From 7d0c1bb737f3683cd770ebd757d938f39a9b55ef Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 18 Feb 2018 20:24:41 -0500 Subject: Created test vehicle module oauth2test --- Zotlabs/Module/Oauth2test.php | 43 +++++++++++++++++++++++++++++++++++++++++++ view/css/mod_oauth2test.css | 4 ++++ view/tpl/oauth2test.tpl | 13 +++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 Zotlabs/Module/Oauth2test.php create mode 100644 view/css/mod_oauth2test.css create mode 100644 view/tpl/oauth2test.tpl diff --git a/Zotlabs/Module/Oauth2test.php b/Zotlabs/Module/Oauth2test.php new file mode 100644 index 000000000..14aa6137a --- /dev/null +++ b/Zotlabs/Module/Oauth2test.php @@ -0,0 +1,43 @@ + z_root(), + '$endpoints' => array( + array( + 'oauth2test', + array( + array( + 'action', 'create_db' + ) + ), + 'oauth2test_create_db', + 'Create the OAuth2 database tables' + ) + ) + )); + + return $o; + } + + function post() { + + logger(json_encode($_POST), LOGGER_DEBUG); + + switch ($_POST['action']) { + case 'create_db': + logger('Creating database tables...', LOGGER_DEBUG); + break; + + default: + break; + } + + } + +} diff --git a/view/css/mod_oauth2test.css b/view/css/mod_oauth2test.css new file mode 100644 index 000000000..0ef2896b5 --- /dev/null +++ b/view/css/mod_oauth2test.css @@ -0,0 +1,4 @@ +.oath2test-form-box { + border: #ccc thin solid; + padding: 1em; +} \ No newline at end of file diff --git a/view/tpl/oauth2test.tpl b/view/tpl/oauth2test.tpl new file mode 100644 index 000000000..d4887063c --- /dev/null +++ b/view/tpl/oauth2test.tpl @@ -0,0 +1,13 @@ +

OAuth 2.0 Test Vehicle

+ +{{foreach $endpoints as $ept}} +
+
+

{{$ept.3}}

+

{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}& {{/foreach}} +

+ + +
+
+{{/foreach}} \ No newline at end of file -- cgit v1.2.3 From 89a825cd038df7da609d64ef0254ba58caaede31 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Tue, 20 Feb 2018 21:11:38 -0500 Subject: OAuth2TestVehicle module can create and delete oauth2 database tables. --- Zotlabs/Module/Oauth2test.php | 43 -------------- Zotlabs/Module/Oauth2testvehicle.php | 107 +++++++++++++++++++++++++++++++++++ Zotlabs/Storage/ZotOauth2Pdo.php | 10 ++++ view/css/mod_oauth2test.css | 4 -- view/css/mod_oauth2testvehicle.css | 4 ++ view/tpl/oauth2test.tpl | 13 ----- view/tpl/oauth2testvehicle.tpl | 13 +++++ 7 files changed, 134 insertions(+), 60 deletions(-) delete mode 100644 Zotlabs/Module/Oauth2test.php create mode 100644 Zotlabs/Module/Oauth2testvehicle.php create mode 100644 Zotlabs/Storage/ZotOauth2Pdo.php delete mode 100644 view/css/mod_oauth2test.css create mode 100644 view/css/mod_oauth2testvehicle.css delete mode 100644 view/tpl/oauth2test.tpl create mode 100644 view/tpl/oauth2testvehicle.tpl diff --git a/Zotlabs/Module/Oauth2test.php b/Zotlabs/Module/Oauth2test.php deleted file mode 100644 index 14aa6137a..000000000 --- a/Zotlabs/Module/Oauth2test.php +++ /dev/null @@ -1,43 +0,0 @@ - z_root(), - '$endpoints' => array( - array( - 'oauth2test', - array( - array( - 'action', 'create_db' - ) - ), - 'oauth2test_create_db', - 'Create the OAuth2 database tables' - ) - ) - )); - - return $o; - } - - function post() { - - logger(json_encode($_POST), LOGGER_DEBUG); - - switch ($_POST['action']) { - case 'create_db': - logger('Creating database tables...', LOGGER_DEBUG); - break; - - default: - break; - } - - } - -} diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php new file mode 100644 index 000000000..2a2590928 --- /dev/null +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -0,0 +1,107 @@ + z_root(), + /* + endpoints => array( + array( + 'path_to_endpoint', + array( + array('field_name_1', 'value'), + array('field_name_2', 'value'), + ... + ), + 'submit_button_name', + 'Description of API action' + ) + ) + */ + '$endpoints' => array( + array( + 'oauth2testvehicle', + array( + array( + 'action', 'create_db' + ) + ), + 'oauth2test_create_db', + 'Create the OAuth2 database tables' + ), + array( + 'oauth2testvehicle', + array( + array( + 'action', 'delete_db' + ) + ), + 'oauth2test_delete_db', + 'Delete the OAuth2 database tables' + ) + ) + )); + + return $o; + } + + function post() { + + logger(json_encode($_POST), LOGGER_DEBUG); + + switch ($_POST['action']) { + + case 'delete_db': + $status = true; + // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables + // by passing it the database connection + $pdo = \DBA::$dba->db; + $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); + logger('Deleting existing database tables...', LOGGER_DEBUG); + foreach ($storage->getConfig() as $key => $table) { + logger('Deleting table ' . dbesc($table), LOGGER_DEBUG); + $r = q("DROP TABLE IF EXISTS %s;", dbesc($table)); + if (!$r) { + logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG); + $status = false; + } + } + if (!$status) { + notice('Errors encountered deleting database tables.' . EOL); + } else { + info('Database tables deleted successfully.' . EOL); + } + + break; + + case 'create_db': + $status = true; + logger('Creating database tables...', LOGGER_DEBUG); + @include('.htconfig.php'); + $pdo = \DBA::$dba->db; + $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); + foreach (explode(';', $storage->getBuildSql($db_data)) as $statement) { + try { + $result = $pdo->exec($statement); + } catch (\PDOException $e) { + $status = false; + logger('Error executing database statement: ' . $statement, LOGGER_DEBUG); + } + } + + if (!$status) { + notice('Errors encountered creating database tables.' . EOL); + } else { + info('Database tables created successfully.' . EOL); + } + + default: + break; + } + } + +} diff --git a/Zotlabs/Storage/ZotOauth2Pdo.php b/Zotlabs/Storage/ZotOauth2Pdo.php new file mode 100644 index 000000000..b2c3ce228 --- /dev/null +++ b/Zotlabs/Storage/ZotOauth2Pdo.php @@ -0,0 +1,10 @@ +config; + } +} diff --git a/view/css/mod_oauth2test.css b/view/css/mod_oauth2test.css deleted file mode 100644 index 0ef2896b5..000000000 --- a/view/css/mod_oauth2test.css +++ /dev/null @@ -1,4 +0,0 @@ -.oath2test-form-box { - border: #ccc thin solid; - padding: 1em; -} \ No newline at end of file diff --git a/view/css/mod_oauth2testvehicle.css b/view/css/mod_oauth2testvehicle.css new file mode 100644 index 000000000..0ef2896b5 --- /dev/null +++ b/view/css/mod_oauth2testvehicle.css @@ -0,0 +1,4 @@ +.oath2test-form-box { + border: #ccc thin solid; + padding: 1em; +} \ No newline at end of file diff --git a/view/tpl/oauth2test.tpl b/view/tpl/oauth2test.tpl deleted file mode 100644 index d4887063c..000000000 --- a/view/tpl/oauth2test.tpl +++ /dev/null @@ -1,13 +0,0 @@ -

