Merge remote-tracking branch 'mike/master' into dev

4 files changed, 171 insertions, 54 deletions

diff --git a/Zotlabs/Identity/OAuth2Server.php b/Zotlabs/Identity/OAuth2Server.php
new file mode 100644
index 000000000..3d7d5efb2
--- /dev/null
+++ b/Zotlabs/Identity/OAuth2Server.php
@@ -0,0 +1,43 @@
+<?php
+
+namespace Zotlabs\Identity;
+
+class OAuth2Server {
+
+	public $server;
+
+	public function __construct() {
+
+		$storage = new OAuth2Storage(\DBA::$dba->db);
+
+		$config = [
+			'use_openid_connect' => true,
+			'issuer' => \Zotlabs\Lib\System::get_site_name()
+		];
+
+		// Pass a storage object or array of storage objects to the OAuth2 server class
+		$this->server = new \OAuth2\Server($storage,$config);
+
+		// Add the "Client Credentials" grant type (it is the simplest of the grant types)
+		$this->server->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage));
+
+		// Add the "Authorization Code" grant type (this is where the oauth magic happens)
+		$this->server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));
+
+		$keyStorage = new \OAuth2\Storage\Memory( [ 
+			'keys' => [ 
+				'public_key'  => get_config('system','pubkey'),
+				'private_key' => get_config('system','prvkey')
+			]
+		]);
+
+		$this->server->addStorage($keyStorage,'public_key');
+
+	}
+
+	public function get_server() {
+		return $this->server;
+	} 
+
+
+}
\ No newline at end of file
diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php
new file mode 100644
index 000000000..bc6db565c
--- /dev/null
+++ b/Zotlabs/Identity/OAuth2Storage.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace Zotlabs\Identity;
+
+
+class OAuth2Storage extends \OAuth2\Storage\Pdo {
+
+    /**
+     * @param string $username
+     * @param string $password
+     * @return bool
+     */
+    public function checkUserCredentials($username, $password)
+    {
+        if ($user = $this->getUser($username)) {
+            return $this->checkPassword($user, $password);
+        }
+
+        return false;
+    }
+
+    /**
+     * @param string $username
+     * @return array|bool
+     */
+    public function getUserDetails($username)
+    {
+        return $this->getUser($username);
+    }
+
+
+    /**
+     *
+     * @param array $user
+     * @param string $password
+     * @return bool
+     */
+    protected function checkPassword($user, $password)
+    {
+
+		$x = account_verify_password($user,$password);
+		return((array_key_exists('channel',$x) && ! empty($x['channel'])) ? true : false);
+
+    }
+
+    /**
+     * @param string $username
+     * @return array|bool
+     */
+    public function getUser($username)
+    {
+
+		$x = channelx_by_nick($username);
+		if(! $x) {
+			return false;
+		}
+
+		return( [
+			'username'  => $x['channel_address'],
+			'user_id'   => $x['channel_id'],
+			'firstName' => $x['channel_name'],
+			'lastName'  => '',
+			'password'  => 'NotARealPassword'
+		] );
+    }
+
+    /**
+     * plaintext passwords are bad!  Override this for your application
+     *
+     * @param string $username
+     * @param string $password
+     * @param string $firstName
+     * @param string $lastName
+     * @return bool
+     */
+    public function setUser($username, $password, $firstName = null, $lastName = null)
+    {
+        return true;
+    }
+
+}
\ No newline at end of file
diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php
index 06f66c456..7676b0855 100644
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -6,41 +6,38 @@ namespace Zotlabs\Module;
 class Authorize extends \Zotlabs\Web\Controller {
 
