From 45e0fc6802b360710becf7ddaf6aed6a9de1d876 Mon Sep 17 00:00:00 2001
From: Andrew Manning <tamanning@zoho.com>
Date: Mon, 26 Feb 2018 18:16:43 -0500
Subject: Successful OAuth2 sequence demonstrated with the test vehicle,
 including an authenticated API call using an access_token.

---
 include/api_auth.php | 57 +++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 45 insertions(+), 12 deletions(-)

(limited to 'include/api_auth.php')

diff --git a/include/api_auth.php b/include/api_auth.php
index 5c0bcb317..e2f7ab155 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -14,25 +14,58 @@ function api_login(&$a){
 
 	// login with oauth
 	try {
-		$oauth = new ZotOAuth1();
-		$req = OAuth1Request::from_request();
+		// OAuth 2.0
+		$storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db);
+		$server = new \Zotlabs\Identity\OAuth2Server($storage);
+		$request = \OAuth2\Request::createFromGlobals();
+		if ($server->verifyResourceRequest($request)) {
+			$token = $server->getAccessTokenData($request);
+			$uid = $token['user_id'];
+			$r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1", 
+				intval($uid)
+			);
+			if (count($r)) {
+				$record = $r[0];
+			} else {
+				header('HTTP/1.0 401 Unauthorized');
+				echo('This api requires login');
+				killme();
+			}
+
+			$_SESSION['uid'] = $record['channel_id'];
+			$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
+
+			$x = q("select * from account where account_id = %d LIMIT 1", 
+				intval($record['channel_account_id'])
+			);
+			if ($x) {
+				require_once('include/security.php');
+				authenticate_success($x[0], null, true, false, true, true);
+				$_SESSION['allow_api'] = true;
+				call_hooks('logged_in', App::$user);
+				return;
+			}
+		} else {
+			// OAuth 1.0
+			$oauth = new ZotOAuth1();
+			$req = OAuth1Request::from_request();
 
-		list($consumer,$token) = $oauth->verify_request($req);
+			list($consumer, $token) = $oauth->verify_request($req);
 
-		if (!is_null($token)){
-			$oauth->loginUser($token->uid);
+			if (!is_null($token)) {
+				$oauth->loginUser($token->uid);
 
-			App::set_oauth_key($consumer->key);
+				App::set_oauth_key($consumer->key);
 
-			call_hooks('logged_in', App::$user);
-			return;
+				call_hooks('logged_in', App::$user);
+				return;
+			}
+			killme();
 		}
-		killme();
-	}
-	catch(Exception $e) {
+	} catch (Exception $e) {
 		logger($e->getMessage());
 	}
-		
+
 	// workarounds for HTTP-auth in CGI mode
 
 	foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
-- 
cgit v1.2.3