midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and other mail system) (#771) 

* IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and other mail system)

Split processToken in two public methods to allow calling from external interfaces

* Add suggestion from druiz
This commit is contained in:
Carlos Ruiz 2021-07-07 17:30:33 +02:00 committed by GitHub
parent 8ef060d938
commit 287f6bf91f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 41 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java
View File

@ -55,7 +55,7 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
/** /**
* *
*/ */
private static final long serialVersionUID = -2433704480923324032L; private static final long serialVersionUID = -3318054439833405030L;
/** /**
* Create empty Authorization Credential * Create empty Authorization Credential
@ -106,10 +106,32 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
msg = "Process instance parameter for Scopes not found"; msg = "Process instance parameter for Scopes not found";
return msg; return msg;
} }
MPInstanceLog pilog = pinstance.addLog(null, 0, null, null, MAuthorizationAccount.Table_ID, 0);
msg = processToken(Env.getCtx(), code, paramScope.getP_String(), pilog);
} catch (Exception ex) {
ex.printStackTrace();
msg = Msg.getMsg(getCtx(), "Error") + ex.getLocalizedMessage();
return msg;
}
return msg;
}
/**
* Create or Update an Account based on the token received
* @param ctx
* @param code
* @param paramScope
* @param pilog
* @return String message indicating success
*/
public String processToken(Properties ctx, String code, String paramScope, MPInstanceLog pilog) {
String msg = null;
try {
String clientId = getAuthorizationClientId(); String clientId = getAuthorizationClientId();
String clientSecret = getAuthorizationClientSecret(); String clientSecret = getAuthorizationClientSecret();
Timestamp ts = new Timestamp(System.currentTimeMillis()); Timestamp ts = new Timestamp(System.currentTimeMillis());
MAuthorizationProvider ap = new MAuthorizationProvider(getCtx(), getAD_AuthorizationProvider_ID(), get_TrxName()); MAuthorizationProvider ap = new MAuthorizationProvider(ctx, getAD_AuthorizationProvider_ID(), get_TrxName());
AuthorizationCodeTokenRequest request = new AuthorizationCodeTokenRequest(new NetHttpTransport(), AuthorizationCodeTokenRequest request = new AuthorizationCodeTokenRequest(new NetHttpTransport(),
GsonFactory.getDefaultInstance(), GsonFactory.getDefaultInstance(),
new GenericUrl(ap.getTokenEndpoint()), code); new GenericUrl(ap.getTokenEndpoint()), code);
@ -123,23 +145,23 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
email = (String) idtoken.getPayload().get("email"); email = (String) idtoken.getPayload().get("email");
} }
if (email == null) { if (email == null) {
msg = Msg.parseTranslation(getCtx(), "@Error@ @OAuthProcessToken_CouldNotGetEMail@"); msg = Msg.parseTranslation(ctx, "@Error@ @OAuthProcessToken_CouldNotGetEMail@");
return msg; return msg;
} }
boolean newAccount = false; boolean newAccount = false;
MAuthorizationAccount account = null; MAuthorizationAccount account = null;
Query query = new Query(Env.getCtx(), MAuthorizationAccount.Table_Name, "AD_Client_ID=? AND AD_User_ID=? AND EMail=? AND AD_AuthorizationCredential_ID=?", get_TrxName()); Query query = new Query(ctx, MAuthorizationAccount.Table_Name, "AD_Client_ID=? AND AD_User_ID=? AND EMail=? AND AD_AuthorizationCredential_ID=?", get_TrxName());
query.setParameters(Env.getAD_Client_ID(Env.getCtx()), Env.getAD_User_ID(Env.getCtx()), email, getAD_AuthorizationCredential_ID()); query.setParameters(Env.getAD_Client_ID(ctx), Env.getAD_User_ID(ctx), email, getAD_AuthorizationCredential_ID());
account = query.setOnlyActiveRecords(true).first(); account = query.setOnlyActiveRecords(true).first();
