streams/Zotlabs/Module/Settings/Oauth2.php

<?php

namespace Zotlabs\Module\Settings;


class Oauth2 {


	function post() {
	
		if(x($_POST,'remove')){
			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
			logger("REMOVE! ".$name." uid: ".local_channel());	
			$key = $_POST['remove'];
			q("DELETE FROM oauth_authorization_codes WHERE client_id='%s' AND user_id=%d",
				dbesc($name),
				intval(local_channel())
			);
			q("DELETE FROM oauth_access_tokens WHERE client_id='%s' AND user_id=%d",
				dbesc($name),
				intval(local_channel())
			);
			q("DELETE FROM oauth_refresh_tokens WHERE client_id='%s' AND user_id=%d",
				dbesc($name),
				intval(local_channel())
			);
			goaway(z_root()."/settings/oauth2/");
			return;			
		}
	
		if((argc() > 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) {
			
			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
			
			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
			$secret		= ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : '');
			$redirect	= ((x($_POST,'redirect')) ? escape_tags(trim($_POST['redirect'])) : '');
			$grant		= ((x($_POST,'grant')) ? escape_tags(trim($_POST['grant'])) : '');
			$scope		= ((x($_POST,'scope')) ? escape_tags(trim($_POST['scope'])) : '');

			$ok = true;
			if($name == '' || $secret == '') {
				$ok = false;
				notice( t('Name and Secret are required') . EOL);
			}
		
			if($ok) {
				if ($_POST['submit']==t("Update")){
					$r = q("UPDATE oauth_clients SET
								client_id = '%s',
								client_secret = '%s',
								redirect_uri = '%s',
								grant_types = '%s',
								scope = '%s', 
								user_id = %d
							WHERE client_id='%s' and user_id = %s",
							dbesc($name),
							dbesc($secret),
							dbesc($redirect),
							dbesc($grant),
							dbesc($scope),
							intval(local_channel()),
							dbesc($name),
                                                        intval(local_channel()));
				} else {
					$r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id)
						VALUES ('%s','%s','%s','%s','%s',%d)",
						dbesc($name),
						dbesc($secret),
						dbesc($redirect),
						dbesc($grant),
						dbesc($scope),
						intval(local_channel())
					);
					$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",
						dbesc($name),
						intval(local_channel()),
						dbesc('all')
					);
				}
			}
			goaway(z_root()."/settings/oauth2/");
			return;
		}
	}

	function get() {
			
		if((argc() > 2) && (argv(2) === 'add')) {
			$tpl = get_markup_template("settings_oauth2_edit.tpl");
			$o .= replace_macros($tpl, array(
				'$form_security_token' => get_form_security_token("settings_oauth2"),
				'$title'	=> t('Add OAuth2 application'),
				'$submit'	=> t('Submit'),
				'$cancel'	=> t('Cancel'),
				'$name'		=> array('name', t('Name'), '', t('Name of application')),
				'$secret'	=> array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
				'$grant'     => array('grant', t('Grant Types'), '', t('leave blank unless your application specifically requires this')),
				'$scope'     => array('scope', t('Authorization scope'), '', t('leave blank unless your application specifically requires this')),
			));
			return $o;
		}
			
		if((argc() > 3) && (argv(2) === 'edit')) {
			$r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= %d",
					dbesc(argv(3)),
					intval(local_channel())
			);
			
			if (! $r){
				notice(t('OAuth2 Application not found.'));
				return;
			}

			$app = $r[0];
				
			$tpl = get_markup_template("settings_oauth2_edit.tpl");
			$o .= replace_macros($tpl, array(
				'$form_security_token' => get_form_security_token("settings_oauth2"),
				'$title'	=> t('Add application'),
				'$submit'	=> t('Update'),
				'$cancel'	=> t('Cancel'),
				'$name'		=> array('name', t('Name'), $app['client_id'], t('Name of application')),
				'$secret'	=> array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')),
				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')),
				'$grant'     => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application specifically requires this')),
				'$scope'     => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application specifically requires this')),
			));
			return $o;
		}
			
		if((argc() > 3) && (argv(2) === 'delete')) {
			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2', 't');
			
			$r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = %d",
					dbesc(argv(3)),
					intval(local_channel())
			);
			$r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d",
					dbesc(argv(3)),
					intval(local_channel())
			);
			$r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d",
					dbesc(argv(3)),
					intval(local_channel())
			);
			$r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d",
					dbesc(argv(3)),
					intval(local_channel())
			);
			goaway(z_root()."/settings/oauth2/");
			return;			
		}
			

