aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-02-15 18:47:56 -0800
committerzotlabs <mike@macgirvin.com>2018-02-15 18:47:56 -0800
commit27cd26ec1e26b6c389a623395687af5052f0b5a1 (patch)
tree1d422886d22306cbf60236ebfbbf3c3a9e560c46
parentc11ebd12d5baa6aa8f7ea51b7e753ed2d3a0d1d8 (diff)
downloadvolse-hubzilla-27cd26ec1e26b6c389a623395687af5052f0b5a1.tar.gz
volse-hubzilla-27cd26ec1e26b6c389a623395687af5052f0b5a1.tar.bz2
volse-hubzilla-27cd26ec1e26b6c389a623395687af5052f0b5a1.zip
extend the oauth2 storage driver so that we can use our own channel table
-rw-r--r--Zotlabs/Identity/OAuth2Server.php43
-rw-r--r--Zotlabs/Identity/OAuth2Storage.php81
-rw-r--r--Zotlabs/Module/Authorize.php55
-rw-r--r--Zotlabs/Module/Token.php46
4 files changed, 171 insertions, 54 deletions
diff --git a/Zotlabs/Identity/OAuth2Server.php b/Zotlabs/Identity/OAuth2Server.php
new file mode 100644
index 000000000..3d7d5efb2
--- /dev/null
+++ b/Zotlabs/Identity/OAuth2Server.php
@@ -0,0 +1,43 @@
+<?php
+
+namespace Zotlabs\Identity;
+
+class OAuth2Server {
+
+ public $server;
+
+ public function __construct() {
+
+ $storage = new OAuth2Storage(\DBA::$dba->db);
+
+ $config = [
+ 'use_openid_connect' => true,
+ 'issuer' => \Zotlabs\Lib\System::get_site_name()
+ ];
+
+ // Pass a storage object or array of storage objects to the OAuth2 server class
+ $this->server = new \OAuth2\Server($storage,$config);
+
+ // Add the "Client Credentials" grant type (it is the simplest of the grant types)
+ $this->server->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage));
+
+ // Add the "Authorization Code" grant type (this is where the oauth magic happens)
+ $this->server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));
+
+ $keyStorage = new \OAuth2\Storage\Memory( [
+ 'keys' => [
+ 'public_key' => get_config('system','pubkey'),
+ 'private_key' => get_config('system','prvkey')
+ ]
+ ]);
+
+ $this->server->addStorage($keyStorage,'public_key');
+
+ }
+
+ public function get_server() {
+ return $this->server;
+ }
+
+
+} \ No newline at end of file
diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php
new file mode 100644
index 000000000..bc6db565c
--- /dev/null
+++ b/Zotlabs/Identity/OAuth2Storage.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace Zotlabs\Identity;
+
+
+class OAuth2Storage extends \OAuth2\Storage\Pdo {
+
+ /**
+ * @param string $username
+ * @param string $password
+ * @return bool
+ */
+ public function checkUserCredentials($username, $password)
+ {
+ if ($user = $this->getUser($username)) {
+ return $this->checkPassword($user, $password);
+ }
+
+ return false;
+ }
+
+ /**
+ * @param string $username
+ * @return array|bool
+ */
+ public function getUserDetails($username)
+ {
+ return $this->getUser($username);
+ }
+
+
+ /**
+ *
+ * @param array $user
+ * @param string $password
+ * @return bool
+ */
+ protected function checkPassword($user, $password)
+ {
+
+ $x = account_verify_password($user,$password);
+ return((array_key_exists('channel',$x) && ! empty($x['channel'])) ? true : false);
+
+ }
+
+ /**
+ * @param string $username
+ * @return array|bool
+ */
+ public function getUser($username)
+ {
+
+ $x = channelx_by_nick($username);
+ if(! $x) {
+ return false;
+ }
+
+ return( [
+ 'username' => $x['channel_address'],
+ 'user_id' => $x['channel_id'],
+ 'firstName' => $x['channel_name'],
+ 'lastName' => '',
+ 'password' => 'NotARealPassword'
+ ] );
+ }
+
+ /**
+ * plaintext passwords are bad! Override this for your application
+ *
+ * @param string $username
+ * @param string $password
+ * @param string $firstName
+ * @param string $lastName
+ * @return bool
+ */
+ public function setUser($username, $password, $firstName = null, $lastName = null)
+ {
+ return true;
+ }
+
+} \ No newline at end of file
diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php
index 06f66c456..7676b0855 100644
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -6,41 +6,38 @@ namespace Zotlabs\Module;
class Authorize extends \Zotlabs\Web\Controller {
- function get() {
+ function init() {
- // workaround for HTTP-auth in CGI mode
- if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
- $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
+ // workaround for HTTP-auth in CGI mode
+ if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+ $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+ if(strlen($userpass)) {
+ list($name, $password) = explode(':', $userpass);
+ $_SERVER['PHP_AUTH_USER'] = $name;
+ $_SERVER['PHP_AUTH_PW'] = $password;
}
-
- if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
- $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
+ }
+
+ if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
+ $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
+ if(strlen($userpass)) {
+ list($name, $password) = explode(':', $userpass);
+ $_SERVER['PHP_AUTH_USER'] = $name;
+ $_SERVER['PHP_AUTH_PW'] = $password;
}
+ }
+ $s = new \Zotlabs\Identity\OAuth2Server();
+ $request = \OAuth2\Request::createFromGlobals();
+ $response = new \OAuth2\Response();
-
- require_once('include/oauth2.php');
-
- $request = \OAuth2\Request::createFromGlobals();
- $response = new \OAuth2\Response();
-
- // validate the authorize request
- if (! $oauth2_server->validateAuthorizeRequest($request, $response)) {
- $response->send();
- killme();
- }
+ // validate the authorize request
+ if (! $s->server->validateAuthorizeRequest($request, $response)) {
+ $response->send();
+ killme();
+ }
// display an authorization form
if (empty($_POST)) {
@@ -55,7 +52,7 @@ class Authorize extends \Zotlabs\Web\Controller {
// print the authorization code if the user has authorized your client
$is_authorized = ($_POST['authorized'] === 'yes');
- $oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized);
+ $s->server->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
if ($is_authorized) {
// this is only here so that you get to see your code in the cURL request. Otherwise,
// we'd redirect back to the client
diff --git a/Zotlabs/Module/Token.php b/Zotlabs/Module/Token.php
index e0d9d74d7..5cde58895 100644
--- a/Zotlabs/Module/Token.php
+++ b/Zotlabs/Module/Token.php
@@ -5,36 +5,32 @@ namespace Zotlabs\Module;
class Token extends \Zotlabs\Web\Controller {
-
- function get() {
-
-
- // workaround for HTTP-auth in CGI mode
- if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
- $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
+ function init() {
+
+ // workaround for HTTP-auth in CGI mode
+ if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+ $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+ if(strlen($userpass)) {
+ list($name, $password) = explode(':', $userpass);
+ $_SERVER['PHP_AUTH_USER'] = $name;
+ $_SERVER['PHP_AUTH_PW'] = $password;
}
-
- if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
- $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
+ }
+
+ if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
+ $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
+ if(strlen($userpass)) {
+ list($name, $password) = explode(':', $userpass);
+ $_SERVER['PHP_AUTH_USER'] = $name;
+ $_SERVER['PHP_AUTH_PW'] = $password;
}
+ }
+ $s = new \Zotlabs\Identity\OAuth2Server();
+ $s->server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send();
-
- require_once('include/oauth2.php');
- $oauth2_server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send();
-
- killme();
+ killme();
}
} \ No newline at end of file