Patrick
/
acaresydney_ts
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
timesheet source code
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
118 Ревизии
1 Клон
1.5MB
ИН на ревизия: 5d6a450011
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '5d6a450011'
${ noResults }
acaresydney_ts/XeroOauth2.php

462 lines
17KB
Директен файл Blame История 

  1. <?php

  2. 

  3. /* xero integration oauth 2 */

  4. 

  5. /* required by XeroOauth2 in 2021 */

  6. 

  7. namespace Biukop;

  8. require_once(dirname(__FILE__) . '/vendor/autoload.php');

  9. // require_once(ABSPATH . 'wp-includes/pluggable.php');

  10. require_once(dirname(__FILE__) . '/Storage.php');

  11. 

  12. use \Carbon_Fields\Container;

  13. use \Carbon_Fields\Field;

  14. use \Carbon_Fields\Carbon_Fields;

  15. use phpDocumentor\Reflection\DocBlock\Tags\Method;

  16. 

  17. class XeroOAuth2

  18. {

  19.     private $office; // parent

  20. 

  21.     private $clientID = '83CC79EEC6A54B4E8C2CA7AD61D1BF69';

  22.     private $clientSecret = 'axgKF-Ri60D89conDFhqZsi1wu7uLdQFGvMpino9nI-nfO3f';

  23. 	

  24.     private $minimum_sync_interval_in_seconds = 600;

  25. 

  26.     public $provider;

  27.     public $options = [

  28.         'scope' => ['openid email profile offline_access assets projects accounting.settings accounting.transactions accounting.contacts accounting.journals.read accounting.reports.read accounting.attachments payroll.employees payroll.payruns payroll.payslip payroll.timesheets payroll.settings files']

  29.     ];

  30. 

  31.     public $storage;

  32.     public $config;

  33.     public $apiAccountingInstance;  //accounting instance

  34.     public $apiPayrollInstance; // payroll au instance

  35.     public $xeroTenantId;

  36. 

  37.     private $shortcodes;

  38.     private $sync;

  39. 

  40.     public function __construct($office)

  41.     {

  42.         $this->office = $office;

  43.         $this->shortcodes = new XeroOauth2ShortCode($this);

  44.         $this->sync = new XeroOauth2Sync($this);

  45.         $this->storage = new StorageClass();

  46. 

  47.         add_action('init', array($this, 'init'));

  48. 

  49.         add_action( 'plugins_loaded', array( '\\Carbon_Fields\\Carbon_Fields', 'boot' ) );

  50.         add_action('carbon_fields_register_fields', array($this, 'build_settings_page'));

  51.         add_action('carbon_fields_container_activated', array($this, 'field_activated'));

  52.         add_action('parse_request', array($this, 'xero_callback'));

  53. 

  54.     }

  55. 

  56.     public function __call($method, $args) {

  57.         error_log("$method is not defined" );

  58.     }

  59. 

  60.     public function sync_users($mininterval, $employeeonly, $clientsonly) {

  61.         $this->sync->sync_users($mininterval, $employeeonly, $clientsonly);

  62.     }

  63. 

  64.     public function init()

  65.     {

  66.         $this->provider = $this->create_provider();

  67.         if ($this->refresh_token() && is_user_logged_in()) {

  68.             $this->instant_sync();

  69.         }

  70.     }

  71. 

  72.     public function getTenantId() {

  73.         return $this->xeroTenantId;

  74.     }

  75.     private function create_provider() {

  76.         $provider = new \League\OAuth2\Client\Provider\GenericProvider([

  77.             'clientId' => $this->clientID,

  78.             'clientSecret' =>  $this->clientSecret,

  79.             'redirectUri' => $this->getRedirectURL(),

  80.             'urlAuthorize' => 'https://login.xero.com/identity/connect/authorize',

  81.             'urlAccessToken' => 'https://identity.xero.com/connect/token',

  82.             'urlResourceOwnerDetails' => 'https://api.xero.com/api.xro/2.0/Organisation'

  83.         ]);

  84.         return $provider;

  85.     }

  86. 

  87.     public function load_storage()

  88.     {

  89.         //$this->storage->read_value();

  90.     }

  91. 

