Successful OAuth2 sequence demonstrated with the test vehicle, including an authenticated API call using an access_token.

author: Andrew Manning <tamanning@zoho.com> 2018-02-26 18:16:43 -0500
committer: Andrew Manning <tamanning@zoho.com> 2018-02-26 18:16:43 -0500
commit: 45e0fc6802b360710becf7ddaf6aed6a9de1d876 (patch)
tree: 7299b3c9ad3279929a99a12cfffe485164b73c88 /Zotlabs/Module/Oauth2testvehicle.php
parent: e3095ce6b2c76f13a852f0ec5f782d71101a7c6a (diff)
download: volse-hubzilla-45e0fc6802b360710becf7ddaf6aed6a9de1d876.tar.gz
volse-hubzilla-45e0fc6802b360710becf7ddaf6aed6a9de1d876.tar.bz2
volse-hubzilla-45e0fc6802b360710becf7ddaf6aed6a9de1d876.zip
1 files changed, 67 insertions, 39 deletions
diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php
index 37a0b9b0e..29c6ec50e 100644
--- a/Zotlabs/Module/Oauth2testvehicle.php
+++ b/Zotlabs/Module/Oauth2testvehicle.php
@@ -2,6 +2,12 @@
 
 namespace Zotlabs\Module;
 
+/**
+ * The OAuth2TestVehicle class is a way to test the registration of an OAuth2
+ * client app. It allows you to walk through the steps of registering a client,
+ * requesting an authorization code for that client, and then requesting an 
+ * access token for use in authentication against the Hubzilla API endpoints.
+ */
 class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 
 	function init() {
@@ -14,17 +20,19 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 			// cookie, and compare it when the user comes back. This ensures your 
 			// redirection endpoint isn't able to be tricked into attempting to 
 			// exchange arbitrary authorization codes."
-		if ($_REQUEST['code'] && $_REQUEST['state']) {
-			logger('Authorization callback invoked.', LOGGER_DEBUG);
-			logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG);
-			info('Authorization callback invoked.' . EOL);
-			return $this->get();
-		}
+		$_SESSION['redirect_uri'] = 'http://hub.localhost/oauth2testvehicle';
+		$_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']);
+		$_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] );
+		$_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] );
+		$_SESSION['client_secret'] = (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : $_SESSION['client_secret']);
+		$_SESSION['access_token'] = (x($_REQUEST, 'access_token') ? $_REQUEST['access_token'] : $_SESSION['access_token'] );
+		$_SESSION['api_response'] = (x($_SESSION, 'api_response') ? $_SESSION['api_response'] : '');
 	}
 	function get() {
-
+		
 		$o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array(
 			'$baseurl' => z_root(),
+			'$api_response' => $_SESSION['api_response'],
 			/*
 			  endpoints => array(
 			  array(
@@ -49,7 +57,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 					),
 					'oauth2test_delete_db',
 					'Delete the OAuth2 database tables',
-					'POST'
+					'POST',
+					($_SESSION['success'] === 'delete_db'),
 				),
 				array(
 					'oauth2testvehicle',
@@ -60,58 +69,76 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 					),
 					'oauth2test_create_db',
 					'Create the OAuth2 database tables',
-					'POST'
+					'POST',
+					($_SESSION['success'] === 'create_db'),
 				),
 				array(
 					'authorize',
 					array(
 						array('response_type', 'code'),
-						array('client_id', urlencode('killer_app')),
-						array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'),
+						array('client_id', (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : 'oauth2_test_app')),
+						array('redirect_uri', $_SESSION['redirect_uri']),
 						array('state', 'xyz'),
 						// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
 						// http://openid.net/specs/openid-connect-registration-1_0.html
-						array('client_name', urlencode('Killer App')),
-						array('logo_uri', urlencode('https://client.example.com/website/img/icon.png')),
+						array('client_name', 'OAuth2 Test App'),
+						array('logo_uri', urlencode(z_root() . '/images/icons/plugin.png')),
 						array('client_uri', urlencode('https://client.example.com/website')),
 						array('application_type', 'web'), // would be 'native' for mobile app
 					),
 					'oauth_authorize',
 					'Authorize a test client app',
-					'GET'
+					'GET',
+					(($_REQUEST['code'] && $_REQUEST['state']) ? true : false),
 				),
-				/*
-				 * POST https://api.authorization-server.com/token
-					grant_type=authorization_code&
-					code=AUTH_CODE_HERE&
-					redirect_uri=REDIRECT_URI&
-					client_id=CLIENT_ID
-				 */
 				array(
 					'oauth2testvehicle',
 					array(
 						array('action', 'request_token'),
 						array('grant_type', 'authorization_code'),
-						array('code', (x($_REQUEST, 'code') ? $_REQUEST['code'] : 'no_authorization_code')),
-						array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'),
-						array('client_id', urlencode('killer_app')),
-						array('client_secret', (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : 'no_client_secret')),
+						array('code', $_SESSION['authorization_code']),
+						array('redirect_uri', $_SESSION['redirect_uri']),
+						array('client_id', ($_SESSION['client_id'] ? $_SESSION['client_id'] : 'oauth2_test_app')),
+						array('client_secret', $_SESSION['client_secret']),
 					),
 					'oauth_token_request',
 					'Request a token',
-					'POST'
+					'POST',
+					($_SESSION['success'] === 'request_token'),
+				),
+				array(
+					'oauth2testvehicle',
+					array(
+						array('action', 'api_files'),
+						array('access_token', $_SESSION['access_token']),
+					),
+					'oauth_api_files',
+					'API: Get channel files',
+					'POST',
+					($_SESSION['success'] === 'api_files'),
 				)
 			)
 		));
-
+		$_SESSION['success'] = '';
 		return $o;
 	}
 
