OAuth2 integration

2018-04-03 21:08:40 -07:00 · 2018-04-03 21:08:40 -07:00 · 4915a4efbb
commit 4915a4efbb
parent 245142cc07
6 changed files with 195 additions and 11 deletions
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@ -14,13 +14,13 @@ class Authorize extends \Zotlabs\Web\Controller {
 			// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
 			// http://openid.net/specs/openid-connect-registration-1_0.html
 			$app = array(
-				'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'),
-				'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
-				'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
+				'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
+				'icon' => (x($_REQUEST, 'logo_uri')    ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
+				'url'  => (x($_REQUEST, 'client_uri')  ? urldecode($_REQUEST['client_uri']) : ''),
 			);
 			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
-				'$title' => '',
-				'$authorize' => 'Do you authorize the app <a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> to access your channel data?',
+				'$title' => t('Authorize'),
+				'$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
 				'$app' => $app,
 				'$yes' => t('Allow'),
 				'$no' => t('Deny'),
@ -33,8 +33,8 @@ class Authorize extends \Zotlabs\Web\Controller {
 	}

 	function post() {
-		if (!local_channel()) {
-			return $this->get();
+		if (! local_channel()) {
+			return;
 		}

 		$storage = new OAuth2Storage(\DBA::$dba->db);
@ -85,10 +85,8 @@ class Authorize extends \Zotlabs\Web\Controller {
 		$is_authorized = ($_POST['authorize'] === 'allow');
 		$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
 		if ($is_authorized) {
-			// this is only here so that you get to see your code in the cURL request. Otherwise,
-			// we'd redirect back to the client
 			$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
-			echo("SUCCESS! Authorization Code: $code");
+			logger('Authorization Code: ' .  $code);
 		}

 		$response->send();
--- a/Zotlabs/Module/Oauth2testvehicle.php
+++ b/Zotlabs/Module/Oauth2testvehicle.php
@ -164,6 +164,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 					$_SESSION['access_token'] = $response['access_token'];
 				}
 				break;
+/*
 			case 'delete_db':
 				$status = true;
 				// Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables
@ -206,6 +207,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 					$_SESSION['success'] = 'create_db';
 				}
 				break;
+*/

 			default:
 				break;
--- a/Zotlabs/Update/_1210.php
+++ b/Zotlabs/Update/_1210.php
@ -0,0 +1,78 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1210 {
+
+	function run() {
+
+	$sql = "CREATE TABLE oauth_clients (
+  client_id             VARCHAR(80)   NOT NULL,
+  client_secret         VARCHAR(80),
+  redirect_uri          VARCHAR(2000),
+  grant_types           VARCHAR(80),
+  scope                 VARCHAR(4000),
+  user_id               VARCHAR(80),
+  PRIMARY KEY (client_id)
+);
+
+CREATE TABLE oauth_access_tokens (
+  access_token         VARCHAR(40)    NOT NULL,
+  client_id            VARCHAR(80)    NOT NULL,
+  user_id              VARCHAR(255),
+  expires              TIMESTAMP      NOT NULL,
+  scope                VARCHAR(4000),
+  PRIMARY KEY (access_token)
+);
+
+CREATE TABLE oauth_authorization_codes (
+  authorization_code  VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  redirect_uri        VARCHAR(2000),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  id_token            VARCHAR(1000),
+  PRIMARY KEY (authorization_code)
+);
+
+CREATE TABLE oauth_refresh_tokens (
+  refresh_token       VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  PRIMARY KEY (refresh_token)
+);
+
+CREATE TABLE oauth_scopes (
+  scope               VARCHAR(191)    NOT NULL,
+  is_default          SMALLINT,
+  PRIMARY KEY (scope)
+);
+
+CREATE TABLE oauth_jwt (
+  client_id           VARCHAR(80)     NOT NULL,
+  subject             VARCHAR(80),
+  public_key          VARCHAR(2000)   NOT NULL
+);
+";
+
+		$arr = explode(';', $sql);
+		$errors = 0;
+		foreach($arr as $a) {
+			if(strlen(trim($a))) {
+				$r = dbq(trim($a));
+				if(! $r) {
+					$errors ++;
+				}
+			}
+		}
+
+		if(! $errors)
+			return UPDATE_SUCCESS;
+		return UPDATE_FAILED;
+
+	}
+
+}
--- a/boot.php
+++ b/boot.php
@ -54,7 +54,7 @@ define ( 'STD_VERSION',             '3.3.3' );
 define ( 'ZOT_REVISION',            '6.0a' );


