diff options
author | zotlabs <mike@macgirvin.com> | 2017-05-03 22:37:06 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-05-03 22:37:06 -0700 |
commit | b08af13872a698c85bb2cf9abd6651bc5c98f7bd (patch) | |
tree | 30f07a17af9facb2bbfd412581111bc7e0b6c5be /Zotlabs/Module/Authorize.php | |
parent | 05cbdc6915cfd5cd814f08596567403cc7e777e7 (diff) | |
download | volse-hubzilla-b08af13872a698c85bb2cf9abd6651bc5c98f7bd.tar.gz volse-hubzilla-b08af13872a698c85bb2cf9abd6651bc5c98f7bd.tar.bz2 volse-hubzilla-b08af13872a698c85bb2cf9abd6651bc5c98f7bd.zip |
oauth2/oidc testing (please do not port - this requires several extra DB tables to work)
Diffstat (limited to 'Zotlabs/Module/Authorize.php')
-rw-r--r-- | Zotlabs/Module/Authorize.php | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php new file mode 100644 index 000000000..06f66c456 --- /dev/null +++ b/Zotlabs/Module/Authorize.php @@ -0,0 +1,71 @@ +<?php + +namespace Zotlabs\Module; + + +class Authorize extends \Zotlabs\Web\Controller { + + + function get() { + + + // workaround for HTTP-auth in CGI mode + if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + if (x($_SERVER, 'HTTP_AUTHORIZATION')) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + + + + require_once('include/oauth2.php'); + + $request = \OAuth2\Request::createFromGlobals(); + $response = new \OAuth2\Response(); + + // validate the authorize request + if (! $oauth2_server->validateAuthorizeRequest($request, $response)) { + $response->send(); + killme(); + } + + // display an authorization form + if (empty($_POST)) { + + return ' +<form method="post"> + <label>Do You Authorize TestClient?</label><br /> + <input type="submit" name="authorized" value="yes"> + <input type="submit" name="authorized" value="no"> +</form>'; + } + + // print the authorization code if the user has authorized your client + $is_authorized = ($_POST['authorized'] === 'yes'); + $oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized); + if ($is_authorized) { + // this is only here so that you get to see your code in the cURL request. Otherwise, + // we'd redirect back to the client + $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40); + echo("SUCCESS! Authorization Code: $code"); + + } + + $response->send(); + killme(); + } + +}
\ No newline at end of file |