Loading auth/oauth2/index.php 0 → 100644 +53 −0 Original line number Original line Diff line number Diff line <?php include '../../include/init.php'; startSession(); global $dao; if (!isset($_REQUEST['client_id'])) { http_response_code(400); die("Client id is required"); } if (!isset($_REQUEST['redirect_uri'])) { http_response_code(400); die("Redirect URI is required"); } $clientId = $_REQUEST['client_id']; $redirectUrl = $_REQUEST['redirect_uri']; $client = $dao->getOAuth2ClientByClientId($clientId); if ($client === null) { http_response_code(400); die("Invalid client id: " . $clientId); } if ($client->redirectUrl !== $redirectUrl) { http_response_code(400); die("Invalid client redirect URI: " . $redirectUrl); } $alg; if (isset($_REQUEST['alg'])) { $alg = $_REQUEST['alg']; } else { $alg = "RS256"; } if (isset($_GET['code'])) { } else { if (!isset($_REQUEST['state'])) { http_response_code(400); die("State is required"); } } $oauth2Data = new \RAP\OAuth2Data(); $oauth2Data->clientName = $client->name; $oauth2Data->clientIcon = $client->icon; $oauth2Data->clientId = $client->id; $oauth2Data->redirectUrl = $client->redirectUrl; global $session; $session->setOAuth2Data($oauth2Data); No newline at end of file classes/DAO.php +11 −2 Original line number Original line Diff line number Diff line Loading @@ -129,7 +129,16 @@ interface DAO { * CRUD methods for OAuth2Clients (used by admin interface). * CRUD methods for OAuth2Clients (used by admin interface). */ */ function getOAuth2Clients(); function getOAuth2Clients(); function createOAuth2Client($client); function createOAuth2Client($client); function updateOAuth2Client($client); function updateOAuth2Client($client); function deleteOAuth2Client($clientId); function deleteOAuth2Client($clientId); /** * Retrieve the client from the configured client id (the one associated to * the secret, not the database id). */ function getOAuth2ClientByClientId($clientId); } } classes/MySQLDAO.php +43 −0 Original line number Original line Diff line number Diff line Loading @@ -478,4 +478,47 @@ class MySQLDAO implements DAO { } } } } function getOAuth2ClientByClientId($clientId) { $dbh = $this->getDBHandler(); // Load clients info $queryClient = "SELECT id, name, icon, client, secret, redirect_url, scope FROM oauth2_client WHERE client = :client"; $stmtClient = $dbh->prepare($queryClient); $stmtClient->bindParam(':client', $clientId); $stmtClient->execute(); $result = $stmtClient->fetchAll(); if (count($result) === 0) { return null; } if (count($result) > 1) { throw new Exception("Found multiple clients associated to the same client id!"); } $row = $result[0]; $client = new OAuth2Client(); $client->id = $row['id']; $client->name = $row['name']; $client->icon = $row['icon']; $client->client = $row['client']; $client->secret = $row['secret']; $client->redirectUrl = $row['redirect_url']; $client->scope = $row['scope']; // Load authentication methods info $queryAuthNMethods = "SELECT auth_method FROM oauth2_client_auth_methods WHERE client_id = :id"; $stmtAuthNMethods = $dbh->prepare($queryAuthNMethods); $stmtAuthNMethods->bindParam(':id', $client->id); $stmtAuthNMethods->execute(); foreach ($stmtAuthNMethods->fetchAll() as $row) { array_push($client->authMethods, $row['auth_method']); } return $client; } } } classes/OAuth2Data.php 0 → 100644 +12 −0 Original line number Original line Diff line number Diff line <?php namespace RAP; class OAuth2Data { public $clientName; public $clientIcon; public $clientId; public $redirectUrl; } classes/SessionData.php +6 −0 Original line number Original line Diff line number Diff line Loading @@ -41,6 +41,7 @@ class SessionData { // session because we need to check the Terms of Use user consensus, so we // session because we need to check the Terms of Use user consensus, so we // redirect to another page after retrieving user data. // redirect to another page after retrieving user data. public $userToLogin; public $userToLogin; public $oauth2Data; /** /** * @todo: move DAO away from here * @todo: move DAO away from here Loading Loading @@ -123,4 +124,9 @@ class SessionData { } } } } public function setOAuth2Data($oauth2Data) { $this->oauth2Data = $oauth2Data; $this->save(); } } } Loading
