harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

The authorization step with client registration and authorization code retrieval working. Might not conform perfectly to OAuth2 spec, but it is a start.

Browse Source
This commit is contained in:
Andrew Manning 2018-02-22 15:10:05 -05:00
parent 8e5c1135c3
commit 43fca182e3
4 changed files with 113 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
Zotlabs/Module/Authorize.php
View File

@ -4,15 +4,14 @@ namespace Zotlabs\Module;
use Zotlabs\Identity\OAuth2Storage; use Zotlabs\Identity\OAuth2Storage;
class Authorize extends \Zotlabs\Web\Controller { class Authorize extends \Zotlabs\Web\Controller {
function init() { function init() {
// workaround for HTTP-auth in CGI mode // workaround for HTTP-auth in CGI mode
if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
if(strlen($userpass)) { if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass); list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password; $_SERVER['PHP_AUTH_PW'] = $password;
@ -20,43 +19,83 @@ class Authorize extends \Zotlabs\Web\Controller {
} }
if (x($_SERVER, 'HTTP_AUTHORIZATION')) { if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
if(strlen($userpass)) { if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass); list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password; $_SERVER['PHP_AUTH_PW'] = $password;
} }
} }
}
$s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db)); function get() {
if (!local_channel()) {
return login();
} else {
// display an authorization form
$app = array('name' => 'Test App', 'icon' => '/images/icons/plugin.png');
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
'$title' => '',
'$authorize' => 'Do you authorize the app "' . $app['name'] . '" to access your channel data?',
'$app' => $app,
'$yes' => t('Allow'),
'$no' => t('Deny'),
'$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : '')
));
return $o;
}
}
function post() {
if (!local_channel()) {
return $this->get();
}
$storage = new OAuth2Storage(\DBA::$dba->db);
$s = new \Zotlabs\Identity\OAuth2Server($storage);
// If no client_id was provided, generate a new one.
if (x($_POST, 'client_id')) {
$client_id = $_POST['client_id'];
logger('client_id was provided: ' . $client_id);
} else {
$client_id = $_POST['client_id'] = random_string(16);
logger('client_id was not provided. Generated new id: ' . $client_id);
}
// If no redirect_uri was provided, generate a fake one.
if (x($_POST, 'redirect_uri')) {
$redirect_uri = $_POST['redirect_uri'];
} else {
$redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com';
}
logger('redirect_uri is : ' . $redirect_uri);
// If the client is not registered, add to the database
if (!$storage->getClientDetails($client_id)) {
$client_secret = random_string(16);
$storage->setClientDetails($client_id, $client_secret, $redirect_uri);
}
$request = \OAuth2\Request::createFromGlobals(); $request = \OAuth2\Request::createFromGlobals();
logger(json_encode($request, JSON_PRETTY_PRINT), LOGGER_DEBUG);
$response = new \OAuth2\Response(); $response = new \OAuth2\Response();
// validate the authorize request // validate the authorize request
if (! $s->validateAuthorizeRequest($request, $response)) { if (!$s->validateAuthorizeRequest($request, $response)) {
$response->send(); $response->send();
killme(); killme();
} }
// display an authorization form
if (empty($_POST)) {
return '
<form method="post">
<label>Do You Authorize TestClient?</label><br />
<input type="submit" name="authorized" value="yes">
<input type="submit" name="authorized" value="no">
</form>';
}
// print the authorization code if the user has authorized your client // print the authorization code if the user has authorized your client
$is_authorized = ($_POST['authorized'] === 'yes'); $is_authorized = ($_POST['authorize'] === 'allow');
$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel()); $s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
if ($is_authorized) { if ($is_authorized) {
// this is only here so that you get to see your code in the cURL request. Otherwise, // this is only here so that you get to see your code in the cURL request. Otherwise,
// we'd redirect back to the client // we'd redirect back to the client
$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40); $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
echo("SUCCESS! Authorization Code: $code"); echo("SUCCESS! Authorization Code: $code");
} }

