mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 00:35:30 +00:00
Merge branch 'dev' of codeberg.org:streams/streams into dev
This commit is contained in:
commit
23b87b24af
4 changed files with 9 additions and 30 deletions
|
@ -33,8 +33,10 @@ class OAuth2Server extends Server
|
|||
// Need to use OpenID\GrantType to return id_token
|
||||
// (see:https://github.com/bshaffer/oauth2-server-php/issues/443)
|
||||
$this->addGrantType(new AuthorizationCode($storage));
|
||||
|
||||
// Add the "Refresh Token" grant type
|
||||
$this->addGrantType(new RefreshToken($storage));
|
||||
|
||||
$keyStorage = new Memory([
|
||||
'keys' => [
|
||||
'public_key' => get_config('system', 'pubkey'),
|
||||
|
|
|
@ -2,16 +2,13 @@
|
|||
|
||||
namespace Code\Module;
|
||||
|
||||
use App;
|
||||
use DBA;
|
||||
use Code\Lib\Channel;
|
||||
use Code\Web\Controller;
|
||||
use Code\Identity\OAuth2Server;
|
||||
use Code\Identity\OAuth2Storage;
|
||||
use OAuth2\GrantType\RefreshToken;
|
||||
use OAuth2\Request;
|
||||
use OAuth2\Response;
|
||||
use OAuth2\GrantType;
|
||||
use Code\Render\Theme;
|
||||
|
||||
|
||||
|
@ -36,7 +33,7 @@ class Authorize extends Controller
|
|||
|
||||
$link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);
|
||||
|
||||
$o = replace_macros(Theme::get_template('oauth_authorize.tpl'), [
|
||||
return replace_macros(Theme::get_template('oauth_authorize.tpl'), [
|
||||
'$title' => t('Authorize'),
|
||||
'$authorize' => sprintf(t('Do you authorize the app %s to access your channel data?'), $link),
|
||||
'$app' => $app,
|
||||
|
@ -46,7 +43,6 @@ class Authorize extends Controller
|
|||
'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
|
||||
'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
|
||||
]);
|
||||
return $o;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -58,12 +54,6 @@ class Authorize extends Controller
|
|||
|
||||
$storage = new OAuth2Storage(DBA::$dba->db);
|
||||
$server = new OAuth2Server($storage);
|
||||
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
|
||||
$server->addGrantType(new GrantType\ClientCredentials($storage));
|
||||
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
|
||||
$server->addGrantType(new GrantType\AuthorizationCode($storage));
|
||||
// Add the "Refresh Token" grant type
|
||||
$server->addGrantType(new GrantType\RefreshToken($storage));
|
||||
|
||||
// TODO: The automatic client registration protocol below should adhere more
|
||||
// closely to "OAuth 2.0 Dynamic Client Registration Protocol" defined
|
||||
|
|
|
@ -40,13 +40,6 @@ class Token extends Controller
|
|||
|
||||
$storage = new OAuth2Storage(DBA::$dba->db);
|
||||
$server = new OAuth2Server($storage);
|
||||
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
|
||||
$server->addGrantType(new GrantType\ClientCredentials($storage));
|
||||
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
|
||||
$server->addGrantType(new GrantType\AuthorizationCode($storage));
|
||||
// Add the "Refresh Token" grant type
|
||||
$server->addGrantType(new GrantType\RefreshToken($storage));
|
||||
|
||||
$request = Request::createFromGlobals();
|
||||
$response = $server->handleTokenRequest($request);
|
||||
$response->send();
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
<?php
|
||||
|
||||
use OAuth2\Request;
|
||||
use OAuth2\GrantType;
|
||||
use Code\Identity\OAuth2Storage;
|
||||
use Code\Identity\OAuth2Server;
|
||||
use Code\Lib\Libzot;
|
||||
|
@ -16,14 +15,13 @@ require_once('include/security.php');
|
|||
|
||||
/**
|
||||
* API Login via basic-auth, OpenWebAuth, or OAuth2
|
||||
* This function returns true or exits with a 401 and WWW-Authenticate header.
|
||||
* @noinspection PhpInconsistentReturnPointsInspection
|
||||
*/
|
||||
|
||||
function api_login()
|
||||
{
|
||||
|
||||
$record = null;
|
||||
$remote_auth = false;
|
||||
$sigblock = null;
|
||||
|
||||
if (array_key_exists('REDIRECT_REMOTE_USER', $_SERVER) && (! array_key_exists('HTTP_AUTHORIZATION', $_SERVER))) {
|
||||
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER'];
|
||||
|
@ -35,12 +33,6 @@ function api_login()
|
|||
// OAuth 2.0
|
||||
$storage = new OAuth2Storage(DBA::$dba->db);
|
||||
$server = new OAuth2Server($storage);
|
||||
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
|
||||
$server->addGrantType(new GrantType\ClientCredentials($storage));
|
||||
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
|
||||
$server->addGrantType(new GrantType\AuthorizationCode($storage));
|
||||
// Add the "Refresh Token" grant type
|
||||
$server->addGrantType(new GrantType\RefreshToken($storage));
|
||||
|
||||
$request = Request::createFromGlobals();
|
||||
if ($server->verifyResourceRequest($request)) {
|
||||
|
@ -69,11 +61,13 @@ function api_login()
|
|||
authenticate_success($x[0], false, true, false, true, true);
|
||||
$_SESSION['allow_api'] = true;
|
||||
Hook::call('logged_in', App::$user);
|
||||
return;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
} catch (Exception $e) {
|
||||
// Just log the exception. Most of the time it will be because
|
||||
// a different identity mechanism is being used and no oauth2 parameters were found.
|
||||
logger($e->getMessage());
|
||||
}
|
||||
|
||||
|
@ -132,7 +126,6 @@ function api_login()
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
// process normal login request
|
||||
|
||||
if (isset($_SERVER['PHP_AUTH_USER']) && (! $record)) {
|
||||
|
@ -158,6 +151,7 @@ function api_login()
|
|||
log_failed_login('API login failure');
|
||||
retry_basic_auth();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue