aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
authorAndrew Manning <tamanning@zoho.com>2018-02-26 18:16:43 -0500
committerAndrew Manning <tamanning@zoho.com>2018-02-26 18:16:43 -0500
commit45e0fc6802b360710becf7ddaf6aed6a9de1d876 (patch)
tree7299b3c9ad3279929a99a12cfffe485164b73c88 /Zotlabs/Module
parente3095ce6b2c76f13a852f0ec5f782d71101a7c6a (diff)
downloadvolse-hubzilla-45e0fc6802b360710becf7ddaf6aed6a9de1d876.tar.gz
volse-hubzilla-45e0fc6802b360710becf7ddaf6aed6a9de1d876.tar.bz2
volse-hubzilla-45e0fc6802b360710becf7ddaf6aed6a9de1d876.zip
Successful OAuth2 sequence demonstrated with the test vehicle, including an authenticated API call using an access_token.
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Authorize.php36
-rw-r--r--Zotlabs/Module/Oauth2testvehicle.php106
2 files changed, 77 insertions, 65 deletions
diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php
index f505b4681..c76dfb9df 100644
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -6,28 +6,6 @@ use Zotlabs\Identity\OAuth2Storage;
class Authorize extends \Zotlabs\Web\Controller {
- function init() {
-
- // workaround for HTTP-auth in CGI mode
- if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
- $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
- if (strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
- }
-
- if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
- $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
- if (strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
- }
- }
-
function get() {
if (!local_channel()) {
return login();
@@ -37,7 +15,7 @@ class Authorize extends \Zotlabs\Web\Controller {
// http://openid.net/specs/openid-connect-registration-1_0.html
$app = array(
'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'),
- 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : '/images/icons/plugin.png'),
+ 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
);
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
@@ -76,20 +54,26 @@ class Authorize extends \Zotlabs\Web\Controller {
if (x($_POST, 'redirect_uri')) {
$redirect_uri = $_POST['redirect_uri'];
} else {
- $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com';
+ $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com/oauth';
}
$request = \OAuth2\Request::createFromGlobals();
$response = new \OAuth2\Response();
// If the client is not registered, add to the database
- if (!$storage->getClientDetails($client_id)) {
+ if (!$client = $storage->getClientDetails($client_id)) {
$client_secret = random_string(16);
// Client apps are registered per channel
$user_id = local_channel();
$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id);
- $response->setParameter('client_secret', $client_secret);
+
+ }
+ if (!$client = $storage->getClientDetails($client_id)) {
+ // There was an error registering the client.
+ $response->send();
+ killme();
}
+ $response->setParameter('client_secret', $client['client_secret']);
// validate the authorize request
if (!$s->validateAuthorizeRequest($request, $response)) {
diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php
index 37a0b9b0e..29c6ec50e 100644
--- a/Zotlabs/Module/Oauth2testvehicle.php
+++ b/Zotlabs/Module/Oauth2testvehicle.php
@@ -2,6 +2,12 @@
namespace Zotlabs\Module;
+/**
+ * The OAuth2TestVehicle class is a way to test the registration of an OAuth2
+ * client app. It allows you to walk through the steps of registering a client,
+ * requesting an authorization code for that client, and then requesting an
+ * access token for use in authentication against the Hubzilla API endpoints.
+ */
class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
function init() {
@@ -14,17 +20,19 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
// cookie, and compare it when the user comes back. This ensures your
// redirection endpoint isn't able to be tricked into attempting to
// exchange arbitrary authorization codes."
- if ($_REQUEST['code'] && $_REQUEST['state']) {
- logger('Authorization callback invoked.', LOGGER_DEBUG);
- logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG);
- info('Authorization callback invoked.' . EOL);
- return $this->get();
- }
+ $_SESSION['redirect_uri'] = 'http://hub.localhost/oauth2testvehicle';
+ $_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']);
+ $_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] );
+ $_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] );
+ $_SESSION['client_secret'] = (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : $_SESSION['client_secret']);
+ $_SESSION['access_token'] = (x($_REQUEST, 'access_token') ? $_REQUEST['access_token'] : $_SESSION['access_token'] );
+ $_SESSION['api_response'] = (x($_SESSION, 'api_response') ? $_SESSION['api_response'] : '');
}
function get() {
-
+
$o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array(
'$baseurl' => z_root(),
+ '$api_response' => $_SESSION['api_response'],
/*
endpoints => array(
array(
@@ -49,7 +57,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
),
'oauth2test_delete_db',
'Delete the OAuth2 database tables',
- 'POST'
+ 'POST',
+ ($_SESSION['success'] === 'delete_db'),
),
array(
'oauth2testvehicle',
@@ -60,58 +69,76 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
),
'oauth2test_create_db',
'Create the OAuth2 database tables',
- 'POST'
+ 'POST',
+ ($_SESSION['success'] === 'create_db'),
),
array(
'authorize',
array(