		$r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my 
				FROM oauth_clients
				LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND
                                                                 oauth_clients.user_id=oauth_access_tokens.user_id
				WHERE oauth_clients.user_id IN (%d,0)",
				intval(local_channel()),
				intval(local_channel())
		);
			
		$tpl = get_markup_template("settings_oauth2.tpl");
		$o .= replace_macros($tpl, array(
			'$form_security_token' => get_form_security_token("settings_oauth2"),
			'$baseurl'	=> z_root(),
			'$title'	=> t('Connected OAuth2 Apps'),
			'$add'		=> t('Add application'),
			'$edit'		=> t('Edit'),
			'$delete'		=> t('Delete'),
			'$consumerkey' => t('Client key starts with'),
			'$noname'	=> t('No name'),
			'$remove'	=> t('Remove authorization'),
			'$apps'		=> $r,
		));
		return $o;
			
	}

}
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`<?php`

			`namespace Zotlabs\Module\Settings;`


			`class Oauth2 {`


			`function post() {`

			`if(x($_POST,'remove')){`
			`check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');`
OAuth2 UI and settings updates 2018-08-10 17:51:45 +00:00			`$name = ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');`
image censoring per connection 2019-07-31 00:56:35 +00:00			`logger("REMOVE! ".$name." uid: ".local_channel());`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`$key = $_POST['remove'];`
OAuth2 UI and settings updates 2018-08-10 17:51:45 +00:00			`q("DELETE FROM oauth_authorization_codes WHERE client_id='%s' AND user_id=%d",`
			`dbesc($name),`
			`intval(local_channel())`
			`);`
			`q("DELETE FROM oauth_access_tokens WHERE client_id='%s' AND user_id=%d",`
			`dbesc($name),`
			`intval(local_channel())`
			`);`
			`q("DELETE FROM oauth_refresh_tokens WHERE client_id='%s' AND user_id=%d",`
			`dbesc($name),`
update oauth related tables to use bigint/int(10) for user_id column. this is to be more consistent with the rest of the tables and fixes issue #1180 2018-05-20 20:42:47 +00:00			`intval(local_channel())`
			`);`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`goaway(z_root()."/settings/oauth2/");`
			`return;`
			`}`

			`if((argc() > 2) && (argv(2) === 'edit' \|\| argv(2) === 'add') && x($_POST,'submit')) {`

			`check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');`

			`$name = ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');`
			`$secret = ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : '');`
			`$redirect = ((x($_POST,'redirect')) ? escape_tags(trim($_POST['redirect'])) : '');`
			`$grant = ((x($_POST,'grant')) ? escape_tags(trim($_POST['grant'])) : '');`
			`$scope = ((x($_POST,'scope')) ? escape_tags(trim($_POST['scope'])) : '');`

			`$ok = true;`
			`if($name == '' \|\| $secret == '') {`
			`$ok = false;`
			`notice( t('Name and Secret are required') . EOL);`
			`}`

			`if($ok) {`
			`if ($_POST['submit']==t("Update")){`
			`$r = q("UPDATE oauth_clients SET`
			`client_id = '%s',`
			`client_secret = '%s',`
			`redirect_uri = '%s',`
			`grant_types = '%s',`
			`scope = '%s',`
more local_channel() is not string 2018-05-20 12:15:46 +00:00			`user_id = %d`
Add user_id = local_channel() to the where clause of updates 2018-08-10 16:44:57 +00:00			`WHERE client_id='%s' and user_id = %s",`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`dbesc($name),`
			`dbesc($secret),`
			`dbesc($redirect),`
			`dbesc($grant),`
			`dbesc($scope),`
more local_channel() is not string 2018-05-20 12:15:46 +00:00			`intval(local_channel()),`
Add user_id = local_channel() to the where clause of updates 2018-08-10 16:44:57 +00:00			`dbesc($name),`
			`intval(local_channel()));`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`} else {`
			`$r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id)`
more local_channel() is not string 2018-05-20 12:15:46 +00:00			`VALUES ('%s','%s','%s','%s','%s',%d)",`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`dbesc($name),`
			`dbesc($secret),`
			`dbesc($redirect),`
			`dbesc($grant),`
			`dbesc($scope),`
more local_channel() is not string 2018-05-20 12:15:46 +00:00			`intval(local_channel())`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`);`
			`$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",`
			`dbesc($name),`
			`intval(local_channel()),`
			`dbesc('all')`
			`);`
			`}`
			`}`
			`goaway(z_root()."/settings/oauth2/");`
			`return;`
			`}`
			`}`

