From aab97adb23c65dfc54f4f160742f8066fcd98032 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Wed, 26 Sep 2018 16:22:34 +0200
Subject: oauth and oauth2 apps manager

---
 Zotlabs/Module/Oauth.php | 177 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 177 insertions(+)
 create mode 100644 Zotlabs/Module/Oauth.php

(limited to 'Zotlabs/Module/Oauth.php')

diff --git a/Zotlabs/Module/Oauth.php b/Zotlabs/Module/Oauth.php
new file mode 100644
index 000000000..196209308
--- /dev/null
+++ b/Zotlabs/Module/Oauth.php
@@ -0,0 +1,177 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+
+class Oauth extends Controller {
+
+
+	function post() {
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth'))
+			return;
+	
+		if(x($_POST,'remove')){
+			check_form_security_token_redirectOnErr('/oauth', 'oauth');
+			
+			$key = $_POST['remove'];
+			q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
+				dbesc($key),
+				local_channel());
+			goaway(z_root()."/oauth");
+			return;			
+		}
+	
+		if((argc() > 1) && (argv(1) === 'edit' || argv(1) === 'add') && x($_POST,'submit')) {
+			
+			check_form_security_token_redirectOnErr('oauth', 'oauth');
+			
+			$name   	= ((x($_POST,'name')) ? escape_tags($_POST['name']) : '');
+			$key		= ((x($_POST,'key')) ? escape_tags($_POST['key']) : '');
+			$secret		= ((x($_POST,'secret')) ? escape_tags($_POST['secret']) : '');
+			$redirect	= ((x($_POST,'redirect')) ? escape_tags($_POST['redirect']) : '');
+			$icon		= ((x($_POST,'icon')) ? escape_tags($_POST['icon']) : '');
+			$oauth2		= ((x($_POST,'oauth2')) ? intval($_POST['oauth2']) : 0);
+			$ok = true;
+			if($name == '') {
+				$ok = false;
+				notice( t('Name is required') . EOL);
+			}
+			if($key == '' || $secret == '') {
+				$ok = false;
+				notice( t('Key and Secret are required') . EOL);
+			}
+		
+			if($ok) {
+				if ($_POST['submit']==t("Update")){
+					$r = q("UPDATE clients SET
+								client_id='%s',
+								pw='%s',
+								clname='%s',
+								redirect_uri='%s',
+								icon='%s',
+								uid=%d
+							WHERE client_id='%s'",
+							dbesc($key),
+							dbesc($secret),
+							dbesc($name),
+							dbesc($redirect),
+							dbesc($icon),
+							intval(local_channel()),
+							dbesc($key));
+				} else {
+					$r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid)
+						VALUES ('%s','%s','%s','%s','%s',%d)",
+						dbesc($key),
+						dbesc($secret),
+						dbesc($name),
+						dbesc($redirect),
+						dbesc($icon),
+						intval(local_channel())
+					);
+					$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",
+						dbesc($key),
+						intval(local_channel()),
+						dbesc('all')
+					);
+				}
+			}
+			goaway(z_root()."/oauth");
+			return;
+		}
+	}
+
+	function get() {
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth Apps Manager')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>OAuth App (Not Installed):</b><br>';
+			$o .= t('An OAuth apps manager');
+			return $o;
+		}
+
+			
+		if((argc() > 1) && (argv(1) === 'add')) {
+			$tpl = get_markup_template("oauth_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("oauth"),
+				'$title'	=> t('Add application'),
+				'$submit'	=> t('Submit'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), '', t('Name of application')),
+				'$key'		=> array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
+				'$secret'	=> array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
+				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
+				'$icon'		=> array('icon', t('Icon url'), '', t('Optional')),
+			));
+			return $o;
+		}
+			
+		if((argc() > 2) && (argv(1) === 'edit')) {
+			$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
+					dbesc(argv(2)),
+					local_channel());
+			
+			if (!count($r)){
+				notice(t('Application not found.'));
+				return;
+			}
+			$app = $r[0];
+				
+			$tpl = get_markup_template("oauth_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("oauth"),
+				'$title'	=> t('Add application'),
+				'$submit'	=> t('Update'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), $app['clname'] , ''),
+				'$key'		=> array('key', t('Consumer Key'), $app['client_id'], ''),
+				'$secret'	=> array('secret', t('Consumer Secret'), $app['pw'], ''),
+				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], ''),
+				'$icon'		=> array('icon', t('Icon url'), $app['icon'], ''),
+			));
+			return $o;
+		}
+			
+		if((argc() > 2) && (argv(1) === 'delete')) {
+			check_form_security_token_redirectOnErr('/oauth', 'oauth', 't');
+			
+			$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
+					dbesc(argv(2)),
+					local_channel());
+			goaway(z_root()."/oauth");
+			return;			
+		}
+			
+			
+		$r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my 
+				FROM clients
+				LEFT JOIN tokens ON clients.client_id=tokens.client_id
+				WHERE clients.uid IN (%d,0)",
+				local_channel(),
+				local_channel());
+		
+			
+		$tpl = get_markup_template("oauth.tpl");
+		$o .= replace_macros($tpl, array(
+			'$form_security_token' => get_form_security_token("oauth"),
+			'$baseurl'	=> z_root(),
+			'$title'	=> t('Connected OAuth Apps'),
+			'$add'		=> t('Add application'),
+			'$edit'		=> t('Edit'),
+			'$delete'		=> t('Delete'),
+			'$consumerkey' => t('Client key starts with'),
+			'$noname'	=> t('No name'),
+			'$remove'	=> t('Remove authorization'),
+			'$apps'		=> $r,
+		));
+		return $o;
+			
+	}
+
+}
-- 
cgit v1.2.3