Work on consolibyte#181, initial OAuth2 authentication flow working; …

…still need to do the actual request signing part of things and OpenID Connect.
elogistical · May 7, 2019 · 7ac1c38 · 7ac1c38
1 parent 80fd450
commit 7ac1c38
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 28 deletions.
diff --git a/QuickBooks/Driver.php b/QuickBooks/Driver.php
@@ -1414,19 +1414,31 @@ public function oauthLoadV2($key, $app_tenant)
 
 	abstract protected function _oauthLoadV2($app_tenant);
 
-	public function oauthAccessWrite($key, $request_token, $token, $token_secret, $realm, $flavor)
+	public function oauthAccessWriteV1($key, $request_token, $token, $token_secret, $realm, $flavor)
 	{
 		$AES = QuickBooks_Encryption_Factory::create('aes');
-		
+
 		$encrypted_token = $AES->encrypt($key, $token);
 		$encrypted_token_secret = $AES->encrypt($key, $token_secret);
-		
-		return $this->_oauthAccessWrite($request_token, $encrypted_token, $encrypted_token_secret, $realm, $flavor);
+
+		return $this->_oauthAccessWriteV1($request_token, $encrypted_token, $encrypted_token_secret, $realm, $flavor);
 	}
-
-	abstract protected function _oauthAccessWrite($request_token, $token, $token_secret, $realm, $flavor);
-
-
+
+	abstract protected function _oauthAccessWriteV1($request_token, $token, $token_secret, $realm, $flavor);
+
+	public function oauthAccessWriteV2($encryption_key, $state, $access_token, $refresh_token, $access_expiry, $refresh_expiry, $qb_realm)
+	{
+		$AES = QuickBooks_Encryption_Factory::create('aes');
+
+		$encrypted_access_token = $AES->encrypt($encryption_key, $access_token);
+		$encrypted_refresh_token = $AES->encrypt($encryption_key, $refresh_token);
+
+		return $this->_oauthAccessWriteV2($state, $encrypted_access_token, $encrypted_refresh_token, $access_expiry, $refresh_expiry, $qb_realm);
+	}
+
+	abstract protected function _oauthAccessWriteV2($state, $access_token, $refresh_token, $access_expiry, $refresh_expiry, $qb_realm);
+
+
 	public function oauthAccessDelete($app_username, $app_tenant)
 	{
 		return $this->_oauthAccessDelete($app_username, $app_tenant);

diff --git a/QuickBooks/Driver/Sql.php b/QuickBooks/Driver/Sql.php
@@ -2148,7 +2148,9 @@ protected function _oauthRequestResolveV2($state)
 			FROM
 				" . $this->_mapTableName(QUICKBOOKS_DRIVER_SQL_OAUTHV2TABLE) . "
 			WHERE
-				oauth_state = '%s' ", $errnum, $errmsg, null, null, array( $state )));
+				oauth_state = '%s' AND
+				request_datetime >= '%s'  
+				", $errnum, $errmsg, null, null, array( $state, date('Y-m-d H:i:s', strtotime('-30 minutes')) )));
 	}
 
 
@@ -2290,13 +2292,13 @@ protected function _oauthRequestWriteV1($app_tenant, $token, $token_secret)
 		}
 	}
 
-	protected function _oauthAccessWrite($request_token, $token, $token_secret, $realm, $flavor)
+	protected function _oauthAccessWriteV1($request_token, $token, $token_secret, $realm, $flavor)
 	{
 		$errnum = 0;
 		$errmsg = '';
 
 		// Check if it exists or not first
-		if ($arr = $this->_oauthRequestResolve($request_token))
+		if ($arr = $this->_oauthRequestResolveV1($request_token))
 		{
 			$vars = array( $token, $token_secret, date('Y-m-d H:i:s') );
 
@@ -2332,6 +2334,54 @@ protected function _oauthAccessWrite($request_token, $token, $token_secret, $rea
 		return false;
 	}
 
