From aab97adb23c65dfc54f4f160742f8066fcd98032 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Wed, 26 Sep 2018 16:22:34 +0200
Subject: oauth and oauth2 apps manager

---
 Zotlabs/Module/Oauth.php           | 177 +++++++++++++++++++++++++++++++++
 Zotlabs/Module/Oauth2.php          | 199 +++++++++++++++++++++++++++++++++++++
 Zotlabs/Module/Settings/Oauth.php  | 161 ------------------------------
 Zotlabs/Module/Settings/Oauth2.php | 184 ----------------------------------
 app/oauth.apd                      |   6 ++
 app/oauth2.apd                     |   6 ++
 view/tpl/oauth.tpl                 |  36 +++++++
 view/tpl/oauth2.tpl                |  36 +++++++
 view/tpl/oauth2_edit.tpl           |  21 ++++
 view/tpl/oauth_edit.tpl            |  21 ++++
 view/tpl/settings_oauth.tpl        |  36 -------
 view/tpl/settings_oauth2.tpl       |  36 -------
 view/tpl/settings_oauth2_edit.tpl  |  21 ----
 view/tpl/settings_oauth_edit.tpl   |  21 ----
 14 files changed, 502 insertions(+), 459 deletions(-)
 create mode 100644 Zotlabs/Module/Oauth.php
 create mode 100644 Zotlabs/Module/Oauth2.php
 delete mode 100644 Zotlabs/Module/Settings/Oauth.php
 delete mode 100644 Zotlabs/Module/Settings/Oauth2.php
 create mode 100644 app/oauth.apd
 create mode 100644 app/oauth2.apd
 create mode 100755 view/tpl/oauth.tpl
 create mode 100755 view/tpl/oauth2.tpl
 create mode 100755 view/tpl/oauth2_edit.tpl
 create mode 100755 view/tpl/oauth_edit.tpl
 delete mode 100755 view/tpl/settings_oauth.tpl
 delete mode 100755 view/tpl/settings_oauth2.tpl
 delete mode 100755 view/tpl/settings_oauth2_edit.tpl
 delete mode 100755 view/tpl/settings_oauth_edit.tpl

diff --git a/Zotlabs/Module/Oauth.php b/Zotlabs/Module/Oauth.php
new file mode 100644
index 000000000..196209308
--- /dev/null
+++ b/Zotlabs/Module/Oauth.php
@@ -0,0 +1,177 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+
+class Oauth extends Controller {
+
+
+	function post() {
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth'))
+			return;
+	
+		if(x($_POST,'remove')){
+			check_form_security_token_redirectOnErr('/oauth', 'oauth');
+			
+			$key = $_POST['remove'];
+			q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
+				dbesc($key),
+				local_channel());
+			goaway(z_root()."/oauth");
+			return;			
+		}
+	
+		if((argc() > 1) && (argv(1) === 'edit' || argv(1) === 'add') && x($_POST,'submit')) {
+			
+			check_form_security_token_redirectOnErr('oauth', 'oauth');
+			
+			$name   	= ((x($_POST,'name')) ? escape_tags($_POST['name']) : '');
+			$key		= ((x($_POST,'key')) ? escape_tags($_POST['key']) : '');
+			$secret		= ((x($_POST,'secret')) ? escape_tags($_POST['secret']) : '');
+			$redirect	= ((x($_POST,'redirect')) ? escape_tags($_POST['redirect']) : '');
+			$icon		= ((x($_POST,'icon')) ? escape_tags($_POST['icon']) : '');
+			$oauth2		= ((x($_POST,'oauth2')) ? intval($_POST['oauth2']) : 0);
+			$ok = true;
+			if($name == '') {
+				$ok = false;
+				notice( t('Name is required') . EOL);
+			}
+			if($key == '' || $secret == '') {
+				$ok = false;
+				notice( t('Key and Secret are required') . EOL);
+			}
+		
+			if($ok) {
+				if ($_POST['submit']==t("Update")){
+					$r = q("UPDATE clients SET
+								client_id='%s',
+								pw='%s',
+								clname='%s',
+								redirect_uri='%s',
+								icon='%s',
+								uid=%d
+							WHERE client_id='%s'",
+							dbesc($key),
+							dbesc($secret),
+							dbesc($name),
+							dbesc($redirect),
+							dbesc($icon),
+							intval(local_channel()),
+							dbesc($key));
+				} else {
+					$r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid)
+						VALUES ('%s','%s','%s','%s','%s',%d)",
+						dbesc($key),
+						dbesc($secret),
+						dbesc($name),
+						dbesc($redirect),
+						dbesc($icon),
+						intval(local_channel())
+					);
+					$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",
+						dbesc($key),
+						intval(local_channel()),
+						dbesc('all')
+					);
+				}
+			}
+			goaway(z_root()."/oauth");
+			return;
+		}
+	}
+
+	function get() {
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth Apps Manager')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>OAuth App (Not Installed):</b><br>';
+			$o .= t('An OAuth apps manager');
