From aab97adb23c65dfc54f4f160742f8066fcd98032 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 26 Sep 2018 16:22:34 +0200 Subject: oauth and oauth2 apps manager --- Zotlabs/Module/Oauth2.php | 199 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 199 insertions(+) create mode 100644 Zotlabs/Module/Oauth2.php (limited to 'Zotlabs/Module/Oauth2.php') diff --git a/Zotlabs/Module/Oauth2.php b/Zotlabs/Module/Oauth2.php new file mode 100644 index 000000000..2302d1b10 --- /dev/null +++ b/Zotlabs/Module/Oauth2.php @@ -0,0 +1,199 @@ + 1) && (argv(1) === 'edit' || argv(1) === 'add') && x($_POST,'submit')) { + + check_form_security_token_redirectOnErr('oauth2', 'oauth2'); + + $name = ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : ''); + $secret = ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : ''); + $redirect = ((x($_POST,'redirect')) ? escape_tags(trim($_POST['redirect'])) : ''); + $grant = ((x($_POST,'grant')) ? escape_tags(trim($_POST['grant'])) : ''); + $scope = ((x($_POST,'scope')) ? escape_tags(trim($_POST['scope'])) : ''); + + $ok = true; + if($name == '' || $secret == '') { + $ok = false; + notice( t('Name and Secret are required') . EOL); + } + + if($ok) { + if ($_POST['submit']==t("Update")){ + $r = q("UPDATE oauth_clients SET + client_id = '%s', + client_secret = '%s', + redirect_uri = '%s', + grant_types = '%s', + scope = '%s', + user_id = %d + WHERE client_id='%s' and user_id = %s", + dbesc($name), + dbesc($secret), + dbesc($redirect), + dbesc($grant), + dbesc($scope), + intval(local_channel()), + dbesc($name), + intval(local_channel())); + } else { + $r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) + VALUES ('%s','%s','%s','%s','%s',%d)", + dbesc($name), + dbesc($secret), + dbesc($redirect), + dbesc($grant), + dbesc($scope), + intval(local_channel()) + ); + $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", + dbesc($name), + intval(local_channel()), + dbesc('all') + ); + } + } + goaway(z_root()."/oauth2"); + return; + } + } + + function get() { + + if(! Apps::system_app_installed(local_channel(), 'OAuth2 Apps Manager')) { + //Do not display any associated widgets at this point + App::$pdl = ''; + + $o = 'OAuth2 App (Not Installed):
'; + $o .= t('An OAuth2 apps manager'); + return $o; + } + + if((argc() > 1) && (argv(1) === 'add')) { + $tpl = get_markup_template("oauth2_edit.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("oauth2"), + '$title' => t('Add OAuth2 application'), + '$submit' => t('Submit'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), '', t('Name of application')), + '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), + '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), + '$grant' => array('grant', t('Grant Types'), '', t('leave blank unless your application sepcifically requires this')), + '$scope' => array('scope', t('Authorization scope'), '', t('leave blank unless your application sepcifically requires this')), + )); + return $o; + } + + if((argc() > 2) && (argv(1) === 'edit')) { + $r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= %d", + dbesc(argv(2)), + intval(local_channel()) + ); + + if (! $r){ + notice(t('OAuth2 Application not found.')); + return; + } + + $app = $r[0]; + + $tpl = get_markup_template("oauth2_edit.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("oauth2"), + '$title' => t('Add application'), + '$submit' => t('Update'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), $app['client_id'], t('Name of application')), + '$secret' => array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')), + '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')), + '$grant' => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application specifically requires this')), + '$scope' => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application specifically requires this')), + )); + return $o; + } + + if((argc() > 2) && (argv(1) === 'delete')) { + check_form_security_token_redirectOnErr('oauth2', 'oauth2', 't'); + + $r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(2)), + intval(local_channel()) + ); + $r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(2)), + intval(local_channel()) + ); + $r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(2)), + intval(local_channel()) + ); + $r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(2)), + intval(local_channel()) + ); + goaway(z_root()."