+	protected function _oauthAccessWriteV2($state, $encrypted_access_token, $encrypted_refresh_token, $access_expiry, $refresh_expiry, $qb_realm)
+	{
+		$errnum = 0;
+		$errmsg = '';
+
+		// Check if it exists or not first
+		if ($arr = $this->_oauthRequestResolveV2($state))
+		{
+			$vars = array(
+				$encrypted_access_token,
+				$encrypted_refresh_token,
+				date('Y-m-d H:i:s', strtotime($access_expiry)),
+				date('Y-m-d H:i:s', strtotime($refresh_expiry)),
+				date('Y-m-d H:i:s'),
+				date('Y-m-d H:i:s'),
+				date('Y-m-d H:i:s')
+				);
+
+			$more = "";
+
+			if ($qb_realm)
+			{
+				$more .= ", qb_realm = '%s' ";
+				$vars[] = $qb_realm;
+			}
+
+			$vars[] = $state;
+
+			// Exists... UPDATE!
+			return $this->query("
+				UPDATE
+					" . $this->_mapTableName(QUICKBOOKS_DRIVER_SQL_OAUTHV2TABLE) . "
+				SET
+					oauth_access_token = '%s',
+					oauth_refresh_token = '%s',
+					oauth_access_expiry = '%s',
+					oauth_refresh_expiry = '%s',
+					access_datetime = '%s', 
+					last_access_datetime = '%s',
+					last_refresh_datetime = '%s' 
+					" . $more . "
+				WHERE
+					oauth_state = '%s' ", $errnum, $errmsg, null, null, $vars);
+		}
+
+		return false;
+	}
+
 	protected function _oauthAccessDelete($app_username, $app_tenant)
 	{
 		$errnum = 0;
@@ -3145,8 +3195,11 @@ protected function _initialize($init_options = array())
 		$def = array(
 			'quickbooks_oauthv2_id' => array( QUICKBOOKS_DRIVER_SQL_SERIAL ),
 			'app_tenant' => array( QUICKBOOKS_DRIVER_SQL_VARCHAR, 255 ),
-
-			'oauth_access_token' => array( QUICKBOOKS_DRIVER_SQL_VARCHAR, 255, 'null' ),
+			'oauth_scope' => array( QUICKBOOKS_DRIVER_SQL_VARCHAR, 255 ),
+			'oauth_access_token' => array( QUICKBOOKS_DRIVER_SQL_TEXT, null ),
+			'oauth_refresh_token' => array( QUICKBOOKS_DRIVER_SQL_TEXT, null ),
+			'oauth_access_expiry' => array( QUICKBOOKS_DRIVER_SQL_DATETIME, null, 'null' ),
+			'oauth_refresh_expiry' => array( QUICKBOOKS_DRIVER_SQL_DATETIME, null, 'null' ),
 			'qb_realm' => array( QUICKBOOKS_DRIVER_SQL_VARCHAR, 32, 'null' ),
 			'request_datetime' => array( QUICKBOOKS_DRIVER_SQL_DATETIME ),
 			'access_datetime' => array( QUICKBOOKS_DRIVER_SQL_DATETIME, null, 'null' ),

diff --git a/QuickBooks/IPP/IntuitAnywhere.php b/QuickBooks/IPP/IntuitAnywhere.php
@@ -410,7 +410,7 @@ public function handle($app_tenant)
 
 					if ($info)
 					{
-						$this->_driver->oauthAccessWrite(
+						$this->_driver->oauthAccessWriteV1(
 							$this->_key, 
 							$arr['oauth_request_token'], 
 							$info['oauth_token'], 
@@ -439,9 +439,6 @@ public function handle($app_tenant)
 			{
 				// Try to get an access/refresh token here
 
-				print_r($_GET);
-				print_r($info);
-
 				if ($discover = $this->_discover())
 				{
 					$ch = curl_init($discover['token_endpoint']);
@@ -452,30 +449,33 @@ public function handle($app_tenant)
 						'grant_type' => 'authorization_code',
 						)));
 
-					//curl_setopt($ch, CURLOPT_HTTPHEADER, array(
-					//	'Authorization: Basic ' . base64_encode($this->_client_id . ': ' . $this->_client_secret),
-					//	));
 					curl_setopt($ch, CURLOPT_USERPWD, $this->_client_id . ':' . $this->_client_secret);
 
 					curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 					curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);   // Do not follow; security risk here
 					$retr = curl_exec($ch);
 					$info = curl_getinfo($ch);
 
-					error_log('user/pass: [' . $this->_client_id . ':' . $this->_client_secret . ']');
-					error_log('RETURNED: [' . $retr . ']');
-					error_log(print_r($info, true));
-
 					if ($info['http_code'] == 200)
 					{
-						print_r($info);
-						print_r($retr);
+						$json = json_decode($retr, true);
+
+						$this->_driver->oauthAccessWriteV2(
+							$this->_key,
+							$_GET['state'],
+							$json['access_token'],
+							$json['refresh_token'],
+							date('Y-m-d H:i:s', time() + (int) $json['expires_in']),
+							date('Y-m-d H:i:s', time() + (int) $json['x_refresh_token_expires_in']),
+							$_GET['realmId']);
 
-						error_log('TOKENS: ' . print_r($retr, true));
+						header('Location: ' . $this->_that_url);
+						exit;
 					}
 					else
 					{
-
+						print('An error occurred fetching the access/refresh token.');
+						return false;
 					}
 				}