diff options
Diffstat (limited to 'Zotlabs/Identity')
| -rw-r--r-- | Zotlabs/Identity/OAuth2Server.php | 34 | ||||
| -rw-r--r-- | Zotlabs/Identity/OAuth2Storage.php | 81 |
2 files changed, 115 insertions, 0 deletions
diff --git a/Zotlabs/Identity/OAuth2Server.php b/Zotlabs/Identity/OAuth2Server.php new file mode 100644 index 000000000..cbb4748fe --- /dev/null +++ b/Zotlabs/Identity/OAuth2Server.php @@ -0,0 +1,34 @@ +<?php + +namespace Zotlabs\Identity; + +class OAuth2Server extends \OAuth2\Server { + + public function __construct(OAuth2Storage $storage, $config = []) { + + if(! is_array($config)) { + $config = [ + 'use_openid_connect' => true, + 'issuer' => \Zotlabs\Lib\System::get_site_name() + ]; + } + + parent::__construct($storage, $config); + + // Add the "Client Credentials" grant type (it is the simplest of the grant types) + $this->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage)); + + // Add the "Authorization Code" grant type (this is where the oauth magic happens) + $this->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage)); + + $keyStorage = new \OAuth2\Storage\Memory( [ + 'keys' => [ + 'public_key' => get_config('system', 'pubkey'), + 'private_key' => get_config('system', 'prvkey') + ] + ]); + + $this->addStorage($keyStorage, 'public_key'); + } + +} diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php new file mode 100644 index 000000000..bc6db565c --- /dev/null +++ b/Zotlabs/Identity/OAuth2Storage.php @@ -0,0 +1,81 @@ +<?php + +namespace Zotlabs\Identity; + + +class OAuth2Storage extends \OAuth2\Storage\Pdo { + + /** + * @param string $username + * @param string $password + * @return bool + */ + public function checkUserCredentials($username, $password) + { + if ($user = $this->getUser($username)) { + return $this->checkPassword($user, $password); + } + + return false; + } + + /** + * @param string $username + * @return array|bool + */ + public function getUserDetails($username) + { + return $this->getUser($username); + } + + + /** + * + * @param array $user + * @param string $password + * @return bool + */ + protected function checkPassword($user, $password) + { + + $x = account_verify_password($user,$password); + return((array_key_exists('channel',$x) && ! empty($x['channel'])) ? true : false); + + } + + /** + * @param string $username + * @return array|bool + */ + public function getUser($username) + { + + $x = channelx_by_nick($username); + if(! $x) { + return false; + } + + return( [ + 'username' => $x['channel_address'], + 'user_id' => $x['channel_id'], + 'firstName' => $x['channel_name'], + 'lastName' => '', + 'password' => 'NotARealPassword' + ] ); + } + + /** + * plaintext passwords are bad! Override this for your application + * + * @param string $username + * @param string $password + * @param string $firstName + * @param string $lastName + * @return bool + */ + public function setUser($username, $password, $firstName = null, $lastName = null) + { + return true; + } + +}
\ No newline at end of file |