From 4fdf5d28caa5d4af2bc6dfc088fdd51111baf390 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 13 Aug 2018 17:24:48 -0700 Subject: minor oauth2 updates - renamed zot webbie to 'webfinger' and zothash to 'portable_id', fixed/simplified cgi auth mode --- Zotlabs/Identity/OAuth2Storage.php | 35 +++++++++++++++++++++++------------ Zotlabs/Module/Authorize.php | 6 +++--- 2 files changed, 26 insertions(+), 15 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php index a50b21a70..bbf61cf2b 100644 --- a/Zotlabs/Identity/OAuth2Storage.php +++ b/Zotlabs/Identity/OAuth2Storage.php @@ -55,15 +55,22 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo { return false; } + $a = q("select * from account where account_id = %d", + intval($x['channel_account_id']) + ); + + $n = explode(' ', $x['channel_name']); + return( [ - 'webbie' => $x['channel_address'].'@'.\App::get_hostname(), - 'zothash' => $x['channel_hash'], - 'username' => $x['channel_address'], - 'user_id' => $x['channel_id'], - 'name' => $x['channel_name'], - 'firstName' => $x['channel_name'], - 'lastName' => '', - 'password' => 'NotARealPassword' + 'webfinger' => channel_reddress($x), + 'portable_id' => $x['channel_hash'], + 'email' => $a['account_email'], + 'username' => $x['channel_address'], + 'user_id' => $x['channel_id'], + 'name' => $x['channel_name'], + 'firstName' => ((count($n) > 1) ? $n[1] : $n[0]), + 'lastName' => ((count($n) > 2) ? $n[count($n) - 1] : ''), + 'picture' => $x['xchan_photo_l'] ] ); } @@ -91,12 +98,16 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo { $userClaims = Array(); $claims = explode (' ', trim($claims)); - $validclaims = Array ("name","preferred_username","zothash"); + $validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName"); $claimsmap = Array ( - "zotwebbie" => 'webbie', - "zothash" => 'zothash', + "webfinger" => 'webfinger', + "portable_id" => 'portable_id', "name" => 'name', - "preferred_username" => "username" + "email" => 'email', + "preferred_username" => 'username', + "picture" => 'picture', + "given_name" => 'firstName', + "family_name" => 'lastName' ); $userinfo = $this->getUser($user_id); foreach ($validclaims as $validclaim) { diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index e042848d8..265dea661 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -14,9 +14,9 @@ class Authorize extends \Zotlabs\Web\Controller { // OpenID Connect Dynamic Client Registration 1.0 Client Metadata // http://openid.net/specs/openid-connect-registration-1_0.html $app = array( - 'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')), - 'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'), - 'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''), + 'name' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : t('Unknown App')), + 'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'), + 'url' => (x($_REQUEST, 'client_uri') ? $_REQUEST['client_uri'] : ''), ); $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( '$title' => t('Authorize'), -- cgit v1.2.3 From 62925c4c3f0fb184c194f0cb177c1525ccdb72cb Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 13 Aug 2018 20:24:04 -0700 Subject: oidc cleanup and discovery --- Zotlabs/Module/Authorize.php | 56 ++++++++++++++++++++++++------------------- Zotlabs/Module/Oauthinfo.php | 6 ++--- Zotlabs/Module/Well_known.php | 1 + Zotlabs/Module/Wfinger.php | 5 ++++ 4 files changed, 39 insertions(+), 29 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php index 265dea661..c6709f602 100644 --- a/Zotlabs/Module/Authorize.php +++ b/Zotlabs/Module/Authorize.php @@ -7,27 +7,34 @@ use Zotlabs\Identity\OAuth2Storage; class Authorize extends \Zotlabs\Web\Controller { function get() { - if (!local_channel()) { + if (! local_channel()) { return login(); - } else { - // TODO: Fully implement the dynamic client registration protocol: - // OpenID Connect Dynamic Client Registration 1.0 Client Metadata - // http://openid.net/specs/openid-connect-registration-1_0.html - $app = array( - 'name' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : t('Unknown App')), - 'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'), + } + else { + + $name = $_REQUEST['client_name']; + if(! $name) { + $name = (($_REQUEST['client_id']) ?: