fixed oauth

27beee5f · Andrey Shevchuk · 4b11dc3d · 27beee5f · 27beee5f · 27beee5f
Commit 27beee5f authored Oct 05, 2021 by Andrey Shevchuk
3 changed files
--- a/opt/thirdlane/perl_lib/lib/Thirdlane/Auth/OAuth2.pm
+++ b/opt/thirdlane/perl_lib/lib/Thirdlane/Auth/OAuth2.pm
@@ -858,6 +858,30 @@ sub update_auth_data_access {
          if exists $access_data->{access_token}
          && exists $access_data->{access_token}->{refresh_token};

+        $self->provider->set_auth_data(
+            {
+                store   => "authentications",
+                key     => "accounts_server",
+                value   => $access_data->{access_token}->{accounts_server},
+                type    => "string",
+                ttl     => $self->get_request_max_ttl(),
+                user_id => $args->{user_id},
+                context => $args->{state}
+            }
+        ) if exists $access_data->{access_token}->{accounts_server};
+
+        $self->provider->set_auth_data(
+            {
+                store   => "authentications",
+                key     => "api_domain",
+                value   => $access_data->{access_token}->{api_domain},
+                type    => "string",
+                ttl     => $self->get_request_max_ttl(),
+                user_id => $args->{user_id},
+                context => $args->{state}
+            }
+        ) if exists $access_data->{access_token}->{api_domain};
+
        return 1;
    }

@@ -955,7 +979,7 @@ sub process_received_code {
      && length $args->{code};

    my $access_data =
-      $self->provider->get_access_token( { code => $args->{code} } );
+      $self->provider->get_access_token( { code => $args->{code}, ( $args->{accounts_server} ? ( accounts_server => $args->{accounts_server} ) : () ) } );

    my $is_login = 0;

@@ -997,8 +1021,6 @@ sub process_received_code {
        return undef unless $is_login;
    }

-    my $is_requested = 0;
-
    my $uuid = $self->provider->gen_uuid();
    my $context = { context => $args->{state} };

@@ -1007,21 +1029,9 @@ sub process_received_code {
    if (   defined $auth_data
        && exists $args->{state}
        && exists $auth_data->{ $args->{state} }->{requests}->{type}->{string}
-        && $auth_data->{ $args->{state} }->{requests}->{type}->{string} eq
-        "authorization" )
-    {
-        $is_requested = 1;
-    }
-    elsif (defined $auth_data
-        && exists $args->{state}
-        && exists $auth_data->{ $args->{state} }->{requests}->{type}->{string}
-        && $auth_data->{ $args->{state} }->{requests}->{type}->{string} eq
-        "authentication" )
+        && grep { $_ eq $auth_data->{ $args->{state} }->{requests}->{type}->{string} } qw(authorization authentication) )
    {
-        $is_requested = 1;
-    }

-    if ($is_requested) {
        $args->{user_id} =
          $auth_data->{ $args->{state} }->{requests}->{user_id}->{string}
          unless exists $args->{user_id};

--- a/opt/thirdlane/perl_lib/lib/Thirdlane/Auth/OAuth2/Generic.pm
+++ b/opt/thirdlane/perl_lib/lib/Thirdlane/Auth/OAuth2/Generic.pm
@@ -466,7 +466,7 @@ sub get_ua {

    my $ua_config = $self->merge( $self->{internal}->{config}->{ua}, $config );

-    my $ua = LWP::UserAgent->new( %{ $self->{internal}->{config}->{ua} } );
+    my $ua = LWP::UserAgent->new( %{ $self->{internal}->{config}->{ua} }, ssl_opts => { verify_hostname => 0 } );

    $ua->timeout( $self->{internal}->{config}->{ua}->{timeout} )
      if exists $self->{internal}->{config}->{ua}->{timeout};

--- a/opt/thirdlane/perl_lib/lib/Thirdlane/Auth/OAuth2/Zoho.pm
+++ b/opt/thirdlane/perl_lib/lib/Thirdlane/Auth/OAuth2/Zoho.pm
@@ -5,13 +5,15 @@ use utf8;
 use strict;
 use warnings;

