Login prototype

src/Module/Api/Mastodon/Apps.php

@@ -46,8 +46,8 @@ class Apps extends BaseApi
 			DI::mstdnError()->RecordNotFound();
 		}
 
-		$client_id     = base64_encode(openssl_random_pseudo_bytes(32));
-		$client_secret = bin2hex(random_bytes(32));
+		$client_id     = bin2hex(openssl_random_pseudo_bytes(32));
+		$client_secret = bin2hex(openssl_random_pseudo_bytes(32));
 
 		$fields = ['client_id' => $client_id, 'client_secret' => $client_secret, 'name' => $name, 'redirect_uri' => $redirect];
 

src/Module/BaseApi.php

@@ -24,6 +24,8 @@ namespace Friendica\Module;
 use Friendica\BaseModule;
 use Friendica\Core\Logger;
 use Friendica\Core\System;
+use Friendica\Database\Database;
+use Friendica\Database\DBA;
 use Friendica\DI;
 use Friendica\Network\HTTPException;
 
@@ -110,7 +112,7 @@ class BaseApi extends BaseModule
 	public static function unsupported(string $method = 'all')
 	{
 		$path = DI::args()->getQueryString();
-		Logger::info('Unimplemented API call', ['method' => $method, 'path' => $path, 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '']);
+		Logger::info('Unimplemented API call', ['method' => $method, 'path' => $path, 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '', 'request' => $_REQUEST ?? []]);
 		$error = DI::l10n()->t('API endpoint %s %s is not implemented', strtoupper($method), $path);
 		$error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.');;
 		$errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description);
@@ -135,6 +137,14 @@ class BaseApi extends BaseModule
 	 */
 	protected static function login()
 	{
+		$authorization = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+		$authorization = $_SERVER['AUTHORIZATION'] ?? $authorization;
+
+		if (self::checkBearer($authorization)) {
+			self::$current_user_id = self::getUserByBearer($authorization);
+			return (bool)self::$current_user_id;
+		}
+
 		api_login(DI::app());
 
 		self::$current_user_id = api_user();
@@ -149,6 +159,14 @@ class BaseApi extends BaseModule
 	 */
 	protected static function getCurrentUserID()
 	{
+		$authorization = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+		$authorization = $_SERVER['AUTHORIZATION'] ?? $authorization;
+
+		if (self::checkBearer($authorization)) {
+			self::$current_user_id = self::getUserByBearer($authorization);
+			return (int)self::$current_user_id;
+		}
+
 		if (is_null(self::$current_user_id)) {
 			api_login(DI::app(), false);
 
@@ -158,6 +176,55 @@ class BaseApi extends BaseModule
 		return (int)self::$current_user_id;
 	}
 
+	private static function checkBearer(string $authorization)
+	{
+		return(strpos($authorization, 'Bearer ') !== false);
+	}
+
+	private static function getUserByBearer(string $authorization)
+	{
+		$bearer = trim(substr($authorization, 6));
+		$condition = ['access_token' => $bearer];
+		$token = DBA::selectFirst('application-token', ['uid'], $condition);
+		if (!DBA::isResult($token)) {
+			Logger::warning('Token not found', $condition);
+			return 0;
+		}
+		Logger::info('Token found', $token);
+		return $token['uid'];
+	}
+
+	public static function getApplication()
+	{
+		$redirect_uri = !isset($_REQUEST['redirect_uri']) ? '' : $_REQUEST['redirect_uri'];
+		$client_id    = !isset($_REQUEST['client_id']) ? '' : $_REQUEST['client_id'];
+
+		if (empty($redirect_uri) || empty($client_id)) {
+			Logger::warning('Incomplete request');
+			return [];
+		}
+
+		$condition = ['redirect_uri' => $redirect_uri, 'client_id' => $client_id];
+		$application = DBA::selectFirst('application', [], $condition);
+		if (!DBA::isResult($application)) {
+			Logger::warning('Application not found', $condition);
+			return [];
+		}
+		return $application;
+	}
+
+	public static function getTokenForUser(array $application, int $uid)
+	{
+		$code         = bin2hex(openssl_random_pseudo_bytes(32));
+		$access_token = bin2hex(openssl_random_pseudo_bytes(32));
+
+		$fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token];
+		if (!DBA::insert('application-token', $fields, Database::INSERT_UPDATE)) {
+			return [];
+		}
+
+		return DBA::selectFirst('application-token', [], ['application-id' => $application['id'], 'uid' => $uid]);
+	}
 	/**
 	 * Get user info array.
 	 *
@@ -207,7 +274,7 @@ class BaseApi extends BaseModule
 				$return = '<?xml version="1.0" encoding="UTF-8"?>' . "\n" . $return;
 				break;
 		}
-		
+
 		return $return;
 	}
 