t('Unknown App')); + } + + $app = [ + 'name' => $name, + 'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'), 'url' => (x($_REQUEST, 'client_uri') ? $_REQUEST['client_uri'] : ''), - ); - $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array( - '$title' => t('Authorize'), - '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '' . $app['name'] . ' '), - '$app' => $app, - '$yes' => t('Allow'), - '$no' => t('Deny'), - '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), + ]; + + $link = (($app['url']) ? '' . $app['name'] . ' ' : $app['name']); + + $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), [ + '$title' => t('Authorize'), + '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ), + '$app' => $app, + '$yes' => t('Allow'), + '$no' => t('Deny'), + '$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), '$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''), - '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''), - )); + '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''), + ]); return $o; } } @@ -60,17 +67,16 @@ class Authorize extends \Zotlabs\Web\Controller { $request = \OAuth2\Request::createFromGlobals(); $response = new \OAuth2\Response(); - // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. - $channel = channelx_by_n(local_channel()); - $user_id = $channel["channel_id"]; + // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. + $channel = channelx_by_n(local_channel()); + $user_id = $channel['channel_id']; // If the client is not registered, add to the database if (!$client = $storage->getClientDetails($client_id)) { - // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST - $client_secret = (isset($_REQUEST["client_secret"])) ? $_REQUEST["client_secret"] : random_string(16); + // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST + $client_secret = (isset($_REQUEST['client_secret'])) ? $_REQUEST['client_secret'] : random_string(16); // Client apps are registered per channel - $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', urldecode($_REQUEST["scope"]), $user_id); - + $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', $_REQUEST['scope'], $user_id); } if (!$client = $storage->getClientDetails($client_id)) { // There was an error registering the client. diff --git a/Zotlabs/Module/Oauthinfo.php b/Zotlabs/Module/Oauthinfo.php index 2d10913c4..f380cec97 100644 --- a/Zotlabs/Module/Oauthinfo.php +++ b/Zotlabs/Module/Oauthinfo.php @@ -5,19 +5,17 @@ namespace Zotlabs\Module; class Oauthinfo extends \Zotlabs\Web\Controller { - function init() { $ret = [ 'issuer' => z_root(), 'authorization_endpoint' => z_root() . '/authorize', 'token_endpoint' => z_root() . '/token', + 'userinfo_endpoint' => z_root() . '/userinfo', + 'scopes_supported' => [ 'openid', 'profile', 'email' ], 'response_types_supported' => [ 'code', 'token', 'id_token', 'code id_token', 'token id_token' ] ]; - json_return_and_die($ret); } - - } \ No newline at end of file diff --git a/Zotlabs/Module/Well_known.php b/Zotlabs/Module/Well_known.php index 442994b54..09e743788 100644 --- a/Zotlabs/Module/Well_known.php +++ b/Zotlabs/Module/Well_known.php @@ -52,6 +52,7 @@ class Well_known extends \Zotlabs\Web\Controller { break; case 'oauth-authorization-server': + case 'openid-configuration': \App::$argc -= 1; array_shift(\App::$argv); \App::$argv[0] = 'oauthinfo'; diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 88cb3e879..1866bce40 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -172,6 +172,11 @@ class Wfinger extends \Zotlabs\Web\Controller { 'href' => z_root() . '/hcard/' . $r[0]['channel_address'] ], + [ + 'rel' => 'http://openid.net/specs/connect/1.0/issuer', + 'href' => z_root() + ], + [ 'rel' => 'http://webfinger.net/rel/profile-page', -- cgit v1.2.3 From f15c1c4e54a49d1e76747ca5e3034ca2cef909aa Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 13 Aug 2018 21:18:20 -0700 Subject: hubloc DB changes needed for z6 --- Zotlabs/Update/_1218.php | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 Zotlabs/Update/_1218.php (limited to 'Zotlabs') diff --git a/Zotlabs/Update/_1218.php b/Zotlabs/Update/_1218.php new file mode 100644 index 000000000..67d8b49a5 --- /dev/null +++ b/Zotlabs/Update/_1218.php @@ -0,0 +1,31 @@ +