pluginsGLPI / oauthimap

Oauth authentication for Imap receivers of GLPI
GNU General Public License v2.0
11 stars 11 forks source link

Not able to "Create an authorization" #67

Open wadaki opened 1 week ago

wadaki commented 1 week ago

Code of Conduct

Is there an existing issue for this?

GLPI Version

10.0.16

Plugin version

1.4.3

Bug description

I entered "Client ID", "Tenant ID", "Client secret " for OAuth IMAP on Azure. In the next step, I would "Create an authorization", I can login, but in the redirect page will be an error.

" Unable to save authorization code "

Relevant log output

tail -F files/_log/php-errors.log

[2024-11-14 08:34:05] glpiphplog.WARNING:   *** PHP User Warning (512): Error during authorization code fetching: Expired token in /var/www/html/marketplace/oauthimap/inc/authorization.class.php at line 423
  Backtrace :
  ...place/oauthimap/inc/authorization.class.php:423 trigger_error()
  ...e/oauthimap/front/authorization.callback.php:77 PluginOauthimapAuthorization->createFromCode()
  public/index.php:82                                require()

Page URL

localhost

Steps To reproduce

  1. install oauthimap from marketplace
  2. setup Oauth IMAP application
  3. Create an authorization
  4. error

Your GLPI setup information

システムのインストールと設定の情報
GLPI 10.0.16 ( => /var/www/html)
Installation mode: TARBALL
Current language:ja_JP

Server
 
Operating system: Linux tkysv0064 6.1.0-27-amd64 #​1 SMP PREEMPT_DYNAMIC Debian 6.1.115-1 (2024-11-01) x86_64
PHP 8.2.24 apache2handler (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apcu, bz2, calendar,
    ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imagick, imap, intl, json, ldap, libxml,
    mbstring, memcache, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, pspell, random, readline, session, shmop, sockets, sodium,
    standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib)
Setup: max_execution_time="30" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files"
    upload_max_filesize="2M" disable_functions="" 
Software: Apache/2.4.62 (Debian) (Apache/2.4.62 (Debian) Server at 172.17.200.64 Port 443
)
    Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0
Server Software: Debian 12
    Server Version: 10.11.6-MariaDB-0+deb12u1
    Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
    Parameters: glpi@localhost/glpi
    Host info: Localhost via UNIX socket

PHP version (8.2.24) is supported.
Sessions configuration is OK.
Allocated memory is sufficient.
mysqli extension is installed.
Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.
curl extension is installed.
gd extension is installed.
intl extension is installed.
zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (10.11.6) is supported.
No files from previous GLPI version detected.
The log file has been created successfully.
Write access to /var/www/html/files/_cache has been validated.
Write access to /var/www/html/files/_cron has been validated.
Write access to /var/www/html/files has been validated.
Write access to /var/www/html/files/_dumps has been validated.
Write access to /var/www/html/files/_graphs has been validated.
Write access to /var/www/html/files/_lock has been validated.
Write access to /var/www/html/files/_pictures has been validated.
Write access to /var/www/html/files/_plugins has been validated.
Write access to /var/www/html/files/_rss has been validated.
Write access to /var/www/html/files/_sessions has been validated.
Write access to /var/www/html/files/_tmp has been validated.
Write access to /var/www/html/files/_uploads has been validated.

Web server root directory configuration seems safe.
Sessions configuration is secured.
OS and PHP are relying on 64 bits integers.
exif extension is installed.
ldap extension is installed.
openssl extension is installed.
Following extensions are installed: bz2, Phar, zip.
Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring, sodium.
Write access to /var/www/html/marketplace has been validated.
Timezones seems loaded in database.

