Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-19 21:55:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'dev' of codeberg.org:streams/streams into dev

Browse source
This commit is contained in:
Mike Macgirvin 2022-12-31 05:42:35 +11:00
commit 23b87b24af
4 changed files with 9 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Code/Identity/OAuth2Server.php
View file

@ -33,8 +33,10 @@ class OAuth2Server extends Server
// Need to use OpenID\GrantType to return id_token
// (see:https://github.com/bshaffer/oauth2-server-php/issues/443)
$this->addGrantType(new AuthorizationCode($storage));
// Add the "Refresh Token" grant type
$this->addGrantType(new RefreshToken($storage));
$keyStorage = new Memory([
'keys' => [
'public_key' => get_config('system', 'pubkey'),

12
Code/Module/Authorize.php
View file

@ -2,16 +2,13 @@
namespace Code\Module;
use App;
use DBA;
use Code\Lib\Channel;
use Code\Web\Controller;
use Code\Identity\OAuth2Server;
use Code\Identity\OAuth2Storage;
use OAuth2\GrantType\RefreshToken;
use OAuth2\Request;
use OAuth2\Response;
use OAuth2\GrantType;
use Code\Render\Theme;
@ -36,7 +33,7 @@ class Authorize extends Controller
$link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);
$o = replace_macros(Theme::get_template('oauth_authorize.tpl'), [
return replace_macros(Theme::get_template('oauth_authorize.tpl'), [
'$title' => t('Authorize'),
'$authorize' => sprintf(t('Do you authorize the app %s to access your channel data?'), $link),
'$app' => $app,
@ -46,7 +43,6 @@ class Authorize extends Controller
'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
]);
return $o;
}
}
@ -58,12 +54,6 @@ class Authorize extends Controller
$storage = new OAuth2Storage(DBA::$dba->db);
$server = new OAuth2Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new GrantType\AuthorizationCode($storage));
// Add the "Refresh Token" grant type
$server->addGrantType(new GrantType\RefreshToken($storage));
// TODO: The automatic client registration protocol below should adhere more
// closely to "OAuth 2.0 Dynamic Client Registration Protocol" defined

7
Code/Module/Token.php
View file

@ -40,13 +40,6 @@ class Token extends Controller
$storage = new OAuth2Storage(DBA::$dba->db);
$server = new OAuth2Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new GrantType\AuthorizationCode($storage));
// Add the "Refresh Token" grant type
$server->addGrantType(new GrantType\RefreshToken($storage));
$request = Request::createFromGlobals();
$response = $server->handleTokenRequest($request);
$response->send();

18
include/api_auth.php
View file

@ -1,7 +1,6 @@
<?php
use OAuth2\Request;
use OAuth2\GrantType;
use Code\Identity\OAuth2Storage;
use Code\Identity\OAuth2Server;
use Code\Lib\Libzot;
@ -16,14 +15,13 @@ require_once('include/security.php');
/**
* API Login via basic-auth, OpenWebAuth, or OAuth2
* This function returns true or exits with a 401 and WWW-Authenticate header.
* @noinspection PhpInconsistentReturnPointsInspection
*/
function api_login()
{
$record = null;
$remote_auth = false;
$sigblock = null;
if (array_key_exists('REDIRECT_REMOTE_USER', $_SERVER) && (! array_key_exists('HTTP_AUTHORIZATION', $_SERVER))) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER'];
@ -35,12 +33,6 @@ function api_login()
// OAuth 2.0
$storage = new OAuth2Storage(DBA::$dba->db);
$server = new OAuth2Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new GrantType\AuthorizationCode($storage));
// Add the "Refresh Token" grant type
$server->addGrantType(new GrantType\RefreshToken($storage));
$request = Request::createFromGlobals();
if ($server->verifyResourceRequest($request)) {
@ -69,11 +61,13 @@ function api_login()
authenticate_success($x[0], false, true, false, true, true);
$_SESSION['allow_api'] = true;
Hook::call('logged_in', App::$user);
return;
return true;
}
}
} catch (Exception $e) {
// Just log the exception. Most of the time it will be because
// a different identity mechanism is being used and no oauth2 parameters were found.
logger($e->getMessage());
}
@ -132,7 +126,6 @@ function api_login()
}
}
// process normal login request
if (isset($_SERVER['PHP_AUTH_USER']) && (! $record)) {
@ -158,6 +151,7 @@ function api_login()
log_failed_login('API login failure');
retry_basic_auth();
}
}