From 27cd26ec1e26b6c389a623395687af5052f0b5a1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 15 Feb 2018 18:47:56 -0800 Subject: extend the oauth2 storage driver so that we can use our own channel table --- Zotlabs/Identity/OAuth2Server.php | 43 ++++++++++++++++++++ Zotlabs/Identity/OAuth2Storage.php | 81 ++++++++++++++++++++++++++++++++++++++ Zotlabs/Module/Authorize.php | 55 ++++++++++++-------------- Zotlabs/Module/Token.php | 46 ++++++++++------------ 4 files changed, 171 insertions(+), 54 deletions(-) create mode 100644 Zotlabs/Identity/OAuth2Server.php create mode 100644 Zotlabs/Identity/OAuth2Storage.php diff --git a/Zotlabs/Identity/OAuth2Server.php b/Zotlabs/Identity/OAuth2Server.php new file mode 100644 index 000000000..3d7d5efb2 --- /dev/null +++ b/Zotlabs/Identity/OAuth2Server.php @@ -0,0 +1,43 @@ +db); + + $config = [ + 'use_openid_connect' => true, + 'issuer' => \Zotlabs\Lib\System::get_site_name() + ]; + + // Pass a storage object or array of storage objects to the OAuth2 server class + $this->server = new \OAuth2\Server($storage,$config); + + // Add the "Client Credentials" grant type (it is the simplest of the grant types) + $this->server->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage)); + + // Add the "Authorization Code" grant type (this is where the oauth magic happens) + $this->server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage)); + + $keyStorage = new \OAuth2\Storage\Memory( [ + 'keys' => [ + 'public_key' => get_config('system','pubkey'), + 'private_key' => get_config('system','prvkey') + ] + ]); + + $this->server->addStorage($keyStorage,'public_key'); + + } + + public function get_server() { + return $this->server; + } + + +} \ No newline at end of file diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php new file mode 100644 index 000000000..bc6db565c --- /dev/null +++ b/Zotlabs/Identity/OAuth2Storage.php @@ -0,0 +1,81 @@ +getUser($username)) { + return $this->checkPassword($user, $password); + } + + return false; + } + + /** + * @param string $username + * @return array|bool + */ + public function getUserDetails($username) + { + return $this->getUser($username); + } + + + /** + * + * @param array $user + * @param string $password + * @return bool + */ + protected function checkPassword($user, $password) + { + + $x = account_verify_password($user,$password); + return((array_key_exists('channel',$x) && ! empty($x['channel'])) ? true : false); + + } + + /** + * @param string $username + * @return array|bool + */ + public function getUser($username) + { + + $x = channelx_by_nick($username); + if(! $x) { + return false; + } + + return( [ + 'username' => $x['channel_address'], + 'user_id' => $x['channel_id'], + 'firstName' => $x['channel_name'], + 'lastName' => '', + 'password' => 'NotARealPassword' + ] ); + } + + /** + * plaintext passwords are bad! Override this for your application + * + * @param string $username + * @param string $password + * @param string $firstName + * @param string $lastName + * @return bool + */ + public function setUser($username, $password, $firstName = null, $lastName = null) + { + return true; + } + +} \ No newline at end of file diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index 06f66c456..7676b0855 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -6,41 +6,38 @@ namespace Zotlabs\Module; class Authorize extends \Zotlabs\Web\Controller { - function get() { + function init() { - // workaround for HTTP-auth in CGI mode - if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } + // workaround for HTTP-auth in CGI mode + if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; } - - if (x($_SERVER, 'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } + } + + if (x($_SERVER, 'HTTP_AUTHORIZATION')) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; } + } + $s = new \Zotlabs\Identity\OAuth2Server(); + $request = \OAuth2\Request::createFromGlobals(); + $response = new \OAuth2\Response(); - - require_once('include/oauth2.php'); - - $request = \OAuth2\Request::createFromGlobals(); - $response = new \OAuth2\Response(); - - // validate the authorize request - if (! $oauth2_server->validateAuthorizeRequest($request, $response)) { - $response->send(); - killme(); - } + // validate the authorize request + if (! $s->server->validateAuthorizeRequest($request, $response)) { + $response->send(); + killme(); + } // display an authorization form if (empty($_POST)) { @@ -55,7 +52,7 @@ class Authorize extends \Zotlabs\Web\Controller { // print the authorization code if the user has authorized your client $is_authorized = ($_POST['authorized'] === 'yes'); - $oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized); + $s->server->handleAuthorizeRequest($request, $response, $is_authorized, local_channel()); if ($is_authorized) { // this is only here so that you get to see your code in the cURL request. Otherwise, // we'd redirect back to the client diff --git a/Zotlabs/Module/Token.php b/Zotlabs/Module/Token.php index e0d9d74d7..5cde58895 100644 --- a/Zotlabs/Module/Token.php +++ b/Zotlabs/Module/Token.php @@ -5,36 +5,32 @@ namespace Zotlabs\Module; class Token extends \Zotlabs\Web\Controller { - - function get() { - - - // workaround for HTTP-auth in CGI mode - if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } + function init() { + + // workaround for HTTP-auth in CGI mode + if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; } - - if (x($_SERVER, 'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } + } + + if (x($_SERVER, 'HTTP_AUTHORIZATION')) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; } + } + $s = new \Zotlabs\Identity\OAuth2Server(); + $s->server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send(); - - require_once('include/oauth2.php'); - $oauth2_server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send(); - - killme(); + killme(); } } \ No newline at end of file -- cgit v1.2.3