bsiggel/espocrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2026-01-19 17:44:46 +01:00
commit 823af8b11d
8721 changed files with 1130846 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

459
application/Espo/Core/ExternalAccount/ClientManager.php Normal file
View File

@@ -0,0 +1,459 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2025 EspoCRM, Inc.
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Core\ExternalAccount;
use Espo\Core\Exceptions\Error;
use Espo\Core\Field\DateTime;
use Espo\Core\Utils\Language;
use Espo\Entities\Integration;
use Espo\Entities\ExternalAccount;
use Espo\Entities\Notification;
use Espo\Entities\User;
use Espo\ORM\EntityManager;
use Espo\Core\ExternalAccount\Clients\IClient;
use Espo\Core\ExternalAccount\OAuth2\Client as OAuth2Client;
use Espo\Core\InjectableFactory;
use Espo\Core\ORM\Repository\Option\SaveOption;
use Espo\Core\Utils\Config;
use Espo\Core\Utils\Metadata;
use Espo\ORM\Name\Attribute;
use RuntimeException;
class ClientManager
{
private const REFRESH_TOKEN_ATTEMPTS_LIMIT = 20;
private const REFRESH_TOKEN_ATTEMPTS_PERIOD = '1 day';
/** @var array<string, (array<string, mixed> & array{externalAccountEntity: ExternalAccount})> */
protected $clientMap = [];
public function __construct(
protected EntityManager $entityManager,
protected Metadata $metadata,
protected Config $config,
protected ?InjectableFactory $injectableFactory = null,
private ?Language $language = null
) {}
/**
* @param array{
* accessToken: ?string,
* tokenType: ?string,
* expiresAt?: ?string,
* refreshToken?: ?string,
* } $data
* @throws Error
*/
public function storeAccessToken(object $client, array $data): void
{
try {
$account = $this->getClientRecord($client);
} catch (Error) {
// @todo Revise.
return;
}
$account->setAccessToken($data['accessToken']);
$account->setTokenType($data['tokenType']);
$account->setExpiresAt($data['expiresAt'] ?? null);
$account->setRefreshTokenAttempts(null);
if ($data['refreshToken'] ?? null) {
$account->setRefreshToken($data['refreshToken']);
}
/** @var ?ExternalAccount $account */
$account = $this->entityManager->getEntityById(ExternalAccount::ENTITY_TYPE, $account->getId());
if (!$account) {
throw new Error("External Account: Account removed.");
}
if (!$account->isEnabled()) {
throw new Error("External Account: Account disabled.");
}
$account->setAccessToken($data['accessToken']);
$account->setTokenType($data['tokenType']);
$account->setExpiresAt($data['expiresAt'] ?? null);
$account->setRefreshTokenAttempts(null);
if ($data['refreshToken'] ?? null) {
$account->setRefreshToken($data['refreshToken'] ?? null);
}
$this->entityManager->saveEntity($account, [
'isTokenRenewal' => true,
SaveOption::SKIP_HOOKS => true,
]);
}
/**
* @throws Error
*/
public function create(string $integration, string $userId): ?object
{
$authMethod = $this->metadata->get("integrations.$integration.authMethod");
if (ucfirst($authMethod) === 'OAuth2') {
return $this->createOAuth2($integration, $userId);
}
$methodName = 'create' . ucfirst($authMethod);
if (method_exists($this, $methodName)) {
return $this->$methodName($integration, $userId);
}
if (!$this->injectableFactory) {
throw new RuntimeException("No injectableFactory.");
}
/** @var ?Integration $integrationEntity */
$integrationEntity = $this->entityManager->getEntityById(Integration::ENTITY_TYPE, $integration);
/** @var ?ExternalAccount $account */
