aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Identity/OAuth2Storage.php35
-rw-r--r--Zotlabs/Module/Authorize.php58
-rw-r--r--Zotlabs/Module/Oauthinfo.php6
-rw-r--r--Zotlabs/Module/Well_known.php1
-rw-r--r--Zotlabs/Module/Wfinger.php5
-rw-r--r--Zotlabs/Update/_1218.php31
6 files changed, 94 insertions, 42 deletions
diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php
index a50b21a70..bbf61cf2b 100644
--- a/Zotlabs/Identity/OAuth2Storage.php
+++ b/Zotlabs/Identity/OAuth2Storage.php
@@ -55,15 +55,22 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
return false;
}
+ $a = q("select * from account where account_id = %d",
+ intval($x['channel_account_id'])
+ );
+
+ $n = explode(' ', $x['channel_name']);
+
return( [
- 'webbie' => $x['channel_address'].'@'.\App::get_hostname(),
- 'zothash' => $x['channel_hash'],
- 'username' => $x['channel_address'],
- 'user_id' => $x['channel_id'],
- 'name' => $x['channel_name'],
- 'firstName' => $x['channel_name'],
- 'lastName' => '',
- 'password' => 'NotARealPassword'
+ 'webfinger' => channel_reddress($x),
+ 'portable_id' => $x['channel_hash'],
+ 'email' => $a['account_email'],
+ 'username' => $x['channel_address'],
+ 'user_id' => $x['channel_id'],
+ 'name' => $x['channel_name'],
+ 'firstName' => ((count($n) > 1) ? $n[1] : $n[0]),
+ 'lastName' => ((count($n) > 2) ? $n[count($n) - 1] : ''),
+ 'picture' => $x['xchan_photo_l']
] );
}
@@ -91,12 +98,16 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
$userClaims = Array();
$claims = explode (' ', trim($claims));
- $validclaims = Array ("name","preferred_username","zothash");
+ $validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName");
$claimsmap = Array (
- "zotwebbie" => 'webbie',
- "zothash" => 'zothash',
+ "webfinger" => 'webfinger',
+ "portable_id" => 'portable_id',
"name" => 'name',
- "preferred_username" => "username"
+ "email" => 'email',
+ "preferred_username" => 'username',
+ "picture" => 'picture',
+ "given_name" => 'firstName',
+ "family_name" => 'lastName'
);
$userinfo = $this->getUser($user_id);
foreach ($validclaims as $validclaim) {
diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php
index e042848d8..c6709f602 100644
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -7,27 +7,34 @@ use Zotlabs\Identity\OAuth2Storage;
class Authorize extends \Zotlabs\Web\Controller {
function get() {
- if (!local_channel()) {
+ if (! local_channel()) {
return login();
- } else {
- // TODO: Fully implement the dynamic client registration protocol:
- // OpenID Connect Dynamic Client Registration 1.0 Client Metadata
- // http://openid.net/specs/openid-connect-registration-1_0.html
- $app = array(
- 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
- 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
- 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
- );
- $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
- '$title' => t('Authorize'),
- '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
- '$app' => $app,
- '$yes' => t('Allow'),
- '$no' => t('Deny'),
- '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
+ }
+ else {
+
+ $name = $_REQUEST['client_name'];
+ if(! $name) {
+ $name = (($_REQUEST['client_id']) ?: t('Unknown App'));
+ }
+
+ $app = [
+ 'name' => $name,
+ 'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
+ 'url' => (x($_REQUEST, 'client_uri') ? $_REQUEST['client_uri'] : ''),
+ ];
+
+ $link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);
+
+ $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), [
+ '$title' => t('Authorize'),
+ '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ),
+ '$app' => $app,
+ '$yes' => t('Allow'),
+ '$no' => t('Deny'),
+ '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
- '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
- ));
+ '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
+ ]);
return $o;
}
}
@@ -60,17 +67,16 @@ class Authorize extends \Zotlabs\Web\Controller {
$request = \OAuth2\Request::createFromGlobals();
$response = new \OAuth2\Response();
- // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string.
- $channel = channelx_by_n(local_channel());
- $user_id = $channel["channel_id"];
+ // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string.
