From 0b31c677f253907ee9a36e12ae51763b2d69a574 Mon Sep 17 00:00:00 2001
From: "M.Dent" <dentm42@dm42.net>
Date: Thu, 9 Aug 2018 22:35:12 -0400
Subject: Fixes to OAuth2 connect-with-openid.  Add zothash Claim.  Add
 zotwebbie Claim.

---
 Zotlabs/Module/Authorize.php | 12 ++++++++----
 Zotlabs/Module/Token.php     |  8 ++++----
 Zotlabs/Module/Userinfo.php  | 17 +++++++++++++++++
 3 files changed, 29 insertions(+), 8 deletions(-)
 create mode 100644 Zotlabs/Module/Userinfo.php

(limited to 'Zotlabs/Module')

diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php
index bfb76150f..e042848d8 100644
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -60,12 +60,16 @@ class Authorize extends \Zotlabs\Web\Controller {
 		$request = \OAuth2\Request::createFromGlobals();
 		$response = new \OAuth2\Response();
 
+                // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. 
+                $channel = channelx_by_n(local_channel());
+		$user_id = $channel["channel_id"];
+
 		// If the client is not registered, add to the database
 		if (!$client = $storage->getClientDetails($client_id)) {
-			$client_secret = random_string(16);
+                        // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
+			$client_secret = (isset($_REQUEST["client_secret"])) ? $_REQUEST["client_secret"] : random_string(16);
 			// Client apps are registered per channel
-			$user_id = local_channel();
-			$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id);
+			$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', urldecode($_REQUEST["scope"]), $user_id);
 			
 		}
 		if (!$client = $storage->getClientDetails($client_id)) {
@@ -83,7 +87,7 @@ class Authorize extends \Zotlabs\Web\Controller {
 
 		// print the authorization code if the user has authorized your client
 		$is_authorized = ($_POST['authorize'] === 'allow');
-		$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
+		$s->handleAuthorizeRequest($request, $response, $is_authorized, $user_id);
 		if ($is_authorized) {
 			$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
 			logger('Authorization Code: ' .  $code);
diff --git a/Zotlabs/Module/Token.php b/Zotlabs/Module/Token.php
index 32cf95c61..2bd33c761 100644
--- a/Zotlabs/Module/Token.php
+++ b/Zotlabs/Module/Token.php
@@ -27,11 +27,11 @@ class Token extends \Zotlabs\Web\Controller {
 				$_SERVER['PHP_AUTH_PW'] = $password;
 			}
 		}
-
-		$s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db));
+                $storage = new OAuth2Storage(\DBA::$dba->db);
+		$s = new \Zotlabs\Identity\OAuth2Server($storage);
 		$request = \OAuth2\Request::createFromGlobals();
-		$s->handleTokenRequest($request)->send();
-
+		$response = $s->handleTokenRequest($request);
+                $response->send();
 		killme();
 	}
 
diff --git a/Zotlabs/Module/Userinfo.php b/Zotlabs/Module/Userinfo.php
new file mode 100644
index 000000000..6c881f078
--- /dev/null
+++ b/Zotlabs/Module/Userinfo.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use Zotlabs\Identity\OAuth2Storage;
+
+
+class Userinfo extends \Zotlabs\Web\Controller {
+
+	function init() {
+		$s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db));
+		$request = \OAuth2\Request::createFromGlobals();
+		$s->handleUserInfoRequest($request)->send();
+		killme();
+	}
+
+}
-- 
cgit v1.2.3