 	function post() {
 
-		//logger(json_encode($_POST, JSON_PRETTY_PRINT), LOGGER_DEBUG);
-
 		switch ($_POST['action']) {
+			case 'api_files':
+				$access_token = $_SESSION['access_token'];
+				$url = z_root() . '/api/z/1.0/files/';				
+				$headers = [];
+				$headers[] = 'Authorization: Bearer ' . $access_token;
+				$post = z_fetch_url($url, false, 0, array(
+					'custom' => 'GET',
+					'headers' => $headers,
+				));
+				logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+				$response = json_decode($post['body'], true);
+				$_SESSION['api_response'] = json_encode($response, JSON_PRETTY_PRINT);
+				break;
 			case 'request_token':
 				$grant_type = (x($_POST, 'grant_type') ? $_POST['grant_type'] : '');
 				$redirect_uri = (x($_POST, 'redirect_uri') ? $_POST['redirect_uri'] : '');
@@ -119,19 +146,21 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 				$code = (x($_POST, 'code') ? $_POST['code'] : '');
 				$client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : '');
 				$url = z_root() . '/token/?';
-				$url .= 'grant_type=' . urlencode($grant_type);
+				$url .= 'grant_type=' . $grant_type;
 				$url .= '&redirect_uri=' . urlencode($redirect_uri);
-				$url .= '&client_id=' . urlencode($client_id);
-				$url .= '&code=' . urlencode($code);
+				$url .= '&client_id=' . $client_id;
+				$url .= '&code=' . $code;
 				$post = z_fetch_url($url, false, 0, array(
 					'custom' => 'POST',
 					'http_auth' => $client_id . ':' . $client_secret,
 				));
-				//logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+				logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
 				$response = json_decode($post['body'], true);
 				logger(json_encode($response, JSON_PRETTY_PRINT), LOGGER_DEBUG);
 				if($response['access_token']) {
 					info('Access token received: ' . $response['access_token'] . EOL);
+					$_SESSION['success'] = 'request_token';
+					$_SESSION['access_token'] = $response['access_token'];
 				}
 				break;
 			case 'delete_db':
@@ -140,26 +169,23 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 				// by passing it the database connection 
 				$pdo = \DBA::$dba->db;
 				$storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo);
-				logger('Deleting existing database tables...', LOGGER_DEBUG);
 				foreach ($storage->getConfig() as $key => $table) {
-					logger('Deleting table ' . dbesc($table), LOGGER_DEBUG);
 					$r = q("DROP TABLE %s;", dbesc($table));
 					if (!$r) {
-						logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG);
 						$status = false;
 					}
 				}
 				if (!$status) {
 					notice('Errors encountered deleting database tables.' . EOL);
+					$_SESSION['success'] = '';
 				} else {
 					info('Database tables deleted successfully.' . EOL);
+					$_SESSION['success'] = 'delete_db';
 				}
-
 				break;
 
 			case 'create_db':
 				$status = true;
-				logger('Creating database tables...', LOGGER_DEBUG);
 				@include('.htconfig.php');
 				$pdo = \DBA::$dba->db;
 				$storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo);
@@ -168,15 +194,17 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 						$result = $pdo->exec($statement);
 					} catch (\PDOException $e) {
 						$status = false;
-						logger('Error executing database statement: ' . $statement, LOGGER_DEBUG);
 					}
 				}
 
 				if (!$status) {
 					notice('Errors encountered creating database tables.' . EOL);
+					$_SESSION['success'] = '';
 				} else {
 					info('Database tables created successfully.' . EOL);
+					$_SESSION['success'] = 'create_db';
 				}
+				break;
 
 			default:
 				break;
author	Andrew Manning <tamanning@zoho.com>	2018-02-26 18:16:43 -0500
committer	Andrew Manning <tamanning@zoho.com>	2018-02-26 18:16:43 -0500
commit	45e0fc6802b360710becf7ddaf6aed6a9de1d876 (patch)
tree	7299b3c9ad3279929a99a12cfffe485164b73c88 /Zotlabs/Module/Oauth2testvehicle.php
parent	e3095ce6b2c76f13a852f0ec5f782d71101a7c6a (diff)
download	volse-hubzilla-45e0fc6802b360710becf7ddaf6aed6a9de1d876.tar.gz volse-hubzilla-45e0fc6802b360710becf7ddaf6aed6a9de1d876.tar.bz2 volse-hubzilla-45e0fc6802b360710becf7ddaf6aed6a9de1d876.zip