GLPI constants
 
GLPI_ROOT: "/var/www/html"
GLPI_CONFIG_DIR: "/var/www/html/config"
GLPI_VAR_DIR: "/var/www/html/files"
GLPI_MARKETPLACE_DIR: "/var/www/html/marketplace"
GLPI_USE_CSRF_CHECK: "1"
GLPI_CSRF_EXPIRES: "7200"
GLPI_CSRF_MAX_TOKENS: "100"
GLPI_USE_IDOR_CHECK: "1"
GLPI_IDOR_EXPIRES: "7200"
GLPI_ALLOW_IFRAME_IN_RICH_TEXT: false
GLPI_SERVERSIDE_URL_ALLOWLIST: ["/^(https?|feed):\\/\\/[^@:]+(\\/.*)?$/"]
GLPI_TELEMETRY_URI: "https://telemetry.glpi-project.org"
GLPI_INSTALL_MODE: "TARBALL"
GLPI_NETWORK_MAIL: "glpi@teclib.com"
GLPI_NETWORK_SERVICES: "https://services.glpi-network.com"
GLPI_MARKETPLACE_ALLOW_OVERRIDE: true
GLPI_MARKETPLACE_MANUAL_DOWNLOADS: true
GLPI_USER_AGENT_EXTRA_COMMENTS: ""
GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE: "1"
GLPI_AJAX_DASHBOARD: "1"
GLPI_CALDAV_IMPORT_STATE: 0
GLPI_DEMO_MODE: "0"
GLPI_CENTRAL_WARNINGS: "1"
GLPI_TEXT_MAXSIZE: "4000"
GLPI_DOC_DIR: "/var/www/html/files"
GLPI_CACHE_DIR: "/var/www/html/files/_cache"
GLPI_CRON_DIR: "/var/www/html/files/_cron"
GLPI_DUMP_DIR: "/var/www/html/files/_dumps"
GLPI_GRAPH_DIR: "/var/www/html/files/_graphs"
GLPI_LOCAL_I18N_DIR: "/var/www/html/files/_locales"
GLPI_LOCK_DIR: "/var/www/html/files/_lock"
GLPI_LOG_DIR: "/var/www/html/files/_log"
GLPI_PICTURE_DIR: "/var/www/html/files/_pictures"
GLPI_PLUGIN_DOC_DIR: "/var/www/html/files/_plugins"
GLPI_RSS_DIR: "/var/www/html/files/_rss"
GLPI_SESSION_DIR: "/var/www/html/files/_sessions"
GLPI_TMP_DIR: "/var/www/html/files/_tmp"
GLPI_UPLOAD_DIR: "/var/www/html/files/_uploads"
GLPI_INVENTORY_DIR: "/var/www/html/files/_inventories"
GLPI_NETWORK_REGISTRATION_API_URL: "https://services.glpi-network.com/api/registration/"
GLPI_MARKETPLACE_PLUGINS_API_URI: "https://services.glpi-network.com/api/marketplace/"
GLPI_I18N_DIR: "/var/www/html/locales"
GLPI_VERSION: "10.0.16"
GLPI_SCHEMA_VERSION: "10.0.16"
GLPI_MARKETPLACE_PRERELEASES: false
GLPI_MIN_PHP: "7.4.0"
GLPI_MAX_PHP: "8.4.0"
GLPI_YEAR: "2024"

Libraries
 
htmlawed/htmlawed version 1.2.14 in (/var/www/html/vendor/htmlawed/htmlawed)
phpmailer/phpmailer version 6.8.0 in (/var/www/html/vendor/phpmailer/phpmailer/src)
simplepie/simplepie version 1.5.8 in (/var/www/html/vendor/simplepie/simplepie/library)
tecnickcom/tcpdf version 6.7.5 in (/var/www/html/vendor/tecnickcom/tcpdf)
michelf/php-markdown in (/var/www/html/vendor/michelf/php-markdown/Michelf)
true/punycode in (/var/www/html/vendor/true/punycode/src)
iamcal/lib_autolink in (/var/www/html/vendor/iamcal/lib_autolink)
sabre/dav in (/var/www/html/vendor/sabre/dav/lib/DAV)
sabre/http in (/var/www/html/vendor/sabre/http/lib)
sabre/uri in (/var/www/html/vendor/sabre/uri/lib)
sabre/vobject in (/var/www/html/vendor/sabre/vobject/lib)
laminas/laminas-i18n in (/var/www/html/vendor/laminas/laminas-i18n/src)
laminas/laminas-servicemanager in (/var/www/html/vendor/laminas/laminas-servicemanager/src)
monolog/monolog in (/var/www/html/vendor/monolog/monolog/src/Monolog)
sebastian/diff in (/var/www/html/vendor/sebastian/diff/src)
donatj/phpuseragentparser in (/var/www/html/vendor/donatj/phpuseragentparser/src/UserAgent)
elvanto/litemoji in (/var/www/html/vendor/elvanto/litemoji/src)
symfony/console in (/var/www/html/vendor/symfony/console)
scssphp/scssphp in (/var/www/html/vendor/scssphp/scssphp/src)
laminas/laminas-mail in (/var/www/html/vendor/laminas/laminas-mail/src/Protocol)
laminas/laminas-mime in (/var/www/html/vendor/laminas/laminas-mime/src)
rlanvin/php-rrule in (/var/www/html/vendor/rlanvin/php-rrule/src)
ramsey/uuid in (/var/www/html/vendor/ramsey/uuid/src)
psr/log in (/var/www/html/vendor/psr/log/Psr/Log)
psr/simple-cache in (/var/www/html/vendor/psr/simple-cache/src)
psr/cache in (/var/www/html/vendor/psr/cache/src)
league/csv in (/var/www/html/vendor/league/csv/src)
mexitek/phpcolors in (/var/www/html/vendor/mexitek/phpcolors/src/Mexitek/PHPColors)
guzzlehttp/guzzle in (/var/www/html/vendor/guzzlehttp/guzzle/src)
guzzlehttp/psr7 in (/var/www/html/vendor/guzzlehttp/psr7/src)
glpi-project/inventory_format in (/var/www/html/vendor/glpi-project/inventory_format/lib/php)
wapmorgan/unified-archive in (/var/www/html/vendor/wapmorgan/unified-archive/src)
paragonie/sodium_compat in (/var/www/html/vendor/paragonie/sodium_compat/src)
symfony/cache in (/var/www/html/vendor/symfony/cache)
html2text/html2text in (/var/www/html/vendor/html2text/html2text/src)
symfony/css-selector in (/var/www/html/vendor/symfony/css-selector)
symfony/dom-crawler in (/var/www/html/vendor/symfony/dom-crawler)
twig/twig in (/var/www/html/vendor/twig/twig/src)
twig/string-extra in (/var/www/html/vendor/twig/string-extra)
symfony/polyfill-ctype not found
symfony/polyfill-iconv not found
symfony/polyfill-mbstring not found
symfony/polyfill-php80 not found
symfony/polyfill-php81 not found
symfony/polyfill-php82 in (/var/www/html/vendor/symfony/polyfill-php82)
league/oauth2-client in (/var/www/html/vendor/league/oauth2-client/src/Provider)
league/oauth2-google in (/var/www/html/vendor/league/oauth2-google/src/Provider)
thenetworg/oauth2-azure in (/var/www/html/vendor/thenetworg/oauth2-azure/src/Provider)
phpCas version 1.6.0 in (/usr/share/php/CAS/source)

