minor oauth2 updates - renamed zot webbie to 'webfinger' and zothash to 'portable_id', fixed/simplified cgi auth mode
This commit is contained in:
zotlabs
parent
db1a546aba
commit
4fdf5d28ca
@ -55,15 +55,22 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
|
||||
return false;
|
||||
}
|
||||
|
||||
$a = q("select * from account where account_id = %d",
|
||||
intval($x['channel_account_id'])
|
||||
);
|
||||
|
||||
$n = explode(' ', $x['channel_name']);
|
||||
|
||||
return( [
|
||||
'webbie' => $x['channel_address'].'@'.\App::get_hostname(),
|
||||
'zothash' => $x['channel_hash'],
|
||||
'username' => $x['channel_address'],
|
||||
'user_id' => $x['channel_id'],
|
||||
'name' => $x['channel_name'],
|
||||
'firstName' => $x['channel_name'],
|
||||
'lastName' => '',
|
||||
'password' => 'NotARealPassword'
|
||||
'webfinger' => channel_reddress($x),
|
||||
'portable_id' => $x['channel_hash'],
|
||||
'email' => $a['account_email'],
|
||||
'username' => $x['channel_address'],
|
||||
'user_id' => $x['channel_id'],
|
||||
'name' => $x['channel_name'],
|
||||
'firstName' => ((count($n) > 1) ? $n[1] : $n[0]),
|
||||
'lastName' => ((count($n) > 2) ? $n[count($n) - 1] : ''),
|
||||
'picture' => $x['xchan_photo_l']
|
||||
] );
|
||||
}
|
||||
|
||||
@ -91,12 +98,16 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
|
||||
|
||||
$userClaims = Array();
|
||||
$claims = explode (' ', trim($claims));
|
||||
$validclaims = Array ("name","preferred_username","zothash");
|
||||
$validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName");
|
||||
$claimsmap = Array (
|
||||
"zotwebbie" => 'webbie',
|
||||
"zothash" => 'zothash',
|
||||
"webfinger" => 'webfinger',
|
||||
"portable_id" => 'portable_id',
|
||||
"name" => 'name',
|
||||
"preferred_username" => "username"
|
||||
"email" => 'email',
|
||||
"preferred_username" => 'username',
|
||||
"picture" => 'picture',
|
||||
"given_name" => 'firstName',
|
||||
"family_name" => 'lastName'
|
||||
);
|
||||
$userinfo = $this->getUser($user_id);
|
||||
foreach ($validclaims as $validclaim) {
|
||||
|
||||
@ -14,9 +14,9 @@ class Authorize extends \Zotlabs\Web\Controller {
|
||||
// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
|
||||
// http://openid.net/specs/openid-connect-registration-1_0.html
|
||||
$app = array(
|
||||
'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
|
||||
'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
|
||||
'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
|
||||
'name' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : t('Unknown App')),
|
||||
'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
|
||||
'url' => (x($_REQUEST, 'client_uri') ? $_REQUEST['client_uri'] : ''),
|
||||
);
|
||||
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
|
||||
'$title' => t('Authorize'),
|
||||
|
||||
@ -12,7 +12,13 @@ function api_login(&$a){
|
||||
|
||||
require_once('include/oauth.php');
|
||||
|
||||
|
||||
if(array_key_exists('REDIRECT_REMOTE_USER',$_SERVER) && (! array_key_exists('HTTP_AUTHORIZATION',$_SERVER))) {
|
||||
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER'];
|
||||
}
|
||||
|
||||
// login with oauth
|
||||
|
||||
try {
|
||||
// OAuth 2.0
|
||||
$storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db);
|
||||
@ -66,32 +72,27 @@ function api_login(&$a){
|
||||
logger($e->getMessage());
|
||||
}
|
||||
|
||||
// workarounds for HTTP-auth in CGI mode
|
||||
|
||||
foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
|
||||
if(array_key_exists('HTTP_AUTHORIZATION',$_SERVER)) {
|
||||
|
||||
/* Basic authentication */
|
||||
|
||||
if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') {
|
||||
$userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ;
|
||||
if (substr(trim($_SERVER['HTTP_AUTHORIZATION']),0,5) === 'Basic') {
|
||||
$userpass = @base64_decode(substr(trim($_SERVER['HTTP_AUTHORIZATION']),6)) ;
|
||||
if(strlen($userpass)) {
|
||||
list($name, $password) = explode(':', $userpass);
|
||||
$_SERVER['PHP_AUTH_USER'] = $name;
|
||||
$_SERVER['PHP_AUTH_PW'] = $password;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
/* Signature authentication */
|
||||
/* OpenWebAuth */
|
||||
|
||||
if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
|
||||
if(substr(trim($_SERVER['HTTP_AUTHORIZATION']),0,9) === 'Signature') {
|
||||
|
||||
if($head !== 'HTTP_AUTHORIZATION') {
|
||||
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
|
||||
continue;
|
||||
}
|
||||
$record = null;
|
||||
|
||||
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
|
||||
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']);
|
||||
if($sigblock) {
|
||||
$keyId = str_replace('acct:','',$sigblock['keyId']);
|
||||
if($keyId) {
|
||||
@ -108,16 +109,7 @@ function api_login(&$a){
|
||||
$record = [ 'channel' => $c, 'account' => $a[0] ];
|
||||
$channel_login = $c['channel_id'];
|
||||
}
|
||||
else {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else {
|
||||
continue;
|
||||
}
|
||||
|
||||
if($record) {
|
||||
@ -125,7 +117,6 @@ function api_login(&$a){
|
||||
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
|
||||
$record = null;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -137,7 +128,7 @@ function api_login(&$a){
|
||||
|
||||
// process normal login request
|
||||
|
||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
if(isset($_SERVER['PHP_AUTH_USER']) && (! $record)) {
|
||||
$channel_login = 0;
|
||||
$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
|
||||
if($record && $record['channel']) {
|
||||
|
||||
@ -25,3 +25,31 @@ X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
|
||||
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
||||
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
|
||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
|
||||
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
|
||||
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
|
||||
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
|
||||
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
|
||||
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
|
||||
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
|
||||
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
|
||||
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
|
||||
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
|
||||
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
|
||||
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
|
||||
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
|
||||
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
|
||||
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
|
||||
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
|
||||
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
|
||||
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
|
||||
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
|
||||
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
||||
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
Reference in New Issue
Block a user