if (account == null) { if (account == null) {
account = new MAuthorizationAccount(Env.getCtx(), 0, get_TrxName()); account = new MAuthorizationAccount(ctx, 0, get_TrxName());
account.setEMail(email); account.setEMail(email);
account.setAD_AuthorizationCredential_ID(getAD_AuthorizationCredential_ID()); account.setAD_AuthorizationCredential_ID(getAD_AuthorizationCredential_ID());
account.setAD_User_ID(Env.getAD_User_ID(Env.getCtx())); account.setAD_User_ID(Env.getAD_User_ID(ctx));
newAccount = true; newAccount = true;
} }
account.setAD_AuthorizationScopes(paramScope.getP_String()); account.setAD_AuthorizationScopes(paramScope);
account.setAccessToken(tokenResponse.getAccessToken()); account.setAccessToken(tokenResponse.getAccessToken());
account.setAccessTokenTimestamp(ts); account.setAccessTokenTimestamp(ts);
@ -156,7 +178,7 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
if (tokenResponse.getRefreshToken() == null && account.getRefreshToken() == null) { if (tokenResponse.getRefreshToken() == null && account.getRefreshToken() == null) {
//revoke access and ask for retry //revoke access and ask for retry
MAuthorizationProvider provider = new MAuthorizationProvider(getCtx(), getAD_AuthorizationProvider_ID(), get_TrxName()); MAuthorizationProvider provider = new MAuthorizationProvider(ctx, getAD_AuthorizationProvider_ID(), get_TrxName());
String revokeEndPoint = provider.getRevokeEndpoint(); String revokeEndPoint = provider.getRevokeEndpoint();
if (revokeEndPoint != null) { if (revokeEndPoint != null) {
HttpRequestFactory factory = new NetHttpTransport().createRequestFactory(); HttpRequestFactory factory = new NetHttpTransport().createRequestFactory();
@ -164,7 +186,7 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
HttpRequest revokeRequest = factory.buildGetRequest(url); HttpRequest revokeRequest = factory.buildGetRequest(url);
revokeRequest.execute(); revokeRequest.execute();
} }
msg = Msg.parseTranslation(getCtx(), "@Error@ @OAuthProcessToken_NoRefreshToken@"); msg = Msg.parseTranslation(ctx, "@Error@ @OAuthProcessToken_NoRefreshToken@");
return msg; return msg;
} }
@ -172,17 +194,20 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
account.setRefreshToken(tokenResponse.getRefreshToken()); account.setRefreshToken(tokenResponse.getRefreshToken());
} }
account.saveEx(); account.saveEx();
String logmsg = Msg.parseTranslation(getCtx(), (newAccount ? "@Created@" : "@Updated@") + " @AD_AuthorizationAccount_ID@ for ") + account.getEMail(); if (pilog != null) {
MPInstanceLog pilog = pinstance.addLog(null, 0, null, logmsg, MAuthorizationAccount.Table_ID, account.getAD_AuthorizationAccount_ID()); String logmsg = Msg.parseTranslation(ctx, (newAccount ? "@Created@" : "@Updated@") + " @AD_AuthorizationAccount_ID@ for ") + account.getEMail();
pilog.saveEx(); pilog.setP_Msg(logmsg);
pilog.setRecord_ID(account.getAD_AuthorizationAccount_ID());
pilog.saveEx();
}
account.syncOthers(); account.syncOthers();
if (newAccount) if (newAccount)
msg = Msg.getMsg(getCtx(), "Authorization_Access_OK", new Object[] {account.getEMail(), paramScope.getP_String()}); msg = Msg.getMsg(ctx, "Authorization_Access_OK", new Object[] {account.getEMail(), paramScope});
else else
msg = Msg.getMsg(getCtx(), "Authorization_Access_Previous", new Object[] {account.getEMail(), paramScope.getP_String()}); msg = Msg.getMsg(ctx, "Authorization_Access_Previous", new Object[] {account.getEMail(), paramScope});
} catch (Exception ex) { } catch (Exception ex) {
ex.printStackTrace(); ex.printStackTrace();
msg = Msg.getMsg(getCtx(), "Error") + ex.getLocalizedMessage(); msg = Msg.getMsg(ctx, "Error") + ex.getLocalizedMessage();
return msg; return msg;
} }