OAuth2 integration

6 files changed, 195 insertions, 11 deletions

diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php
index c76dfb9df..bfb76150f 100644
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -14,13 +14,13 @@ class Authorize extends \Zotlabs\Web\Controller {
 			// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
 			// http://openid.net/specs/openid-connect-registration-1_0.html
 			$app = array(
-				'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'),
-				'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
-				'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
+				'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
+				'icon' => (x($_REQUEST, 'logo_uri')    ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
+				'url'  => (x($_REQUEST, 'client_uri')  ? urldecode($_REQUEST['client_uri']) : ''),
 			);
 			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
-				'$title' => '',
-				'$authorize' => 'Do you authorize the app <a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> to access your channel data?',
+				'$title' => t('Authorize'),
+				'$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
 				'$app' => $app,
 				'$yes' => t('Allow'),
 				'$no' => t('Deny'),
@@ -33,8 +33,8 @@ class Authorize extends \Zotlabs\Web\Controller {
 	}
 
 	function post() {
-		if (!local_channel()) {
-			return $this->get();
+		if (! local_channel()) {
+			return;
 		}
 
 		$storage = new OAuth2Storage(\DBA::$dba->db);
@@ -85,10 +85,8 @@ class Authorize extends \Zotlabs\Web\Controller {
 		$is_authorized = ($_POST['authorize'] === 'allow');
 		$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
 		if ($is_authorized) {
-			// this is only here so that you get to see your code in the cURL request. Otherwise,
-			// we'd redirect back to the client
 			$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
-			echo("SUCCESS! Authorization Code: $code");
+			logger('Authorization Code: ' .  $code);
 		}
 
 		$response->send();
diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php
index 82e309f1c..8d6552e36 100644
--- a/Zotlabs/Module/Oauth2testvehicle.php
+++ b/Zotlabs/Module/Oauth2testvehicle.php
@@ -164,6 +164,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 					$_SESSION['access_token'] = $response['access_token'];
 				}
 				break;
+/*
 			case 'delete_db':
 				$status = true;
 				// Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables
@@ -206,6 +207,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 					$_SESSION['success'] = 'create_db';
 				}
 				break;
+*/
 
 			default:
 				break;
diff --git a/Zotlabs/Update/_1210.php b/Zotlabs/Update/_1210.php
new file mode 100644
index 000000000..813e3fe82
--- /dev/null
+++ b/Zotlabs/Update/_1210.php
@@ -0,0 +1,78 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1210 {
+
+	function run() {
+
+	$sql = "CREATE TABLE oauth_clients (
+  client_id             VARCHAR(80)   NOT NULL,
+  client_secret         VARCHAR(80),
+  redirect_uri          VARCHAR(2000),
+  grant_types           VARCHAR(80),
+  scope                 VARCHAR(4000),
+  user_id               VARCHAR(80),
+  PRIMARY KEY (client_id)
+);
+
+CREATE TABLE oauth_access_tokens (
+  access_token         VARCHAR(40)    NOT NULL,
+  client_id            VARCHAR(80)    NOT NULL,
+  user_id              VARCHAR(255),
+  expires              TIMESTAMP      NOT NULL,
+  scope                VARCHAR(4000),
+  PRIMARY KEY (access_token)
+);
+
+CREATE TABLE oauth_authorization_codes (
+  authorization_code  VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  redirect_uri        VARCHAR(2000),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  id_token            VARCHAR(1000),
+  PRIMARY KEY (authorization_code)
+);
+
+CREATE TABLE oauth_refresh_tokens (
+  refresh_token       VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  PRIMARY KEY (refresh_token)
+);
+
+CREATE TABLE oauth_scopes (
+  scope               VARCHAR(191)    NOT NULL,
+  is_default          SMALLINT,
+  PRIMARY KEY (scope)
+);
+
+CREATE TABLE oauth_jwt (
+  client_id           VARCHAR(80)     NOT NULL,
+  subject             VARCHAR(80),
+  public_key          VARCHAR(2000)   NOT NULL
+);
+";
+
+		$arr = explode(';', $sql);
+		$errors = 0;
+		foreach($arr as $a) {
+			if(strlen(trim($a))) {
+				$r = dbq(trim($a));
+				if(! $r) {
+					$errors ++;
+				}
+			}
+		}
+
+		if(! $errors)
+			return UPDATE_SUCCESS;
+		return UPDATE_FAILED;
+
+	}
+
+}
diff --git a/boot.php b/boot.php
index 639d68ad6..7ac4080a4 100755
--- a/boot.php
+++ b/boot.php
@@ -54,7 +54,7 @@ define ( 'STD_VERSION',             '3.3.3' );
 define ( 'ZOT_REVISION',            '6.0a' );
 
