From 82003bbe470f758225832b9ffea19fde423bbee1 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 May 2021 06:30:20 +0000 Subject: [PATCH] Login prototype --- src/Factory/Api/Mastodon/Attachment.php | 2 +- src/Module/Api/Mastodon/Apps.php | 4 +- src/Module/BaseApi.php | 71 ++++++++++++++++++++++++- src/Module/OAuth/Authorize.php | 70 ++++++++++++++++++++++++ src/Module/OAuth/Revoke.php | 36 +++++++++++++ src/Module/OAuth/Token.php | 65 ++++++++++++++++++++++ src/Module/Security/Login.php | 6 ++- src/Object/Api/Mastodon/Status.php | 4 +- src/Security/Authentication.php | 1 + static/dbstructure.config.php | 16 +++++- static/routes.config.php | 6 +-- 11 files changed, 269 insertions(+), 12 deletions(-) create mode 100644 src/Module/OAuth/Authorize.php create mode 100644 src/Module/OAuth/Revoke.php create mode 100644 src/Module/OAuth/Token.php diff --git a/src/Factory/Api/Mastodon/Attachment.php b/src/Factory/Api/Mastodon/Attachment.php index 7ac45f354e..1345da9e85 100644 --- a/src/Factory/Api/Mastodon/Attachment.php +++ b/src/Factory/Api/Mastodon/Attachment.php @@ -59,7 +59,7 @@ class Attachment extends BaseFactory public function createFromUriId(int $uriId) { $attachments = []; - foreach (Post\Media::getByURIId($uriId) as $attachment) { + foreach (Post\Media::getByURIId($uriId, [Post\Media::AUDIO, Post\Media::VIDEO, Post\Media::IMAGE]) as $attachment) { $filetype = !empty($attachment['mimetype']) ? strtolower(substr($attachment['mimetype'], 0, strpos($attachment['mimetype'], '/'))) : ''; diff --git a/src/Module/Api/Mastodon/Apps.php b/src/Module/Api/Mastodon/Apps.php index a86d5cc993..b5d98d455f 100644 --- a/src/Module/Api/Mastodon/Apps.php +++ b/src/Module/Api/Mastodon/Apps.php @@ -46,8 +46,8 @@ class Apps extends BaseApi DI::mstdnError()->RecordNotFound(); } - $client_id = base64_encode(openssl_random_pseudo_bytes(32)); - $client_secret = bin2hex(random_bytes(32)); + $client_id = bin2hex(openssl_random_pseudo_bytes(32)); + $client_secret = bin2hex(openssl_random_pseudo_bytes(32)); $fields = ['client_id' => $client_id, 'client_secret' => $client_secret, 'name' => $name, 'redirect_uri' => $redirect]; diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index 248e655109..87d0838c58 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -24,6 +24,8 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Core\Logger; use Friendica\Core\System; +use Friendica\Database\Database; +use Friendica\Database\DBA; use Friendica\DI; use Friendica\Network\HTTPException; @@ -110,7 +112,7 @@ class BaseApi extends BaseModule public static function unsupported(string $method = 'all') { $path = DI::args()->getQueryString(); - Logger::info('Unimplemented API call', ['method' => $method, 'path' => $path, 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '']); + Logger::info('Unimplemented API call', ['method' => $method, 'path' => $path, 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '', 'request' => $_REQUEST ?? []]); $error = DI::l10n()->t('API endpoint %s %s is not implemented', strtoupper($method), $path); $error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.');; $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); @@ -135,6 +137,14 @@ class BaseApi extends BaseModule */ protected static function login() { + $authorization = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; + $authorization = $_SERVER['AUTHORIZATION'] ?? $authorization; + + if (self::checkBearer($authorization)) { + self::$current_user_id = self::getUserByBearer($authorization); + return (bool)self::$current_user_id; + } + api_login(DI::app()); self::$current_user_id = api_user(); @@ -149,6 +159,14 @@ class BaseApi extends BaseModule */ protected static function getCurrentUserID() { + $authorization = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; + $authorization = $_SERVER['AUTHORIZATION'] ?? $authorization; + + if (self::checkBearer($authorization)) { + self::$current_user_id = self::getUserByBearer($authorization); + return (int)self::$current_user_id; + } + if (is_null(self::$current_user_id)) { api_login(DI::app(), false); @@ -158,6 +176,55 @@ class BaseApi extends BaseModule return (int)self::$current_user_id; } + private static function checkBearer(string $authorization) + { + return(strpos($authorization, 'Bearer ') !== false); + } + + private static function getUserByBearer(string $authorization) + { + $bearer = trim(substr($authorization, 6)); + $condition = ['access_token' => $bearer]; + $token = DBA::selectFirst('application-token', ['uid'], $condition); + if (!DBA::isResult($token)) { + Logger::warning('Token not found', $condition); + return 0; + } + Logger::info('Token found', $token); + return $token['uid']; + } + + public static function getApplication() + { + $redirect_uri = !isset($_REQUEST['redirect_uri']) ? '' : $_REQUEST['redirect_uri']; + $client_id = !isset($_REQUEST['client_id']) ? '' : $_REQUEST['client_id']; + + if (empty($redirect_uri) || empty($client_id)) { + Logger::warning('Incomplete request'); + return []; + } + + $condition = ['redirect_uri' => $redirect_uri, 'client_id' => $client_id]; + $application = DBA::selectFirst('application', [], $condition); + if (!DBA::isResult($application)) { + Logger::warning('Application