OAuth 2.0 Test Vehicle

- -{{foreach $endpoints as $ept}} -
-
-

{{$ept.3}}

-

{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}& {{/foreach}} -

- - -
-
-{{/foreach}} \ No newline at end of file diff --git a/view/tpl/oauth2testvehicle.tpl b/view/tpl/oauth2testvehicle.tpl new file mode 100644 index 000000000..d4887063c --- /dev/null +++ b/view/tpl/oauth2testvehicle.tpl @@ -0,0 +1,13 @@ +

OAuth 2.0 Test Vehicle

+ +{{foreach $endpoints as $ept}} +
+
+

{{$ept.3}}

+

{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}& {{/foreach}} +

+ + +
+
+{{/foreach}} \ No newline at end of file -- cgit v1.2.3 From 43fca182e3915734587abf389d819546ebade3a4 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Thu, 22 Feb 2018 15:10:05 -0500 Subject: The authorization step with client registration and authorization code retrieval working. Might not conform perfectly to OAuth2 spec, but it is a start. --- Zotlabs/Module/Authorize.php | 79 +++++++++++++++++++++++++++--------- Zotlabs/Module/Oauth2testvehicle.php | 56 ++++++++++++++++++------- view/tpl/oauth2testvehicle.tpl | 4 +- view/tpl/oauth_authorize.tpl | 16 +++++--- 4 files changed, 113 insertions(+), 42 deletions(-) diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index 254700b4e..f98453fb5 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -4,15 +4,14 @@ namespace Zotlabs\Module; use Zotlabs\Identity\OAuth2Storage; - class Authorize extends \Zotlabs\Web\Controller { function init() { // workaround for HTTP-auth in CGI mode if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; - if(strlen($userpass)) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); + if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; @@ -20,43 +19,83 @@ class Authorize extends \Zotlabs\Web\Controller { } if (x($_SERVER, 'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; - if(strlen($userpass)) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)); + if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } + } + + function get() { + if (!local_channel()) { + return login(); + } else { + // display an authorization form + $app = array('name' => 'Test App', 'icon' => '/images/icons/plugin.png'); + $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( + '$title' => '', + '$authorize' => 'Do you authorize the app "' . $app['name'] . '" to access your channel data?', + '$app' => $app, + '$yes' => t('Allow'), + '$no' => t('Deny'), + '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), + '$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''), + '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : '') + )); + return $o; + } + } + + function post() { + if (!local_channel()) { + return $this->get(); + } + + $storage = new OAuth2Storage(\DBA::$dba->db); + $s = new \Zotlabs\Identity\OAuth2Server($storage); + + + // If no client_id was provided, generate a new one. + if (x($_POST, 'client_id')) { + $client_id = $_POST['client_id']; + logger('client_id was provided: ' . $client_id); + } else { + $client_id = $_POST['client_id'] = random_string(16); + logger('client_id was not provided. Generated new id: ' . $client_id); + } + // If no redirect_uri was provided, generate a fake one. + if (x($_POST, 'redirect_uri')) { + $redirect_uri = $_POST['redirect_uri']; + } else { + $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com'; + } - $s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db)); + logger('redirect_uri is : ' . $redirect_uri); + // If the client is not registered, add to the database + if (!$storage->getClientDetails($client_id)) { + $client_secret = random_string(16); + $storage->setClientDetails($client_id, $client_secret, $redirect_uri); + } $request = \OAuth2\Request::createFromGlobals(); + logger(json_encode($request, JSON_PRETTY_PRINT), LOGGER_DEBUG); $response = new \OAuth2\Response(); // validate the authorize request - if (! $s->validateAuthorizeRequest($request, $response)) { + if (!$s->validateAuthorizeRequest($request, $response)) { $response->send(); killme(); } - // display an authorization form - if (empty($_POST)) { - - return ' -
-
- - -
'; - } - // print the authorization code if the user has authorized your client - $is_authorized = ($_POST['authorized'] === 'yes'); + $is_authorized = ($_POST['authorize'] === 'allow'); $s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel()); if ($is_authorized) { // this is only here so that you get to see your code in the cURL request. Otherwise, // we'd redirect back to the client - $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40); + $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40); echo("SUCCESS! Authorization Code: $code"); } diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 2a2590928..6e9f31c47 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -4,23 +4,34 @@ namespace Zotlabs\Module; class OAuth2TestVehicle extends \Zotlabs\Web\Controller { + function init() { + + // If there is a 'code' and 'state' parameter then this is a client app + // callback issued after the authorization code request + if ($_REQUEST['code'] && $_REQUEST['state']) { + logger('Authorization callback invoked.', LOGGER_DEBUG); + logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG); + info('Authorization callback invoked.' . EOL); + return $this->get(); + } + } function get() { $o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array( '$baseurl' => z_root(), /* - endpoints => array( + endpoints => array( + array( + 'path_to_endpoint', array( - 'path_to_endpoint', - array( - array('field_name_1', 'value'), - array('field_name_2', 'value'), - ... - ), - 'submit_button_name', - 'Description of API action' + array('field_name_1', 'value'), + array('field_name_2', 'value'), + ... + ), + 'submit_button_name', + 'Description of API action' + ) ) - ) */ '$endpoints' => array( array( @@ -31,7 +42,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { ) ), 'oauth2test_create_db', - 'Create the OAuth2 database tables' + 'Create the OAuth2 database tables', + 'POST' ), array( 'oauth2testvehicle', @@ -41,7 +53,20 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { ) ), 'oauth2test_delete_db', - 'Delete the OAuth2 database tables' + 'Delete the OAuth2 database tables', + 'POST' + ), + array( + 'authorize', + array( + array('response_type', 'code'), + array('client_id', urlencode('test_app_client_id')), + array('redirect_uri', urlencode('http://hub.localhost/oauth2testvehicle')), + array('state', 'xyz') + ), + 'oauth_authorize', + 'Authorize a test client app', + 'GET' ) ) )); @@ -53,8 +78,9 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { logger(json_encode($_POST), LOGGER_DEBUG); + switch ($_POST['action']) { - + case 'delete_db': $status = true; // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables @@ -64,7 +90,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { logger('Deleting existing database tables...', LOGGER_DEBUG); foreach ($storage->getConfig() as $key => $table) { logger('Deleting table ' . dbesc($table), LOGGER_DEBUG); - $r = q("DROP TABLE IF EXISTS %s;", dbesc($table)); + $r = q("DROP TABLE %s;", dbesc($table)); if (!$r) { logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG); $status = false; @@ -77,7 +103,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { } break; - + case 'create_db': $status = true; logger('Creating database tables...', LOGGER_DEBUG); diff --git a/view/tpl/oauth2testvehicle.tpl b/view/tpl/oauth2testvehicle.tpl index d4887063c..aebc71bb2 100644 --- a/view/tpl/oauth2testvehicle.tpl +++ b/view/tpl/oauth2testvehicle.tpl @@ -2,9 +2,9 @@ {{foreach $endpoints as $ept}}
-
+

