diff options
author | zotlabs <mike@macgirvin.com> | 2018-08-12 15:10:19 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2018-08-12 15:10:19 -0700 |
commit | 2d29095348eb8ab73bac7c22b4f87bfed7ea06c0 (patch) | |
tree | 0385828542ba0b8c930b10b8cac503777b696e45 /Zotlabs/Module | |
parent | ac03b4ccd74e52d8f1c78ad6393e8d90171516ce (diff) | |
parent | 759a18685b75e631d5884d610cc3a6fe483b821d (diff) | |
download | volse-hubzilla-2d29095348eb8ab73bac7c22b4f87bfed7ea06c0.tar.gz volse-hubzilla-2d29095348eb8ab73bac7c22b4f87bfed7ea06c0.tar.bz2 volse-hubzilla-2d29095348eb8ab73bac7c22b4f87bfed7ea06c0.zip |
Merge branch 'dev' of https://framagit.org/hubzilla/core into xdev_merge
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r-- | Zotlabs/Module/Admin/Site.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Authorize.php | 12 | ||||
-rw-r--r-- | Zotlabs/Module/Settings/Oauth2.php | 35 | ||||
-rw-r--r-- | Zotlabs/Module/Token.php | 8 | ||||
-rw-r--r-- | Zotlabs/Module/Userinfo.php | 17 |
5 files changed, 59 insertions, 15 deletions
diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 292de4c3a..5912a7c97 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -332,7 +332,7 @@ class Site { '$register_policy' => array('register_policy', t("Does this site allow new member registration?"), get_config('system','register_policy'), "", $register_choices), '$invite_only' => array('invite_only', t("Invitation only"), get_config('system','invitation_only'), t("Only allow new member registrations with an invitation code. Above register policy must be set to Yes.")), '$minimum_age' => array('minimum_age', t("Minimum age"), (x(get_config('system','minimum_age'))?get_config('system','minimum_age'):13), t("Minimum age (in years) for who may register on this site.")), - '$access_policy' => array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), "This is displayed on the public server site list.", $access_choices), + '$access_policy' => array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), t("This is displayed on the public server site list."), $access_choices), '$register_text' => array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), '$role' => $role, '$frontpage' => array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'public' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")), diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index bfb76150f..e042848d8 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -60,12 +60,16 @@ class Authorize extends \Zotlabs\Web\Controller { $request = \OAuth2\Request::createFromGlobals(); $response = new \OAuth2\Response(); + // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. + $channel = channelx_by_n(local_channel()); + $user_id = $channel["channel_id"]; + // If the client is not registered, add to the database if (!$client = $storage->getClientDetails($client_id)) { - $client_secret = random_string(16); + // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST + $client_secret = (isset($_REQUEST["client_secret"])) ? $_REQUEST["client_secret"] : random_string(16); // Client apps are registered per channel - $user_id = local_channel(); - $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id); + $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', urldecode($_REQUEST["scope"]), $user_id); } if (!$client = $storage->getClientDetails($client_id)) { @@ -83,7 +87,7 @@ class Authorize extends \Zotlabs\Web\Controller { // print the authorization code if the user has authorized your client $is_authorized = ($_POST['authorize'] === 'allow'); - $s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel()); + $s->handleAuthorizeRequest($request, $response, $is_authorized, $user_id); if ($is_authorized) { $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40); logger('Authorization Code: ' . $code); diff --git a/Zotlabs/Module/Settings/Oauth2.php b/Zotlabs/Module/Settings/Oauth2.php index f58d01d8c..70fd3a5c3 100644 --- a/Zotlabs/Module/Settings/Oauth2.php +++ b/Zotlabs/Module/Settings/Oauth2.php @@ -10,10 +10,19 @@ class Oauth2 { if(x($_POST,'remove')){ check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2'); - + $name = ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : ''); + logger("REMOVE! ".$name." uid: ".local_channel()); $key = $_POST['remove']; - q("DELETE FROM tokens WHERE id='%s' AND uid=%d", - dbesc($key), + q("DELETE FROM oauth_authorization_codes WHERE client_id='%s' AND user_id=%d", + dbesc($name), + intval(local_channel()) + ); + q("DELETE FROM oauth_access_tokens WHERE client_id='%s' AND user_id=%d", + dbesc($name), + intval(local_channel()) + ); + q("DELETE FROM oauth_refresh_tokens WHERE client_id='%s' AND user_id=%d", + dbesc($name), intval(local_channel()) ); goaway(z_root()."/settings/oauth2/"); @@ -45,14 +54,15 @@ class Oauth2 { grant_types = '%s', scope = '%s', user_id = %d - WHERE client_id='%s'", + WHERE client_id='%s' and user_id = %s", dbesc($name), dbesc($secret), dbesc($redirect), dbesc($grant), dbesc($scope), intval(local_channel()), - dbesc($name)); + dbesc($name), + intval(local_channel())); } else { $r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) VALUES ('%s','%s','%s','%s','%s',%d)", @@ -128,6 +138,18 @@ class Oauth2 { dbesc(argv(3)), intval(local_channel()) ); + $r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(3)), + intval(local_channel()) + ); + $r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(3)), + intval(local_channel()) + ); + $r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(3)), + intval(local_channel()) + ); goaway(z_root()."/settings/oauth2/"); return; } @@ -135,7 +157,8 @@ class Oauth2 { $r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my FROM oauth_clients - LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id + LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND + oauth_clients.user_id=oauth_access_tokens.user_id WHERE oauth_clients.user_id IN (%d,0)", intval(local_channel()), intval(local_channel()) diff --git a/Zotlabs/Module/Token.php b/Zotlabs/Module/Token.php index 32cf95c61..2bd33c761 100644 --- a/Zotlabs/Module/Token.php +++ b/Zotlabs/Module/Token.php @@ -27,11 +27,11 @@ class Token extends \Zotlabs\Web\Controller { $_SERVER['PHP_AUTH_PW'] = $password; } } - - $s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db)); + $storage = new OAuth2Storage(\DBA::$dba->db); + $s = new \Zotlabs\Identity\OAuth2Server($storage); $request = \OAuth2\Request::createFromGlobals(); - $s->handleTokenRequest($request)->send(); - + $response = $s->handleTokenRequest($request); + $response->send(); killme(); } diff --git a/Zotlabs/Module/Userinfo.php b/Zotlabs/Module/Userinfo.php new file mode 100644 index 000000000..6c881f078 --- /dev/null +++ b/Zotlabs/Module/Userinfo.php @@ -0,0 +1,17 @@ +<?php + +namespace Zotlabs\Module; + +use Zotlabs\Identity\OAuth2Storage; + + +class Userinfo extends \Zotlabs\Web\Controller { + + function init() { + $s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db)); + $request = \OAuth2\Request::createFromGlobals(); + $s->handleUserInfoRequest($request)->send(); + killme(); + } + +} |