$account = $this->entityManager->getEntityById(ExternalAccount::ENTITY_TYPE, "{$integration}__$userId");
if (!$account) {
throw new Error("External Account $integration not found for $userId.");
}
if (!$integrationEntity || !$integrationEntity->isEnabled() || !$account->isEnabled()) {
return null;
}
/** @var class-string $className */
$className = $this->metadata->get("integrations.$integration.clientClassName");
$client = $this->injectableFactory->create($className);
if (!method_exists($client, 'setup')) {
throw new RuntimeException("$className does not have `setup` method.");
}
$client->setup(
$userId,
$integrationEntity,
$account,
$this
);
$this->addToClientMap($client, $integrationEntity, $account, $userId);
return $client;
}
/**
* @throws Error
*/
protected function createOAuth2(string $integration, string $userId): ?object
{
/** @var ?Integration $integrationEntity */
$integrationEntity = $this->entityManager->getEntityById(Integration::ENTITY_TYPE, $integration);
/** @var ?ExternalAccount $account */
$account = $this->entityManager->getEntityById(ExternalAccount::ENTITY_TYPE, "{$integration}__$userId");
/** @var class-string $className */
$className = $this->metadata->get("integrations.$integration.clientClassName");
$redirectUri = $this->config->get('siteUrl') . '?entryPoint=oauthCallback';
$redirectUriPath = $this->metadata->get(['integrations', $integration, 'params', 'redirectUriPath']);
if ($redirectUriPath) {
$redirectUri = rtrim($this->config->get('siteUrl'), '/') . '/' . $redirectUriPath;
}
if (!$account) {
throw new Error("External Account $integration not found for '$userId'.");
}
if (
!$integrationEntity ||
!$integrationEntity->isEnabled() ||
!$account->isEnabled()
) {
return null;
}
$oauth2Client = new OAuth2Client();
$params = [
'endpoint' => $this->metadata->get("integrations.$integration.params.endpoint"),
'tokenEndpoint' => $this->metadata->get("integrations.$integration.params.tokenEndpoint"),
'clientId' => $integrationEntity->get('clientId'),
'clientSecret' => $integrationEntity->get('clientSecret'),
'redirectUri' => $redirectUri,
'accessToken' => $account->getAccessToken(),
'refreshToken' => $account->getRefreshToken(),
'tokenType' => $account->getTokenType(),
'expiresAt' => $account->getExpiresAt() ? $account->getExpiresAt()->toString() : null,
];
$authType = $this->metadata->get("integrations.$integration.authType");
$tokenType = $this->metadata->get("integrations.$integration.tokenType");
if ($authType === 'Uri') {
$oauth2Client->setAuthType(OAuth2Client::AUTH_TYPE_URI);
} else if ($authType === 'Basic') {
$oauth2Client->setAuthType(OAuth2Client::AUTH_TYPE_AUTHORIZATION_BASIC);
} else if ($authType === 'Form') {
$oauth2Client->setAuthType(OAuth2Client::AUTH_TYPE_FORM);
}
if ($tokenType === 'Bearer') {
$oauth2Client->setTokenType(OAuth2Client::TOKEN_TYPE_BEARER);
} else if ($authType === 'Uri') {
$oauth2Client->setTokenType(OAuth2Client::TOKEN_TYPE_URI);
} else if ($authType === 'OAuth') {
$oauth2Client->setTokenType(OAuth2Client::TOKEN_TYPE_OAUTH);
}
foreach (get_object_vars($integrationEntity->getValueMap()) as $k => $v) {
if (array_key_exists($k, $params)) {
continue;
}
if ($integrationEntity->hasAttribute($k)) {
continue;
}
$params[$k] = $v;
}
if ($this->injectableFactory) {
$client = $this->injectableFactory->createWith($className, [
'client' => $oauth2Client,
'params' => $params,
'manager' => $this,
]);
} else {
// For backward compatibility.