-define ( 'DB_UPDATE_VERSION',       1209 );
+define ( 'DB_UPDATE_VERSION',       1210 );

 define ( 'PROJECT_BASE',   __DIR__ );

--- a/install/schema_mysql.sql
+++ b/install/schema_mysql.sql
@ -1597,3 +1597,55 @@ CREATE TABLE if not exists calendarinstances (
    UNIQUE(calendarid, principaluri),
    UNIQUE(calendarid, share_href)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+
+CREATE TABLE if not exists oauth_clients (
+  client_id             VARCHAR(80)   NOT NULL,
+  client_secret         VARCHAR(80),
+  redirect_uri          VARCHAR(2000),
+  grant_types           VARCHAR(80),
+  scope                 VARCHAR(4000),
+  user_id               VARCHAR(80),
+  PRIMARY KEY (client_id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_access_tokens (
+  access_token         VARCHAR(40)    NOT NULL,
+  client_id            VARCHAR(80)    NOT NULL,
+  user_id              VARCHAR(255),
+  expires              TIMESTAMP      NOT NULL,
+  scope                VARCHAR(4000),
+  PRIMARY KEY (access_token)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_authorization_codes (
+  authorization_code  VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  redirect_uri        VARCHAR(2000),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  id_token            VARCHAR(1000),
+  PRIMARY KEY (authorization_code)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_refresh_tokens (
+  refresh_token       VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  PRIMARY KEY (refresh_token)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_scopes (
+  scope               VARCHAR(191)    NOT NULL,
+  is_default          TINYINT(1),
+  PRIMARY KEY (scope)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_jwt (
+  client_id           VARCHAR(80)     NOT NULL,
+  subject             VARCHAR(80),
+  public_key          VARCHAR(2000)   NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
--- a/install/schema_postgres.sql
+++ b/install/schema_postgres.sql
@ -1610,3 +1610,57 @@ ALTER TABLE ONLY users

 CREATE UNIQUE INDEX users_ukey
    ON users USING btree (username);
+
+
+CREATE TABLE oauth_clients (
+  client_id             VARCHAR(80)   NOT NULL,
+  client_secret         VARCHAR(80),
+  redirect_uri          VARCHAR(2000),
+  grant_types           VARCHAR(80),
+  scope                 VARCHAR(4000),
+  user_id               VARCHAR(80),
+  PRIMARY KEY (client_id)
+);
+
+CREATE TABLE oauth_access_tokens (
+  access_token         VARCHAR(40)    NOT NULL,
+  client_id            VARCHAR(80)    NOT NULL,
+  user_id              VARCHAR(255),
+  expires              TIMESTAMP      NOT NULL,
+  scope                VARCHAR(4000),
+  PRIMARY KEY (access_token)
+);
+
+CREATE TABLE oauth_authorization_codes (
+  authorization_code  VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  redirect_uri        VARCHAR(2000),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  id_token            VARCHAR(1000),
+  PRIMARY KEY (authorization_code)
+);
+
+CREATE TABLE oauth_refresh_tokens (
+  refresh_token       VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  PRIMARY KEY (refresh_token)
+);
+
+CREATE TABLE oauth_scopes (
+  scope               VARCHAR(191)    NOT NULL,
+  is_default          SMALLINT,
+  PRIMARY KEY (scope)
+);
+
+CREATE TABLE oauth_jwt (
+  client_id           VARCHAR(80)     NOT NULL,
+  subject             VARCHAR(80),
+  public_key          VARCHAR(2000)   NOT NULL
+);
+
+