56
Zotlabs/Module/Oauth2testvehicle.php
View File

@ -4,23 +4,34 @@ namespace Zotlabs\Module;
class OAuth2TestVehicle extends \Zotlabs\Web\Controller { class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
function init() {
// If there is a 'code' and 'state' parameter then this is a client app
// callback issued after the authorization code request
if ($_REQUEST['code'] && $_REQUEST['state']) {
logger('Authorization callback invoked.', LOGGER_DEBUG);
logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG);
info('Authorization callback invoked.' . EOL);
return $this->get();
}
}
function get() { function get() {
$o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array( $o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array(
'$baseurl' => z_root(), '$baseurl' => z_root(),
/* /*
endpoints => array( endpoints => array(
array( array(
'path_to_endpoint', 'path_to_endpoint',
array( array(
array('field_name_1', 'value'), array('field_name_1', 'value'),
array('field_name_2', 'value'), array('field_name_2', 'value'),
... ...
), ),
'submit_button_name', 'submit_button_name',
'Description of API action' 'Description of API action'
)
) )
)
*/ */
'$endpoints' => array( '$endpoints' => array(
array( array(
@ -31,7 +42,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
) )
), ),
'oauth2test_create_db', 'oauth2test_create_db',
'Create the OAuth2 database tables' 'Create the OAuth2 database tables',
'POST'
), ),
array( array(
'oauth2testvehicle', 'oauth2testvehicle',
@ -41,7 +53,20 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
) )
), ),
'oauth2test_delete_db', 'oauth2test_delete_db',
'Delete the OAuth2 database tables' 'Delete the OAuth2 database tables',
'POST'
),
array(
'authorize',
array(
array('response_type', 'code'),
array('client_id', urlencode('test_app_client_id')),
array('redirect_uri', urlencode('http://hub.localhost/oauth2testvehicle')),
array('state', 'xyz')
),
'oauth_authorize',
'Authorize a test client app',
'GET'
) )
) )
)); ));
@ -53,8 +78,9 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
logger(json_encode($_POST), LOGGER_DEBUG); logger(json_encode($_POST), LOGGER_DEBUG);
switch ($_POST['action']) { switch ($_POST['action']) {
case 'delete_db': case 'delete_db':
$status = true; $status = true;
// Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables
@ -64,7 +90,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
logger('Deleting existing database tables...', LOGGER_DEBUG); logger('Deleting existing database tables...', LOGGER_DEBUG);
foreach ($storage->getConfig() as $key => $table) { foreach ($storage->getConfig() as $key => $table) {
logger('Deleting table ' . dbesc($table), LOGGER_DEBUG); logger('Deleting table ' . dbesc($table), LOGGER_DEBUG);
$r = q("DROP TABLE IF EXISTS %s;", dbesc($table)); $r = q("DROP TABLE %s;", dbesc($table));
if (!$r) { if (!$r) {
logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG); logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG);
$status = false; $status = false;
@ -77,7 +103,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
} }
break; break;
case 'create_db': case 'create_db':
$status = true; $status = true;
logger('Creating database tables...', LOGGER_DEBUG); logger('Creating database tables...', LOGGER_DEBUG);

4
view/tpl/oauth2testvehicle.tpl
View File

@ -2,9 +2,9 @@
{{foreach $endpoints as $ept}} {{foreach $endpoints as $ept}}
<div class="oath2test-form-box"> <div class="oath2test-form-box">
<form action="{{$baseurl}}/{{$ept.0}}" method="post"> <form action="{{$baseurl}}/{{$ept.0}}" method="{{$ept.4}}">
<h3>{{$ept.3}}</h3> <h3>{{$ept.3}}</h3>
<p>{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}&<input type="hidden" name="{{$field.0}}" value="{{$field.1}}" /> {{/foreach}} <p>{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}&<input type="hidden" name="{{$field.0}}" value="{{$field.1}}" />{{/foreach}}
</p> </p>
<button type="submit" name="{{$ept.2}}_submit" value="submit" class="btn btn-med" title="">Submit</button> <button type="submit" name="{{$ept.2}}_submit" value="submit" class="btn btn-med" title="">Submit</button>

16
view/tpl/oauth_authorize.tpl
View File

@ -3,8 +3,14 @@
<div class='oauthapp'> <div class='oauthapp'>
<img src='{{$app.icon}}'> <img src='{{$app.icon}}'>
<h4>{{$app.name}}</h4> <h4>{{$app.name}}</h4>
</div> <h3>{{$authorize}}</h3>
<h3>{{$authorize}}</h3> <form method="POST">
<form method="POST"> <div class="settings-submit-wrapper">
<div class="settings-submit-wrapper"><input class="settings-submit" type="submit" name="oauth_yes" value="{{$yes}}" /></div> <input type="hidden" name="client_id" value="{{$client_id}}" />
</form> <input type="hidden" name="redirect_uri" value="{{$redirect_uri}}" />
<input type="hidden" name="state" value="{{$state}}" />
<button class="btn btn-lg btn-danger" name="authorize" value="deny" type="submit">{{$no}}</button>
<button class="btn btn-lg btn-success" name="authorize" value="allow" type="submit">{{$yes}}</button>
</div>
</form>
</div>