 
-define ( 'DB_UPDATE_VERSION',       1209 );
+define ( 'DB_UPDATE_VERSION',       1210 );
 
 define ( 'PROJECT_BASE',   __DIR__ );
 
diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql
index 0d098d661..bfb49d195 100644
--- a/install/schema_mysql.sql
+++ b/install/schema_mysql.sql
@@ -1597,3 +1597,55 @@ CREATE TABLE if not exists calendarinstances (
     UNIQUE(calendarid, principaluri),
     UNIQUE(calendarid, share_href)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+
+CREATE TABLE if not exists oauth_clients (
+  client_id             VARCHAR(80)   NOT NULL,
+  client_secret         VARCHAR(80),
+  redirect_uri          VARCHAR(2000),
+  grant_types           VARCHAR(80),
+  scope                 VARCHAR(4000),
+  user_id               VARCHAR(80),
+  PRIMARY KEY (client_id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_access_tokens (
+  access_token         VARCHAR(40)    NOT NULL,
+  client_id            VARCHAR(80)    NOT NULL,
+  user_id              VARCHAR(255),
+  expires              TIMESTAMP      NOT NULL,
+  scope                VARCHAR(4000),
+  PRIMARY KEY (access_token)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_authorization_codes (
+  authorization_code  VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  redirect_uri        VARCHAR(2000),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  id_token            VARCHAR(1000),
+  PRIMARY KEY (authorization_code)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_refresh_tokens (
+  refresh_token       VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  PRIMARY KEY (refresh_token)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_scopes (
+  scope               VARCHAR(191)    NOT NULL,
+  is_default          TINYINT(1),
+  PRIMARY KEY (scope)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE if not exists oauth_jwt (
+  client_id           VARCHAR(80)     NOT NULL,
+  subject             VARCHAR(80),
+  public_key          VARCHAR(2000)   NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql
index a4f6e9253..df94712fe 100644
--- a/install/schema_postgres.sql
+++ b/install/schema_postgres.sql
@@ -1610,3 +1610,57 @@ ALTER TABLE ONLY users
 
 CREATE UNIQUE INDEX users_ukey
     ON users USING btree (username);
+
+
+CREATE TABLE oauth_clients (
+  client_id             VARCHAR(80)   NOT NULL,
+  client_secret         VARCHAR(80),
+  redirect_uri          VARCHAR(2000),
+  grant_types           VARCHAR(80),
+  scope                 VARCHAR(4000),
+  user_id               VARCHAR(80),
+  PRIMARY KEY (client_id)
+);
+
+CREATE TABLE oauth_access_tokens (
+  access_token         VARCHAR(40)    NOT NULL,
+  client_id            VARCHAR(80)    NOT NULL,
+  user_id              VARCHAR(255),
+  expires              TIMESTAMP      NOT NULL,
+  scope                VARCHAR(4000),
+  PRIMARY KEY (access_token)
+);
+
+CREATE TABLE oauth_authorization_codes (
+  authorization_code  VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  redirect_uri        VARCHAR(2000),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  id_token            VARCHAR(1000),
+  PRIMARY KEY (authorization_code)
+);
+
+CREATE TABLE oauth_refresh_tokens (
+  refresh_token       VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  PRIMARY KEY (refresh_token)
+);
+
+CREATE TABLE oauth_scopes (
+  scope               VARCHAR(191)    NOT NULL,
+  is_default          SMALLINT,
+  PRIMARY KEY (scope)
+);
+
+CREATE TABLE oauth_jwt (
+  client_id           VARCHAR(80)     NOT NULL,
+  subject             VARCHAR(80),
+  public_key          VARCHAR(2000)   NOT NULL
+);
+
+