Merge branch 'cooperatic_django_odoo_auth' into 'main'

Add cooperatic-django-odoo-auth plugin

See merge request !5

README.md

@@ -4,10 +4,11 @@
 - dupliquer `.htaccess-example` et `qa-config-example.php` et les renommer en enlevant le mot `example`. Dans `qu-config.php` ajouter le nom de la base de donnée, l’utilisateur etc. :
 
 ```php
-define('QA_MYSQL_HOSTNAME', 'localhost');
+    define('QA_MYSQL_HOSTNAME', 'localhost');
 	define('QA_MYSQL_USERNAME', 'lacagette');
 	define('QA_MYSQL_PASSWORD', 'cagette2015');
 	define('QA_MYSQL_DATABASE', 'openbarlacagette');
+    define('COOPERATIC_DJANGO_ODOO_URL', 'https://domaine.accueil/members/external_login');
 ```
 
 Créer une database mySQL

qa-include/pages/login.php

@@ -65,7 +65,8 @@ if (qa_clicked('dologin') && (strlen($inemailhandle) || strlen($inpassword))) {
 			qa_limits_increment(null, QA_LIMIT_LOGINS);
 
 			$errors = array();
-
+			qa-plugin/cooperatic-django-odoo-auth/
+			require_once QA_INCLUDE_DIR.'../qa-plugin/cooperatic-django-odoo-auth/qa-cooperatic-django-odoo-process.php';
 			if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) { // handles can't contain @ symbols
 				$matchusers = qa_db_user_find_by_email($inemailhandle);
 			} else {

qa-plugin/cooperatic-django-odoo-auth/django-odoo-login-logout-page.php

+<?php
+
+class django_odoo_logout_process {
+  var $directory;
+  var $urltoroot;
+
+  function load_module($directory, $urltoroot) {
+    $this->directory=$directory;
+    $this->urltoroot=$urltoroot;
+  } // end function load_module
+
+  function suggest_requests() {
+    return array(
+      array(
+        'title' => 'Logout',
+        'request' => 'auth/logout',
+        'nav' => 'null',
+      ),
+    );
+  } // end function suggest_requests
+
+  function match_request($request) {
+    if ($request=='auth/logout')
+      return true;
+
+    return false;
+  } // end function match_request
+
+  function process_request($request) {
+    require_once QA_INCLUDE_DIR."qa-base.php";
+
+    $expire = 14*24*60*60;
+    if(isset($_SESSION['logout_url'])) {
+      $tourl = $_SESSION['logout_url'];
+    } else {
+      $tourl = false;
+    }
+    session_destroy();
+    if (!$tourl) {
+      qa_redirect('logout');
+    } else {
+      header('Location: '.$tourl);
+    }
+    return null;
+  } // end function process_request
+
+}
+?>
\ No newline at end of file

qa-plugin/cooperatic-django-odoo-auth/django-odoo-login.php

+<?php
+
+class django_odoo_login {
+  function load_module($directory, $urltoroot) {
+    $this->directory=$directory;
+    $this->urltoroot=$urltoroot;
+  }
+  function match_source($source) {
+    return $source=='cooperatic_dj_o';
+  }
+}
\ No newline at end of file

qa-plugin/cooperatic-django-odoo-auth/djangoOdooServer.php

+<?php
+
+class djangoOdooServer {
+
+	public static function getUserAttributes($user,$pass) {
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL, COOPERATIC_DJANGO_ODOO_URL);
+	    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
+	    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($ch, CURLOPT_POST, true);
+		// fp is needed for compatibility : random string is fine for this
+        $datas = array("login"=>$user,"password"=>$pass, "fp"=>substr(str_shuffle(MD5(microtime())), 0, 16));
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $datas);
+        $response = curl_exec($ch);
+        if ($response) {
+        	try {
+        		return json_decode($response);
+        	} catch (Exception $e) {
+        		return NULL;
+        	}
+        	
+        }		
+        
+	}
+}