  92.     public function boot_carbon()

  93.     {

  94.         \Carbon_Fields\Carbon_Fields::boot();

  95.     }

  96. 

  97. 

  98.     function build_settings_page()

  99.     {

  100.         Container::make('theme_options', __('Xero Integration'))

  101.             ->set_page_parent('options-general.php')

  102.             ->add_fields(array(

  103.                 Field::make('text', 'xero_oauth2state', 'Xero Oauth2 State')

  104.                     ->set_attribute('maxLength', 2048)

  105.                     ->set_attribute('readOnly', true)

  106.                     ->set_default_value($this->storage->getOauth2State()),

  107.                 Field::make('text', 'xero_token', 'Xero Token')

  108.                     ->set_attribute('maxLength', 2048)

  109.                     ->set_attribute('readOnly', true)

  110.                     ->set_default_value($this->storage->getSession()['token']),

  111.                 Field::make('text', 'xero_refresh_token', 'RefreshToken')

  112.                     ->set_attribute('readOnly', true)

  113.                     ->set_default_value($this->storage->getSession()['refresh_token']),

  114.                 Field::make('text', 'xero_id_token', 'ID Token')

  115.                     ->set_attribute('readOnly', true)

  116.                     ->set_default_value($this->storage->getSession()['id_token']),

  117.                 Field::make('text', 'xero_tenant_id', 'Tenant ID')

  118.                     ->set_attribute('readOnly', true)

  119.                     ->set_default_value($this->storage->getSession()['tenant_id']),

  120.                 Field::make('text', 'xero_expires', 'Expires')

  121.                     ->set_attribute('readOnly', true)

  122.                     ->set_default_value($this->storage->getSession()['expires']),

  123.                 Field::make('text', 'xero_expires_human', 'Expires')

  124.                     ->set_attribute('readOnly', true)

  125.                     ->set_default_value($this->storage->getSession()['expires_human']),

  126. 

  127.                 Field::make('html', 'crb_information_text')

  128.                     ->set_html('<h1>Connect/Reconnect</h2><p>if the above field is empty,

  129.         or the expire date looks suspicous, please reconnect to XeroOauth2 </p>

  130.     <form action="/">

  131.         <input type="hidden" name="xero_reauth" value="1" />

  132.         <input type="submit" class="button button-primary button-large" value="Xero Connect" />

  133.     </form>')

  134.             ));

  135. 

  136.         $this->storage->read_value();

  137.     }

  138. 

  139. 

  140.     function field_activated()

  141.     {

  142.         $this->storage->read_value();

  143.         $xeroTenantId = (string)$this->storage->getSession()['tenant_id'];

  144.         if ($xeroTenantId == "") {

  145.             $this->startAuthorization();

  146.         } else {

  147.             $this->refresh_token();

  148.         }

  149.     }

  150. 

  151.     public function startAuthorization()

  152.     {

  153.         // This returns the authorizeUrl with necessary parameters applied (e.g. state).

  154.         $authorizationUrl = $this->provider->getAuthorizationUrl($this->options);

  155. 

  156.         // Save the state generated for you and store it to the session.

  157.         // For security, on callback we compare the saved state with the one returned to ensure they match.

  158.         $this->storage->setOauth2State($this->provider->getState());

  159. 

  160.         // Redirect the user to the authorization URL.

  161.         header('Location: ' . $authorizationUrl);

  162.         exit();

  163.     }

  164. 

  165. 

  166.     function xero_callback()

  167.     {

  168. 

  169.         if (isset($_GET['xero_reauth'])) {

  170.             $this->startAuthorization();

  171.             return;

  172.         }

  173.         if (!isset($_GET['xero_callback'])) {

  174.             return;

  175.         }

  176.         // If we don't have an authorization code then get one

  177.         if (!isset($_GET['code'])) {

  178.             echo "Something went wrong, no authorization code found";

  179.             exit("Something went wrong, no authorization code found");

  180. 