LDAP directories
 
Server: '172.17.202.100', Port: '389', BaseDN: 'dc=senju,dc=com,dc=local', Connection filter:
        '(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN:
        'cn=S0115,ou=User,ou=Users,ou=SENJU,dc=senju,dc=com,dc=local', Use TLS: none

SQL replicas
 
Not active

Notifications
 
Way of sending emails: SMTP+TLS (s0115@senju.com@smtp.office365.com)

Plugins list
 
    news                 Name: Alarme                         Version: 1.12.3     State: Installed / not activated               
        Install Method: Marketplace
    order                Name: Bestellverwaltung              Version: 2.10.6     State: Installed / not activated               
        Install Method: Marketplace
    domains              Name: Domains                        Version: 2.2.1      State: Installed / not activated               
        Install Method: Manual
    formcreator          Name: Form Creator                   Version: 2.13.9     State: Installed / not activated               
        Install Method: Marketplace
    fusioninventory      Name: FusionInventory                Version: 9.5+4.1    State: Installed / not activated               
        Install Method: Manual
    addressing           Name: IP Adressierung                Version: 3.0.2      State: Enabled                                 
        Install Method: Marketplace
    ldapcomputers        Name: LDAP computers                 Version: 0.4.1      State: Installed / not activated               
        Install Method: Manual
    mreporting           Name: More Reporting                 Version: 1.8.6      State: Enabled                                 
        Install Method: Marketplace
    oauthimap            Name: Oauth IMAP                     Version: 1.4.3      State: Enabled                                 
        Install Method: Marketplace
    genericobject        Name: Objects management             Version: 2.14.9     State: Enabled                                 
        Install Method: Marketplace
    datainjection        Name: インジェクション                 Version: 2.13.5     State: Enabled                         
                Install Method: Marketplace
    tag                  Name: タグ管理                           Version: 2.11.7     State: Installed / not activated         
              Install Method: Marketplace

Anything else?

No response

teqoit commented 1 week ago

i am also having same issue.

[2024-11-14 10:30:38] glpiphplog.WARNING: *** PHP User Warning (512): Unable to get user email in /var/www/html/glpi/plugins/oauthimap/inc/authorization.class.php at line 434 Backtrace : plugins/oauthimap/inc/authorization.class.php:434 trigger_error() ...s/oauthimap/front/authorization.callback.php:77 PluginOauthimapAuthorization->createFromCode()

[2024-11-14 10:51:12] glpiphplog.WARNING: *** PHP User Warning (512): Unable to get user email in /var/www/html/glpi/plugins/oauthimap/inc/authorization.class.php at line 434 Backtrace : plugins/oauthimap/inc/authorization.class.php:434 trigger_error() ...s/oauthimap/front/authorization.callback.php:77 PluginOauthimapAuthorization->createFromCode()

stonebuzz commented 1 week ago

To address the error related to the expired token, I suggest revoking the current authorization on Azure and initiating a new authorization request through the plugin. Please follow the steps below:

Revoking Authorization on Azure

  1. Log in to the Azure portal as an administrator.
  2. Navigate to Azure Active Directory > App Registrations.
  3. Locate the application used by the plugin.
  4. Remove the granted authorization by selecting Revoke admin consent.

Initiating a New Authorization Request via the Plugin

  1. Start the OAuth authorization process to generate a new token.
  2. Follow the steps to grant the necessary permissions.

Best regards