aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-04-03 21:08:40 -0700
committerzotlabs <mike@macgirvin.com>2018-04-03 21:08:40 -0700
commit4915a4efbb5a25668a917a953b8d8c49a3181e1c (patch)
treec78dc0df6e224f5f4030267061704de5c140bfef
parent245142cc07bd989adfb03bb7680e3db948e7564f (diff)
downloadvolse-hubzilla-4915a4efbb5a25668a917a953b8d8c49a3181e1c.tar.gz
volse-hubzilla-4915a4efbb5a25668a917a953b8d8c49a3181e1c.tar.bz2
volse-hubzilla-4915a4efbb5a25668a917a953b8d8c49a3181e1c.zip
OAuth2 integration
-rw-r--r--Zotlabs/Module/Authorize.php18
-rw-r--r--Zotlabs/Module/Oauth2testvehicle.php2
-rw-r--r--Zotlabs/Update/_1210.php78
-rwxr-xr-xboot.php2
-rw-r--r--install/schema_mysql.sql52
-rw-r--r--install/schema_postgres.sql54
6 files changed, 195 insertions, 11 deletions
diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php
index c76dfb9df..bfb76150f 100644
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -14,13 +14,13 @@ class Authorize extends \Zotlabs\Web\Controller {
// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
// http://openid.net/specs/openid-connect-registration-1_0.html
$app = array(
- 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'),
- 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
- 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
+ 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
+ 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
+ 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
);
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
- '$title' => '',
- '$authorize' => 'Do you authorize the app <a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> to access your channel data?',
+ '$title' => t('Authorize'),
+ '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
'$app' => $app,
'$yes' => t('Allow'),
'$no' => t('Deny'),
@@ -33,8 +33,8 @@ class Authorize extends \Zotlabs\Web\Controller {
}
function post() {
- if (!local_channel()) {
- return $this->get();
+ if (! local_channel()) {
+ return;
}
$storage = new OAuth2Storage(\DBA::$dba->db);
@@ -85,10 +85,8 @@ class Authorize extends \Zotlabs\Web\Controller {
$is_authorized = ($_POST['authorize'] === 'allow');
$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
if ($is_authorized) {
- // this is only here so that you get to see your code in the cURL request. Otherwise,
- // we'd redirect back to the client
$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
- echo("SUCCESS! Authorization Code: $code");
+ logger('Authorization Code: ' . $code);
}
$response->send();
diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php
index 82e309f1c..8d6552e36 100644
--- a/Zotlabs/Module/Oauth2testvehicle.php
+++ b/Zotlabs/Module/Oauth2testvehicle.php
@@ -164,6 +164,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
$_SESSION['access_token'] = $response['access_token'];
}
break;
+/*
case 'delete_db':
$status = true;
// Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables
@@ -206,6 +207,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
$_SESSION['success'] = 'create_db';
}
break;
+*/
default:
break;
diff --git a/Zotlabs/Update/_1210.php b/Zotlabs/Update/_1210.php
new file mode 100644
index 000000000..813e3fe82
--- /dev/null
+++ b/Zotlabs/Update/_1210.php
@@ -0,0 +1,78 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1210 {
+
+ function run() {
+
+ $sql = "CREATE TABLE oauth_clients (
+ client_id VARCHAR(80) NOT NULL,
+ client_secret VARCHAR(80),
+ redirect_uri VARCHAR(2000),
+ grant_types VARCHAR(80),
+ scope VARCHAR(4000),
+ user_id VARCHAR(80),
+ PRIMARY KEY (client_id)
+);
+
+CREATE TABLE oauth_access_tokens (
+ access_token VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(255),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ PRIMARY KEY (access_token)
+);
+
+CREATE TABLE oauth_authorization_codes (
+ authorization_code VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(255),
+ redirect_uri VARCHAR(2000),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ id_token VARCHAR(1000),
+ PRIMARY KEY (authorization_code)
