search

salesagility / SuiteCRM

SuiteCRM - Open source CRM for the world
https://www.suitecrm.com
GNU Affero General Public License v3.0
4.44k stars 2.07k forks source link

ExternalOAuthConnection doesn't respect the proxy setting #9919

Open ebogaard opened 1 year ago

ebogaard commented 1 year ago

Issue

If a SuitCRM server is only able to communicate through a proxy with the internet, ExternalOAuthConnection needs to use those proxy settings as well to successfully create a connection. At the moment it doesn't and the following FATAL error is shown when setting up a connection with MS365:

Mon Jan 30 09:20:25 2023 [122338][1][FATAL] Exception in Controller: cURL error 7: Failed to connect to login.microsoftonline.com port 443: Connection refused (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/tentant-id /oauth2/v2.0/token

Expected Behavior

The ExternalOAuthConnection module needs to use the configured SuiteCRM proxy setting, if those are set up.

Actual Behavior

The module doesn't respect the proxy settings and tries to set-up a direct connection, which will fail. So no bearer tokes is supplied bij the OAuth provider and authentication is impossible.

Possible Fix

Steps to Reproduce

  1. Follow the manual: https://docs.suitecrm.com/admin/administration-panel/emails/microsoft-oauth-provider-howto/
  2. This fails in Step 3 when setting up the connector in SuiteCRM
  3. Check the log for the FATAL error

Context

This happens when trying to connect to a MS365 account using ExternalOAuthConnection, following the manual: https://docs.suitecrm.com/admin/administration-panel/emails/microsoft-oauth-provider-howto/

Your Environment

r3boot commented 6 months ago

This is fixed by adding the proxy settings to config_override.php:

$sugar_config['proxy']['proxy_host'] = 'proxy.example.com';
$sugar_config['proxy']['proxy_port'] = 3128;
giganteous commented 6 months ago

Not entirely. One can fix it by adding a 'proxy' key with the correct proxyvalue (e.g: proxy.example.com:1234) to the configured external oauth provider in the admin panel.

The docs for the used oauth-client library are quite clear on where to save the proxy settingsbut its quite hairy to locate the proper location in SuiteCRM. Hope this helps.

This was SuiteCRM 7.13.4

chris001 commented 6 months ago

From the docs for the oauth-client library:

"To use a proxy, set the proxy and verify options when creating your provider client instance. Make sure you enable SSL proxying in your proxy."

$provider = new \League\OAuth2\Client\Provider\GenericProvider([
    'clientId'                => 'XXXXXX',    // The client ID assigned to you by the provider
    'clientSecret'            => 'XXXXXX',    // The client password assigned to you by the provider
    'redirectUri'             => 'https://my.example.com/your-redirect-url/',
    'urlAuthorize'            => 'https://service.example.com/authorize',
    'urlAccessToken'          => 'https://service.example.com/token',
    'urlResourceOwnerDetails' => 'https://service.example.com/resource',
    'proxy'                   => '192.168.0.1:8888',
    'verify'                  => false
]);