OAuth2 integration

This commit is contained in:
zotlabs
2018-04-03 21:08:40 -07:00
parent 245142cc07
commit 4915a4efbb
6 changed files with 195 additions and 11 deletions

View File

@@ -14,13 +14,13 @@ class Authorize extends \Zotlabs\Web\Controller {
// OpenID Connect Dynamic Client Registration 1.0 Client Metadata // OpenID Connect Dynamic Client Registration 1.0 Client Metadata
// http://openid.net/specs/openid-connect-registration-1_0.html // http://openid.net/specs/openid-connect-registration-1_0.html
$app = array( $app = array(
'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'), 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
); );
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
'$title' => '', '$title' => t('Authorize'),
'$authorize' => 'Do you authorize the app <a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> to access your channel data?', '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
'$app' => $app, '$app' => $app,
'$yes' => t('Allow'), '$yes' => t('Allow'),
'$no' => t('Deny'), '$no' => t('Deny'),
@@ -34,7 +34,7 @@ class Authorize extends \Zotlabs\Web\Controller {
function post() { function post() {
if (! local_channel()) { if (! local_channel()) {
return $this->get(); return;
} }
$storage = new OAuth2Storage(\DBA::$dba->db); $storage = new OAuth2Storage(\DBA::$dba->db);
@@ -85,10 +85,8 @@ class Authorize extends \Zotlabs\Web\Controller {
$is_authorized = ($_POST['authorize'] === 'allow'); $is_authorized = ($_POST['authorize'] === 'allow');
$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel()); $s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
if ($is_authorized) { if ($is_authorized) {
// this is only here so that you get to see your code in the cURL request. Otherwise,
// we'd redirect back to the client
$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40); $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
echo("SUCCESS! Authorization Code: $code"); logger('Authorization Code: ' . $code);
} }
$response->send(); $response->send();

View File

@@ -164,6 +164,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
$_SESSION['access_token'] = $response['access_token']; $_SESSION['access_token'] = $response['access_token'];
} }
break; break;
/*
case 'delete_db': case 'delete_db':
$status = true; $status = true;
// Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables
@@ -206,6 +207,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
$_SESSION['success'] = 'create_db'; $_SESSION['success'] = 'create_db';
} }
break; break;
*/
default: default:
break; break;

78
Zotlabs/Update/_1210.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
namespace Zotlabs\Update;
class _1210 {
function run() {
$sql = "CREATE TABLE oauth_clients (
client_id VARCHAR(80) NOT NULL,
client_secret VARCHAR(80),
redirect_uri VARCHAR(2000),
grant_types VARCHAR(80),
scope VARCHAR(4000),
user_id VARCHAR(80),
PRIMARY KEY (client_id)
);
CREATE TABLE oauth_access_tokens (
access_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
PRIMARY KEY (access_token)
);
CREATE TABLE oauth_authorization_codes (
authorization_code VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
redirect_uri VARCHAR(2000),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
id_token VARCHAR(1000),
PRIMARY KEY (authorization_code)
);
CREATE TABLE oauth_refresh_tokens (
refresh_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
PRIMARY KEY (refresh_token)
);
CREATE TABLE oauth_scopes (
scope VARCHAR(191) NOT NULL,
is_default SMALLINT,
PRIMARY KEY (scope)
);
CREATE TABLE oauth_jwt (
client_id VARCHAR(80) NOT NULL,
subject VARCHAR(80),
public_key VARCHAR(2000) NOT NULL
);
";
$arr = explode(';', $sql);
$errors = 0;
foreach($arr as $a) {
if(strlen(trim($a))) {
$r = dbq(trim($a));
if(! $r) {
$errors ++;
}
}
}
if(! $errors)
return UPDATE_SUCCESS;
return UPDATE_FAILED;
}
}

View File

@@ -54,7 +54,7 @@ define ( 'STD_VERSION', '3.3.3' );
define ( 'ZOT_REVISION', '6.0a' ); define ( 'ZOT_REVISION', '6.0a' );
define ( 'DB_UPDATE_VERSION', 1209 ); define ( 'DB_UPDATE_VERSION', 1210 );
define ( 'PROJECT_BASE', __DIR__ ); define ( 'PROJECT_BASE', __DIR__ );

View File

@@ -1597,3 +1597,55 @@ CREATE TABLE if not exists calendarinstances (
UNIQUE(calendarid, principaluri), UNIQUE(calendarid, principaluri),
UNIQUE(calendarid, share_href) UNIQUE(calendarid, share_href)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE if not exists oauth_clients (
client_id VARCHAR(80) NOT NULL,
client_secret VARCHAR(80),
redirect_uri VARCHAR(2000),
grant_types VARCHAR(80),
scope VARCHAR(4000),
user_id VARCHAR(80),
PRIMARY KEY (client_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE if not exists oauth_access_tokens (
access_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
PRIMARY KEY (access_token)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE if not exists oauth_authorization_codes (
authorization_code VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
redirect_uri VARCHAR(2000),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
id_token VARCHAR(1000),
PRIMARY KEY (authorization_code)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE if not exists oauth_refresh_tokens (
refresh_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
PRIMARY KEY (refresh_token)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE if not exists oauth_scopes (
scope VARCHAR(191) NOT NULL,
is_default TINYINT(1),
PRIMARY KEY (scope)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE if not exists oauth_jwt (
client_id VARCHAR(80) NOT NULL,
subject VARCHAR(80),
public_key VARCHAR(2000) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

View File

@@ -1610,3 +1610,57 @@ ALTER TABLE ONLY users
CREATE UNIQUE INDEX users_ukey CREATE UNIQUE INDEX users_ukey
ON users USING btree (username); ON users USING btree (username);
CREATE TABLE oauth_clients (
client_id VARCHAR(80) NOT NULL,
client_secret VARCHAR(80),
redirect_uri VARCHAR(2000),
grant_types VARCHAR(80),
scope VARCHAR(4000),
user_id VARCHAR(80),
PRIMARY KEY (client_id)
);
CREATE TABLE oauth_access_tokens (
access_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
PRIMARY KEY (access_token)
);
CREATE TABLE oauth_authorization_codes (
authorization_code VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
redirect_uri VARCHAR(2000),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
id_token VARCHAR(1000),
PRIMARY KEY (authorization_code)
);
CREATE TABLE oauth_refresh_tokens (
refresh_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
PRIMARY KEY (refresh_token)
);
CREATE TABLE oauth_scopes (
scope VARCHAR(191) NOT NULL,
is_default SMALLINT,
PRIMARY KEY (scope)
);
CREATE TABLE oauth_jwt (
client_id VARCHAR(80) NOT NULL,
subject VARCHAR(80),
public_key VARCHAR(2000) NOT NULL
);