aboutsummaryrefslogblamecommitdiffstats
path: root/Zotlabs/Module/Oauth2testvehicle.php
blob: 29c6ec50e6a616ec5299ef724a7028e6ee011926 (plain) (tree)
1
2
3
4
5
6
7
8
9
10



                         





                                                                               

                                                         



                                                                                        
                                                                             




                                                                                               






                                                                                                                                       
         
                        
                

                                                                                         
                                                                     
                          


                                             
                                






                                                         
                           





                                                            
                                                                             

                                                 

                                                                            

                                                                               




                                                            
                                                                             

                                                 

                                                                            

                                                                               




                                                                               

                                                                                                                                             


                                                                                                                 

                                                                                                                    

                                                                                                                     


                                                                      

                                                                                                   
                                  




                                                                                          



                                                                                                                                          


                                                              












                                                                                                 


                                 
                                          




                          
                                           












                                                                                                      






                                                                                                             
                                                                    
                                                                                    

                                                                   



                                                                                         
                                                                                            



                                                                                                          

                                                                                              

                                      





                                                                                                
                                                                                   
                                                                                
                                                  




                                                                                                     
                                                                  

                                                                                            
                                                                           
                                 
                                      
 

                                               







                                                                                                       




                                                                                                     
                                                                  

                                                                                            
                                                                           
                                 
                                      






                                      
<?php

namespace Zotlabs\Module;

/**
 * The OAuth2TestVehicle class is a way to test the registration of an OAuth2
 * client app. It allows you to walk through the steps of registering a client,
 * requesting an authorization code for that client, and then requesting an 
 * access token for use in authentication against the Hubzilla API endpoints.
 */
class OAuth2TestVehicle extends \Zotlabs\Web\Controller {

	function init() {
		
		// If there is a 'code' and 'state' parameter then this is a client app 
		// callback issued after the authorization code request
		// TODO: Check state value and compare to original sent value
			// "You should first compare this state value to ensure it matches the 
			// one you started with. You can typically store the state value in a 
			// cookie, and compare it when the user comes back. This ensures your 
			// redirection endpoint isn't able to be tricked into attempting to 
			// exchange arbitrary authorization codes."
		$_SESSION['redirect_uri'] = 'http://hub.localhost/oauth2testvehicle';
		$_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']);
		$_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] );
		$_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] );
		$_SESSION['client_secret'] = (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : $_SESSION['client_secret']);
		$_SESSION['access_token'] = (x($_REQUEST, 'access_token') ? $_REQUEST['access_token'] : $_SESSION['access_token'] );
		$_SESSION['api_response'] = (x($_SESSION, 'api_response') ? $_SESSION['api_response'] : '');
	}
	function get() {
		
		$o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array(
			'$baseurl' => z_root(),
			'$api_response' => $_SESSION['api_response'],
			/*
			  endpoints => array(
			  array(
			  'path_to_endpoint',
			  array(
			  array('field_name_1', 'value'),
			  array('field_name_2', 'value'),
			  ...
			  ),
			  'submit_button_name',
			  'Description of API action'
			  )
			  )
			 */
			'$endpoints' => array(
				array(
					'oauth2testvehicle',
					array(
						array(
							'action', 'delete_db'
						)
					),
					'oauth2test_delete_db',
					'Delete the OAuth2 database tables',
					'POST',
					($_SESSION['success'] === 'delete_db'),
				),
				array(
					'oauth2testvehicle',
					array(
						array(
							'action', 'create_db'
						)
					),
					'oauth2test_create_db',
					'Create the OAuth2 database tables',
					'POST',
					($_SESSION['success'] === 'create_db'),
				),
				array(
					'authorize',
					array(
						array('response_type', 'code'),
						array('client_id', (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : 'oauth2_test_app')),
						array('redirect_uri', $_SESSION['redirect_uri']),
						array('state', 'xyz'),
						// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
						// http://openid.net/specs/openid-connect-registration-1_0.html
						array('client_name', 'OAuth2 Test App'),
						array('logo_uri', urlencode(z_root() . '/images/icons/plugin.png')),
						array('client_uri', urlencode('https://client.example.com/website')),
						array('application_type', 'web'), // would be 'native' for mobile app
					),
					'oauth_authorize',
					'Authorize a test client app',
					'GET',
					(($_REQUEST['code'] && $_REQUEST['state']) ? true : false),
				),
				array(
					'oauth2testvehicle',
					array(
						array('action', 'request_token'),
						array('grant_type', 'authorization_code'),
						array('code', $_SESSION['authorization_code']),
						array('redirect_uri', $_SESSION['redirect_uri']),
						array('client_id', ($_SESSION['client_id'] ? $_SESSION['client_id'] : 'oauth2_test_app')),
						array('client_secret', $_SESSION['client_secret']),
					),
					'oauth_token_request',
					'Request a token',
					'POST',
					($_SESSION['success'] === 'request_token'),
				),
				array(
					'oauth2testvehicle',
					array(
						array('action', 'api_files'),
						array('access_token', $_SESSION['access_token']),
					),
					'oauth_api_files',
					'API: Get channel files',
					'POST',
					($_SESSION['success'] === 'api_files'),
				)
			)
		));
		$_SESSION['success'] = '';
		return $o;
	}