			`function get() {`

			`if((argc() > 2) && (argv(2) === 'add')) {`
			`$tpl = get_markup_template("settings_oauth2_edit.tpl");`
			`$o .= replace_macros($tpl, array(`
			`'$form_security_token' => get_form_security_token("settings_oauth2"),`
			`'$title' => t('Add OAuth2 application'),`
			`'$submit' => t('Submit'),`
			`'$cancel' => t('Cancel'),`
			`'$name' => array('name', t('Name'), '', t('Name of application')),`
			`'$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),`
			`'$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),`
update the photo item_obj format to AS2+ 2018-07-16 23:46:20 +00:00			`'$grant' => array('grant', t('Grant Types'), '', t('leave blank unless your application specifically requires this')),`
			`'$scope' => array('scope', t('Authorization scope'), '', t('leave blank unless your application specifically requires this')),`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`));`
			`return $o;`
			`}`

			`if((argc() > 3) && (argv(2) === 'edit')) {`
more local_channel() is not string 2018-05-20 12:15:46 +00:00			`$r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= %d",`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`dbesc(argv(3)),`
more local_channel() is not string 2018-05-20 12:15:46 +00:00			`intval(local_channel())`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`);`

			`if (! $r){`
			`notice(t('OAuth2 Application not found.'));`
			`return;`
			`}`

			`$app = $r[0];`

			`$tpl = get_markup_template("settings_oauth2_edit.tpl");`
			`$o .= replace_macros($tpl, array(`
			`'$form_security_token' => get_form_security_token("settings_oauth2"),`
			`'$title' => t('Add application'),`
			`'$submit' => t('Update'),`
			`'$cancel' => t('Cancel'),`
			`'$name' => array('name', t('Name'), $app['client_id'], t('Name of application')),`
			`'$secret' => array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')),`
			`'$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')),`
spellcheck 2018-07-16 06:32:09 +00:00			`'$grant' => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application specifically requires this')),`
			`'$scope' => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application specifically requires this')),`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`));`
			`return $o;`
			`}`

			`if((argc() > 3) && (argv(2) === 'delete')) {`
			`check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2', 't');`

more local_channel() is not string 2018-05-20 12:15:46 +00:00			`$r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = %d",`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`dbesc(argv(3)),`
more local_channel() is not string 2018-05-20 12:15:46 +00:00			`intval(local_channel())`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`);`
OAuth2 UI and settings updates 2018-08-10 17:51:45 +00:00			`$r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d",`
			`dbesc(argv(3)),`
			`intval(local_channel())`
			`);`
			`$r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d",`
			`dbesc(argv(3)),`
			`intval(local_channel())`
			`);`
			`$r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d",`
			`dbesc(argv(3)),`
			`intval(local_channel())`
			`);`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`goaway(z_root()."/settings/oauth2/");`
			`return;`
			`}`


local_channel() is not string 2018-05-20 12:07:30 +00:00			`$r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`FROM oauth_clients`
OAuth2 UI and settings updates 2018-08-10 17:51:45 +00:00			`LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND`
			`oauth_clients.user_id=oauth_access_tokens.user_id`
local_channel() is not string 2018-05-20 12:07:30 +00:00			`WHERE oauth_clients.user_id IN (%d,0)",`
more local_channel() is not string 2018-05-20 12:15:46 +00:00			`intval(local_channel()),`
			`intval(local_channel())`
oauth2 client settings page 2018-04-06 04:01:36 +00:00			`);`

			`$tpl = get_markup_template("settings_oauth2.tpl");`
			`$o .= replace_macros($tpl, array(`
			`'$form_security_token' => get_form_security_token("settings_oauth2"),`
			`'$baseurl' => z_root(),`
			`'$title' => t('Connected OAuth2 Apps'),`
			`'$add' => t('Add application'),`
			`'$edit' => t('Edit'),`
			`'$delete' => t('Delete'),`
			`'$consumerkey' => t('Client key starts with'),`
			`'$noname' => t('No name'),`
			`'$remove' => t('Remove authorization'),`
			`'$apps' => $r,`
			`));`
			`return $o;`

			`}`

local_channel() is not string 2018-05-20 12:07:30 +00:00			`}`