ID(), get_TrxName());
+				MAuthorizationProvider provider = new MAuthorizationProvider(ctx, getAD_AuthorizationProvider_ID(), get_TrxName());
 				String revokeEndPoint = provider.getRevokeEndpoint();
 				if (revokeEndPoint != null) {
 					HttpRequestFactory factory = new NetHttpTransport().createRequestFactory();
@@ -164,7 +186,7 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
 					HttpRequest revokeRequest = factory.buildGetRequest(url);
 					revokeRequest.execute();
 				}
-				msg = Msg.parseTranslation(getCtx(), "@Error@ @OAuthProcessToken_NoRefreshToken@");
+				msg = Msg.parseTranslation(ctx, "@Error@ @OAuthProcessToken_NoRefreshToken@");
 				return msg;
 			}
 
@@ -172,17 +194,20 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
 				account.setRefreshToken(tokenResponse.getRefreshToken());
 			}
 			account.saveEx();
-			String logmsg = Msg.parseTranslation(getCtx(), (newAccount ? "@Created@" : "@Updated@") + " @AD_AuthorizationAccount_ID@ for ") + account.getEMail();
-			MPInstanceLog pilog = pinstance.addLog(null, 0, null, logmsg, MAuthorizationAccount.Table_ID, account.getAD_AuthorizationAccount_ID());
-			pilog.saveEx();
+			if (pilog != null) {
+				String logmsg = Msg.parseTranslation(ctx, (newAccount ? "@Created@" : "@Updated@") + " @AD_AuthorizationAccount_ID@ for ") + account.getEMail();
+				pilog.setP_Msg(logmsg);
+				pilog.setRecord_ID(account.getAD_AuthorizationAccount_ID());
+				pilog.saveEx();
+			}
 			account.syncOthers();
 			if (newAccount)
-				msg = Msg.getMsg(getCtx(), "Authorization_Access_OK", new Object[] {account.getEMail(), paramScope.getP_String()});
+				msg = Msg.getMsg(ctx, "Authorization_Access_OK", new Object[] {account.getEMail(), paramScope});
 			else
-				msg = Msg.getMsg(getCtx(), "Authorization_Access_Previous", new Object[] {account.getEMail(), paramScope.getP_String()});
+				msg = Msg.getMsg(ctx, "Authorization_Access_Previous", new Object[] {account.getEMail(), paramScope});
 		} catch (Exception ex) {
 			ex.printStackTrace();
-			msg = Msg.getMsg(getCtx(), "Error") + ex.getLocalizedMessage();
+			msg = Msg.getMsg(ctx, "Error") + ex.getLocalizedMessage();
 			return msg;
 		}