+			return $o;
+		}
+
+			
+		if((argc() > 1) && (argv(1) === 'add')) {
+			$tpl = get_markup_template("oauth_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("oauth"),
+				'$title'	=> t('Add application'),
+				'$submit'	=> t('Submit'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), '', t('Name of application')),
+				'$key'		=> array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
+				'$secret'	=> array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
+				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
+				'$icon'		=> array('icon', t('Icon url'), '', t('Optional')),
+			));
+			return $o;
+		}
+			
+		if((argc() > 2) && (argv(1) === 'edit')) {
+			$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
+					dbesc(argv(2)),
+					local_channel());
+			
+			if (!count($r)){
+				notice(t('Application not found.'));
+				return;
+			}
+			$app = $r[0];
+				
+			$tpl = get_markup_template("oauth_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("oauth"),
+				'$title'	=> t('Add application'),
+				'$submit'	=> t('Update'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), $app['clname'] , ''),
+				'$key'		=> array('key', t('Consumer Key'), $app['client_id'], ''),
+				'$secret'	=> array('secret', t('Consumer Secret'), $app['pw'], ''),
+				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], ''),
+				'$icon'		=> array('icon', t('Icon url'), $app['icon'], ''),
+			));
+			return $o;
+		}
+			
+		if((argc() > 2) && (argv(1) === 'delete')) {
+			check_form_security_token_redirectOnErr('/oauth', 'oauth', 't');
+			
+			$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
+					dbesc(argv(2)),
+					local_channel());
+			goaway(z_root()."/oauth");
+			return;			
+		}
+			
+			
+		$r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my 
+				FROM clients
+				LEFT JOIN tokens ON clients.client_id=tokens.client_id
+				WHERE clients.uid IN (%d,0)",
+				local_channel(),
+				local_channel());
+		
+			
+		$tpl = get_markup_template("oauth.tpl");
+		$o .= replace_macros($tpl, array(
+			'$form_security_token' => get_form_security_token("oauth"),
+			'$baseurl'	=> z_root(),
+			'$title'	=> t('Connected OAuth Apps'),
+			'$add'		=> t('Add application'),
+			'$edit'		=> t('Edit'),
+			'$delete'		=> t('Delete'),
+			'$consumerkey' => t('Client key starts with'),
+			'$noname'	=> t('No name'),
+			'$remove'	=> t('Remove authorization'),
+			'$apps'		=> $r,
+		));
+		return $o;
+			
+	}
+
+}
diff --git a/Zotlabs/Module/Oauth2.php b/Zotlabs/Module/Oauth2.php
new file mode 100644
index 000000000..2302d1b10
--- /dev/null
+++ b/Zotlabs/Module/Oauth2.php
@@ -0,0 +1,199 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+
+class Oauth2 extends Controller {
+
+
+	function post() {
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth2 Apps Manager'))
+			return;
+	
+		if(x($_POST,'remove')){
+			check_form_security_token_redirectOnErr('oauth2', 'oauth2');
+			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
+		logger("REMOVE! ".$name." uid: ".local_channel());	
+			$key = $_POST['remove'];
+			q("DELETE FROM oauth_authorization_codes WHERE client_id='%s' AND user_id=%d",
+				dbesc($name),
+				intval(local_channel())
+			);
+			q("DELETE FROM oauth_access_tokens WHERE client_id='%s' AND user_id=%d",
+				dbesc($name),
+				intval(local_channel())
+			);
+			q("DELETE FROM oauth_refresh_tokens WHERE client_id='%s' AND user_id=%d",
+				dbesc($name),
+				intval(local_channel())
+			);
+			goaway(z_root()."/oauth2");
+			return;			
+		}
+	
+		if((argc() > 1) && (argv(1) === 'edit' || argv(1) === 'add') && x($_POST,'submit')) {
+			
+			check_form_security_token_redirectOnErr('oauth2', 'oauth2');
+			
+			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
+			$secret		= ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : '');
+			$redirect	= ((x($_POST,'redirect')) ? escape_tags(trim($_POST['redirect'])) : '');
+			$grant		= ((x($_POST,'grant')) ? escape_tags(trim($_POST['grant'])) : '');
+			$scope		= ((x($_POST,'scope')) ? escape_tags(trim($_POST['scope'])) : '');
+
+			$ok = true;
+			if($name == '' || $secret == '') {
+				$ok = false;
+				notice( t('Name and Secret are required') . EOL);
+			}
+		
+			if($ok) {