+ $channel = channelx_by_n(local_channel());
+ $user_id = $channel['channel_id'];
// If the client is not registered, add to the database
if (!$client = $storage->getClientDetails($client_id)) {
- // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
- $client_secret = (isset($_REQUEST["client_secret"])) ? $_REQUEST["client_secret"] : random_string(16);
+ // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
+ $client_secret = (isset($_REQUEST['client_secret'])) ? $_REQUEST['client_secret'] : random_string(16);
// Client apps are registered per channel
- $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', urldecode($_REQUEST["scope"]), $user_id);
-
+ $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', $_REQUEST['scope'], $user_id);
}
if (!$client = $storage->getClientDetails($client_id)) {
// There was an error registering the client.
diff --git a/Zotlabs/Module/Oauthinfo.php b/Zotlabs/Module/Oauthinfo.php
index 2d10913c4..f380cec97 100644
--- a/Zotlabs/Module/Oauthinfo.php
+++ b/Zotlabs/Module/Oauthinfo.php
@@ -5,19 +5,17 @@ namespace Zotlabs\Module;
class Oauthinfo extends \Zotlabs\Web\Controller {
-
function init() {
$ret = [
'issuer' => z_root(),
'authorization_endpoint' => z_root() . '/authorize',
'token_endpoint' => z_root() . '/token',
+ 'userinfo_endpoint' => z_root() . '/userinfo',
+ 'scopes_supported' => [ 'openid', 'profile', 'email' ],
'response_types_supported' => [ 'code', 'token', 'id_token', 'code id_token', 'token id_token' ]
];
-
json_return_and_die($ret);
}
-
-
} \ No newline at end of file
diff --git a/Zotlabs/Module/Well_known.php b/Zotlabs/Module/Well_known.php
index 442994b54..09e743788 100644
--- a/Zotlabs/Module/Well_known.php
+++ b/Zotlabs/Module/Well_known.php
@@ -52,6 +52,7 @@ class Well_known extends \Zotlabs\Web\Controller {
break;
case 'oauth-authorization-server':
+ case 'openid-configuration':
\App::$argc -= 1;
array_shift(\App::$argv);
\App::$argv[0] = 'oauthinfo';
diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php
index 88cb3e879..1866bce40 100644
--- a/Zotlabs/Module/Wfinger.php
+++ b/Zotlabs/Module/Wfinger.php
@@ -172,6 +172,11 @@ class Wfinger extends \Zotlabs\Web\Controller {
'href' => z_root() . '/hcard/' . $r[0]['channel_address']
],
+ [
+ 'rel' => 'http://openid.net/specs/connect/1.0/issuer',
+ 'href' => z_root()
+ ],
+
[
'rel' => 'http://webfinger.net/rel/profile-page',
diff --git a/Zotlabs/Update/_1218.php b/Zotlabs/Update/_1218.php
new file mode 100644
index 000000000..67d8b49a5
--- /dev/null
+++ b/Zotlabs/Update/_1218.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1218 {
+
+ function run() {
+
+ if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
+ $r1 = q("ALTER TABLE hubloc add hubloc_id_url text NOT NULL");
+ $r2 = q("create index \"hubloc_id_url\" on hubloc (\"hubloc_id_url\")");
+ $r3 = q("ALTER TABLE hubloc add hubloc_site_id text NOT NULL");
+ $r4 = q("create index \"hubloc_site_id\" on hubloc (\"hubloc_site_id\")");
+
+ $r = $r1 && $r2 && $r3 && $r4;
+ }
+
+ if(ACTIVE_DBTYPE == DBTYPE_MYSQL) {
+ $r1 = q("ALTER TABLE hubloc add hubloc_id_url varchar(191) NOT NULL, ADD INDEX hubloc_id_url (hubloc_id_url)");
+ $r2 = q("ALTER TABLE hubloc add hubloc_site_id varchar(191) NOT NULL, ADD INDEX hubloc_site_id (hubloc_site_id)");
+
+ $r = $r1 && $r2;
+ }
+
+ if($r)
+ return UPDATE_SUCCESS;
+ return UPDATE_FAILED;
+
+ }
+
+}