From b37773cf947a75488e0f75605a2a94d96b2bbc17 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 3 Oct 2024 00:05:33 +0200
Subject: [PATCH] Fix mutitenant MS oauth

---
 htdocs/core/lib/oauth.lib.php                          | 2 +-
 htdocs/core/modules/oauth/microsoft2_oauthcallback.php | 9 ++++++---
 htdocs/core/modules/oauth/microsoft_oauthcallback.php  | 7 ++++---
 htdocs/includes/OAuth/Common/Storage/DoliStorage.php   | 6 ++++--
 htdocs/includes/OAuth/OAuth2/Service/Microsoft2.php    | 2 +-
 5 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/htdocs/core/lib/oauth.lib.php b/htdocs/core/lib/oauth.lib.php
index 31c9c9a45e9..009db50596b 100644
--- a/htdocs/core/lib/oauth.lib.php
+++ b/htdocs/core/lib/oauth.lib.php
@@ -338,7 +338,7 @@ function getSupportedOauth2Array()
 		'urlforcredentials' => 'https://portal.azure.com/',
 		// User.Read is a microsoftgraph scope, if it's not working, do not select it
 		'availablescopes' => 'openid,offline_access,profile,email,User.Read,https://outlook.office.com/.default',
-		'returnurl' => '/core/modules/oauth/microsoft_oauthcallback.php'
+		'returnurl' => '/core/modules/oauth/microsoft2_oauthcallback.php'
 	);
 	if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) {
 		$supportedoauth2array['OAUTH_GENERIC_NAME'] = array(
diff --git a/htdocs/core/modules/oauth/microsoft2_oauthcallback.php b/htdocs/core/modules/oauth/microsoft2_oauthcallback.php
index fc5090364be..4692c3af7c6 100644
--- a/htdocs/core/modules/oauth/microsoft2_oauthcallback.php
+++ b/htdocs/core/modules/oauth/microsoft2_oauthcallback.php
@@ -49,6 +49,7 @@ $genericstring = 'MICROSOFT2';
 $uriFactory = new \OAuth\Common\Http\Uri\UriFactory();
 //$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);
 //$currentUri->setQuery('');
+
 $currentUri = $uriFactory->createFromAbsolute($urlwithroot.'/core/modules/oauth/microsoft2_oauthcallback.php');
 
 
@@ -64,19 +65,21 @@ $httpClient = new \OAuth\Common\Http\Client\CurlClient();
 //$httpClient->setCurlParameters($params);
 $serviceFactory->setHttpClient($httpClient);
 
-// Dolibarr storage
-$storage = new DoliStorage($db, $conf, $keyforprovider);
-
 // Setup the credentials for the requests
 $keyforparamid = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_ID';
 $keyforparamsecret = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET';
 $keyforparamtenant = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_TENANT';
+
+// Dolibarr storage
+$storage = new DoliStorage($db, $conf, $keyforprovider, getDolGlobalString($keyforparamtenant));
+
 $credentials = new Credentials(
 	getDolGlobalString($keyforparamid),
 	getDolGlobalString($keyforparamsecret),
 	$currentUri->getAbsoluteUri()
 );
 
+
 $state = GETPOST('state');
 
 $requestedpermissionsarray = array();
diff --git a/htdocs/core/modules/oauth/microsoft_oauthcallback.php b/htdocs/core/modules/oauth/microsoft_oauthcallback.php
index 53df4f9653a..551d4dc63e7 100644
--- a/htdocs/core/modules/oauth/microsoft_oauthcallback.php
+++ b/htdocs/core/modules/oauth/microsoft_oauthcallback.php
@@ -63,13 +63,14 @@ $httpClient = new \OAuth\Common\Http\Client\CurlClient();
 //$httpClient->setCurlParameters($params);
 $serviceFactory->setHttpClient($httpClient);
 
-// Dolibarr storage
-$storage = new DoliStorage($db, $conf, $keyforprovider);
-
 // Setup the credentials for the requests
 $keyforparamid = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_ID';
 $keyforparamsecret = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET';
 $keyforparamtenant = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_TENANT';
+
+// Dolibarr storage
+$storage = new DoliStorage($db, $conf, $keyforprovider, getDolGlobalString($keyforparamtenant));
+
 $credentials = new Credentials(
 	getDolGlobalString($keyforparamid),
 	getDolGlobalString($keyforparamsecret),
diff --git a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php
index 070a5d2b92a..d3de6d20280 100644
--- a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php
+++ b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php
@@ -71,8 +71,9 @@ class DoliStorage implements TokenStorageInterface
 	 * @param 	DoliDB 	$db					Database handler
 	 * @param 	\Conf 	$conf				Conf object
 	 * @param	string	$keyforprovider		Key to manage several providers of the same type. For example 'abc' will be added to 'Google' to defined storage key.
+	 * @param	string	$tenant				Value of tenant if used
 	 */
-	public function __construct(DoliDB $db, \Conf $conf, $keyforprovider = '')
+	public function __construct(DoliDB $db, \Conf $conf, $keyforprovider = '', $tenant = '')
 	{
 		$this->db = $db;
 		$this->conf = $conf;
@@ -80,6 +81,7 @@ class DoliStorage implements TokenStorageInterface
 		$this->token = '';
 		$this->tokens = array();
 		$this->states = array();
+		$this->tenant = $tenant;
 		//$this->key = $key;
 		//$this->stateKey = $stateKey;
 	}
@@ -381,7 +383,7 @@ class DoliStorage implements TokenStorageInterface
 	{
 		// Set/Reset tenant now so it will be defined for.
 		// TODO We must store it into the table llx_oauth_token
-		$this->tenant = getDolGlobalString('OAUTH_MICROSOFT'.($this->keyforprovider ? '-'.$this->keyforprovider : '').'_TENANT');
+		//$this->tenant = getDolGlobalString('OAUTH_MICROSOFT'.($this->keyforprovider ? '-'.$this->keyforprovider : '').'_TENANT');
 
 		return $this->tenant;
 	}
diff --git a/htdocs/includes/OAuth/OAuth2/Service/Microsoft2.php b/htdocs/includes/OAuth/OAuth2/Service/Microsoft2.php
index 727cd05b842..83149fc639a 100644
--- a/htdocs/includes/OAuth/OAuth2/Service/Microsoft2.php
+++ b/htdocs/includes/OAuth/OAuth2/Service/Microsoft2.php
@@ -10,7 +10,7 @@ use OAuth\Common\Http\Client\ClientInterface;
 use OAuth\Common\Storage\TokenStorageInterface;
 use OAuth\Common\Http\Uri\UriInterface;
 
-class Microsoft extends AbstractService
+class Microsoft2 extends AbstractService
 {
     const SCOPE_BASIC = 'basic';
     const SCOPE_OFFLINE_ACCESS = 'offline_access';