{{$ept.3}}

-

{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}& {{/foreach}} +

{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}&{{/foreach}}

diff --git a/view/tpl/oauth_authorize.tpl b/view/tpl/oauth_authorize.tpl index 2b7afa80e..f5da11cdc 100755 --- a/view/tpl/oauth_authorize.tpl +++ b/view/tpl/oauth_authorize.tpl @@ -3,8 +3,14 @@

{{$app.name}}

-
-

{{$authorize}}

- -
-
+

{{$authorize}}

+
+
+ + + + + +
+
+
\ No newline at end of file -- cgit v1.2.3 From 64ee42fc3d00765bc5c60e451b86230ea38ffdfb Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sat, 24 Feb 2018 06:48:30 -0500 Subject: Add channel ID to user_id in clients table. Added TODO comments about dynamic client registration protocol. --- Zotlabs/Module/Authorize.php | 27 +++++++++++++++++---------- Zotlabs/Module/Oauth2testvehicle.php | 11 +++++++++-- view/tpl/oauth2testvehicle.tpl | 2 +- view/tpl/oauth_authorize.tpl | 4 ++-- 4 files changed, 29 insertions(+), 15 deletions(-) diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index f98453fb5..2c0c9248f 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -32,17 +32,23 @@ class Authorize extends \Zotlabs\Web\Controller { if (!local_channel()) { return login(); } else { - // display an authorization form - $app = array('name' => 'Test App', 'icon' => '/images/icons/plugin.png'); + // TODO: Fully implement the dynamic client registration protocol: + // OpenID Connect Dynamic Client Registration 1.0 Client Metadata + // http://openid.net/specs/openid-connect-registration-1_0.html + $app = array( + 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'), + 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : '/images/icons/plugin.png'), + 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), + ); $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( '$title' => '', - '$authorize' => 'Do you authorize the app "' . $app['name'] . '" to access your channel data?', + '$authorize' => 'Do you authorize the app ' . $app['name'] . ' to access your channel data?', '$app' => $app, '$yes' => t('Allow'), '$no' => t('Deny'), '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), '$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''), - '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : '') + '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''), )); return $o; } @@ -56,14 +62,15 @@ class Authorize extends \Zotlabs\Web\Controller { $storage = new OAuth2Storage(\DBA::$dba->db); $s = new \Zotlabs\Identity\OAuth2Server($storage); - + // TODO: The automatic client registration protocol below should adhere more + // closely to "OAuth 2.0 Dynamic Client Registration Protocol" defined + // at https://tools.ietf.org/html/rfc7591 + // If no client_id was provided, generate a new one. if (x($_POST, 'client_id')) { $client_id = $_POST['client_id']; - logger('client_id was provided: ' . $client_id); } else { $client_id = $_POST['client_id'] = random_string(16); - logger('client_id was not provided. Generated new id: ' . $client_id); } // If no redirect_uri was provided, generate a fake one. if (x($_POST, 'redirect_uri')) { @@ -72,15 +79,15 @@ class Authorize extends \Zotlabs\Web\Controller { $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com'; } - logger('redirect_uri is : ' . $redirect_uri); // If the client is not registered, add to the database if (!$storage->getClientDetails($client_id)) { $client_secret = random_string(16); - $storage->setClientDetails($client_id, $client_secret, $redirect_uri); + // Client apps are registered per channel + $user_id = local_channel(); + $storage->setClientDetails($client_id, $client_secret, $redirect_uri, null, null, $user_id); } $request = \OAuth2\Request::createFromGlobals(); - logger(json_encode($request, JSON_PRETTY_PRINT), LOGGER_DEBUG); $response = new \OAuth2\Response(); // validate the authorize request diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 6e9f31c47..79958f025 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -8,6 +8,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { // If there is a 'code' and 'state' parameter then this is a client app // callback issued after the authorization code request + // TODO: Check state value and compare to original sent value if ($_REQUEST['code'] && $_REQUEST['state']) { logger('Authorization callback invoked.', LOGGER_DEBUG); logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG); @@ -61,8 +62,14 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { array( array('response_type', 'code'), array('client_id', urlencode('test_app_client_id')), - array('redirect_uri', urlencode('http://hub.localhost/oauth2testvehicle')), - array('state', 'xyz') + array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), + array('state', 'xyz'), + // OpenID Connect Dynamic Client Registration 1.0 Client Metadata + // http://openid.net/specs/openid-connect-registration-1_0.html + array('client_name', urlencode('Killer App')), + array('logo_uri', urlencode('https://client.example.com/website/img/icon.png')), + array('client_uri', urlencode('https://client.example.com/website')), + array('application_type', 'web'), // would be 'native' for mobile app ), 'oauth_authorize', 'Authorize a test client app', diff --git a/view/tpl/oauth2testvehicle.tpl b/view/tpl/oauth2testvehicle.tpl index aebc71bb2..18bbfb1ff 100644 --- a/view/tpl/oauth2testvehicle.tpl +++ b/view/tpl/oauth2testvehicle.tpl @@ -2,7 +2,7 @@ {{foreach $endpoints as $ept}}
-
+

{{$ept.3}}

{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}&{{/foreach}}

diff --git a/view/tpl/oauth_authorize.tpl b/view/tpl/oauth_authorize.tpl index f5da11cdc..72701ce52 100755 --- a/view/tpl/oauth_authorize.tpl +++ b/view/tpl/oauth_authorize.tpl @@ -2,8 +2,8 @@
-

