harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

The authorization step with client registration and authorization code retrieval working. Might not conform perfectly to OAuth2 spec, but it is a start.

Browse Source
This commit is contained in:
Andrew Manning 2018-02-22 15:10:05 -05:00
parent 8e5c1135c3
commit 43fca182e3
4 changed files with 113 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
Zotlabs/Module/Authorize.php
View File

@ -4,7 +4,6 @@ namespace Zotlabs\Module;
use Zotlabs\Identity\OAuth2Storage; use Zotlabs\Identity\OAuth2Storage;
class Authorize extends \Zotlabs\Web\Controller { class Authorize extends \Zotlabs\Web\Controller {
function init() { function init() {
@ -27,10 +26,61 @@ class Authorize extends \Zotlabs\Web\Controller {
$_SERVER['PHP_AUTH_PW'] = $password; $_SERVER['PHP_AUTH_PW'] = $password;
} }
} }
}
$s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db)); function get() {
if (!local_channel()) {
return login();
} else {
// display an authorization form
$app = array('name' => 'Test App', 'icon' => '/images/icons/plugin.png');
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
'$title' => '',
'$authorize' => 'Do you authorize the app "' . $app['name'] . '" to access your channel data?',
'$app' => $app,
'$yes' => t('Allow'),
'$no' => t('Deny'),
'$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : '')
));
return $o;
}
}
function post() {
if (!local_channel()) {
return $this->get();
}
$storage = new OAuth2Storage(\DBA::$dba->db);
$s = new \Zotlabs\Identity\OAuth2Server($storage);
// If no client_id was provided, generate a new one.
if (x($_POST, 'client_id')) {
$client_id = $_POST['client_id'];
logger('client_id was provided: ' . $client_id);
} else {
$client_id = $_POST['client_id'] = random_string(16);
logger('client_id was not provided. Generated new id: ' . $client_id);
}
// If no redirect_uri was provided, generate a fake one.
if (x($_POST, 'redirect_uri')) {
$redirect_uri = $_POST['redirect_uri'];
} else {
$redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com';
}
logger('redirect_uri is : ' . $redirect_uri);
// If the client is not registered, add to the database
if (!$storage->getClientDetails($client_id)) {
$client_secret = random_string(16);
$storage->setClientDetails($client_id, $client_secret, $redirect_uri);
}
$request = \OAuth2\Request::createFromGlobals(); $request = \OAuth2\Request::createFromGlobals();
logger(json_encode($request, JSON_PRETTY_PRINT), LOGGER_DEBUG);
$response = new \OAuth2\Response(); $response = new \OAuth2\Response();
// validate the authorize request // validate the authorize request
@ -39,19 +89,8 @@ class Authorize extends \Zotlabs\Web\Controller {
killme(); killme();
} }
// display an authorization form
if (empty($_POST)) {
return '
<form method="post">
<label>Do You Authorize TestClient?</label><br />
<input type="submit" name="authorized" value="yes">
<input type="submit" name="authorized" value="no">
</form>';
}
// print the authorization code if the user has authorized your client // print the authorization code if the user has authorized your client
$is_authorized = ($_POST['authorized'] === 'yes'); $is_authorized = ($_POST['authorize'] === 'allow');
$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel()); $s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
if ($is_authorized) { if ($is_authorized) {
// this is only here so that you get to see your code in the cURL request. Otherwise, // this is only here so that you get to see your code in the cURL request. Otherwise,

32
Zotlabs/Module/Oauth2testvehicle.php
View File

@ -4,6 +4,17 @@ namespace Zotlabs\Module;
class OAuth2TestVehicle extends \Zotlabs\Web\Controller { class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
function init() {
// If there is a 'code' and 'state' parameter then this is a client app
// callback issued after the authorization code request
if ($_REQUEST['code'] && $_REQUEST['state']) {
logger('Authorization callback invoked.', LOGGER_DEBUG);
logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG);
info('Authorization callback invoked.' . EOL);
return $this->get();
}
}
function get() { function get() {
$o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array( $o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array(
@ -31,7 +42,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
) )
), ),
'oauth2test_create_db', 'oauth2test_create_db',
'Create the OAuth2 database tables' 'Create the OAuth2 database tables',
'POST'
), ),
array( array(
'oauth2testvehicle', 'oauth2testvehicle',
@ -41,7 +53,20 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
) )
), ),
'oauth2test_delete_db', 'oauth2test_delete_db',
'Delete the OAuth2 database tables' 'Delete the OAuth2 database tables',
'POST'
),
array(
'authorize',
array(
array('response_type', 'code'),
array('client_id', urlencode('test_app_client_id')),
array('redirect_uri', urlencode('http://hub.localhost/oauth2testvehicle')),
array('state', 'xyz')
),
'oauth_authorize',
'Authorize a test client app',
'GET'
) )
) )
)); ));
@ -53,6 +78,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
logger(json_encode($_POST), LOGGER_DEBUG); logger(json_encode($_POST), LOGGER_DEBUG);
switch ($_POST['action']) { switch ($_POST['action']) {
case 'delete_db': case 'delete_db':
@ -64,7 +90,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
logger('Deleting existing database tables...', LOGGER_DEBUG); logger('Deleting existing database tables...', LOGGER_DEBUG);
foreach ($storage->getConfig() as $key => $table) { foreach ($storage->getConfig() as $key => $table) {
logger('Deleting table ' . dbesc($table), LOGGER_DEBUG); logger('Deleting table ' . dbesc($table), LOGGER_DEBUG);
$r = q("DROP TABLE IF EXISTS %s;", dbesc($table)); $r = q("DROP TABLE %s;", dbesc($table));
if (!$r) { if (!$r) {
logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG); logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG);
$status = false; $status = false;

2
view/tpl/oauth2testvehicle.tpl
View File

@ -2,7 +2,7 @@
{{foreach $endpoints as $ept}} {{foreach $endpoints as $ept}}
<div class="oath2test-form-box"> <div class="oath2test-form-box">
<form action="{{$baseurl}}/{{$ept.0}}" method="post"> <form action="{{$baseurl}}/{{$ept.0}}" method="{{$ept.4}}">
<h3>{{$ept.3}}</h3> <h3>{{$ept.3}}</h3>
<p>{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}&<input type="hidden" name="{{$field.0}}" value="{{$field.1}}" />{{/foreach}} <p>{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}&<input type="hidden" name="{{$field.0}}" value="{{$field.1}}" />{{/foreach}}
</p> </p>

10
view/tpl/oauth_authorize.tpl
View File

@ -3,8 +3,14 @@
<div class='oauthapp'> <div class='oauthapp'>
<img src='{{$app.icon}}'> <img src='{{$app.icon}}'>
<h4>{{$app.name}}</h4> <h4>{{$app.name}}</h4>
</div>
<h3>{{$authorize}}</h3> <h3>{{$authorize}}</h3>
<form method="POST"> <form method="POST">
<div class="settings-submit-wrapper"><input class="settings-submit" type="submit" name="oauth_yes" value="{{$yes}}" /></div> <div class="settings-submit-wrapper">
<input type="hidden" name="client_id" value="{{$client_id}}" />
<input type="hidden" name="redirect_uri" value="{{$redirect_uri}}" />
<input type="hidden" name="state" value="{{$state}}" />
<button class="btn btn-lg btn-danger" name="authorize" value="deny" type="submit">{{$no}}</button>
<button class="btn btn-lg btn-success" name="authorize" value="allow" type="submit">{{$yes}}</button>
</div>
</form> </form>
</div>