Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

266 lines
7.2 KiB

10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
  1. <?php
  2. /**
  3. * OAuth server
  4. * Based on oauth2-php <http://code.google.com/p/oauth2-php/>
  5. *
  6. */
  7. define('REQUEST_TOKEN_DURATION', 300);
  8. define('ACCESS_TOKEN_DURATION', 31536000);
  9. require_once("library/OAuth1.php");
  10. require_once("library/oauth2-php/lib/OAuth2.inc");
  11. class FKOAuthDataStore extends OAuthDataStore {
  12. function gen_token(){
  13. return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
  14. }
  15. function lookup_consumer($consumer_key) {
  16. logger(__function__.":".$consumer_key);
  17. //echo "<pre>"; var_dump($consumer_key); killme();
  18. $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
  19. dbesc($consumer_key)
  20. );
  21. if (count($r))
  22. return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
  23. return null;
  24. }
  25. function lookup_token($consumer, $token_type, $token) {
  26. logger(__function__.":".$consumer.", ". $token_type.", ".$token);
  27. $r = q("SELECT id, secret,scope, expires, uid FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
  28. dbesc($consumer->key),
  29. dbesc($token_type),
  30. dbesc($token)
  31. );
  32. if (count($r)){
  33. $ot=new OAuthToken($r[0]['id'],$r[0]['secret']);
  34. $ot->scope=$r[0]['scope'];
  35. $ot->expires = $r[0]['expires'];
  36. $ot->uid = $r[0]['uid'];
  37. return $ot;
  38. }
  39. return null;
  40. }
  41. function lookup_nonce($consumer, $token, $nonce, $timestamp) {
  42. //echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
  43. $r = q("SELECT id, secret FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
  44. dbesc($consumer->key),
  45. dbesc($nonce),
  46. intval($timestamp)
  47. );
  48. if (count($r))
  49. return new OAuthToken($r[0]['id'],$r[0]['secret']);
  50. return null;
  51. }
  52. function new_request_token($consumer, $callback = null) {
  53. logger(__function__.":".$consumer.", ". $callback);
  54. $key = $this->gen_token();
  55. $sec = $this->gen_token();
  56. if ($consumer->key){
  57. $k = $consumer->key;
  58. } else {
  59. $k = $consumer;
  60. }
  61. $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
  62. dbesc($key),
  63. dbesc($sec),
  64. dbesc($k),
  65. 'request',
  66. intval(REQUEST_TOKEN_DURATION));
  67. if (!$r) return null;
  68. return new OAuthToken($key,$sec);
  69. }
  70. function new_access_token($token, $consumer, $verifier = null) {
  71. logger(__function__.":".$token.", ". $consumer.", ". $verifier);
  72. // return a new access token attached to this consumer
  73. // for the user associated with this token if the request token
  74. // is authorized
  75. // should also invalidate the request token
  76. $ret=Null;
  77. // get user for this verifier
  78. $uverifier = get_config("oauth", $verifier);
  79. logger(__function__.":".$verifier.",".$uverifier);
  80. if (is_null($verifier) || ($uverifier!==false)){
  81. $key = $this->gen_token();
  82. $sec = $this->gen_token();
  83. $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d, %d)",
  84. dbesc($key),
  85. dbesc($sec),
  86. dbesc($consumer->key),
  87. 'access',
  88. intval(ACCESS_TOKEN_DURATION),
  89. intval($uverifier));
  90. if ($r)
  91. $ret = new OAuthToken($key,$sec);
  92. }
  93. q("DELETE FROM tokens WHERE id='%s'", $token->key);
  94. if (!is_null($ret) && $uverifier!==false){
  95. del_config("oauth", $verifier);
  96. /* $apps = get_pconfig($uverifier, "oauth", "apps");
  97. if ($apps===false) $apps=array();
  98. $apps[] = $consumer->key;
  99. set_pconfig($uverifier, "oauth", "apps", $apps);*/
  100. }
  101. return $ret;
  102. }
  103. }
  104. class FKOAuth1 extends OAuthServer {
  105. function __construct() {
  106. parent::__construct(new FKOAuthDataStore());
  107. $this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
  108. $this->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1());