{{$app.name}}

-

{{$authorize}}

+

{{$app.name}}

+

{{$authorize}}

-- cgit v1.2.3 From 70b8f3240f9bc38a41e314f613f6c1bd69f5b430 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 25 Feb 2018 08:36:40 -0500 Subject: An authorization token is received, but I had to modify the Request class in vendor/bshaffer/oauth2-server-php/ to accept $_REQUEST instead of $_POST. --- Zotlabs/Module/Authorize.php | 9 +-- Zotlabs/Module/Oauth2testvehicle.php | 66 ++++++++++++++++++---- Zotlabs/Module/Token.php | 3 +- .../oauth2-server-php/src/OAuth2/Request.php | 2 +- 4 files changed, 64 insertions(+), 16 deletions(-) diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index 2c0c9248f..f505b4681 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -79,17 +79,18 @@ class Authorize extends \Zotlabs\Web\Controller { $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com'; } + $request = \OAuth2\Request::createFromGlobals(); + $response = new \OAuth2\Response(); + // If the client is not registered, add to the database if (!$storage->getClientDetails($client_id)) { $client_secret = random_string(16); // Client apps are registered per channel $user_id = local_channel(); - $storage->setClientDetails($client_id, $client_secret, $redirect_uri, null, null, $user_id); + $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id); + $response->setParameter('client_secret', $client_secret); } - $request = \OAuth2\Request::createFromGlobals(); - $response = new \OAuth2\Response(); - // validate the authorize request if (!$s->validateAuthorizeRequest($request, $response)) { $response->send(); diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 79958f025..37a0b9b0e 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -9,6 +9,11 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { // If there is a 'code' and 'state' parameter then this is a client app // callback issued after the authorization code request // TODO: Check state value and compare to original sent value + // "You should first compare this state value to ensure it matches the + // one you started with. You can typically store the state value in a + // cookie, and compare it when the user comes back. This ensures your + // redirection endpoint isn't able to be tricked into attempting to + // exchange arbitrary authorization codes." if ($_REQUEST['code'] && $_REQUEST['state']) { logger('Authorization callback invoked.', LOGGER_DEBUG); logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG); @@ -39,29 +44,29 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { 'oauth2testvehicle', array( array( - 'action', 'create_db' + 'action', 'delete_db' ) ), - 'oauth2test_create_db', - 'Create the OAuth2 database tables', + 'oauth2test_delete_db', + 'Delete the OAuth2 database tables', 'POST' ), array( 'oauth2testvehicle', array( array( - 'action', 'delete_db' + 'action', 'create_db' ) ), - 'oauth2test_delete_db', - 'Delete the OAuth2 database tables', + 'oauth2test_create_db', + 'Create the OAuth2 database tables', 'POST' ), array( 'authorize', array( array('response_type', 'code'), - array('client_id', urlencode('test_app_client_id')), + array('client_id', urlencode('killer_app')), array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), array('state', 'xyz'), // OpenID Connect Dynamic Client Registration 1.0 Client Metadata @@ -74,6 +79,27 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { 'oauth_authorize', 'Authorize a test client app', 'GET' + ), + /* + * POST https://api.authorization-server.com/token + grant_type=authorization_code& + code=AUTH_CODE_HERE& + redirect_uri=REDIRECT_URI& + client_id=CLIENT_ID + */ + array( + 'oauth2testvehicle', + array( + array('action', 'request_token'), + array('grant_type', 'authorization_code'), + array('code', (x($_REQUEST, 'code') ? $_REQUEST['code'] : 'no_authorization_code')), + array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), + array('client_id', urlencode('killer_app')), + array('client_secret', (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : 'no_client_secret')), + ), + 'oauth_token_request', + 'Request a token', + 'POST' ) ) )); @@ -83,11 +109,31 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { function post() { - logger(json_encode($_POST), LOGGER_DEBUG); - + //logger(json_encode($_POST, JSON_PRETTY_PRINT), LOGGER_DEBUG); switch ($_POST['action']) { - + case 'request_token': + $grant_type = (x($_POST, 'grant_type') ? $_POST['grant_type'] : ''); + $redirect_uri = (x($_POST, 'redirect_uri') ? $_POST['redirect_uri'] : ''); + $client_id = (x($_POST, 'client_id') ? $_POST['client_id'] : ''); + $code = (x($_POST, 'code') ? $_POST['code'] : ''); + $client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : ''); + $url = z_root() . '/token/?'; + $url .= 'grant_type=' . urlencode($grant_type); + $url .= '&redirect_uri=' . urlencode($redirect_uri); + $url .= '&client_id=' . urlencode($client_id); + $url .= '&code=' . urlencode($code); + $post = z_fetch_url($url, false, 0, array( + 'custom' => 'POST', + 'http_auth' => $client_id . ':' . $client_secret, + )); + //logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); + $response = json_decode($post['body'], true); + logger(json_encode($response, JSON_PRETTY_PRINT), LOGGER_DEBUG); + if($response['access_token']) { + info('Access token received: ' . $response['access_token'] . EOL); + } + break; case 'delete_db': $status = true; // Use the \OAuth2\Storage\Pdo class to create the OAuth2 tables diff --git a/Zotlabs/Module/Token.php b/Zotlabs/Module/Token.php index f7c074233..32cf95c61 100644 --- a/Zotlabs/Module/Token.php +++ b/Zotlabs/Module/Token.php @@ -29,7 +29,8 @@ class Token extends \Zotlabs\Web\Controller { } $s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db)); - $s->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send(); + $request = \OAuth2\Request::createFromGlobals(); + $s->handleTokenRequest($request)->send(); killme(); } diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php index c96cb972f..2903e9f6c 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php @@ -226,7 +226,7 @@ class Request implements RequestInterface $class = get_called_class(); /** @var Request $request */ - $request = new $class($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER); + $request = new $class($_GET, $_REQUEST, array(), $_COOKIE, $_FILES, $_SERVER); $contentType = $request->server('CONTENT_TYPE', ''); $requestMethod = $request->server('REQUEST_METHOD', 'GET'); -- cgit v1.2.3 From 45e0fc6802b360710becf7ddaf6aed6a9de1d876 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Mon, 26 Feb 2018 18:16:43 -0500 