From 0b31c677f253907ee9a36e12ae51763b2d69a574 Mon Sep 17 00:00:00 2001 From: "M.Dent" Date: Thu, 9 Aug 2018 22:35:12 -0400 Subject: Fixes to OAuth2 connect-with-openid. Add zothash Claim. Add zotwebbie Claim. --- Zotlabs/Identity/OAuth2Server.php | 5 ++-- Zotlabs/Identity/OAuth2Storage.php | 51 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 52 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Identity') diff --git a/Zotlabs/Identity/OAuth2Server.php b/Zotlabs/Identity/OAuth2Server.php index cbb4748fe..b747b95db 100644 --- a/Zotlabs/Identity/OAuth2Server.php +++ b/Zotlabs/Identity/OAuth2Server.php @@ -4,7 +4,7 @@ namespace Zotlabs\Identity; class OAuth2Server extends \OAuth2\Server { - public function __construct(OAuth2Storage $storage, $config = []) { + public function __construct(OAuth2Storage $storage, $config = null) { if(! is_array($config)) { $config = [ @@ -19,7 +19,8 @@ class OAuth2Server extends \OAuth2\Server { $this->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage)); // Add the "Authorization Code" grant type (this is where the oauth magic happens) - $this->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage)); + // Need to use OpenID\GrantType to return id_token (see:https://github.com/bshaffer/oauth2-server-php/issues/443) + $this->addGrantType(new \OAuth2\OpenID\GrantType\AuthorizationCode($storage)); $keyStorage = new \OAuth2\Storage\Memory( [ 'keys' => [ diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php index bc6db565c..a50b21a70 100644 --- a/Zotlabs/Identity/OAuth2Storage.php +++ b/Zotlabs/Identity/OAuth2Storage.php @@ -50,20 +50,67 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo { public function getUser($username) { - $x = channelx_by_nick($username); + $x = channelx_by_n($username); if(! $x) { return false; } return( [ + 'webbie' => $x['channel_address'].'@'.\App::get_hostname(), + 'zothash' => $x['channel_hash'], 'username' => $x['channel_address'], 'user_id' => $x['channel_id'], + 'name' => $x['channel_name'], 'firstName' => $x['channel_name'], 'lastName' => '', 'password' => 'NotARealPassword' ] ); } + public function scopeExists($scope) { + // Report that the scope is valid even if it's not. + // We will only return a very small subset no matter what. + // @TODO: Truly validate the scope + // see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and + // vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php + // for more info. + return true; + } + + public function getDefaultScope($client_id=null) { + // Do not REQUIRE a scope + // see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and + // for more info. + return null; + } + + public function getUserClaims ($user_id, $claims) { + // Populate the CLAIMS requested (if any). + // @TODO: create a more reasonable/comprehensive list. + // @TODO: present claims on the AUTHORIZATION screen + + $userClaims = Array(); + $claims = explode (' ', trim($claims)); + $validclaims = Array ("name","preferred_username","zothash"); + $claimsmap = Array ( + "zotwebbie" => 'webbie', + "zothash" => 'zothash', + "name" => 'name', + "preferred_username" => "username" + ); + $userinfo = $this->getUser($user_id); + foreach ($validclaims as $validclaim) { + if (in_array($validclaim,$claims)) { + $claimkey = $claimsmap[$validclaim]; + $userClaims[$validclaim] = $userinfo[$claimkey]; + } else { + $userClaims[$validclaim] = $validclaim; + } + } + $userClaims["sub"]=$user_id; + return $userClaims; + } + /** * plaintext passwords are bad! Override this for your application * @@ -78,4 +125,4 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo { return true; } -} \ No newline at end of file +} -- cgit v1.2.3 From 4fdf5d28caa5d4af2bc6dfc088fdd51111baf390 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 13 Aug 2018 17:24:48 -0700 Subject: minor oauth2 updates - renamed zot webbie to 'webfinger' and zothash to 'portable_id', fixed/simplified cgi auth mode --- Zotlabs/Identity/OAuth2Storage.php | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) (limited to 'Zotlabs/Identity') diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php index a50b21a70..bbf61cf2b 100644 --- a/Zotlabs/Identity/OAuth2Storage.php +++ b/Zotlabs/Identity/OAuth2Storage.php @@ -55,15 +55,22 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo { return false; } + $a = q("select * from account where account_id = %d", + intval($x['channel_account_id']) + ); + + $n = explode(' ', $x['channel_name']); + return( [ - 'webbie' => $x['channel_address'].'@'.\App::get_hostname(), - 'zothash' => $x['channel_hash'], - 'username' => $x['channel_address'], - 'user_id' => $x['channel_id'], - 'name' => $x['channel_name'], - 'firstName' => $x['channel_name'], - 'lastName' => '', - 'password' => 'NotARealPassword' + 'webfinger' => channel_reddress($x), + 'portable_id' => $x['channel_hash'], + 'email' => $a['account_email'], + 'username' => $x['channel_address'], + 'user_id' => $x['channel_id'], + 'name' => $x['channel_name'], + 'firstName' => ((count($n) > 1) ? $n[1] : $n[0]), + 'lastName' => ((count($n) > 2) ? $n[count($n) - 1] : ''), + 'picture' => $x['xchan_photo_l'] ] ); } @@ -91,12 +98,16 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo { $userClaims = Array(); $claims = explode (' ', trim($claims)); - $validclaims = Array ("name","preferred_username","zothash"); + $validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName"); $claimsmap = Array ( - "zotwebbie" => 'webbie', - "zothash" => 'zothash', + "webfinger" => 'webfinger', + "portable_id" => 'portable_id', "name" => 'name', - "preferred_username" => "username" + "email" => 'email', + "preferred_username" => 'username', + "picture" => 'picture', + "given_name" => 'firstName', + "family_name" => 'lastName' ); $userinfo = $this->getUser($user_id); foreach ($validclaims as $validclaim) { -- cgit v1.2.3