-
 use URI;
-use Digest::MD5 qw(md5_hex);
 use JSON::XS qw(encode_json decode_json);

 use constant {
-    DISCOVERY_URL => q{https://accounts.zoho.com/oauth/v2/.well-known/openid-configuration}
+    DISCOVERY_URL  => q{https://accounts.zoho.com/oauth/v2/.well-known/openid-configuration},
+    ACCOUNT_URL    => q{https://accounts.zoho.com},
+    TOKEN_ENDPOINT => q{/oauth/v2/token},
+    AUTH_ENDPOINT  => q{/oauth/v2/auth},
+    ACCESS_SCOPE   => q{ZohoCRM.modules.ALL}
 };

 sub discovery_url {
@@ -41,36 +43,14 @@ sub get_access_token {
    my $token_response = eval { $self->web_req( {
 	method => "POST",
 #	url => $self->get_provider_data("token_endpoint"),
-	url => 'https://accounts.zoho.com/oauth/v2/token',
+	url => ( $args->{accounts_server} // ACCOUNT_URL ) . TOKEN_ENDPOINT,
 	body => [ %{ $access_token_query } ],
 	json => 1
     } ) };

    if ( defined $token_response ) {
 	$result->{access_token} = $token_response;
-
-#	my $key_response = $self->cache->get('oauth::config::provider::' . $self->name . '::jwks');
-
-#	unless ( defined $key_response ) {
-	    my $key_response = eval { $self->web_req( {
-		method => "GET",
-#		url => $self->get_provider_data("jwks_uri"),
-		url => 'https://accounts.zoho.com/oauth/v2/token',
-		json => 1
-	    } ) };
-#	    $self->cache->set('oauth::config::provider::' . $self->name . '::jwks', $key_response, 60*60)
-#		if defined $key_response;
-#	}
-
-	if ( defined $key_response ) {
-	    $result->{public_keys} = $key_response;
-
-	    my $verify_result = eval { $self->try_decode_jwt($token_response->{id_token}, $key_response) };
-
-	    if ( $verify_result ) {
-		$result->{id_token} = $verify_result;
-	    }
-	}
+	$result->{access_token}->{accounts_server} = $args->{accounts_server} // ACCOUNT_URL;
    }

    return $result;
@@ -96,7 +76,7 @@ sub refresh_access_token {
    my $token_response = eval { $self->web_req( {
 	method => "POST",
 #	url => $self->get_provider_data("token_endpoint"),
-	url => 'https://accounts.zoho.com/oauth/v2/token',
+	url => ( $args->{accounts_server} // ACCOUNT_URL ) . TOKEN_ENDPOINT,
 	body => [ %{ $refresh_token_query } ],
 	json => 1
     } ) };
@@ -127,7 +107,7 @@ sub revoke_token {
    my $revoke_token_response = eval { $self->web_req( {
 	method => "POST",
 #	url => $self->get_provider_data("revocation_endpoint"),
-	url => 'https://accounts.zoho.com/oauth/v2/token',
+	url => ( $args->{accounts_server} // ACCOUNT_URL ) . TOKEN_ENDPOINT,
 	body => [ %{ $revoke_token_query } ]
     } ) };

@@ -145,13 +125,11 @@ sub authentication_url {
    my ( $args ) = @_;

 #    my $uri = URI->new( $self->get_provider_data("authorization_endpoint") );
-    my $uri = URI->new( 'https://accounts.zoho.com/oauth/v2/auth');
+    my $uri = URI->new( ACCOUNT_URL . AUTH_ENDPOINT);

    my $authentication_query = {
-	scope => "crmapi",
-	prompt => "consent", #none consent select_account ""
+	scope => ACCESS_SCOPE,
 	access_type => "offline", #offline(refresh token)  online
-	include_granted_scopes => "true",
 	response_type => "code",

 	client_id => $self->{provider}->{client_id},
@@ -172,13 +150,11 @@ sub authorization_url {
    my ( $args ) = @_;

 #    my $uri = URI->new( $self->get_provider_data("authorization_endpoint") );
-    my $uri = URI->new( 'https://accounts.zoho.com/oauth/v2/auth');
+    my $uri = URI->new( ACCOUNT_URL . AUTH_ENDPOINT);

    my $authorization_query = {
-	scope => "crmapi",
-	prompt => "consent", #none consent select_account ""
+	scope => ACCESS_SCOPE,
 	access_type => "offline", #offline(refresh token)  online
-	include_granted_scopes => "true",
 	response_type => "code",

 	client_id => $self->{provider}->{client_id},
@@ -199,13 +175,11 @@ sub signin_url {
    my ( $args ) = @_;

 #    my $uri = URI->new( $self->get_provider_data("authorization_endpoint") );
-    my $uri = URI->new( 'https://accounts.zoho.com/oauth/v2/auth');
+    my $uri = URI->new( ACCOUNT_URL . AUTH_ENDPOINT);

    my $authentication_query = {
-	scope => "crmapi",
-	prompt => "consent", #none consent select_account ""
+	scope => ACCESS_SCOPE,
 	access_type => "offline", #offline(refresh token)  online
-	include_granted_scopes => "true",
 	response_type => "code",

 	client_id => $self->{provider}->{client_id},