From b08af13872a698c85bb2cf9abd6651bc5c98f7bd Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 3 May 2017 22:37:06 -0700
Subject: oauth2/oidc testing (please do not port - this requires several extra
 DB tables to work)

---
 Zotlabs/Module/Authorize.php | 71 ++++++++++++++++++++++++++++++++++++++++++++
 Zotlabs/Module/Token.php     | 40 +++++++++++++++++++++++++
 include/oauth2.php           | 21 +++++++++++++
 3 files changed, 132 insertions(+)
 create mode 100644 Zotlabs/Module/Authorize.php
 create mode 100644 Zotlabs/Module/Token.php
 create mode 100644 include/oauth2.php

diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php
new file mode 100644
index 000000000..06f66c456
--- /dev/null
+++ b/Zotlabs/Module/Authorize.php
@@ -0,0 +1,71 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Authorize extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+
+
+			// workaround for HTTP-auth in CGI mode
+			if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+				$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW'] = $password;
+				}
+			}
+
+			if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
+				$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW'] = $password;
+				}
+			}
+
+
+
+
+	require_once('include/oauth2.php');
+
+	$request = \OAuth2\Request::createFromGlobals();
+	$response = new \OAuth2\Response();
+
+	// validate the authorize request
+	if (! $oauth2_server->validateAuthorizeRequest($request, $response)) {
+	    $response->send();
+    	killme();
+	}
+
+	// display an authorization form
+	if (empty($_POST)) {
+
+	  return '
+<form method="post">
+  <label>Do You Authorize TestClient?</label><br />
+  <input type="submit" name="authorized" value="yes">
+  <input type="submit" name="authorized" value="no">
+</form>';
+	}
+
+	// print the authorization code if the user has authorized your client
+	$is_authorized = ($_POST['authorized'] === 'yes');
+	$oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized);
+	if ($is_authorized) {
+		// this is only here so that you get to see your code in the cURL request. Otherwise, 
+		// we'd redirect back to the client
+		$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
+		echo("SUCCESS! Authorization Code: $code");
+		
+	}
+
+	$response->send();
+	killme();
+	}
+
+}
\ No newline at end of file
diff --git a/Zotlabs/Module/Token.php b/Zotlabs/Module/Token.php
new file mode 100644
index 000000000..e0d9d74d7
--- /dev/null
+++ b/Zotlabs/Module/Token.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Token extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+
+
+			// workaround for HTTP-auth in CGI mode
+			if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+				$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW'] = $password;
+				}
+			}
+
+			if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
+				$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW'] = $password;
+				}
+			}
+
+
+
+
+	require_once('include/oauth2.php');
+	$oauth2_server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send(); 
+
+	killme();
+	}
+
+}
\ No newline at end of file
diff --git a/include/oauth2.php b/include/oauth2.php
new file mode 100644
index 000000000..a0d65a995
--- /dev/null
+++ b/include/oauth2.php
@@ -0,0 +1,21 @@
+<?php
+
+	$storage = new OAuth2\Storage\Pdo(\DBA::$dba->db);
+	$config = [
+		'use_openid_connect'] => true,
+		'issuer' => \Zotlabs\Lib\System::get_site_name()
+	];
+
+	$oauth2_server = new OAuth2\Server($storage,$config);
+
+	$oauth2_server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
+	$oauth2_server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
+
+	$keyStorage = new OAuth2\Storage\Memory( [ 
+		'keys' => [ 
+			'public_key' => get_config('system','pubkey'),
+			'private_key' => get_config('system','prvkey')
+		]
+	]);
+
+	$oauth2_server->addStorage($keyStorage,'public_key');
-- 
cgit v1.2.3