src/Module/OAuth/Authorize.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * @copyright Copyright (C) 2010-2021, the Friendica project
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Friendica\Module\OAuth;
+
+use Friendica\Core\Logger;
+use Friendica\Core\Session;
+use Friendica\Database\Database;
+use Friendica\Database\DBA;
+use Friendica\DI;
+use Friendica\Module\BaseApi;
+
+/**
+ * Dummy class for all currently unimplemented endpoints
+ */
+class Authorize extends BaseApi
+{
+	/**
+	 * @param array $parameters
+	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
+	 */
+	public static function rawContent(array $parameters = [])
+	{
+		//return;
+
+		$response_type = !isset($_REQUEST['response_type']) ? '' : $_REQUEST['response_type'];
+		if ($response_type != 'code') {
+			Logger::warning('Wrong or missing response type', ['response_type' => $response_type]);
+			DI::mstdnError()->RecordNotFound();
+		}
+
+		$application = self::getApplication();
+		if (empty($application)) {
+			DI::mstdnError()->RecordNotFound();
+		}
+
+		$uid = local_user();
+		if (empty($uid)) {
+			Logger::info('Redirect to login');
+			DI::app()->redirect('login?return_path=/oauth/authorize');
+		} else {
+			Logger::info('Already logged in user', ['uid' => $uid]);
+		}
+
+		$token = self::getTokenForUser($application, $uid);
+		if (!$token) {
+			DI::mstdnError()->RecordNotFound();
+		}
+
+		DI::app()->redirect($application['redirect_uri'] . '?code=' . $token['code']);
+	}
+}

src/Module/OAuth/Revoke.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * @copyright Copyright (C) 2010-2021, the Friendica project
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Friendica\Module\OAuth;
+
+use Friendica\Core\Logger;
+use Friendica\Module\BaseApi;
+
+/**
+ * Dummy class for all currently unimplemented endpoints
+ */
+class Revoke extends BaseApi
+{
+	public static function post(array $parameters = [])
+	{
+		self::unsupported('post');
+	}
+}

src/Module/OAuth/Token.php

@@ -0,0 +1,65 @@
+<?php
+/**
+ * @copyright Copyright (C) 2010-2021, the Friendica project
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Friendica\Module\OAuth;
+
+use Friendica\Core\Logger;
+use Friendica\Core\System;
+use Friendica\Database\DBA;
+use Friendica\DI;
+use Friendica\Module\BaseApi;
+
+/**
+ * Dummy class for all currently unimplemented endpoints
+ */
+class Token extends BaseApi
+{
+	public static function post(array $parameters = [])
+	{
+		$client_secret = !isset($_REQUEST['client_secret']) ? '' : $_REQUEST['client_secret'];
+		$code          = !isset($_REQUEST['code']) ? '' : $_REQUEST['code'];
+		$grant_type    = !isset($_REQUEST['grant_type']) ? '' : $_REQUEST['grant_type'];
+
+		if ($grant_type != 'authorization_code') {
+			Logger::warning('Wrong or missing grant type', ['grant_type' => $grant_type]);
+			DI::mstdnError()->RecordNotFound();
+		}
+
+		$application = self::getApplication();
+		if (empty($application)) {
+			DI::mstdnError()->RecordNotFound();
+		}
+
+		if ($application['client_secret'] != $client_secret) {
+			Logger::warning('Wrong client secret', $client_secret);
+			DI::mstdnError()->RecordNotFound();
+		}
+
+		$condition = ['application-id' => $application['id'], 'code' => $code];
+		$token = DBA::selectFirst('application-token', ['access_token'], $condition);
+		if (!DBA::isResult($token)) {
+			Logger::warning('Token not found', $condition);
+			DI::mstdnError()->RecordNotFound();
+		}
+
+		System::jsonExit(['access_token' => $token['access_token'], 'token_type' => 'Bearer', 'scope' => $application['scopes']]);
+	}
+}

src/Module/Security/Login.php

@@ -36,8 +36,12 @@ class Login extends BaseModule
 {
 	public static function content(array $parameters = [])
 	{
+		$return_path = !isset($_REQUEST['return_path']) ? '' : $_REQUEST['return_path'];
+
 		if (local_user()) {
-			DI::baseUrl()->redirect();
+			DI::baseUrl()->redirect($return_path);
+		} elseif (!empty($return_path)) {
+			Session::set('return_path', $return_path);
 		}
 
 		return self::form(Session::get('return_path'), intval(DI::config()->get('config', 'register_policy')) !== \Friendica\Module\Register::CLOSED);