  181.             // Check given state against previously stored one to mitigate CSRF attack

  182.         } elseif (empty($_GET['state']) || ($_GET['state'] !== $this->storage->getOauth2State())) {

  183.             echo "Invalid State";

  184.             $this->storage->setOauth2State("");

  185.             exit('Invalid state');

  186.         } else {

  187. 

  188.             try {

  189.                 // Try to get an access token using the authorization code grant.

  190.                 $accessToken = $this->provider->getAccessToken('authorization_code', [

  191.                     'code' => $_GET['code']

  192.                 ]);

  193. 

  194.                 $config = \XeroAPI\XeroPHP\Configuration::getDefaultConfiguration()->setAccessToken((string)$accessToken->getToken());

  195.                 $identityInstance = new \XeroAPI\XeroPHP\Api\IdentityApi(

  196.                     new \GuzzleHttp\Client(),

  197.                     $config

  198.                 );

  199. 

  200.                 $result = $identityInstance->getConnections();

  201. 

  202.                 // Save my tokens, expiration tenant_id

  203.                 $this->storage->setToken(

  204.                     $accessToken->getToken(),

  205.                     $accessToken->getExpires(),

  206.                     $result[0]->getTenantId(),

  207.                     $accessToken->getRefreshToken(),

  208.                     $accessToken->getValues()["id_token"]

  209.                 );

  210. 

  211.                 //we have successfully updated token, now start auto refresh

  212.                 update_option( "xero2_auth_refreshing_token_auto", false, true );

  213.                 //allow refresh token automatically on each call back

  214. 

  215.                 // related to $this->build_settings_page

  216.                 $url = "/wp-admin/options-general.php?page=crb_carbon_fields_container_xero_integration.php";

  217.                 header('Location: ' . $url);

  218.                 exit();

  219. 

  220.             } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

  221.                 echo "Xero Callback failed";

  222.                 exit();

  223.             }

  224.         }

  225.     }

  226. 

  227.     private function getRedirectURL() {

  228.         return get_site_url() . "/?xero_callback";

  229.     }

  230. 

  231.     function refresh_token($enforced=false) : bool

  232.     {

  233.         $refreshing_token = get_option("xero2_auth_refreshing_token_auto" , false);

  234.         if ($refreshing_token &&!$enforced) {

  235.             //prevent loop in refresh token when browser redirect pages

  236.             return false;

  237.         }

  238. 

  239.         $this->storage->read_value();

  240.         $this->xeroTenantId = (string)$this->storage->getSession()['tenant_id'];

  241. 

  242.         update_option( "xero2_auth_refreshing_token_auto", true, true ); //mark a transaction

  243.         if ($this->storage->getHasExpired() || $enforced ) {

  244.             $this->provider = $this->create_provider();

  245. 

  246.             try {

  247.                 $newAccessToken = $this->provider->getAccessToken('refresh_token', [

  248.                     'refresh_token' => $this->storage->getRefreshToken()

  249.                 ]);

  250. 

  251.             } catch (\Exception $e) {

  252.                 if ($enforced) {

  253.                     $this->email_xero_oauth2_exceptions($e, "refresh_token");

  254.                     echo "refresh xero security token failed, please ensure you have paid Xero subscription, " .

  255.                           "and then contact site administrator ";

  256.                     exit();

  257.                 }else if ( current_user_can( 'manage_options' )  ) {

  258.                     //Something in the case of admin,

  259.                     $this->startAuthorization();

  260.                 }else{ //normal user

  261.                     $current_user = wp_get_current_user();

  262. 

  263.                     $this->email_xero_oauth2_exceptions($e,

  264.                         "refresh_token - non admin user: id=$current_user->Id, name=$current_user->name" );

  265.                 }

  266.                 return false;

  267.             }

  268. 

  269.             // Save my token, expiration and refresh token

  270.             $this->storage->setToken(

  271.                 $newAccessToken->getToken(),

  272.                 $newAccessToken->getExpires(),

  273.                 $this->xeroTenantId,

  274.                 $newAccessToken->getRefreshToken(),

  275.                 $newAccessToken->getValues()["id_token"]);

  276.         }

  277. 

  278.         update_option( "xero2_auth_refreshing_token_auto", false, true ); // we are not refreshing token

  279.         return true;

  280.     }

  281. 