+				if ($_POST['submit']==t("Update")){
+					$r = q("UPDATE oauth_clients SET
+								client_id = '%s',
+								client_secret = '%s',
+								redirect_uri = '%s',
+								grant_types = '%s',
+								scope = '%s', 
+								user_id = %d
+							WHERE client_id='%s' and user_id = %s",
+							dbesc($name),
+							dbesc($secret),
+							dbesc($redirect),
+							dbesc($grant),
+							dbesc($scope),
+							intval(local_channel()),
+							dbesc($name),
+                                                        intval(local_channel()));
+				} else {
+					$r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id)
+						VALUES ('%s','%s','%s','%s','%s',%d)",
+						dbesc($name),
+						dbesc($secret),
+						dbesc($redirect),
+						dbesc($grant),
+						dbesc($scope),
+						intval(local_channel())
+					);
+					$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",
+						dbesc($name),
+						intval(local_channel()),
+						dbesc('all')
+					);
+				}
+			}
+			goaway(z_root()."/oauth2");
+			return;
+		}
+	}
+
+	function get() {
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth2 Apps Manager')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>OAuth2 App (Not Installed):</b><br>';
+			$o .= t('An OAuth2 apps manager');
+			return $o;
+		}
+			
+		if((argc() > 1) && (argv(1) === 'add')) {
+			$tpl = get_markup_template("oauth2_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("oauth2"),
+				'$title'	=> t('Add OAuth2 application'),
+				'$submit'	=> t('Submit'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), '', t('Name of application')),
+				'$secret'	=> array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
+				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
+				'$grant'     => array('grant', t('Grant Types'), '', t('leave blank unless your application sepcifically requires this')),
+				'$scope'     => array('scope', t('Authorization scope'), '', t('leave blank unless your application sepcifically requires this')),
+			));
+			return $o;
+		}
+			
+		if((argc() > 2) && (argv(1) === 'edit')) {
+			$r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= %d",
+					dbesc(argv(2)),
+					intval(local_channel())
+			);
+			
+			if (! $r){
+				notice(t('OAuth2 Application not found.'));
+				return;
+			}
+
+			$app = $r[0];
+				
+			$tpl = get_markup_template("oauth2_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("oauth2"),
+				'$title'	=> t('Add application'),
+				'$submit'	=> t('Update'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), $app['client_id'], t('Name of application')),
+				'$secret'	=> array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')),
+				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')),
+				'$grant'     => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application specifically requires this')),
+				'$scope'     => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application specifically requires this')),
+			));
+			return $o;
+		}
+			
+		if((argc() > 2) && (argv(1) === 'delete')) {
+			check_form_security_token_redirectOnErr('oauth2', 'oauth2', 't');
+			
+			$r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(2)),
+					intval(local_channel())
+			);
+			$r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(2)),
+					intval(local_channel())
+			);
+			$r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(2)),
+					intval(local_channel())
+			);
+			$r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(2)),
+					intval(local_channel())
+			);
+			goaway(z_root()."/oauth2");
+			return;			
+		}
+			
+
+		$r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my 
+				FROM oauth_clients
+				LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND
+                                                                 oauth_clients.user_id=oauth_access_tokens.user_id
+				WHERE oauth_clients.user_id IN (%d,0)",
+				intval(local_channel()),
+				intval(local_channel())
+		);
+			
+		$tpl = get_markup_template("oauth2.tpl");
+		$o .= replace_macros($tpl, array(
+			'$form_security_token' => get_form_security_token("oauth2"),
+			'$baseurl'	=> z_root(),
+			'$title'	=> t('Connected OAuth2 Apps'),
+			'$add'		=> t('Add application'),
+			'$edit'		=> t('Edit'),