 
-	function get() {
+	function init() {
 
 
-			// workaround for HTTP-auth in CGI mode
-			if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
-				$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
-				if(strlen($userpass)) {
-					list($name, $password) = explode(':', $userpass);
-					$_SERVER['PHP_AUTH_USER'] = $name;
-					$_SERVER['PHP_AUTH_PW'] = $password;
-				}
+		// workaround for HTTP-auth in CGI mode
+		if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+			if(strlen($userpass)) {
+				list($name, $password) = explode(':', $userpass);
+				$_SERVER['PHP_AUTH_USER'] = $name;
+				$_SERVER['PHP_AUTH_PW'] = $password;
 			}
-
-			if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
-				$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
-				if(strlen($userpass)) {
-					list($name, $password) = explode(':', $userpass);
-					$_SERVER['PHP_AUTH_USER'] = $name;
-					$_SERVER['PHP_AUTH_PW'] = $password;
-				}
+		}
+
+		if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
+			$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
+			if(strlen($userpass)) {
+				list($name, $password) = explode(':', $userpass);
+				$_SERVER['PHP_AUTH_USER'] = $name;
+				$_SERVER['PHP_AUTH_PW'] = $password;
 			}
+		}
 
+		$s = new \Zotlabs\Identity\OAuth2Server();
 
+		$request = \OAuth2\Request::createFromGlobals();
+		$response = new \OAuth2\Response();
 
-
-	require_once('include/oauth2.php');
-
-	$request = \OAuth2\Request::createFromGlobals();
-	$response = new \OAuth2\Response();
-
-	// validate the authorize request
-	if (! $oauth2_server->validateAuthorizeRequest($request, $response)) {
-	    $response->send();
-    	killme();
-	}
+		// validate the authorize request
+		if (! $s->server->validateAuthorizeRequest($request, $response)) {
+		    $response->send();
+    		killme();
+		}
 
 	// display an authorization form
 	if (empty($_POST)) {
@@ -55,7 +52,7 @@ class Authorize extends \Zotlabs\Web\Controller {
 
 	// print the authorization code if the user has authorized your client
 	$is_authorized = ($_POST['authorized'] === 'yes');
-	$oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized);
+	$s->server->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
 	if ($is_authorized) {
 		// this is only here so that you get to see your code in the cURL request. Otherwise, 
 		// we'd redirect back to the client
diff --git a/Zotlabs/Module/Token.php b/Zotlabs/Module/Token.php
index e0d9d74d7..5cde58895 100644
--- a/Zotlabs/Module/Token.php
+++ b/Zotlabs/Module/Token.php
@@ -5,36 +5,32 @@ namespace Zotlabs\Module;
 
 class Token extends \Zotlabs\Web\Controller {
 
-
-	function get() {
-
-
-			// workaround for HTTP-auth in CGI mode
-			if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
-				$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
-				if(strlen($userpass)) {
-					list($name, $password) = explode(':', $userpass);
-					$_SERVER['PHP_AUTH_USER'] = $name;
-					$_SERVER['PHP_AUTH_PW'] = $password;
-				}
+	function init() {
+
+		// workaround for HTTP-auth in CGI mode
+		if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+			if(strlen($userpass)) {
+				list($name, $password) = explode(':', $userpass);
+				$_SERVER['PHP_AUTH_USER'] = $name;
+				$_SERVER['PHP_AUTH_PW'] = $password;
 			}
-
-			if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
-				$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
-				if(strlen($userpass)) {
-					list($name, $password) = explode(':', $userpass);
-					$_SERVER['PHP_AUTH_USER'] = $name;
-					$_SERVER['PHP_AUTH_PW'] = $password;
-				}
+		}
+
+		if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
+			$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
+			if(strlen($userpass)) {
+				list($name, $password) = explode(':', $userpass);
+				$_SERVER['PHP_AUTH_USER'] = $name;
+				$_SERVER['PHP_AUTH_PW'] = $password;
 			}
+		}
 
 
+		$s = new \Zotlabs\Identity\OAuth2Server();
+		$s->server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send();
 
-
-	require_once('include/oauth2.php');
-	$oauth2_server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send(); 
-
-	killme();
+		killme();
 	}
 
 }
\ No newline at end of file