Subject: Successful OAuth2 sequence demonstrated with the test vehicle, including an authenticated API call using an access_token. --- Zotlabs/Module/Authorize.php | 36 ++++-------- Zotlabs/Module/Oauth2testvehicle.php | 106 ++++++++++++++++++++++------------- include/api_auth.php | 57 +++++++++++++++---- include/network.php | 4 +- view/tpl/oauth2testvehicle.tpl | 16 ++++-- 5 files changed, 137 insertions(+), 82 deletions(-) diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index f505b4681..c76dfb9df 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -6,28 +6,6 @@ use Zotlabs\Identity\OAuth2Storage; class Authorize extends \Zotlabs\Web\Controller { - function init() { - - // workaround for HTTP-auth in CGI mode - if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); - if (strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - - if (x($_SERVER, 'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)); - if (strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - } - function get() { if (!local_channel()) { return login(); @@ -37,7 +15,7 @@ class Authorize extends \Zotlabs\Web\Controller { // http://openid.net/specs/openid-connect-registration-1_0.html $app = array( 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : 'Unknown App'), - 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : '/images/icons/plugin.png'), + 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), ); $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( @@ -76,20 +54,26 @@ class Authorize extends \Zotlabs\Web\Controller { if (x($_POST, 'redirect_uri')) { $redirect_uri = $_POST['redirect_uri']; } else { - $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com'; + $redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com/oauth'; } $request = \OAuth2\Request::createFromGlobals(); $response = new \OAuth2\Response(); // If the client is not registered, add to the database - if (!$storage->getClientDetails($client_id)) { + if (!$client = $storage->getClientDetails($client_id)) { $client_secret = random_string(16); // Client apps are registered per channel $user_id = local_channel(); $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id); - $response->setParameter('client_secret', $client_secret); + + } + if (!$client = $storage->getClientDetails($client_id)) { + // There was an error registering the client. + $response->send(); + killme(); } + $response->setParameter('client_secret', $client['client_secret']); // validate the authorize request if (!$s->validateAuthorizeRequest($request, $response)) { diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 37a0b9b0e..29c6ec50e 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -2,6 +2,12 @@ namespace Zotlabs\Module; +/** + * The OAuth2TestVehicle class is a way to test the registration of an OAuth2 + * client app. It allows you to walk through the steps of registering a client, + * requesting an authorization code for that client, and then requesting an + * access token for use in authentication against the Hubzilla API endpoints. + */ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { function init() { @@ -14,17 +20,19 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { // cookie, and compare it when the user comes back. This ensures your // redirection endpoint isn't able to be tricked into attempting to // exchange arbitrary authorization codes." - if ($_REQUEST['code'] && $_REQUEST['state']) { - logger('Authorization callback invoked.', LOGGER_DEBUG); - logger(json_encode($_REQUEST, JSON_PRETTY_PRINT), LOGGER_DEBUG); - info('Authorization callback invoked.' . EOL); - return $this->get(); - } + $_SESSION['redirect_uri'] = 'http://hub.localhost/oauth2testvehicle'; + $_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']); + $_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] ); + $_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] ); + $_SESSION['client_secret'] = (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : $_SESSION['client_secret']); + $_SESSION['access_token'] = (x($_REQUEST, 'access_token') ? $_REQUEST['access_token'] : $_SESSION['access_token'] ); + $_SESSION['api_response'] = (x($_SESSION, 'api_response') ? $_SESSION['api_response'] : ''); } function get() { - + $o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array( '$baseurl' => z_root(), + '$api_response' => $_SESSION['api_response'], /* endpoints => array( array( @@ -49,7 +57,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { ), 'oauth2test_delete_db', 'Delete the OAuth2 database tables', - 'POST' + 'POST', + ($_SESSION['success'] === 'delete_db'), ), array( 'oauth2testvehicle', @@ -60,58 +69,76 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { ), 'oauth2test_create_db', 'Create the OAuth2 database tables', - 'POST' + 'POST', + ($_SESSION['success'] === 'create_db'), ), array( 'authorize', array( array('response_type', 'code'), - array('client_id', urlencode('killer_app')), - array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), + array('client_id', (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : 'oauth2_test_app')), + array('redirect_uri', $_SESSION['redirect_uri']), array('state', 'xyz'), // OpenID Connect Dynamic Client Registration 1.0 Client Metadata // http://openid.net/specs/openid-connect-registration-1_0.html - array('client_name', urlencode('Killer App')), - array('logo_uri', urlencode('https://client.example.com/website/img/icon.png')), + array('client_name', 'OAuth2 Test App'), + array('logo_uri', urlencode(z_root() . '/images/icons/plugin.png')), array('client_uri', urlencode('https://client.example.com/website')), array('application_type', 'web'), // would be 'native' for mobile app ), 'oauth_authorize', 'Authorize a test client app', - 'GET' + 'GET', + (($_REQUEST['code'] && $_REQUEST['state']) ? true : false), ), - /* - * POST https://api.authorization-server.com/token - grant_type=authorization_code& - code=AUTH_CODE_HERE& - redirect_uri=REDIRECT_URI& - client_id=CLIENT_ID - */ array( 'oauth2testvehicle', array( array('action', 'request_token'), array('grant_type', 'authorization_code'), - array('code', (x($_REQUEST, 'code') ? $_REQUEST['code'] : 'no_authorization_code')), - array('redirect_uri', 'http://hub.localhost/oauth2testvehicle'), - array('client_id', urlencode('killer_app')), - array('client_secret', (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : 'no_client_secret')), + array('code', $_SESSION['authorization_code']), + array('redirect_uri', $_SESSION['redirect_uri']), + array('client_id', ($_SESSION['client_id'] ? $_SESSION['client_id'] : 