  282.     private function email_xero_oauth2_exceptions(\Exception $e, $source) {

  283.         $message = "Xero Auth2 exception \n" . print_r($e, true) ;

  284.         $admin_email =  get_bloginfo( "admin_email" );

  285.         $headers = ['Bcc: patrick@biukop.com.au'];

  286.         $subject = " XeroOauth2 Exception from: $source";

  287.         wp_mail($admin_email, $subject, $message, $headers);

  288.     }

  289. 

  290.     public function get_accounting_instance() {

  291.         $this->refresh_token();

  292.         if ($this->apiAccountingInstance == null) {

  293.             $this->config = \XeroAPI\XeroPHP\Configuration::getDefaultConfiguration()->setAccessToken(

  294. 		    (string)$this->storage->getSession()['token']);

  295. 	    //enable debug for XeroRate issue

  296. 	    // it cause create invoice faile as AJAX returns debug info, ruining the JSON response

  297.             $this->apiAccountingInstance = new \XeroAPI\XeroPHP\Api\AccountingApi(

  298.                 new \GuzzleHttp\Client(['debug' => false]),

  299.                 $this->config

  300.             );

  301.         }

  302.         return $this->apiAccountingInstance;

  303.     }

  304. 

  305.     public function get_payroll_au_instance() {

  306.         $this->refresh_token();

  307.         if ($this->apiPayrollInstance == null) {

  308.             $this->config = \XeroAPI\XeroPHP\Configuration::getDefaultConfiguration()->setAccessToken(

  309.                 (string)$this->storage->getSession()['token']);

  310.             //$this->config->setDebug(true);

  311.             //$this->config->setDebugFile("/home/acaresydneycom/public_html/wp-content/plugins/ts/debug.log");

  312.             $this->apiPayrollInstance = new \XeroAPI\XeroPHP\Api\PayrollAuApi(

  313.                 new \GuzzleHttp\Client(),

  314.                 $this->config

  315.             );

  316.         }

  317.         return $this->apiPayrollInstance;

  318.     }

  319. 

  320. 

  321.     //

  322.     //TS implementation

  323.     //

  324. 

  325.     /* sync xero to wp options */

  326.     public function instant_sync(){

  327.         try{

  328.             $this->sync_pay_item();

  329.             $this->sync_payroll_calendar();

  330.         }catch(\Exception $e){

  331.             $this->office->log("XeroAuth2\\instant_sync() has exception :" . $e->getMessage());

  332.         }

  333.     }

  334. 

  335.     private function sync_pay_item() {

  336.         if ($this->too_close_to_sync_payitem()){

  337.             return;

  338.         }

  339. 

  340.         $api = $this->get_payroll_au_instance();

  341.         $xeroTenantId = $this->xeroTenantId;

  342.         $page = 1;

  343.         try {

  344.             $result = $api->getPayItems($xeroTenantId, null, null, null, $page);

  345. 

  346.             foreach ($result->getPayItems()->getEarningsRates() as $e){

  347. //             "EarningsRateID": "34e17d08-237a-4ae2-8115-375d1ff8a9ed",

  348. //             "Name": "Overtime Hours (exempt from super)",

  349. //             "EarningsType": "OVERTIMEEARNINGS",

  350. //             "RateType": "MULTIPLE",

  351. //             "AccountCode": "477",

  352. //             "Multiplier": 1.5,

  353. //             "IsExemptFromTax": true,

  354. //             "IsExemptFromSuper": true,

  355. //             "AccrueLeave": false,

  356. //             "IsReportableAsW1": true,

  357. //             "UpdatedDateUTC": "2019-03-16T13:18:19+00:00",

  358. //             "CurrentRecord": false

  359.                 if ($e->getCurrentRecord() == "true"){

  360.                     $payitem_options[]= array(

  361.                         'EarningsRateID' => $e->getEarningsRateID(),

  362.                         'Name'=> $e->getName(),

  363.                         'EarningsType'=> $e->getEarningstype(),

  364.                         'RatePerUnit' => $e->getRatePerUnit(),

  365.                         'RateType' => $e->getRateType(),

  366.                         'AccountCode' => $e->getAccountCode(),

  367.                         "Multiplier"=> $e->getMultiplier(),

  368.                         "IsExemptFromTax" => $e->getIsExemptFromTax(),

  369.                         "IsExemptFromSuper"=> $e->getIsExemptFromSuper(),

  370.                         "AccrueLeave" => $e->getAccrueLeave(),

  371.                         "TypeOfUnits" => $e->getTypeOfUnits(),

  372.                         "CurrentRecord"=> $e->getCurrentRecord(),

  373.                     );