/oauth2"); + return; + } + + + $r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my + FROM oauth_clients + LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND + oauth_clients.user_id=oauth_access_tokens.user_id + WHERE oauth_clients.user_id IN (%d,0)", + intval(local_channel()), + intval(local_channel()) + ); + + $tpl = get_markup_template("oauth2.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("oauth2"), + '$baseurl' => z_root(), + '$title' => t('Connected OAuth2 Apps'), + '$add' => t('Add application'), + '$edit' => t('Edit'), + '$delete' => t('Delete'), + '$consumerkey' => t('Client key starts with'), + '$noname' => t('No name'), + '$remove' => t('Remove authorization'), + '$apps' => $r, + )); + return $o; + + } + +} -- cgit v1.2.3 From 9af1b62beef76781e3384a536377d9f8123aab07 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 26 Sep 2018 16:26:36 +0200 Subject: change wording --- Zotlabs/Module/Oauth2.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module/Oauth2.php') diff --git a/Zotlabs/Module/Oauth2.php b/Zotlabs/Module/Oauth2.php index 2302d1b10..4c34b499f 100644 --- a/Zotlabs/Module/Oauth2.php +++ b/Zotlabs/Module/Oauth2.php @@ -97,8 +97,8 @@ class Oauth2 extends Controller { //Do not display any associated widgets at this point App::$pdl = ''; - $o = 'OAuth2 App (Not Installed):
'; - $o .= t('An OAuth2 apps manager'); + $o = 'OAuth2 Apps Manager App (Not Installed):
'; + $o .= t('OAuth2 authenticatication tokens for mobile and remote apps'); return $o; } -- cgit v1.2.3 From 1353c291e9d6fbe4cdbe8e4911f99d51e1da9198 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 26 Sep 2018 16:32:06 +0200 Subject: add check for local_channel() --- Zotlabs/Module/Oauth2.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'Zotlabs/Module/Oauth2.php') diff --git a/Zotlabs/Module/Oauth2.php b/Zotlabs/Module/Oauth2.php index 4c34b499f..c27d7534b 100644 --- a/Zotlabs/Module/Oauth2.php +++ b/Zotlabs/Module/Oauth2.php @@ -11,6 +11,9 @@ class Oauth2 extends Controller { function post() { + if(! local_channel()) + return; + if(! Apps::system_app_installed(local_channel(), 'OAuth2 Apps Manager')) return; @@ -93,6 +96,9 @@ class Oauth2 extends Controller { function get() { + if(! local_channel()) + return; + if(! Apps::system_app_installed(local_channel(), 'OAuth2 Apps Manager')) { //Do not display any associated widgets at this point App::$pdl = ''; -- cgit v1.2.3 From 21272735ae92f58f9af78c00363d66199d96bb19 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Fri, 28 Sep 2018 15:24:45 +0200 Subject: Update Oauth2.php --- Zotlabs/Module/Oauth2.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module/Oauth2.php') diff --git a/Zotlabs/Module/Oauth2.php b/Zotlabs/Module/Oauth2.php index c27d7534b..608da6d51 100644 --- a/Zotlabs/Module/Oauth2.php +++ b/Zotlabs/Module/Oauth2.php @@ -103,7 +103,7 @@ class Oauth2 extends Controller { //Do not display any associated widgets at this point App::$pdl = ''; - $o = 'OAuth2 Apps Manager App (Not Installed):
'; + $o = '' . t('OAuth2 Apps Manager App (Not Installed):') . '
'; $o .= t('OAuth2 authenticatication tokens for mobile and remote apps'); return $o; } -- cgit v1.2.3 From c8399e8104b44273052581c5bbdb77debbe5b75e Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Fri, 28 Sep 2018 19:48:44 +0200 Subject: Update Oauth2.php --- Zotlabs/Module/Oauth2.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module/Oauth2.php') diff --git a/Zotlabs/Module/Oauth2.php b/Zotlabs/Module/Oauth2.php index 608da6d51..db2687b4c 100644 --- a/Zotlabs/Module/Oauth2.php +++ b/Zotlabs/Module/Oauth2.php @@ -103,7 +103,7 @@ class Oauth2 extends Controller { //Do not display any associated widgets at this point App::$pdl = ''; - $o = '' . t('OAuth2 Apps Manager App (Not Installed):') . '
'; + $o = '' . t('OAuth2 Apps Manager App') . ' (' . t('Not Installed') . '):
'; $o .= t('OAuth2 authenticatication tokens for mobile and remote apps'); return $o; } -- cgit v1.2.3