diff options
| author | Mario Vavti <mario@mariovavti.com> | 2018-08-14 13:04:37 +0200 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2018-08-14 13:04:37 +0200 |
| commit | 10c5b46e3bb4cfa76cbe7158f5eba54809cd0d79 (patch) | |
| tree | dfa20f7e1010f76a9f4b6b7b395cdb57744725e3 /Zotlabs/Module/Authorize.php | |
| parent | b503ef8761e3efd04bf1d1498109344d9ecdb738 (diff) | |
| parent | f15c1c4e54a49d1e76747ca5e3034ca2cef909aa (diff) | |
| download | volse-hubzilla-10c5b46e3bb4cfa76cbe7158f5eba54809cd0d79.tar.gz volse-hubzilla-10c5b46e3bb4cfa76cbe7158f5eba54809cd0d79.tar.bz2 volse-hubzilla-10c5b46e3bb4cfa76cbe7158f5eba54809cd0d79.zip | |
Merge remote-tracking branch 'mike/master' into dev
Diffstat (limited to 'Zotlabs/Module/Authorize.php')
| -rw-r--r-- | Zotlabs/Module/Authorize.php | 58 |
1 files changed, 32 insertions, 26 deletions
diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index e042848d8..c6709f602 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -7,27 +7,34 @@ use Zotlabs\Identity\OAuth2Storage; class Authorize extends \Zotlabs\Web\Controller { function get() { - if (!local_channel()) { + if (! local_channel()) { return login(); - } else { - // TODO: Fully implement the dynamic client registration protocol: - // OpenID Connect Dynamic Client Registration 1.0 Client Metadata - // http://openid.net/specs/openid-connect-registration-1_0.html - $app = array( - 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')), - 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), - 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), - ); - $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( - '$title' => t('Authorize'), - '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '), - '$app' => $app, - '$yes' => t('Allow'), - '$no' => t('Deny'), - '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), + } + else { + + $name = $_REQUEST['client_name']; + if(! $name) { + $name = (($_REQUEST['client_id']) ?: t('Unknown App')); + } + + $app = [ + 'name' => $name, + 'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'), + 'url' => (x($_REQUEST, 'client_uri') ? $_REQUEST['client_uri'] : ''), + ]; + + $link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']); + + $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), [ + '$title' => t('Authorize'), + '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ), + '$app' => $app, + '$yes' => t('Allow'), + '$no' => t('Deny'), + '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), '$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''), - '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''), - )); + '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''), + ]); return $o; } } @@ -60,17 +67,16 @@ class Authorize extends \Zotlabs\Web\Controller { $request = \OAuth2\Request::createFromGlobals(); $response = new \OAuth2\Response(); - // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. - $channel = channelx_by_n(local_channel()); - $user_id = $channel["channel_id"]; + // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. + $channel = channelx_by_n(local_channel()); + $user_id = $channel['channel_id']; // If the client is not registered, add to the database if (!$client = $storage->getClientDetails($client_id)) { - // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST - $client_secret = (isset($_REQUEST["client_secret"])) ? $_REQUEST["client_secret"] : random_string(16); + // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST + $client_secret = (isset($_REQUEST['client_secret'])) ? $_REQUEST['client_secret'] : random_string(16); // Client apps are registered per channel - $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', urldecode($_REQUEST["scope"]), $user_id); - + $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', $_REQUEST['scope'], $user_id); } if (!$client = $storage->getClientDetails($client_id)) { // There was an error registering the client. |