+			'$delete'		=> t('Delete'),
+			'$consumerkey' => t('Client key starts with'),
+			'$noname'	=> t('No name'),
+			'$remove'	=> t('Remove authorization'),
+			'$apps'		=> $r,
+		));
+		return $o;
+			
+	}
+
+}
diff --git a/Zotlabs/Module/Settings/Oauth.php b/Zotlabs/Module/Settings/Oauth.php
deleted file mode 100644
index d6576c6de..000000000
--- a/Zotlabs/Module/Settings/Oauth.php
+++ /dev/null
@@ -1,161 +0,0 @@
-<?php
-
-namespace Zotlabs\Module\Settings;
-
-
-class Oauth {
-
-
-	function post() {
-	
-		if(x($_POST,'remove')){
-			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
-			
-			$key = $_POST['remove'];
-			q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
-				dbesc($key),
-				local_channel());
-			goaway(z_root()."/settings/oauth/");
-			return;			
-		}
-	
-		if((argc() > 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) {
-			
-			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
-			
-			$name   	= ((x($_POST,'name')) ? escape_tags($_POST['name']) : '');
-			$key		= ((x($_POST,'key')) ? escape_tags($_POST['key']) : '');
-			$secret		= ((x($_POST,'secret')) ? escape_tags($_POST['secret']) : '');
-			$redirect	= ((x($_POST,'redirect')) ? escape_tags($_POST['redirect']) : '');
-			$icon		= ((x($_POST,'icon')) ? escape_tags($_POST['icon']) : '');
-			$oauth2		= ((x($_POST,'oauth2')) ? intval($_POST['oauth2']) : 0);
-			$ok = true;
-			if($name == '') {
-				$ok = false;
-				notice( t('Name is required') . EOL);
-			}
-			if($key == '' || $secret == '') {
-				$ok = false;
-				notice( t('Key and Secret are required') . EOL);
-			}
-		
-			if($ok) {
-				if ($_POST['submit']==t("Update")){
-					$r = q("UPDATE clients SET
-								client_id='%s',
-								pw='%s',
-								clname='%s',
-								redirect_uri='%s',
-								icon='%s',
-								uid=%d
-							WHERE client_id='%s'",
-							dbesc($key),
-							dbesc($secret),
-							dbesc($name),
-							dbesc($redirect),
-							dbesc($icon),
-							intval(local_channel()),
-							dbesc($key));
-				} else {
-					$r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid)
-						VALUES ('%s','%s','%s','%s','%s',%d)",
-						dbesc($key),
-						dbesc($secret),
-						dbesc($name),
-						dbesc($redirect),
-						dbesc($icon),
-						intval(local_channel())
-					);
-					$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",
-						dbesc($key),
-						intval(local_channel()),
-						dbesc('all')
-					);
-				}
-			}
-			goaway(z_root()."/settings/oauth/");
-			return;
-		}
-	}
-
-	function get() {
-			
-		if((argc() > 2) && (argv(2) === 'add')) {
-			$tpl = get_markup_template("settings_oauth_edit.tpl");
-			$o .= replace_macros($tpl, array(
-				'$form_security_token' => get_form_security_token("settings_oauth"),
-				'$title'	=> t('Add application'),
-				'$submit'	=> t('Submit'),
-				'$cancel'	=> t('Cancel'),
-				'$name'		=> array('name', t('Name'), '', t('Name of application')),
-				'$key'		=> array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
-				'$secret'	=> array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
-				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
-				'$icon'		=> array('icon', t('Icon url'), '', t('Optional')),
-			));
-			return $o;
-		}
-			
-		if((argc() > 3) && (argv(2) === 'edit')) {
-			$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
-					dbesc(argv(3)),
-					local_channel());
-			
-			if (!count($r)){
-				notice(t('Application not found.'));
-				return;
-			}
-			$app = $r[0];
-				
-			$tpl = get_markup_template("settings_oauth_edit.tpl");
-			$o .= replace_macros($tpl, array(
-				'$form_security_token' => get_form_security_token("settings_oauth"),
-				'$title'	=> t('Add application'),
-				'$submit'	=> t('Update'),
-				'$cancel'	=> t('Cancel'),
-				'$name'		=> array('name', t('Name'), $app['clname'] , ''),
-				'$key'		=> array('key', t('Consumer Key'), $app['client_id'], ''),
-				'$secret'	=> array('secret', t('Consumer Secret'), $app['pw'], ''),
-				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], ''),
-				'$icon'		=> array('icon', t('Icon url'), $app['icon'], ''),
-			));
-			return $o;
-		}
-			
-		if((argc() > 3) && (argv(2) === 'delete')) {
-			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
-			