'oauth2_test_app')), + array('client_secret', $_SESSION['client_secret']), ), 'oauth_token_request', 'Request a token', - 'POST' + 'POST', + ($_SESSION['success'] === 'request_token'), + ), + array( + 'oauth2testvehicle', + array( + array('action', 'api_files'), + array('access_token', $_SESSION['access_token']), + ), + 'oauth_api_files', + 'API: Get channel files', + 'POST', + ($_SESSION['success'] === 'api_files'), ) ) )); - + $_SESSION['success'] = ''; return $o; } function post() { - //logger(json_encode($_POST, JSON_PRETTY_PRINT), LOGGER_DEBUG); - switch ($_POST['action']) { + case 'api_files': + $access_token = $_SESSION['access_token']; + $url = z_root() . '/api/z/1.0/files/'; + $headers = []; + $headers[] = 'Authorization: Bearer ' . $access_token; + $post = z_fetch_url($url, false, 0, array( + 'custom' => 'GET', + 'headers' => $headers, + )); + logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); + $response = json_decode($post['body'], true); + $_SESSION['api_response'] = json_encode($response, JSON_PRETTY_PRINT); + break; case 'request_token': $grant_type = (x($_POST, 'grant_type') ? $_POST['grant_type'] : ''); $redirect_uri = (x($_POST, 'redirect_uri') ? $_POST['redirect_uri'] : ''); @@ -119,19 +146,21 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $code = (x($_POST, 'code') ? $_POST['code'] : ''); $client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : ''); $url = z_root() . '/token/?'; - $url .= 'grant_type=' . urlencode($grant_type); + $url .= 'grant_type=' . $grant_type; $url .= '&redirect_uri=' . urlencode($redirect_uri); - $url .= '&client_id=' . urlencode($client_id); - $url .= '&code=' . urlencode($code); + $url .= '&client_id=' . $client_id; + $url .= '&code=' . $code; $post = z_fetch_url($url, false, 0, array( 'custom' => 'POST', 'http_auth' => $client_id . ':' . $client_secret, )); - //logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); + logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); $response = json_decode($post['body'], true); logger(json_encode($response, JSON_PRETTY_PRINT), LOGGER_DEBUG); if($response['access_token']) { info('Access token received: ' . $response['access_token'] . EOL); + $_SESSION['success'] = 'request_token'; + $_SESSION['access_token'] = $response['access_token']; } break; case 'delete_db': @@ -140,26 +169,23 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { // by passing it the database connection $pdo = \DBA::$dba->db; $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); - logger('Deleting existing database tables...', LOGGER_DEBUG); foreach ($storage->getConfig() as $key => $table) { - logger('Deleting table ' . dbesc($table), LOGGER_DEBUG); $r = q("DROP TABLE %s;", dbesc($table)); if (!$r) { - logger('Errors encountered deleting database table ' . $table . '.', LOGGER_DEBUG); $status = false; } } if (!$status) { notice('Errors encountered deleting database tables.' . EOL); + $_SESSION['success'] = ''; } else { info('Database tables deleted successfully.' . EOL); + $_SESSION['success'] = 'delete_db'; } - break; case 'create_db': $status = true; - logger('Creating database tables...', LOGGER_DEBUG); @include('.htconfig.php'); $pdo = \DBA::$dba->db; $storage = new \Zotlabs\Storage\ZotOauth2Pdo($pdo); @@ -168,15 +194,17 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $result = $pdo->exec($statement); } catch (\PDOException $e) { $status = false; - logger('Error executing database statement: ' . $statement, LOGGER_DEBUG); } } if (!$status) { notice('Errors encountered creating database tables.' . EOL); + $_SESSION['success'] = ''; } else { info('Database tables created successfully.' . EOL); + $_SESSION['success'] = 'create_db'; } + break; default: break; diff --git a/include/api_auth.php b/include/api_auth.php index 5c0bcb317..e2f7ab155 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -14,25 +14,58 @@ function api_login(&$a){ // login with oauth try { - $oauth = new ZotOAuth1(); - $req = OAuth1Request::from_request(); + // OAuth 2.0 + $storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db); + $server = new \Zotlabs\Identity\OAuth2Server($storage); + $request = \OAuth2\Request::createFromGlobals(); + if ($server->verifyResourceRequest($request)) { + $token = $server->getAccessTokenData($request); + $uid = $token['user_id']; + $r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1", + intval($uid) + ); + if (count($r)) { + $record = $r[0]; + } else { + header('HTTP/1.0 401 Unauthorized'); + echo('This api requires login'); + killme(); + } + + $_SESSION['uid'] = $record['channel_id']; + $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; + + $x = q("select * from account where account_id = %d LIMIT 1", + intval($record['channel_account_id']) + ); + if ($x) { + require_once('include/security.php'); + authenticate_success($x[0], null, true, false, true, true); + $_SESSION['allow_api'] = true; + call_hooks('logged_in', App::$user); + return; + } + } else { + // OAuth 1.0 + $oauth = new ZotOAuth1(); + $req = OAuth1Request::from_request(); - list($consumer,$token) = $oauth->verify_request($req); + list($consumer, $token) = $oauth->verify_request($req); - if (!is_null($token)){ - $oauth->loginUser($token->uid); + if (!is_null($token)) { + $oauth->loginUser($token->uid); - App::set_oauth_key($consumer->key); + App::set_oauth_key($consumer->key); - call_hooks('logged_in', App::$user); - return; + call_hooks('logged_in', App::$user); + return; + } + killme(); } - killme(); - } - catch(Exception $e) { + } catch (Exception $e) { logger($e->getMessage()); } - + // workarounds for HTTP-auth in CGI mode foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { diff --git a/include/network.php b/include/network.php index f8cb68613..9768a2544 100644 --- a/include/network.php +++ b/include/network.php @@ -88,6 +88,8 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) { $instance_headers[] = 'Cookie: PHPSESSID=' . session_id(); } } + logger('headers: ' . json_encode($instance_headers, JSON_PRETTY_PRINT)); + if($instance_headers) @curl_setopt($ch, CURLOPT_HTTPHEADER, $instance_headers); @@ -143,7 +145,7 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) { $base = $s; $curl_info = @curl_getinfo($ch); $http_code = $curl_info['http_code']; - //logger('fetch_url:' . $http_code . ' data: ' . $s); + logger('fetch_url:' . $http_code . ' data: ' . $s); $header = ''; // Pull out multiple headers, e.g. proxy and continuation headers diff --git a/view/tpl/oauth2testvehicle.tpl b/view/tpl/oauth2testvehicle.tpl index 18bbfb1ff..ce46b58c0 100644 --- a/view/tpl/oauth2testvehicle.tpl +++ b/view/tpl/oauth2testvehicle.tpl @@ -4,10 +4,18 @@