qa-plugin/cooperatic-django-odoo-auth/qa-cooperatic-django-odoo-process.php

+<?php
+  /* This script grabs the user/pass combo directly
+   * from the Question2Answer login page.
+   * It uses a service account to find
+   * the user in the odoo database, via Django
+   * When found the user/pass combo is checked against the
+   * Odoo authentication source. Following
+   * this check, it either creates a SESSION array or
+   * a cookie that can be checked by the ldap-login
+   * module's check_login function, and bypasses the
+   * internal QA auth mechanism by redirecting back to
+   * the login page.
+  */
+
+  require_once QA_INCLUDE_DIR."qa-base.php";
+
+  require_once QA_INCLUDE_DIR."../qa-plugin/cooperatic-django-odoo-auth/djangoOdooServer.php";
+
+  function django_odoo_process ($user,$pass) {
+
+
+    // Check ig user or pass is empty
+    if ( '' == $user || '' ==  $pass ) {
+      return false;
+    }
+
+    try {
+      return djangoOdooServer::getUserAttributes($user,$pass);
+    } catch (Exception $e) {
+      // log
+    } 
+
+    return false;
+  }
+  function isEmpty($attr) {
+    if($attr == '' || preg_match("/^[[:space:]]+$/", $attr)) {
+      return true;
+    }
+    return false;
+  }
+
+  $expire = 14*24*60*60;
+
+  if (!isEmpty($inemailhandle)) {
+    if (!isEmpty($inpassword)) {
+      $call_result = django_odoo_process($inemailhandle,$inpassword);
+
+      if ($call_result && isset($call_result->credentials)) {
+        if (!isset($call_result->credentials->failure)) {
+          $source = 'cooperatic_dj_o';
+          $identifier = $inemailhandle;
+
+          $fname = $call_result->credentials->firstname;
+          $hdle_size = strlen($fname) + strlen($coop_num);
+          if ($hdle_size > 20) {
+            # remove fname caracters to fit with maximum handle length
+            $fname = substr($fname, 0, strlen($fname) - ($hdle_size -20));
+          }
+
+          $fields['email'] = $inemailhandle;
+          $fields['confirmed'] = true;
+          $fields['handle'] = $fname . $call_result->credentials->coop_num;;
+          $fields['name'] = $call_result->credentials->firstname . ' ' . $call_result->credentials->lastname;
+          qa_log_in_external_user($source, $identifier, $fields, $inremember);
+          $topath=qa_get('to');
+          if (isset($topath))
+            qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
+          else
+            qa_redirect('');
+          exit();
+        }
+
+      } 
+    }
+  }
\ No newline at end of file

qa-plugin/cooperatic-django-odoo-auth/qa-plugin.php

+<?php
+
+/*
+  Plugin Name: Cooperatic Odoo thru Django auth
+  Plugin Description: Allows Odoo cooperative members to connect
+  Plugin URI: https://gl.cooperatic.fr
+  Plugin Update Check URI: https://gl.cooperatic.fr
+  Plugin Version: 0.1
+  Plugin Date: 2022-06-01
+  Plugin Author: fracolo
+  Plugin License: Free
+  Plugin Minimum Question2Answer Version: 1.4
+*/
+
+error_reporting(E_ALL);
+
+// don't allow this page to be requested directly from browser
+if (!defined('QA_VERSION')) {
+	header('Location: ../../');
+	exit;
+}
+
+qa_register_plugin_module('login','django-odoo-login.php','django_odoo_login','Cooperatic Odoo thru Django Login');
+qa_register_plugin_layer('django-odoo-login-layer.php','Cooperatic Odoo thru Django Login Layer');
+qa_register_plugin_module('page','django-odoo-login-logout-page.php','django_odoo_logout_process','Cooperatic Odoo thru Django Logout Process');
+//qa_register_plugin_module('module', 'ldap-login-admin-form.php', 'ldap_login_admin_form', 'LDAP Login');
+
+/*
+  Omit PHP closing tag to help avoid accidental output
+*/