-			$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
-					dbesc(argv(3)),
-					local_channel());
-			goaway(z_root()."/settings/oauth/");
-			return;			
-		}
-			
-			
-		$r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my 
-				FROM clients
-				LEFT JOIN tokens ON clients.client_id=tokens.client_id
-				WHERE clients.uid IN (%d,0)",
-				local_channel(),
-				local_channel());
-		
-			
-		$tpl = get_markup_template("settings_oauth.tpl");
-		$o .= replace_macros($tpl, array(
-			'$form_security_token' => get_form_security_token("settings_oauth"),
-			'$baseurl'	=> z_root(),
-			'$title'	=> t('Connected Apps'),
-			'$add'		=> t('Add application'),
-			'$edit'		=> t('Edit'),
-			'$delete'		=> t('Delete'),
-			'$consumerkey' => t('Client key starts with'),
-			'$noname'	=> t('No name'),
-			'$remove'	=> t('Remove authorization'),
-			'$apps'		=> $r,
-		));
-		return $o;
-			
-	}
-
-}
\ No newline at end of file
diff --git a/Zotlabs/Module/Settings/Oauth2.php b/Zotlabs/Module/Settings/Oauth2.php
deleted file mode 100644
index 70fd3a5c3..000000000
--- a/Zotlabs/Module/Settings/Oauth2.php
+++ /dev/null
@@ -1,184 +0,0 @@
-<?php
-
-namespace Zotlabs\Module\Settings;
-
-
-class Oauth2 {
-
-
-	function post() {
-	
-		if(x($_POST,'remove')){
-			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
-			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
-		logger("REMOVE! ".$name." uid: ".local_channel());	
-			$key = $_POST['remove'];
-			q("DELETE FROM oauth_authorization_codes WHERE client_id='%s' AND user_id=%d",
-				dbesc($name),
-				intval(local_channel())
-			);
-			q("DELETE FROM oauth_access_tokens WHERE client_id='%s' AND user_id=%d",
-				dbesc($name),
-				intval(local_channel())
-			);
-			q("DELETE FROM oauth_refresh_tokens WHERE client_id='%s' AND user_id=%d",
-				dbesc($name),
-				intval(local_channel())
-			);
-			goaway(z_root()."/settings/oauth2/");
-			return;			
-		}
-	
-		if((argc() > 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) {
-			
-			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
-			
-			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
-			$secret		= ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : '');
-			$redirect	= ((x($_POST,'redirect')) ? escape_tags(trim($_POST['redirect'])) : '');
-			$grant		= ((x($_POST,'grant')) ? escape_tags(trim($_POST['grant'])) : '');
-			$scope		= ((x($_POST,'scope')) ? escape_tags(trim($_POST['scope'])) : '');
-
-			$ok = true;
-			if($name == '' || $secret == '') {
-				$ok = false;
-				notice( t('Name and Secret are required') . EOL);
-			}
-		
-			if($ok) {
-				if ($_POST['submit']==t("Update")){
-					$r = q("UPDATE oauth_clients SET
-								client_id = '%s',
-								client_secret = '%s',
-								redirect_uri = '%s',
-								grant_types = '%s',
-								scope = '%s', 
-								user_id = %d
-							WHERE client_id='%s' and user_id = %s",
-							dbesc($name),
-							dbesc($secret),
-							dbesc($redirect),
-							dbesc($grant),
-							dbesc($scope),
-							intval(local_channel()),
-							dbesc($name),
-                                                        intval(local_channel()));
-				} else {
-					$r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id)
-						VALUES ('%s','%s','%s','%s','%s',%d)",
-						dbesc($name),
-						dbesc($secret),
-						dbesc($redirect),
-						dbesc($grant),
-						dbesc($scope),
-						intval(local_channel())
-					);
-					$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",
-						dbesc($name),
-						intval(local_channel()),
-						dbesc('all')
-					);
-				}
-			}
-			goaway(z_root()."/settings/oauth2/");
-			return;
-		}
-	}
-
-	function get() {
-			
-		if((argc() > 2) && (argv(2) === 'add')) {
-			$tpl = get_markup_template("settings_oauth2_edit.tpl");
-			$o .= replace_macros($tpl, array(
-				'$form_security_token' => get_form_security_token("settings_oauth2"),
-				'$title'	=> t('Add OAuth2 application'),
-				'$submit'	=> t('Submit'),
-				'$cancel'	=> t('Cancel'),
-				'$name'		=> array('name', t('Name'), '', t('Name of application')),
-				'$secret'	=> array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
-				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