{{$ept.3}}

-

{{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}&{{/foreach}} -

+ {{$baseurl}}/{{$ept.0}}/?{{foreach $ept.1 as $field}}{{$field.0}}={{$field.1}}&{{/foreach}} +
- +  
-{{/foreach}} \ No newline at end of file +{{/foreach}} +
+

API response

+ 
+	
+	{{$api_response}}
+	
+
+
\ No newline at end of file -- cgit v1.2.3 From aa6f7481a023c04b30ffc6aec2016e2b7b3b386f Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sat, 10 Mar 2018 15:43:13 -0500 Subject: Fixed access_token request bug and returned oauth2-server-php library to unmodified state. --- Zotlabs/Module/Oauth2testvehicle.php | 15 ++++++++------- vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/Zotlabs/Module/Oauth2testvehicle.php b/Zotlabs/Module/Oauth2testvehicle.php index 29c6ec50e..82e309f1c 100644 --- a/Zotlabs/Module/Oauth2testvehicle.php +++ b/Zotlabs/Module/Oauth2testvehicle.php @@ -145,13 +145,14 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller { $client_id = (x($_POST, 'client_id') ? $_POST['client_id'] : ''); $code = (x($_POST, 'code') ? $_POST['code'] : ''); $client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : ''); - $url = z_root() . '/token/?'; - $url .= 'grant_type=' . $grant_type; - $url .= '&redirect_uri=' . urlencode($redirect_uri); - $url .= '&client_id=' . $client_id; - $url .= '&code=' . $code; - $post = z_fetch_url($url, false, 0, array( - 'custom' => 'POST', + $url = z_root() . '/token/'; + $params = http_build_query(array( + 'grant_type' => $grant_type, + 'redirect_uri' => urlencode($redirect_uri), + 'client_id' => $client_id, + 'code' => $code, + )); + $post = z_post_url($url, $params, 0, array( 'http_auth' => $client_id . ':' . $client_secret, )); logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG); diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php index 2903e9f6c..c96cb972f 100644 --- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php +++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/Request.php @@ -226,7 +226,7 @@ class Request implements RequestInterface $class = get_called_class(); /** @var Request $request */ - $request = new $class($_GET, $_REQUEST, array(), $_COOKIE, $_FILES, $_SERVER); + $request = new $class($_GET, $_POST, array(), $_COOKIE, $_FILES, $_SERVER); $contentType = $request->server('CONTENT_TYPE', ''); $requestMethod = $request->server('REQUEST_METHOD', 'GET'); -- cgit v1.2.3 From 33bb89729cdb7d8cc462253fd2b984e2e2bf4471 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 29 Mar 2018 02:26:25 -0700 Subject: hubzilla issue #1019 - punycode urls on connedit page when displaying locations --- Zotlabs/Module/Connedit.php | 6 +++--- include/hubloc.php | 3 ++- include/text.php | 8 +++++--- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index f359175c1..cb9c19cf0 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -828,7 +828,7 @@ class Connedit extends \Zotlabs\Web\Controller { $locstr = locations_by_netid($contact['xchan_hash']); if(! $locstr) - $locstr = $contact['xchan_url']; + $locstr = unpunify($contact['xchan_url']); $clone_warn = ''; $clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false); @@ -852,8 +852,8 @@ class Connedit extends \Zotlabs\Web\Controller { '$permcat' => [ 'permcat', t('Permission role'), '', '',$permcats ], '$permcat_new' => t('Add permission role'), '$permcat_enable' => feature_enabled(local_channel(),'permcats'), - '$addr' => $contact['xchan_addr'], - '$primeurl' => $contact['xchan_url'], + '$addr' => unpunify($contact['xchan_addr']), + '$primeurl' => unpunify($contact['xchan_url']), '$section' => $section, '$sections' => $sections, '$vcard' => $vcard, diff --git a/include/hubloc.php b/include/hubloc.php index 0d1a2e560..33d5dcbb2 100644 --- a/include/hubloc.php +++ b/include/hubloc.php @@ -270,7 +270,8 @@ function locations_by_netid($netid) { dbesc($netid) ); - return array_elm_to_str($locs,'location',', '); + + return array_elm_to_str($locs,'location',', ','trim_and_unpunify'); } diff --git a/include/text.php b/include/text.php index f9cefd020..f634f0d55 100644 --- a/include/text.php +++ b/include/text.php @@ -2189,13 +2189,13 @@ function ids_to_querystr($arr,$idx = 'id',$quote = false) { * @returns string */ -function array_elm_to_str($arr,$elm,$delim = ',') { +function array_elm_to_str($arr,$elm,$delim = ',',$each = 'trim') { $tmp = []; if($arr && is_array($arr)) { foreach($arr as $x) { if(is_array($x) && array_key_exists($elm,$x)) { - $z = trim($x[$elm]); + $z = $each($x[$elm]); if(($z) && (! in_array($z,$tmp))) { $tmp[] = $z; } @@ -2205,7 +2205,9 @@ function array_elm_to_str($arr,$elm,$delim = ',') { return implode($delim,$tmp); } - +function trim_and_unpunify($s) { + return unpunify(trim($s)); +} /** -- cgit v1.2.3 From 998f39868fd6a4dce11e9f32aabc2744c76785dd Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 29 Mar 2018 14:27:26 -0700 Subject: directory: link entry keywords to a directory keyword search --- Zotlabs/Module/Directory.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 62a1670f9..87387ef56 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -299,9 +299,9 @@ class Directory extends \Zotlabs\Web\Controller { if(strlen($out)) $out .= ', '; if($marr && in_arrayi($k,$marr)) - $out .= '' . $k . ''; + $out .= '' . $k . ''; else - $out .= $k; + $out .= '' . $k . ''; } } -- cgit v1.2.3 From 238303d81913dd81a1e8907d216ed6c866bd834a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 29 Mar 2018 15:32:35 -0700 Subject: add directory keyword links to profile --- include/channel.php | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/include/channel.php b/include/channel.php index c94f5c657..460c818da 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1573,14 +1573,25 @@ function advanced_profile() { $profile['howlong'] = relative_date(App::$profile['howlong'], t('for %1$d %2$s')); } + if(App::$profile['keywords']) { + $keywords = str_replace(',',' ', App::$profile['keywords']); + $keywords = str_replace(' ',' ', $keywords); + $karr = explode(' ', $keywords); + if($karr) { + for($cnt = 0; $cnt < count($karr); $cnt ++) { + $karr[$cnt] = '' . $karr[$cnt] . ''; + } + } + $profile['keywords'] = array( t('Tags:'), implode(' ', $karr)); + } + + if(App::$profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), App::$profile['sexual'] ); if(App::$profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify(App::$profile['homepage']) ); if(App::$profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify(App::$profile['hometown']) ); - if(App::$profile['keywords']) $profile['keywords'] = array( t('Tags:'), App::$profile['keywords']); - if(App::$profile['politic']) $profile['politic'] = array( t('Political Views:'), App::$profile['politic']); if(App::$profile['religion']) $profile['religion'] = array( t('Religion:'), App::$profile['religion']); -- cgit v1.2.3 From 6d0e1b0e07f26ee07d9f53732daab8ade12566d0 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 29 Mar 2018 17:06:23 -0700 Subject: display and link issues with quoted tags --- Zotlabs/Module/Tagger.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/Zotlabs/Module/Tagger.php b/Zotlabs/Module/Tagger.php index 603a95f2b..24adf1bde 100644 --- a/Zotlabs/Module/Tagger.php +++ b/Zotlabs/Module/Tagger.php @@ -80,6 +80,8 @@ class Tagger extends \Zotlabs\Web\Controller { break; } + + $clean_term = trim($term,'"\' '); $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => z_root() . '/display/' . gen_link_id($item['mid']))); @@ -103,15 +105,15 @@ class Tagger extends \Zotlabs\Web\Controller { ), )); - $tagid = z_root() . '/search?tag=' . $term; + $tagid = z_root() . '/search?tag=' . $clean_term; $objtype = ACTIVITY_OBJ_TAGTERM; $obj = json_encode(array( 'type' => $objtype, 'id' => $tagid, 'link' => array(array('rel' => 'alternate','type' => 'text/html', 'href' => $tagid)), - 'title' => $term, - 'content' => $term + 'title' => $clean_term, + 'content' => $clean_term )); $bodyverb = t('%1$s tagged %2$s\'s %3$s with %4$s'); @@ -119,7 +121,7 @@ class Tagger extends \Zotlabs\Web\Controller { // saving here for reference // also check out x22d5 and x2317 and x0d6b and x0db8 and x24d0 and xff20 !!! - $termlink = html_entity_decode('⋕') . '[zrl=' . z_root() . '/search?tag=' . urlencode($term) . ']'. $term . '[/zrl]'; + $termlink = html_entity_decode('⋕') . '[zrl=' . z_root() . '/search?tag=' . urlencode($clean_term) . ']'. $clean_term . '[/zrl]'; $channel = \App::get_channel(); @@ -143,8 +145,7 @@ class Tagger extends \Zotlabs\Web\Controller { $arr['obj_type'] = $objtype; $arr['obj'] = $obj; $arr['parent_mid'] = $item['mid']; - - store_item_tag($item['uid'],$item['id'],TERM_OBJ_POST,TERM_COMMUNITYTAG,$term,$tagid); + store_item_tag($item['uid'],$item['id'],TERM_OBJ_POST,TERM_COMMUNITYTAG,$clean_term,$tagid); $ret = post_activity_item($arr); if($ret['success']) { -- cgit v1.2.3 From f54aa4f21e63e2d0be94ee92f681ddec641da441 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 01:59:32 -0700 Subject: allow case independence of replacements as well as patterns --- Zotlabs/Module/Hashtags.php | 2 +- view/js/autocomplete.