  374.                 }

  375.             }

  376.             update_option('bts_payitem_earnings_rate', $payitem_options);

  377.             update_option('bts_payitem_last_sync', time());

  378. 

  379. 

  380.         } catch (Exception $e) {

  381.             echo 'Exception when calling PayrollAuApi->getPayItems: ', $e->getMessage(), PHP_EOL;

  382.         }

  383.     }

  384. 

  385.     public function sync_payroll_calendar() {

  386.         if ($this->too_close_to_sync_payroll_calendar()){

  387.             return;

  388.         }

  389. 

  390.         $pc = $this->get_payroll_calendar();

  391.         $start = $pc->getStartDateAsDate()->format('Y-m-d');

  392.         $finish = new \DateTime($start);

  393.         $finish = $finish->modify("+13 days")->format('Y-m-d');

  394.         $paydate = $pc->getPaymentDateAsDate()->format('Y-m-d');

  395.         $calendar["start"] = $start;

  396.         $calendar["finish"] = $finish;

  397.         $calendar["paydate"] = $paydate;

  398. 

  399.         update_option('bts_pay_roll_calendar', $calendar);

  400.         update_option('bts_pay_roll_calendar_last_sync', time());

  401.         

  402.     }

  403. 

  404.     private function too_close_to_sync_payitem(){

  405.         $lastsync = get_option('bts_payitem_last_sync', 0);

  406.         $now = time();

  407.         $diff = $now - (int) $lastsync;

  408.         return $diff < $this->minimum_sync_interval_in_seconds; //default 10 minutes

  409.     }

  410. 

  411. 

  412.     private function too_close_to_sync_payroll_calendar(){

  413.         $lastsync = get_option('bts_pay_roll_calendar_last_sync', 0);

  414.         $now = time();

  415.         $diff = $now - (int) $lastsync;

  416.         return $diff < 3.0 * $this->minimum_sync_interval_in_seconds; //default 1.3 * 10 minutes

  417.     }

  418. 

  419. 

  420.     public function getClients($contact_group_id = null) {

  421.         $ret = $this->sync->getClients($contact_group_id);

  422.         $this->shortcodes->updateClientsShortCode($ret);

  423.         return $ret;

  424.     }

  425. 

  426.     public function getEmployees(){

  427.         $ret = $this->sync->getEmployees();

  428.         $this->shortcodes->updateEmployeeShortCode($ret);

  429.         return $ret;

  430.     }

  431. 

  432.     public function devGetEmployees() {

  433.         $this->sync->sync_users(600);

  434.     }

  435.     /*

  436.      *

  437.      * @param XeroAPI\Model\Accounting\Contact $client

  438.      */

  439.     public function getClientAddress($client) {

  440.         return $this->sync->get_client_post_address($client);

  441.     }

  442. 

  443.     public function getEmployeeAddress($employee) {

  444.         return $this->sync->get_employee_home_address($employee);

  445.     }

  446. 

  447. 

  448.     /*

  449.      * operation get_payroll_calendar

  450.      * @throws \XeroAPI\XeroPHP\ApiException on non-2xx response

  451.      * @throws \InvalidArgumentException

  452.      */

  453.     public function get_payroll_calendar()

  454.     {

  455.         $id =  "33dc7df5-3060-4d76-b4da-57c20685d77d"; //fortnightly

  456.         $api = $this->get_payroll_au_instance();

  457.         $calendars = $api->getPayrollCalendar($this->xeroTenantId, $id);

  458.         return $calendars[0];

  459.     }

  460. 

  461. }