diff options
author | zotlabs <mike@macgirvin.com> | 2018-04-03 21:08:40 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2018-04-03 21:08:40 -0700 |
commit | 4915a4efbb5a25668a917a953b8d8c49a3181e1c (patch) | |
tree | c78dc0df6e224f5f4030267061704de5c140bfef | |
parent | 245142cc07bd989adfb03bb7680e3db948e7564f (diff) | |
download | volse-hubzilla-4915a4efbb5a25668a917a953b8d8c49a3181e1c.tar.gz volse-hubzilla-4915a4efbb5a25668a917a953b8d8c49a3181e1c.tar.bz2 volse-hubzilla-4915a4efbb5a25668a917a953b8d8c49a3181e1c.zip |
OAuth2 integration
-rw-r--r-- | Zotlabs/Module/Authorize.php | 18 | ||||
-rw-r--r-- | Zotlabs/Module/Oauth2testvehicle.php | 2 | ||||
-rw-r--r-- | Zotlabs/Update/_1210.php | 78 | ||||
-rwxr-xr-x | boot.php | 2 | ||||
-rw-r--r-- | install/schema_mysql.sql | 52 | ||||
-rw-r--r-- | install/schema_postgres.sql | 54 |
6 files changed, 195 insertions, 11 deletions
diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index c76dfb9df..bfb76150f 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -14,13 +14,13 @@ class Authorize extends \Zotlabs\Web\Controller { // OpenID Connect Dynamic Client Registration 1.0 Client Metadata // http://openid.net/specs/openid-connect-registration-1_0.html $app = array( - 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'), - 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), - 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), + 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')), + 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), + 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), ); $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( - '$title' => '', - '$authorize' => 'Do you authorize the app <a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> to access your channel data?', + '$title' => t('Authorize'), + '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '), '$app' => $app, '$yes' => t('Allow'), '$no' => t('Deny'), @@ -33,8 +33,8 @@ class Authorize extends \Zotlabs\Web\Controller { } function post() { - if (!local_channel()) { - return $this->get(); + if (! local_channel()) { + return; } $storage = new OAuth2Storage(\DBA::$dba->db); @@ -85,10 +85,8 @@ class Authorize extends \Zotlabs\Web\Controller { $is_authorized = ($_POST['authorize'] === 'allow'); $s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel()); if ($is_authorized) { - // this is only here so that you get to see your code in the cURL request. Otherwise, - // we'd redirect back to the client $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40); - echo("SUCCESS! Authorization Code: $code"); + logger('Authorization Code: ' . $code); } $response->send(); diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 82e309f1c..8d6552e36 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -164,6 +164,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $_SESSION['access_token'] = $response['access_token']; } break; +/* case 'delete_db': $status = true; // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables @@ -206,6 +207,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $_SESSION['success'] = 'create_db'; } break; +*/ default: break; diff --git a/Zotlabs/Update/_1210.php b/Zotlabs/Update/_1210.php new file mode 100644 index 000000000..813e3fe82 --- /dev/null +++ b/Zotlabs/Update/_1210.php @@ -0,0 +1,78 @@ +<?php + +namespace Zotlabs\Update; + +class _1210 { + + function run() { + + $sql = "CREATE TABLE oauth_clients ( + client_id VARCHAR(80) NOT NULL, + client_secret VARCHAR(80), + redirect_uri VARCHAR(2000), + grant_types VARCHAR(80), + scope VARCHAR(4000), + user_id VARCHAR(80), + PRIMARY KEY (client_id) +); + +CREATE TABLE oauth_access_tokens ( + access_token VARCHAR(40) NOT NULL, + client_id VARCHAR(80) NOT NULL, + user_id VARCHAR(255), + expires TIMESTAMP NOT NULL, + scope VARCHAR(4000), + PRIMARY KEY (access_token) +); + +CREATE TABLE oauth_authorization_codes ( + authorization_code VARCHAR(40) NOT NULL, + client_id VARCHAR(80) NOT NULL, + user_id VARCHAR(255), + redirect_uri VARCHAR(2000), + expires TIMESTAMP NOT NULL, + scope VARCHAR(4000), + id_token VARCHAR(1000), + PRIMARY KEY (authorization_code) +); + +CREATE TABLE oauth_refresh_tokens ( + refresh_token VARCHAR(40) NOT NULL, + client_id VARCHAR(80) NOT NULL, + user_id VARCHAR(255), + expires TIMESTAMP NOT NULL, + scope VARCHAR(4000), + PRIMARY KEY (refresh_token) +); + +CREATE TABLE oauth_scopes ( + scope VARCHAR(191) NOT NULL, + is_default SMALLINT, + PRIMARY KEY (scope) +); + +CREATE TABLE oauth_jwt ( + client_id VARCHAR(80) NOT NULL, + subject VARCHAR(80), + public_key VARCHAR(2000) NOT NULL +); +"; + + $arr = explode(';', $sql); + $errors = 0; + foreach($arr as $a) { + if(strlen(trim($a))) { + $r = dbq(trim($a)); + if(! $r) { + $errors ++; + } + } + } + + if(! $errors) + return UPDATE_SUCCESS; + return UPDATE_FAILED; + + } + +} @@ -54,7 +54,7 @@ define ( 'STD_VERSION', '3.3.3' ); define ( 'ZOT_REVISION', '6.0a' ); -define ( 'DB_UPDATE_VERSION', 1209 ); +define ( 'DB_UPDATE_VERSION', 1210 ); define ( 'PROJECT_BASE', __DIR__ ); diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql index 0d098d661..bfb49d195 100644 --- a/install/schema_mysql.sql +++ b/install/schema_mysql.sql @@ -1597,3 +1597,55 @@ CREATE TABLE if not exists calendarinstances ( UNIQUE(calendarid, principaluri), UNIQUE(calendarid, share_href) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + + +CREATE TABLE if not exists oauth_clients ( + client_id VARCHAR(80) NOT NULL, + client_secret VARCHAR(80), + redirect_uri VARCHAR(2000), + grant_types VARCHAR(80), + scope VARCHAR(4000), + user_id VARCHAR(80), + PRIMARY KEY (client_id) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +CREATE TABLE if not exists oauth_access_tokens ( + access_token VARCHAR(40) NOT NULL, + client_id VARCHAR(80) NOT NULL, + user_id VARCHAR(255), + expires TIMESTAMP NOT NULL, + scope VARCHAR(4000), + PRIMARY KEY (access_token) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +CREATE TABLE if not exists oauth_authorization_codes ( + authorization_code VARCHAR(40) NOT NULL, + client_id VARCHAR(80) NOT NULL, + user_id VARCHAR(255), + redirect_uri VARCHAR(2000), + expires TIMESTAMP NOT NULL, + scope VARCHAR(4000), + id_token VARCHAR(1000), + PRIMARY KEY (authorization_code) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +CREATE TABLE if not exists oauth_refresh_tokens ( + refresh_token VARCHAR(40) NOT NULL, + client_id VARCHAR(80) NOT NULL, + user_id VARCHAR(255), + expires TIMESTAMP NOT NULL, + scope VARCHAR(4000), + PRIMARY KEY (refresh_token) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +CREATE TABLE if not exists oauth_scopes ( + scope VARCHAR(191) NOT NULL, + is_default TINYINT(1), + PRIMARY KEY (scope) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +CREATE TABLE if not exists oauth_jwt ( + client_id VARCHAR(80) NOT NULL, + subject VARCHAR(80), + public_key VARCHAR(2000) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql index a4f6e9253..df94712fe 100644 --- a/install/schema_postgres.sql +++ b/install/schema_postgres.sql @@ -1610,3 +1610,57 @@ ALTER TABLE ONLY users CREATE UNIQUE INDEX users_ukey ON users USING btree (username); + + +CREATE TABLE oauth_clients ( + client_id VARCHAR(80) NOT NULL, + client_secret VARCHAR(80), + redirect_uri VARCHAR(2000), + grant_types VARCHAR(80), + scope VARCHAR(4000), + user_id VARCHAR(80), + PRIMARY KEY (client_id) +); + +CREATE TABLE oauth_access_tokens ( + access_token VARCHAR(40) NOT NULL, + client_id VARCHAR(80) NOT NULL, + user_id VARCHAR(255), + expires TIMESTAMP NOT NULL, + scope VARCHAR(4000), + PRIMARY KEY (access_token) +); + +CREATE TABLE oauth_authorization_codes ( + authorization_code VARCHAR(40) NOT NULL, + client_id VARCHAR(80) NOT NULL, + user_id VARCHAR(255), + redirect_uri VARCHAR(2000), + expires TIMESTAMP NOT NULL, + scope VARCHAR(4000), + id_token VARCHAR(1000), + PRIMARY KEY (authorization_code) +); + +CREATE TABLE oauth_refresh_tokens ( + refresh_token VARCHAR(40) NOT NULL, + client_id VARCHAR(80) NOT NULL, + user_id VARCHAR(255), + expires TIMESTAMP NOT NULL, + scope VARCHAR(4000), + PRIMARY KEY (refresh_token) +); + +CREATE TABLE oauth_scopes ( + scope VARCHAR(191) NOT NULL, + is_default SMALLINT, + PRIMARY KEY (scope) +); + +CREATE TABLE oauth_jwt ( + client_id VARCHAR(80) NOT NULL, + subject VARCHAR(80), + public_key VARCHAR(2000) NOT NULL +); + + |