Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-19 21:35:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove redundant oauth server options

Browse source
This commit is contained in:
Mike Macgirvin 2022-12-30 20:13:33 +11:00
parent 59c4ea8558
commit ee743514f8
4 changed files with 8 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Code/Identity/OAuth2Server.php
View file

@ -33,8 +33,10 @@ class OAuth2Server extends Server
// Need to use OpenID\GrantType to return id_token
// (see:https://github.com/bshaffer/oauth2-server-php/issues/443)
$this->addGrantType(new AuthorizationCode($storage));
// Add the "Refresh Token" grant type
$this->addGrantType(new RefreshToken($storage));
$keyStorage = new Memory([
'keys' => [
'public_key' => get_config('system', 'pubkey'),

6
Code/Module/Authorize.php
View file

@ -58,12 +58,6 @@ class Authorize extends Controller
$storage = new OAuth2Storage(DBA::$dba->db);
$server = new OAuth2Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new GrantType\AuthorizationCode($storage));
// Add the "Refresh Token" grant type
$server->addGrantType(new GrantType\RefreshToken($storage));
// TODO: The automatic client registration protocol below should adhere more
// closely to "OAuth 2.0 Dynamic Client Registration Protocol" defined

7
Code/Module/Token.php
View file

@ -40,13 +40,6 @@ class Token extends Controller
$storage = new OAuth2Storage(DBA::$dba->db);
$server = new OAuth2Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new GrantType\AuthorizationCode($storage));
// Add the "Refresh Token" grant type
$server->addGrantType(new GrantType\RefreshToken($storage));
$request = Request::createFromGlobals();
$response = $server->handleTokenRequest($request);
$response->send();

16
include/api_auth.php
View file

@ -16,14 +16,14 @@ require_once('include/security.php');
/**
* API Login via basic-auth, OpenWebAuth, or OAuth2
* This function returns true or exits with a 401 and WWW-Authenticate header.
* @noinspection PhpInconsistentReturnPointsInspection
*/
function api_login()
{
$record = null;
$remote_auth = false;
$sigblock = null;
if (array_key_exists('REDIRECT_REMOTE_USER', $_SERVER) && (! array_key_exists('HTTP_AUTHORIZATION', $_SERVER))) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER'];
@ -35,12 +35,6 @@ function api_login()
// OAuth 2.0
$storage = new OAuth2Storage(DBA::$dba->db);
$server = new OAuth2Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new GrantType\AuthorizationCode($storage));
// Add the "Refresh Token" grant type
$server->addGrantType(new GrantType\RefreshToken($storage));
$request = Request::createFromGlobals();
if ($server->verifyResourceRequest($request)) {
@ -69,11 +63,13 @@ function api_login()
authenticate_success($x[0], false, true, false, true, true);
$_SESSION['allow_api'] = true;
Hook::call('logged_in', App::$user);
return;
return true;
}
}
} catch (Exception $e) {
// Just log the exception. Most of the time it will be because
// a different identity mechanism is being used and no oauth2 parameters were found.
logger($e->getMessage());
}
@ -132,7 +128,6 @@ function api_login()
}
}
// process normal login request
if (isset($_SERVER['PHP_AUTH_USER']) && (! $record)) {
@ -158,6 +153,7 @@ function api_login()
log_failed_login('API login failure');
retry_basic_auth();
}
}