array('response_type', 'code'),
- array('client_id', urlencode('killer_app')),
- array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'),
+ array('client_id', (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : 'oauth2_test_app')),
+ array('redirect_uri', $_SESSION['redirect_uri']),
array('state', 'xyz'),
// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
// http://openid.net/specs/openid-connect-registration-1_0.html
- array('client_name', urlencode('Killer App')),
- array('logo_uri', urlencode('https://client.example.com/website/img/icon.png')),
+ array('client_name', 'OAuth2 Test App'),
+ array('logo_uri', urlencode(z_root() . '/images/icons/plugin.png')),
array('client_uri', urlencode('https://client.example.com/website')),
array('application_type', 'web'), // would be 'native' for mobile app
),
'oauth_authorize',
'Authorize a test client app',
- 'GET'
+ 'GET',
+ (($_REQUEST['code'] && $_REQUEST['state']) ? true : false),
),
- /*
- * POST https://api.authorization-server.com/token
- grant_type=authorization_code&
- code=AUTH_CODE_HERE&
- redirect_uri=REDIRECT_URI&
- client_id=CLIENT_ID
- */
array(
'oauth2testvehicle',
array(
array('action', 'request_token'),
array('grant_type', 'authorization_code'),
- array('code', (x($_REQUEST, 'code') ? $_REQUEST['code'] : 'no_authorization_code')),
- array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'),
- array('client_id', urlencode('killer_app')),
- array('client_secret', (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : 'no_client_secret')),
+ array('code', $_SESSION['authorization_code']),
+ array('redirect_uri', $_SESSION['redirect_uri']),
+ array('client_id', ($_SESSION['client_id'] ? $_SESSION['client_id'] : 'oauth2_test_app')),
+ array('client_secret', $_SESSION['client_secret']),
),
'oauth_token_request',
'Request a token',
- 'POST'
+ 'POST',
+ ($_SESSION['success'] === 'request_token'),
+ ),
+ array(
+ 'oauth2testvehicle',
+ array(
+ array('action', 'api_files'),
+ array('access_token', $_SESSION['access_token']),
+ ),
+ 'oauth_api_files',
+ 'API: Get channel files',
+ 'POST',
+ ($_SESSION['success'] === 'api_files'),
)
)
));
-
+ $_SESSION['success'] = '';
return $o;
}
function post() {
- //logger(json_encode($_POST, JSON_PRETTY_PRINT), LOGGER_DEBUG);
-
switch ($_POST['action']) {
+ case 'api_files':
+ $access_token = $_SESSION['access_token'];
+ $url = z_root() . '/api/z/1.0/files/';
+ $headers = [];
+ $headers[] = 'Authorization: Bearer ' . $access_token;
+ $post = z_fetch_url($url, false, 0, array(
+ 'custom' => 'GET',
+ 'headers' => $headers,
+ ));
+ logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+ $response = json_decode($post['body'], true);
+ $_SESSION['api_response'] = json_encode($response, JSON_PRETTY_PRINT);
+ break;
case 'request_token':
$grant_type = (x($_POST, 'grant_type') ? $_POST['grant_type'] : '');
$redirect_uri = (x($_POST, 'redirect_uri') ? $_POST['redirect_uri'] : '');
@@ -119,19 +146,21 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
$code = (x($_POST, 'code') ? $_POST['code'] : '');
$client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : '');
$url = z_root() . '/token/?';
- $url .= 'grant_type=' . urlencode($grant_type);
+ $url .= 'grant_type=' . $grant_type;
$url .= '&redirect_uri=' . urlencode($redirect_uri);
- $url .= '&client_id=' . urlencode($client_id);
- $url .= '&code=' . urlencode($code);
+ $url .= '&client_id=' . $client_id;
+ $url .= '&code=' . $code;
$post = z_fetch_url($url, false, 0, array(
'custom' => 'POST',
'http_auth' => $client_id . ':' . $client_secret,
));
- //logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+ logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
$response = json_decode($post['body'], true);
logger(json_encode($response, JSON_PRETTY_PRINT), LOGGER_DEBUG);
if($response['access_token']) {
info('Access token received: ' . $response['access_token'] . EOL);
+ $_SESSION['success'] = 'request_token';
+ $_SESSION['access_token'] = $response['access_token'];
}
break;
case 'delete_db':
@@ -140,26 +169,23 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
// by passing it the database connection
$pdo = \DBA::$dba->db;
$storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo);
- logger('Deleting existing database tables...', LOGGER_DEBUG);
foreach ($storage->getConfig() as $key => $table) {
- logger('Deleting table ' . dbesc($table), LOGGER_DEBUG);
$r = q("DROP TABLE %s;", dbesc($table));
if (!$r) {
- logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG);
$status = false;
}
}
if (!$status) {
notice('Errors encountered deleting database tables.' . EOL);
+ $_SESSION['success'] = '';
} else {
info('Database tables deleted successfully.' . EOL);
+ $_SESSION['success'] = 'delete_db';
}
-
break;
case 'create_db':
$status = true;
- logger('Creating database tables...', LOGGER_DEBUG);
@include('.htconfig.php');
$pdo = \DBA::$dba->db;
$storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo);
@@ -168,15 +194,17 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
$result = $pdo->exec($statement);
} catch (\PDOException $e) {
$status = false;
- logger('Error executing database statement: ' . $statement, LOGGER_DEBUG);
}
}
if (!$status) {
notice('Errors encountered creating database tables.' . EOL);
+ $_SESSION['success'] = '';
} else {
info('Database tables created successfully.' . EOL);
+ $_SESSION['success'] = 'create_db';
}
+ break;
default:
break;