+);
+
+CREATE TABLE oauth_refresh_tokens (
+ refresh_token VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(255),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ PRIMARY KEY (refresh_token)
+);
+
+CREATE TABLE oauth_scopes (
+ scope VARCHAR(191) NOT NULL,
+ is_default SMALLINT,
+ PRIMARY KEY (scope)
+);
+
+CREATE TABLE oauth_jwt (
+ client_id VARCHAR(80) NOT NULL,
+ subject VARCHAR(80),
+ public_key VARCHAR(2000) NOT NULL
+);
+";
+
+ $arr = explode(';', $sql);
+ $errors = 0;
+ foreach($arr as $a) {
+ if(strlen(trim($a))) {
+ $r = dbq(trim($a));
+ if(! $r) {
+ $errors ++;
+ }
+ }
+ }
+
+ if(! $errors)
+ return UPDATE_SUCCESS;
+ return UPDATE_FAILED;
+
+ }
+
+}
diff --git a/boot.php b/boot.php
index 639d68ad6..7ac4080a4 100755
--- a/boot.php
+++ b/boot.php
@@ -54,7 +54,7 @@ define ( 'STD_VERSION', '3.3.3' );
define ( 'ZOT_REVISION', '6.0a' );
-define ( 'DB_UPDATE_VERSION', 1209 );
+define ( 'DB_UPDATE_VERSION', 1210 );
define ( 'PROJECT_BASE', __DIR__ );
diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql
index 0d098d661..bfb49d195 100644
--- a/install/schema_mysql.sql
+++ b/install/schema_mysql.sql
@@ -1597,3 +1597,55 @@ CREATE TABLE if not exists calendarinstances (
UNIQUE(calendarid, principaluri),
UNIQUE(calendarid, share_href)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+
+CREATE TABLE if not exists oauth_clients (
+ client_id VARCHAR(80) NOT NULL,
+ client_secret VARCHAR(80),
+ redirect_uri VARCHAR(2000),
+ grant_types VARCHAR(80),
+ scope VARCHAR(4000),
+ user_id VARCHAR(80),
+ PRIMARY KEY (client_id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_access_tokens (
+ access_token VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(255),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ PRIMARY KEY (access_token)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_authorization_codes (
+ authorization_code VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(255),
+ redirect_uri VARCHAR(2000),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ id_token VARCHAR(1000),
+ PRIMARY KEY (authorization_code)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_refresh_tokens (
+ refresh_token VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(255),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ PRIMARY KEY (refresh_token)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_scopes (
+ scope VARCHAR(191) NOT NULL,
+ is_default TINYINT(1),
+ PRIMARY KEY (scope)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_jwt (
+ client_id VARCHAR(80) NOT NULL,
+ subject VARCHAR(80),
+ public_key VARCHAR(2000) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql
index a4f6e9253..df94712fe 100644
--- a/install/schema_postgres.sql
+++ b/install/schema_postgres.sql
@@ -1610,3 +1610,57 @@ ALTER TABLE ONLY users
CREATE UNIQUE INDEX users_ukey
ON users USING btree (username);
+
+
+CREATE TABLE oauth_clients (
+ client_id VARCHAR(80) NOT NULL,
+ client_secret VARCHAR(80),
+ redirect_uri VARCHAR(2000),
+ grant_types VARCHAR(80),
+ scope VARCHAR(4000),
+ user_id VARCHAR(80),
+ PRIMARY KEY (client_id)
+);
+
+CREATE TABLE oauth_access_tokens (
+ access_token VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(255),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ PRIMARY KEY (access_token)
+);
+
+CREATE TABLE oauth_authorization_codes (
+ authorization_code VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(255),
+ redirect_uri VARCHAR(2000),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ id_token VARCHAR(1000),
+ PRIMARY KEY (authorization_code)
+);
+
+CREATE TABLE oauth_refresh_tokens (
+ refresh_token VARCHAR(40) NOT NULL,
+ client_id VARCHAR(80) NOT NULL,
+ user_id VARCHAR(255),
+ expires TIMESTAMP NOT NULL,
+ scope VARCHAR(4000),
+ PRIMARY KEY (refresh_token)
+);
+
+CREATE TABLE oauth_scopes (
+ scope VARCHAR(191) NOT NULL,
+ is_default SMALLINT,
+ PRIMARY KEY (scope)
+);
+
+CREATE TABLE oauth_jwt (
+ client_id VARCHAR(80) NOT NULL,
+ subject VARCHAR(80),
+ public_key VARCHAR(2000) NOT NULL
+);
+
+