$client = new $className($oauth2Client, $params, $this);
}
$this->addToClientMap($client, $integrationEntity, $account, $userId);
return $client;
}
/**
* @param object $client
* @return void
*/
protected function addToClientMap(
$client,
Integration $integration,
ExternalAccount $account,
string $userId
) {
$this->clientMap[spl_object_hash($client)] = [
'client' => $client,
'userId' => $userId,
'integration' => $integration->getId(),
'integrationEntity' => $integration,
'externalAccountEntity' => $account,
];
}
/**
* @param object $client
* @throws Error
*/
protected function getClientRecord($client): ExternalAccount
{
$data = $this->clientMap[spl_object_hash($client)] ?? null;
if (!$data) {
throw new Error("External Account: Client not found in hash.");
}
if (!isset($data['externalAccountEntity'])) {
throw new Error("External Account: Account not found in hash.");
}
return $data['externalAccountEntity'];
}
/**
* @param object $client
* @throws Error
*/
public function isClientLocked($client): bool
{
$accountSet = $this->getClientRecord($client);
$account = $this->fetchAccountOnlyWithIsLocked($accountSet->getId());
return $account->isLocked();
}
/**
* @throws Error
*/
public function lockClient(object $client): void
{
$accountSet = $this->getClientRecord($client);
$account = $this->fetchAccountOnlyWithIsLocked($accountSet->getId());
$account->setIsLocked(true);
$this->entityManager->saveEntity($account, [
SaveOption::SKIP_HOOKS => true,
SaveOption::SILENT => true,
]);
}
/**
* @throws Error
*/
public function unlockClient(object $client): void
{
$accountSet = $this->getClientRecord($client);
$accountSet = $this->fetchAccountOnlyWithIsLocked($accountSet->getId());
$accountSet->setIsLocked(false);
$this->entityManager->saveEntity($accountSet, [
SaveOption::SKIP_HOOKS => true,
SaveOption::SILENT => true,
]);
}
/**
* @throws Error
*/
public function controlRefreshTokenAttempts(object $client): void
{
$accountSet = $this->getClientRecord($client);
$account = $this->entityManager
->getRDBRepositoryByClass(ExternalAccount::class)
->getById($accountSet->getId());
if (!$account) {
return;
}
$attempts = $account->getRefreshTokenAttempts();
$account->setRefreshTokenAttempts($attempts + 1);
if (
$attempts >= self::REFRESH_TOKEN_ATTEMPTS_LIMIT &&
$account->getExpiresAt() &&
$account->getExpiresAt()
->modify('+' . self::REFRESH_TOKEN_ATTEMPTS_PERIOD)
->isLessThan(DateTime::createNow())
) {
$account->setIsEnabled(false);
$account->unsetData();
}
$this->entityManager->saveEntity($account, [
SaveOption::SKIP_HOOKS => true,
SaveOption::SILENT => true,
]);
if (!$account->isEnabled()) {
$this->createDisableNotification($account);
}
}
/**
* @param IClient $client
* @throws Error
*/
public function reFetchClient($client): void
{
$accountSet = $this->getClientRecord($client);
$id = $accountSet->getId();
$account = $this->entityManager->getEntityById(ExternalAccount::ENTITY_TYPE, $id);
if (!$account) {
throw new Error("External Account: Client $id not found in DB.");
}
$data = $account->getValueMap();
$accountSet->set($data);
$client->setParams(get_object_vars($data));
}
/**
* @throws Error
*/
private function fetchAccountOnlyWithIsLocked(string $id): ExternalAccount
{
$account = $this->entityManager
->getRDBRepository(ExternalAccount::ENTITY_TYPE)
->select([Attribute::ID, 'isLocked'])
->where([Attribute::ID => $id])
->findOne();
if (!$account) {
throw new Error("External Account: Client '$id' not found in DB.");
}
return $account;
}
private function createDisableNotification(ExternalAccount $account): void
{
if (!str_contains($account->getId(), '__')) {
return;
}
[$integration, $userId] = explode('__', $account->getId());
if (!$this->entityManager->getEntityById(User::ENTITY_TYPE, $userId)) {
return;
}
if (!$this->language) {
return;
}
$message = $this->language->translateLabel('externalAccountNoConnectDisabled', 'messages', 'ExternalAccount');
$message = str_replace('{integration}', $integration, $message);
$notification = $this->entityManager->getRDBRepositoryByClass(Notification::class)->getNew();
$notification
->setType(Notification::TYPE_MESSAGE)
->setMessage($message)
->setUserId($userId);
$this->entityManager->saveEntity($notification);
}
}