auth/oauth2/index.php 0 → 100644 +53 −0 Original line number Original line Diff line number Diff line <?php include '../../include/init.php'; startSession(); global $dao; if (!isset($_REQUEST['client_id'])) { http_response_code(400); die("Client id is required"); } if (!isset($_REQUEST['redirect_uri'])) { http_response_code(400); die("Redirect URI is required"); } $clientId = $_REQUEST['client_id']; $redirectUrl = $_REQUEST['redirect_uri']; $client = $dao->getOAuth2ClientByClientId($clientId); if ($client === null) { http_response_code(400); die("Invalid client id: " . $clientId); } if ($client->redirectUrl !== $redirectUrl) { http_response_code(400); die("Invalid client redirect URI: " . $redirectUrl); } $alg; if (isset($_REQUEST['alg'])) { $alg = $_REQUEST['alg']; } else { $alg = "RS256"; } if (isset($_GET['code'])) { } else { if (!isset($_REQUEST['state'])) { http_response_code(400); die("State is required"); } } $oauth2Data = new \RAP\OAuth2Data(); $oauth2Data->clientName = $client->name; $oauth2Data->clientIcon = $client->icon; $oauth2Data->clientId = $client->id; $oauth2Data->redirectUrl = $client->redirectUrl; global $session; $session->setOAuth2Data($oauth2Data); No newline at end of file
classes/DAO.php +11 −2 Original line number Original line Diff line number Diff line Loading @@ -129,7 +129,16 @@ interface DAO { * CRUD methods for OAuth2Clients (used by admin interface). * CRUD methods for OAuth2Clients (used by admin interface). */ */ function getOAuth2Clients(); function getOAuth2Clients(); function createOAuth2Client($client); function createOAuth2Client($client); function updateOAuth2Client($client); function updateOAuth2Client($client); function deleteOAuth2Client($clientId); function deleteOAuth2Client($clientId); /** * Retrieve the client from the configured client id (the one associated to * the secret, not the database id). */ function getOAuth2ClientByClientId($clientId); } }
classes/MySQLDAO.php +43 −0 Original line number Original line Diff line number Diff line Loading @@ -478,4 +478,47 @@ class MySQLDAO implements DAO { } } } } function getOAuth2ClientByClientId($clientId) { $dbh = $this->getDBHandler(); // Load clients info $queryClient = "SELECT id, name, icon, client, secret, redirect_url, scope FROM oauth2_client WHERE client = :client"; $stmtClient = $dbh->prepare($queryClient); $stmtClient->bindParam(':client', $clientId); $stmtClient->execute(); $result = $stmtClient->fetchAll(); if (count($result) === 0) { return null; } if (count($result) > 1) { throw new Exception("Found multiple clients associated to the same client id!"); } $row = $result[0]; $client = new OAuth2Client(); $client->id = $row['id']; $client->name = $row['name']; $client->icon = $row['icon']; $client->client = $row['client']; $client->secret = $row['secret']; $client->redirectUrl = $row['redirect_url']; $client->scope = $row['scope']; // Load authentication methods info $queryAuthNMethods = "SELECT auth_method FROM oauth2_client_auth_methods WHERE client_id = :id"; $stmtAuthNMethods = $dbh->prepare($queryAuthNMethods); $stmtAuthNMethods->bindParam(':id', $client->id); $stmtAuthNMethods->execute(); foreach ($stmtAuthNMethods->fetchAll() as $row) { array_push($client->authMethods, $row['auth_method']); } return $client; } } }
classes/OAuth2Data.php 0 → 100644 +12 −0 Original line number Original line Diff line number Diff line <?php namespace RAP; class OAuth2Data { public $clientName; public $clientIcon; public $clientId; public $redirectUrl; }
classes/SessionData.php +6 −0 Original line number Original line Diff line number Diff line Loading @@ -41,6 +41,7 @@ class SessionData { // session because we need to check the Terms of Use user consensus, so we // session because we need to check the Terms of Use user consensus, so we // redirect to another page after retrieving user data. // redirect to another page after retrieving user data. public $userToLogin; public $userToLogin; public $oauth2Data; /** /** * @todo: move DAO away from here * @todo: move DAO away from here Loading Loading @@ -123,4 +124,9 @@ class SessionData { } } } } public function setOAuth2Data($oauth2Data) { $this->oauth2Data = $oauth2Data; $this->save(); } } }