-				'$grant'     => array('grant', t('Grant Types'), '', t('leave blank unless your application sepcifically requires this')),
-				'$scope'     => array('scope', t('Authorization scope'), '', t('leave blank unless your application sepcifically requires this')),
-			));
-			return $o;
-		}
-			
-		if((argc() > 3) && (argv(2) === 'edit')) {
-			$r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= %d",
-					dbesc(argv(3)),
-					intval(local_channel())
-			);
-			
-			if (! $r){
-				notice(t('OAuth2 Application not found.'));
-				return;
-			}
-
-			$app = $r[0];
-				
-			$tpl = get_markup_template("settings_oauth2_edit.tpl");
-			$o .= replace_macros($tpl, array(
-				'$form_security_token' => get_form_security_token("settings_oauth2"),
-				'$title'	=> t('Add application'),
-				'$submit'	=> t('Update'),
-				'$cancel'	=> t('Cancel'),
-				'$name'		=> array('name', t('Name'), $app['client_id'], t('Name of application')),
-				'$secret'	=> array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')),
-				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')),
-				'$grant'     => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application specifically requires this')),
-				'$scope'     => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application specifically requires this')),
-			));
-			return $o;
-		}
-			
-		if((argc() > 3) && (argv(2) === 'delete')) {
-			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2', 't');
-			
-			$r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = %d",
-					dbesc(argv(3)),
-					intval(local_channel())
-			);
-			$r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d",
-					dbesc(argv(3)),
-					intval(local_channel())
-			);
-			$r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d",
-					dbesc(argv(3)),
-					intval(local_channel())
-			);
-			$r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d",
-					dbesc(argv(3)),
-					intval(local_channel())
-			);
-			goaway(z_root()."/settings/oauth2/");
-			return;			
-		}
-			
-
-		$r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my 
-				FROM oauth_clients
-				LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND
-                                                                 oauth_clients.user_id=oauth_access_tokens.user_id
-				WHERE oauth_clients.user_id IN (%d,0)",
-				intval(local_channel()),
-				intval(local_channel())
-		);
-			
-		$tpl = get_markup_template("settings_oauth2.tpl");
-		$o .= replace_macros($tpl, array(
-			'$form_security_token' => get_form_security_token("settings_oauth2"),
-			'$baseurl'	=> z_root(),
-			'$title'	=> t('Connected OAuth2 Apps'),
-			'$add'		=> t('Add application'),
-			'$edit'		=> t('Edit'),
-			'$delete'		=> t('Delete'),
-			'$consumerkey' => t('Client key starts with'),
-			'$noname'	=> t('No name'),
-			'$remove'	=> t('Remove authorization'),
-			'$apps'		=> $r,
-		));
-		return $o;
-			
-	}
-
-}
diff --git a/app/oauth.apd b/app/oauth.apd
new file mode 100644
index 000000000..4771773ed
--- /dev/null
+++ b/app/oauth.apd
@@ -0,0 +1,6 @@
+version: 1
+url: $baseurl/oauth
+requires: local_channel
+name: OAuth Apps Manager
+photo: icon:chevron-circle-up
+categories: Access Control
diff --git a/app/oauth2.apd b/app/oauth2.apd
new file mode 100644
index 000000000..21fa44c97
--- /dev/null
+++ b/app/oauth2.apd
@@ -0,0 +1,6 @@
+version: 1
+url: $baseurl/oauth2
+requires: local_channel
+name: OAuth2 Apps Manager
+photo: icon:chevron-circle-up
+categories: Access Control
diff --git a/view/tpl/oauth.tpl b/view/tpl/oauth.tpl
new file mode 100755
index 000000000..881e22e99
--- /dev/null
+++ b/view/tpl/oauth.tpl
@@ -0,0 +1,36 @@
+<div class="generic-content-wrapper">
+<div class="section-title-wrapper">
+	<h2>{{$title}}</h2>
+</div>
+
+<div class="section-content-tools-wrapper">
+<form action="oauth" method="post" autocomplete="off">
+<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+
+	<div id="profile-edit-links">
+		<ul>
+			<li>
+				<a id="profile-edit-view-link" href="{{$baseurl}}/oauth/add">{{$add}}</a>
+			</li>
+		</ul>
+	</div>
+
+	{{foreach $apps as $app}}
+	<div class='oauthapp'>
+		<img src='{{$app.icon}}' class="{{if $app.icon}} {{else}}noicon{{/if}}">
+		{{if $app.clname}}<h4>{{$app.clname}}</h4>{{else}}<h4>{{$noname}}</h4>{{/if}}