	function post() {

		switch ($_POST['action']) {
			case 'api_files':
				$access_token = $_SESSION['access_token'];
				$url = z_root() . '/api/z/1.0/files/';				
				$headers = [];
				$headers[] = 'Authorization: Bearer ' . $access_token;
				$post = z_fetch_url($url, false, 0, array(
					'custom' => 'GET',
					'headers' => $headers,
				));
				logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
				$response = json_decode($post['body'], true);
				$_SESSION['api_response'] = json_encode($response, JSON_PRETTY_PRINT);
				break;
			case 'request_token':
				$grant_type = (x($_POST, 'grant_type') ? $_POST['grant_type'] : '');
				$redirect_uri = (x($_POST, 'redirect_uri') ? $_POST['redirect_uri'] : '');
				$client_id = (x($_POST, 'client_id') ? $_POST['client_id'] : '');
				$code = (x($_POST, 'code') ? $_POST['code'] : '');
				$client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : '');
				$url = z_root() . '/token/?';
				$url .= 'grant_type=' . $grant_type;
				$url .= '&redirect_uri=' . urlencode($redirect_uri);
				$url .= '&client_id=' . $client_id;
				$url .= '&code=' . $code;
				$post = z_fetch_url($url, false, 0, array(
					'custom' => 'POST',
					'http_auth' => $client_id . ':' . $client_secret,
				));
				logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
				$response = json_decode($post['body'], true);
				logger(json_encode($response, JSON_PRETTY_PRINT), LOGGER_DEBUG);
				if($response['access_token']) {
					info('Access token received: ' . $response['access_token'] . EOL);
					$_SESSION['success'] = 'request_token';
					$_SESSION['access_token'] = $response['access_token'];
				}
				break;
			case 'delete_db':
				$status = true;
				// Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables
				// by passing it the database connection 
				$pdo = \DBA::$dba->db;
				$storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo);
				foreach ($storage->getConfig() as $key => $table) {
					$r = q("DROP TABLE %s;", dbesc($table));
					if (!$r) {
						$status = false;
					}
				}
				if (!$status) {
					notice('Errors encountered deleting database tables.' . EOL);
					$_SESSION['success'] = '';
				} else {
					info('Database tables deleted successfully.' . EOL);
					$_SESSION['success'] = 'delete_db';
				}
				break;

			case 'create_db':
				$status = true;
				@include('.htconfig.php');
				$pdo = \DBA::$dba->db;
				$storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo);
				foreach (explode(';', $storage->getBuildSql($db_data)) as $statement) {
					try {
						$result = $pdo->exec($statement);
					} catch (\PDOException $e) {
						$status = false;
					}
				}

				if (!$status) {
					notice('Errors encountered creating database tables.' . EOL);
					$_SESSION['success'] = '';
				} else {
					info('Database tables created successfully.' . EOL);
					$_SESSION['success'] = 'create_db';
				}
				break;

			default:
				break;
		}
	}

}