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Module/Hashtags.php b/Zotlabs/Module/Hashtags.php index edb631871..300485196 100644 --- a/Zotlabs/Module/Hashtags.php +++ b/Zotlabs/Module/Hashtags.php @@ -18,7 +18,7 @@ class Hashtags extends \Zotlabs\Web\Controller { ); if($r) { foreach($r as $rv) { - $result[] = [ 'text' => strtolower($rv['term']) ]; + $result[] = [ 'text' => $rv['term'] ]; } } diff --git a/view/js/autocomplete.js b/view/js/autocomplete.js index f7570523e..7a1a7673d 100644 --- a/view/js/autocomplete.js +++ b/view/js/autocomplete.js @@ -210,7 +210,7 @@ function string2bb(element) { tags = { match: /(^|\s)(\#)([^ \n]{2,})$/, index: 3, - search: function(term, callback) { $.getJSON('/hashtags/' + '$f=&t=' + term).done(function(data) { callback($.map(data, function(entry) { return entry.text.indexOf(term) === 0 ? entry : null; })); }); }, + search: function(term, callback) { $.getJSON('/hashtags/' + '$f=&t=' + term).done(function(data) { callback($.map(data, function(entry) { return entry.text.toLowerCase().indexOf(term.toLowerCase()) === 0 ? entry : null; })); }); }, replace: function(item) { return "$1$2" + item.text + ' '; }, context: function(text) { return text.toLowerCase(); }, template: tag_format -- cgit v1.2.3 From 43249bd4be8495dadaae859bf42f14a90af7b574 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 15:18:33 -0700 Subject: hubzilla issue #1020 - PM using unicode domain for recipient. May require further testing --- Zotlabs/Module/Acl.php | 2 +- Zotlabs/Module/Mail.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 245b0a9b7..ef901aef1 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -95,7 +95,7 @@ class Acl extends \Zotlabs\Web\Controller { . "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, "; $col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' ); - $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; + $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc(($col === 'xchan_addr') ? punify($search) : $search) . "%'" ) . " "; } else { diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index b58b169d0..ca183f644 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -67,14 +67,14 @@ class Mail extends \Zotlabs\Web\Controller { if(! $recipient) { $channel = \App::get_channel(); - $j = \Zotlabs\Zot\Finger::run($rstr,$channel); + $j = \Zotlabs\Zot\Finger::run(punify($rstr),$channel); if(! $j['success']) { notice( t('Unable to lookup recipient.') . EOL); return; } - logger('message_post: lookup: ' . $url . ' ' . print_r($j,true)); + logger('message_post: lookup: ' . $rstr . ' ' . print_r($j,true)); if(! $j['guid']) { notice( t('Unable to communicate with requested channel.')); -- cgit v1.2.3 From af125fbe4f72b1f170ef6722d1bf9ca4beb3c7c5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 16:09:25 -0700 Subject: Hubzilla issue #1022 - provide a way to share wiki pages. Currently this is only implemented in the 'edit' pane and could use some improvement/enhancement --- Zotlabs/Module/Wiki.php | 4 ++++ view/tpl/wiki.tpl | 3 +++ 2 files changed, 7 insertions(+) diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index ae543eb98..a2cc87f13 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -284,6 +284,8 @@ class Wiki extends \Zotlabs\Web\Controller { $wikiheaderPage = urldecode($pageUrlName); $renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page')); + $sharePage = t('Share page'); + $p = []; if(! $ignore_language) { @@ -354,6 +356,8 @@ class Wiki extends \Zotlabs\Web\Controller { '$wikiheaderName' => $wikiheaderName, '$wikiheaderPage' => $wikiheaderPage, '$renamePage' => $renamePage, + '$sharePage' => $sharePage, + '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), '$showPageControls' => $showPageControls, '$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')), '$tools_label' => 'Page Tools', diff --git a/view/tpl/wiki.tpl b/view/tpl/wiki.tpl index 2be323deb..1a83179a3 100644 --- a/view/tpl/wiki.tpl +++ b/view/tpl/wiki.tpl @@ -11,6 +11,9 @@ {{if $renamePage}}  {{$renamePage}} {{/if}} + {{if $sharePage}} + + {{/if}}  Embed Image
-- cgit v1.2.3 From 1c3e6697615b70d2528856b6c8e69962a14763dc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 16:47:47 -0700 Subject: Hubzilla issue #1022 - improve the usability --- Zotlabs/Module/Wiki.php | 4 ++-- view/tpl/wiki.tpl | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index a2cc87f13..696191f70 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -284,7 +284,7 @@ class Wiki extends \Zotlabs\Web\Controller { $wikiheaderPage = urldecode($pageUrlName); $renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page')); - $sharePage = t('Share page'); + $sharePage = t('Share'); $p = []; @@ -357,7 +357,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$wikiheaderPage' => $wikiheaderPage, '$renamePage' => $renamePage, '$sharePage' => $sharePage, - '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), + '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] - ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), '$showPageControls' => $showPageControls, '$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')), '$tools_label' => 'Page Tools', diff --git a/view/tpl/wiki.tpl b/view/tpl/wiki.tpl index 1a83179a3..6ca4b0c77 100644 --- a/view/tpl/wiki.tpl +++ b/view/tpl/wiki.tpl @@ -11,13 +11,11 @@ {{if $renamePage}}  {{$renamePage}} {{/if}} - {{if $sharePage}} - - {{/if}}  Embed Image
{{/if}} + -- cgit v1.2.3 From 1e086a4ac8ba45d179f9130c5a49aa68b1949909 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 30 Mar 2018 17:13:21 -0700 Subject: Hubzilla issue #1022 cleanup of post formatting --- Zotlabs/Module/Wiki.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 696191f70..7dc8eb1bc 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -357,7 +357,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$wikiheaderPage' => $wikiheaderPage, '$renamePage' => $renamePage, '$sharePage' => $sharePage, - '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] - ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), + '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), '$showPageControls' => $showPageControls, '$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')), '$tools_label' => 'Page Tools', -- cgit v1.2.3 From e155e7d9ce36ba87a77f8c9089a69c808172a1ef Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 31 Mar 2018 01:43:33 -0700 Subject: undo vcard on display module until we can make it accurate --- Zotlabs/Module/Display.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index d3047bc59..30f2a7f5f 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -114,7 +114,8 @@ class Display extends \Zotlabs\Web\Controller { dbesc($target_item['author_xchan']) ); if($x) { - \App::$poi = $x[0]; +// not yet ready for prime time +// \App::$poi = $x[0]; } //if the item is to be moderated redirect to /moderate -- cgit v1.2.3 From 4493304fa79aded582b65498aacf6db48a788bdc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 31 Mar 2018 13:22:12 -0700 Subject: wrong function --- include/network.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/network.php b/include/network.php index f8cb68613..a49e5920d 100644 --- a/include/network.php +++ b/include/network.php @@ -1873,7 +1873,7 @@ function probe_api_path($host) { foreach($paths as $path) { $curpath = $scheme . '://' . $host . $path; $x = z_fetch_url($curpath); - if($x['success'] && ! strlen($x['body'], 'not implemented')) + if($x['success'] && ! strpos($x['body'], 'not implemented')) return str_replace('version', '', $curpath); } } -- cgit v1.2.3 From 0e09dca9529ee15ad8457353391a9c97de6aeaf1 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sun, 1 Apr 2018 20:19:56 +0200 Subject: fix missing login/out buttons for medium screensize --- view/tpl/navbar_default.tpl | 6 +++--- view/tpl/navbar_tucson.tpl | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/view/tpl/navbar_default.tpl b/view/tpl/navbar_default.tpl index 92b067bcb..532e10f22 100755 --- a/view/tpl/navbar_default.tpl +++ b/view/tpl/navbar_default.tpl @@ -91,7 +91,7 @@