+		{{if $app.my}}
+			{{if $app.oauth_token}}
+			<div class="settings-submit-wrapper" ><button class="settings-submit"  type="submit" name="remove" value="{{$app.oauth_token}}">{{$remove}}</button></div>
+			{{/if}}
+		{{/if}}
+		{{if $app.my}}
+		<a href="{{$baseurl}}/oauth/edit/{{$app.client_id}}" title="{{$edit}}"><i class="fa fa-pencil btn btn-outline-secondary"></i></a>
+		<a href="{{$baseurl}}/oauth/delete/{{$app.client_id}}?t={{$form_security_token}}" title="{{$delete}}"><i class="fa fa-trash-o btn btn-outline-secondary"></i></a>
+		{{/if}}		
+	</div>
+	{{/foreach}}
+
+</form>
+</div>
+</div>
diff --git a/view/tpl/oauth2.tpl b/view/tpl/oauth2.tpl
new file mode 100755
index 000000000..a5b48ffce
--- /dev/null
+++ b/view/tpl/oauth2.tpl
@@ -0,0 +1,36 @@
+<div class="generic-content-wrapper">
+<div class="section-title-wrapper">
+	<h2>{{$title}}</h2>
+</div>
+
+<div class="section-content-tools-wrapper">
+
+	<div id="profile-edit-links">
+		<ul>
+			<li>
+				<a id="profile-edit-view-link" href="{{$baseurl}}/oauth2/add">{{$add}}</a>
+			</li>
+		</ul>
+	</div>
+
+	{{foreach $apps as $app}}
+<form action="oauth2" method="post" autocomplete="off">
+<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+<input type='hidden' name='name' value='{{$app.client_id}}'>
+	<div class='oauthapp'>
+		{{if $app.client_id}}<h4>{{$app.client_id}}</h4>{{else}}<h4>{{$noname}}</h4>{{/if}}
+		{{if $app.my}}
+			{{if $app.oauth_token}}
+			<div class="settings-submit-wrapper" ><button class="settings-submit"  type="submit" name="remove" value="{{$app.oauth_token}}">{{$remove}}</button></div>
+			{{/if}}
+		{{/if}}
+		{{if $app.my}}
+		<a href="{{$baseurl}}/oauth2/edit/{{$app.client_id}}" title="{{$edit}}"><i class="fa fa-pencil btn btn-outline-secondary"></i></a>
+		<a href="{{$baseurl}}/oauth2/delete/{{$app.client_id}}?t={{$form_security_token}}" title="{{$delete}}"><i class="fa fa-trash-o btn btn-outline-secondary"></i></a>
+		{{/if}}		
+	</div>
+</form>
+	{{/foreach}}
+
+</div>
+</div>
diff --git a/view/tpl/oauth2_edit.tpl b/view/tpl/oauth2_edit.tpl
new file mode 100755
index 000000000..399c64977
--- /dev/null
+++ b/view/tpl/oauth2_edit.tpl
@@ -0,0 +1,21 @@
+<div class="generic-content-wrapper">
+	<div class="section-title-wrapper">
+		<h2>{{$title}}</h2>
+	</div>
+<div class="section-content-tools-wrapper">
+<form method="POST">
+<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+{{include file="field_input.tpl" field=$name}}
+{{include file="field_input.tpl" field=$secret}}
+{{include file="field_input.tpl" field=$redirect}}
+{{include file="field_input.tpl" field=$grant}}
+{{include file="field_input.tpl" field=$scope}}
+
+<div class="settings-submit-wrapper" >
+<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
+<input type="submit" name="cancel" class="settings-submit" value="{{$cancel}}" />
+</div>
+
+</form>
+</div>
+</div>
diff --git a/view/tpl/oauth_edit.tpl b/view/tpl/oauth_edit.tpl
new file mode 100755
index 000000000..e44b44723
--- /dev/null
+++ b/view/tpl/oauth_edit.tpl
@@ -0,0 +1,21 @@
+<div class="generic-content-wrapper">
+	<div class="section-title-wrapper">
+		<h2>{{$title}}</h2>
+	</div>
+<div class="section-content-tools-wrapper">
+<form method="POST">
+<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+{{include file="field_input.tpl" field=$name}}
+{{include file="field_input.tpl" field=$key}}
+{{include file="field_input.tpl" field=$secret}}
+{{include file="field_input.tpl" field=$redirect}}
+{{include file="field_input.tpl" field=$icon}}
+
+<div class="settings-submit-wrapper" >
+<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
+<input type="submit" name="cancel" class="settings-submit" value="{{$cancel}}" />
+</div>
+
+</form>
+</div>
+</div>
diff --git a/view/tpl/settings_oauth.tpl b/view/tpl/settings_oauth.tpl
deleted file mode 100755
index 811cfcec5..000000000
--- a/view/tpl/settings_oauth.tpl
+++ /dev/null
@@ -1,36 +0,0 @@
-<div class="generic-content-wrapper">
-<div class="section-title-wrapper">
-	<h2>{{$title}}</h2>
-</div>
-
-<div class="section-content-tools-wrapper">
-<form action="settings/oauth" method="post" autocomplete="off">
-<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
-
-	<div id="profile-edit-links">