  109. }
  110. function loginUser($uid){
  111. logger("FKOAuth1::loginUser $uid");
  112. $a = get_app();
  113. $r = q("SELECT * FROM `user` WHERE uid=%d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
  114. intval($uid)
  115. );
  116. if(count($r)){
  117. $record = $r[0];
  118. } else {
  119. logger('FKOAuth1::loginUser failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
  120. header('HTTP/1.0 401 Unauthorized');
  121. die('This api requires login');
  122. }
  123. $_SESSION['uid'] = $record['uid'];
  124. $_SESSION['theme'] = $record['theme'];
  125. $_SESSION['authenticated'] = 1;
  126. $_SESSION['page_flags'] = $record['page-flags'];
  127. $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $record['nickname'];
  128. $_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
  129. //notice( t("Welcome back ") . $record['username'] . EOL);
  130. $a->user = $record;
  131. if(strlen($a->user['timezone'])) {
  132. date_default_timezone_set($a->user['timezone']);
  133. $a->timezone = $a->user['timezone'];
  134. }
  135. $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
  136. intval($_SESSION['uid']));
  137. if(count($r)) {
  138. $a->contact = $r[0];
  139. $a->cid = $r[0]['id'];
  140. $_SESSION['cid'] = $a->cid;
  141. }
  142. q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
  143. dbesc(datetime_convert()),
  144. intval($_SESSION['uid'])
  145. );
  146. call_hooks('logged_in', $a->user);
  147. }
  148. }
  149. /*
  150. class FKOAuth2 extends OAuth2 {
  151. private function db_secret($client_secret){
  152. return hash('whirlpool',$client_secret);
  153. }
  154. public function addClient($client_id, $client_secret, $redirect_uri) {
  155. $client_secret = $this->db_secret($client_secret);
  156. $r = q("INSERT INTO clients (client_id, pw, redirect_uri) VALUES ('%s', '%s', '%s')",
  157. dbesc($client_id),
  158. dbesc($client_secret),
  159. dbesc($redirect_uri)
  160. );
  161. return $r;
  162. }
  163. protected function checkClientCredentials($client_id, $client_secret = NULL) {
  164. $client_secret = $this->db_secret($client_secret);
  165. $r = q("SELECT pw FROM clients WHERE client_id = '%s'",
  166. dbesc($client_id));
  167. if ($client_secret === NULL)
  168. return $result !== FALSE;
  169. return $result["client_secret"] == $client_secret;
  170. }
  171. protected function getRedirectUri($client_id) {
  172. $r = q("SELECT redirect_uri FROM clients WHERE client_id = '%s'",
  173. dbesc($client_id));
  174. if ($r === FALSE)
  175. return FALSE;
  176. return isset($r[0]["redirect_uri"]) && $r[0]["redirect_uri"] ? $r[0]["redirect_uri"] : NULL;
  177. }
  178. protected function getAccessToken($oauth_token) {
  179. $r = q("SELECT client_id, expires, scope FROM tokens WHERE id = '%s'",
  180. dbesc($oauth_token));
  181. if (count($r))
  182. return $r[0];
  183. return null;
  184. }
  185. protected function setAccessToken($oauth_token, $client_id, $expires, $scope = NULL) {
  186. $r = q("INSERT INTO tokens (id, client_id, expires, scope) VALUES ('%s', '%s', %d, '%s')",
  187. dbesc($oauth_token),
  188. dbesc($client_id),
  189. intval($expires),
  190. dbesc($scope));
  191. return $r;
  192. }
  193. protected function getSupportedGrantTypes() {
  194. return array(
  195. OAUTH2_GRANT_TYPE_AUTH_CODE,
  196. );
  197. }
  198. protected function getAuthCode($code) {
  199. $r = q("SELECT id, client_id, redirect_uri, expires, scope FROM auth_codes WHERE id = '%s'",
  200. dbesc($code));
  201. if (count($r))
  202. return $r[0];
  203. return null;
  204. }
  205. protected function setAuthCode($code, $client_id, $redirect_uri, $expires, $scope = NULL) {
  206. $r = q("INSERT INTO auth_codes
  207. (id, client_id, redirect_uri, expires, scope) VALUES
  208. ('%s', '%s', '%s', %d, '%s')",
  209. dbesc($code),
  210. dbesc($client_id),
  211. dbesc($redirect_uri),
  212. intval($expires),
  213. dbesc($scope));
  214. return $r;
  215. }
  216. }
  217. */