1 package FS::part_export::acct_google;
4 use vars qw(%info %SIG $CACHE);
7 use base 'FS::part_export';
9 tie my %options, 'Tie::IxHash',
10 'domain' => { label => 'Domain name' },
11 'username' => { label => 'Admin username' },
12 'password' => { label => 'Admin password' },
14 # To handle multiple domains, use separate instances of
15 # the export. We assume that they all have different
20 'desc' => 'Google hosted mail',
21 'options' => \%options,
24 Export accounts to the Google Provisioning API. Requires
25 REST::Google::Apps::Provisioning from CPAN.
29 sub rebless { shift; }
32 my($self, $svc_acct) = (shift, shift);
33 $svc_acct->finger =~ /^(.*)\s+(\S+)$/;
34 my ($first, $last) = ($1, $2);
35 $self->google_request('createUser',
36 'username' => $svc_acct->username,
37 'password' => $svc_acct->_password,
38 'givenName' => $first,
39 'familyName' => $last,
44 my( $self, $new, $old ) = (shift, shift, shift);
45 # We have to do this in two steps, so do the renameUser last so that
46 # if it fails partway through the username is still coherent.
47 if ( $new->_password ne $old->_password
48 or $new->finger ne $old->finger ) {
49 $new->finger =~ /^(.*)\s+(\S+)$/;
50 my ($first, $last) = ($1, $2);
51 my $error = $self->google_request('updateUser',
52 'username' => $old->username,
53 'password' => $new->_password,
54 'givenName' => $first,
55 'familyName' => $last,
57 return $error if $error;
59 if ( $new->username ne $old->username ) {
60 my $error = $self->google_request('renameUser',
61 'username' => $old->username,
62 'newname' => $new->username
64 return $error if $error;
70 my( $self, $svc_acct ) = (shift, shift);
71 $self->google_request('deleteUser',
72 'username' => $svc_acct->username
77 my( $self, $svc_acct ) = (shift, shift);
78 $self->google_request('updateUser',
79 'username' => $svc_acct->username,
80 'suspended' => 'true',
84 sub _export_unsuspend {
85 my( $self, $svc_acct ) = (shift, shift);
86 $self->google_request('updateUser',
87 'username' => $svc_acct->username,
88 'suspended' => 'false',
94 my $google = $self->google_handle;
95 if ( $google->{'error'} ) {
96 my $url = $google->{'captcha_url'} || '';
97 $url = "http://www.google.com/accounts/$url" if $url;
98 return { 'captcha_url' => $url,
100 'Unable to connect to the Google API: '.$google->{'error'}.'.',
103 return; #nothing on success
108 my $response = shift;
109 my $google = $self->google_handle('captcha_response' => $response);
110 return (defined($google->{'token'}));
114 1000 => 'unknown error',
115 1001 => 'server busy',
116 1100 => 'username belongs to a recently deleted account',
117 1101 => 'user suspended',
118 1200 => 'domain user limit exceeded',
119 1201 => 'domain alias limit exceeded',
120 1202 => 'domain suspended',
121 1203 => 'feature not available on this domain',
122 1300 => 'username in use',
123 1301 => 'user not found',
124 1302 => 'reserved username',
125 1400 => 'illegal character in first name',
126 1401 => 'illegal character in last name',
127 1402 => 'invalid password',
128 1403 => 'illegal character in username',
129 # should be everything we need
132 # Runs the request and returns nothing if it succeeds, or an
136 my ($self, $method, %opt) = @_;
137 my $google = $self->google_handle(
138 'captcha_response' => delete $opt{'captcha_response'}
140 return $google->{'error'} if $google->{'error'};
142 # Throw away the result from this; we don't use it yet.
143 eval { $google->$method(%opt) };
145 return $google_error{ $@->{'error'}->{'errorCode'} } || $@->{'error'};
150 # Returns a REST::Google::Apps::Provisioning object which is hooked
151 # to die {error => stuff} on API errors. The cached auth token
152 # will be used if possible. If not, try to authenticate. On
153 # authentication error, the R:G:A:P object will still be returned
154 # but with $google->{'error'} set to the error message.
160 'REST::Google::Apps::Provisioning',
162 'LWP::UserAgent 5.815',
166 die "failed to load $_\n" if $@;
168 $CACHE ||= new Cache::FileCache( {
169 'namespace' => __PACKAGE__,
170 'cache_root' => "$FS::UID::cache_dir/cache.$FS::UID::datasrc",
172 my $google = REST::Google::Apps::Provisioning->new(
173 'domain' => $self->option('domain')
176 # REST::Google::Apps::Provisioning lacks error reporting. We deal
177 # with that by hooking HTTP::Response to throw a useful fatal error
179 $google->{'lwp'}->add_handler( 'response_done' =>
181 my $response = shift;
182 return if $response->is_success;
185 if ( $response->content =~ /^</ ) {
187 $error = $google->{'xml'}->parse_string($response->content);
189 elsif ( $response->content =~ /=/ ) {
190 $error = +{ map { if ( /^(\w+)=(.*)$/ ) { lc($1) => $2 } }
191 split("\n", $response->content)
194 else { # have something to say if there is no response...
195 $error = {'error' => $response->status_line};
201 my $cache_token = $self->exportnum . '_token';
202 my $cache_captcha = $self->exportnum . '_captcha_token';
203 $google->{'token'} = $CACHE->get($cache_token);
204 if ( !$google->{'token'} ) {
206 'username' => $self->option('username'),
207 'password' => $self->option('password'),
209 if ( $opt{'captcha_response'} ) {
210 $login{'logincaptcha'} = $opt{'captcha_response'};
211 $login{'logintoken'} = $CACHE->get($cache_captcha);
213 eval { $google->captcha_auth(%login); };
215 $google->{'error'} = $@->{'error'};
216 $google->{'captcha_url'} = $@->{'captchaurl'};
217 $CACHE->set($cache_captcha, $@->{'captchatoken'}, '1 minute');
220 $CACHE->remove($cache_captcha);
221 $CACHE->set($cache_token, $google->{'token'}, '1 hour');
226 # REST::Google::Apps::Provisioning also lacks a way to do this
227 sub REST::Google::Apps::Provisioning::captcha_auth {
230 return( 1 ) if $self->{'token'};
235 map { $arg->{lc($_)} = $arg->{$_} } keys %{$arg};
237 foreach my $param ( qw/ username password / ) {
238 $arg->{$param} || croak( "Missing required '$param' argument" );
242 'accountType' => 'HOSTED',
244 'Email' => $arg->{'username'} . '@' . $self->{'domain'},
245 'Passwd' => $arg->{'password'},
247 if ( $arg->{'logincaptcha'} ) {
249 'logintoken' => $arg->{'logintoken'},
250 'logincaptcha'=> $arg->{'logincaptcha'}
253 my $response = $self->{'lwp'}->post(
254 'https://www.google.com/accounts/ClientLogin',
258 $response->is_success() || return( 0 );
260 foreach ( split( /\n/, $response->content() ) ) {
261 $self->{'token'} = $1 if /^Auth=(.+)$/;
262 last if $self->{'token'};
265 return( 1 ) if $self->{'token'} || return( 0 );