-		<ul>
-			<li>
-				<a id="profile-edit-view-link" href="{{$baseurl}}/settings/oauth/add">{{$add}}</a>
-			</li>
-		</ul>
-	</div>
-
-	{{foreach $apps as $app}}
-	<div class='oauthapp'>
-		<img src='{{$app.icon}}' class="{{if $app.icon}} {{else}}noicon{{/if}}">
-		{{if $app.clname}}<h4>{{$app.clname}}</h4>{{else}}<h4>{{$noname}}</h4>{{/if}}
-		{{if $app.my}}
-			{{if $app.oauth_token}}
-			<div class="settings-submit-wrapper" ><button class="settings-submit"  type="submit" name="remove" value="{{$app.oauth_token}}">{{$remove}}</button></div>
-			{{/if}}
-		{{/if}}
-		{{if $app.my}}
-		<a href="{{$baseurl}}/settings/oauth/edit/{{$app.client_id}}" title="{{$edit}}"><i class="fa fa-pencil btn btn-outline-secondary"></i></a>
-		<a href="{{$baseurl}}/settings/oauth/delete/{{$app.client_id}}?t={{$form_security_token}}" title="{{$delete}}"><i class="fa fa-trash-o btn btn-outline-secondary"></i></a>
-		{{/if}}		
-	</div>
-	{{/foreach}}
-
-</form>
-</div>
-</div>
diff --git a/view/tpl/settings_oauth2.tpl b/view/tpl/settings_oauth2.tpl
deleted file mode 100755
index f3bf59a12..000000000
--- a/view/tpl/settings_oauth2.tpl
+++ /dev/null
@@ -1,36 +0,0 @@
-<div class="generic-content-wrapper">
-<div class="section-title-wrapper">
-	<h2>{{$title}}</h2>
-</div>
-
-<div class="section-content-tools-wrapper">
-
-	<div id="profile-edit-links">
-		<ul>
-			<li>
-				<a id="profile-edit-view-link" href="{{$baseurl}}/settings/oauth2/add">{{$add}}</a>
-			</li>
-		</ul>
-	</div>
-
-	{{foreach $apps as $app}}
-<form action="settings/oauth2" method="post" autocomplete="off">
-<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
-<input type='hidden' name='name' value='{{$app.client_id}}'>
-	<div class='oauthapp'>
-		{{if $app.client_id}}<h4>{{$app.client_id}}</h4>{{else}}<h4>{{$noname}}</h4>{{/if}}
-		{{if $app.my}}
-			{{if $app.oauth_token}}
-			<div class="settings-submit-wrapper" ><button class="settings-submit"  type="submit" name="remove" value="{{$app.oauth_token}}">{{$remove}}</button></div>
-			{{/if}}
-		{{/if}}
-		{{if $app.my}}
-		<a href="{{$baseurl}}/settings/oauth2/edit/{{$app.client_id}}" title="{{$edit}}"><i class="fa fa-pencil btn btn-outline-secondary"></i></a>
-		<a href="{{$baseurl}}/settings/oauth2/delete/{{$app.client_id}}?t={{$form_security_token}}" title="{{$delete}}"><i class="fa fa-trash-o btn btn-outline-secondary"></i></a>
-		{{/if}}		
-	</div>
-</form>
-	{{/foreach}}
-
-</div>
-</div>
diff --git a/view/tpl/settings_oauth2_edit.tpl b/view/tpl/settings_oauth2_edit.tpl
deleted file mode 100755
index 399c64977..000000000
--- a/view/tpl/settings_oauth2_edit.tpl
+++ /dev/null
@@ -1,21 +0,0 @@
-<div class="generic-content-wrapper">
-	<div class="section-title-wrapper">
-		<h2>{{$title}}</h2>
-	</div>
-<div class="section-content-tools-wrapper">
-<form method="POST">
-<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
-{{include file="field_input.tpl" field=$name}}
-{{include file="field_input.tpl" field=$secret}}
-{{include file="field_input.tpl" field=$redirect}}
-{{include file="field_input.tpl" field=$grant}}
-{{include file="field_input.tpl" field=$scope}}
-
-<div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
-<input type="submit" name="cancel" class="settings-submit" value="{{$cancel}}" />
-</div>
-
-</form>
-</div>
-</div>
diff --git a/view/tpl/settings_oauth_edit.tpl b/view/tpl/settings_oauth_edit.tpl
deleted file mode 100755
index e44b44723..000000000
--- a/view/tpl/settings_oauth_edit.tpl
+++ /dev/null
@@ -1,21 +0,0 @@
-<div class="generic-content-wrapper">
-	<div class="section-title-wrapper">
-		<h2>{{$title}}</h2>
-	</div>
-<div class="section-content-tools-wrapper">
-<form method="POST">
-<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
-{{include file="field_input.tpl" field=$name}}
-{{include file="field_input.tpl" field=$key}}
-{{include file="field_input.tpl" field=$secret}}
-{{include file="field_input.tpl" field=$redirect}}
-{{include file="field_input.tpl" field=$icon}}
-
-<div class="settings-submit-wrapper" >
-<input type="submit" name="submit" class="settings-submit" value="{{$submit}}" />
-<input type="submit" name="cancel" class="settings-submit" value="{{$cancel}}" />
-</div>
-
-</form>
-</div>
-</div>
-- 
cgit v1.2.3