not found', $condition); + return []; + } + return $application; + } + + public static function getTokenForUser(array $application, int $uid) + { + $code = bin2hex(openssl_random_pseudo_bytes(32)); + $access_token = bin2hex(openssl_random_pseudo_bytes(32)); + + $fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token]; + if (!DBA::insert('application-token', $fields, Database::INSERT_UPDATE)) { + return []; + } + + return DBA::selectFirst('application-token', [], ['application-id' => $application['id'], 'uid' => $uid]); + } /** * Get user info array. * @@ -207,7 +274,7 @@ class BaseApi extends BaseModule $return = '' . "\n" . $return; break; } - + return $return; } diff --git a/src/Module/OAuth/Authorize.php b/src/Module/OAuth/Authorize.php new file mode 100644 index 0000000000..46a5ee4ef2 --- /dev/null +++ b/src/Module/OAuth/Authorize.php @@ -0,0 +1,70 @@ +. + * + */ + +namespace Friendica\Module\OAuth; + +use Friendica\Core\Logger; +use Friendica\Core\Session; +use Friendica\Database\Database; +use Friendica\Database\DBA; +use Friendica\DI; +use Friendica\Module\BaseApi; + +/** + * Dummy class for all currently unimplemented endpoints + */ +class Authorize extends BaseApi +{ + /** + * @param array $parameters + * @throws \Friendica\Network\HTTPException\InternalServerErrorException + */ + public static function rawContent(array $parameters = []) + { + //return; + + $response_type = !isset($_REQUEST['response_type']) ? '' : $_REQUEST['response_type']; + if ($response_type != 'code') { + Logger::warning('Wrong or missing response type', ['response_type' => $response_type]); + DI::mstdnError()->RecordNotFound(); + } + + $application = self::getApplication(); + if (empty($application)) { + DI::mstdnError()->RecordNotFound(); + } + + $uid = local_user(); + if (empty($uid)) { + Logger::info('Redirect to login'); + DI::app()->redirect('login?return_path=/oauth/authorize'); + } else { + Logger::info('Already logged in user', ['uid' => $uid]); + } + + $token = self::getTokenForUser($application, $uid); + if (!$token) { + DI::mstdnError()->RecordNotFound(); + } + + DI::app()->redirect($application['redirect_uri'] . '?code=' . $token['code']); + } +} diff --git a/src/Module/OAuth/Revoke.php b/src/Module/OAuth/Revoke.php new file mode 100644 index 0000000000..f0457e0130 --- /dev/null +++ b/src/Module/OAuth/Revoke.php @@ -0,0 +1,36 @@ +. + * + */ + +namespace Friendica\Module\OAuth; + +use Friendica\Core\Logger; +use Friendica\Module\BaseApi; + +/** + * Dummy class for all currently unimplemented endpoints + */ +class Revoke extends BaseApi +{ + public static function post(array $parameters = []) + { + self::unsupported('post'); + } +} diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php new file mode 100644 index 0000000000..a690bd0b1c --- /dev/null +++ b/src/Module/OAuth/Token.php @@ -0,0 +1,65 @@ +. + * + */ + +namespace Friendica\Module\OAuth; + +use Friendica\Core\Logger; +use Friendica\Core\System; +use Friendica\Database\DBA; +use Friendica\DI; +use Friendica\Module\BaseApi; + +/** + * Dummy class for all currently unimplemented endpoints + */ +class Token extends BaseApi +{ + public static function post(array $parameters = []) + { + $client_secret = !isset($_REQUEST['client_secret']) ? '' : $_REQUEST['client_secret']; + $code = !isset($_REQUEST['code']) ? '' : $_REQUEST['code']; + $grant_type = !isset($_REQUEST['grant_type']) ? '' : $_REQUEST['grant_type']; + + if ($grant_type != 'authorization_code') { + Logger::warning('Wrong or missing grant type', ['grant_type' => $grant_type]); + DI::mstdnError()->RecordNotFound(); + } + + $application = self::getApplication(); + if (empty($application)) { + DI::mstdnError()->RecordNotFound(); + } + + if ($application['client_secret'] != $client_secret) { + Logger::warning('Wrong client secret', $client_secret); + DI::mstdnError()->RecordNotFound(); + } + + $condition = ['application-id' => $application['id'], 'code' => $code]; + $token = DBA::selectFirst('application-token', ['access_token'], $condition); + if (!DBA::isResult($token)) { + Logger::warning('Token not found', $condition); + DI::mstdnError()->RecordNotFound(); + } + + System::jsonExit(['access_token' => $token['access_token'], 'token_type' => 'Bearer', 'scope' => $application['scopes']]); + } +} diff --git a/src/Module/Security/Login.php b/src/Module/Security/Login.php index 9f5095452e..80a9662204 100644 --- a/src/Module/Security/Login.php +++ b/src/Module/Security/Login.php @@ -36,8 +36,12 @@ class Login extends BaseModule { public static function content(array $parameters = []) { + $return_path = !isset($_REQUEST['return_path']) ? '' : $_REQUEST['return_path']; + if (local_user()) { - DI::baseUrl()->redirect(); + DI::baseUrl()->redirect($return_path); + } elseif (!empty($return_path)) { + Session::set('return_path', $return_path); } return self::form(Session::get('return_path'), intval(DI::config()->get('config', 'register_policy')) !== \Friendica\Module\Register::CLOSED); diff --git a/src/Object/Api/Mastodon/Status.php b/src/Object/Api/Mastodon/Status.php index c7c9247b35..26c0705bd1 100644 --- a/src/Object/Api/Mastodon/Status.php +++ b/src/Object/Api/Mastodon/Status.php @@ -126,7 +126,7 @@ class Status extends BaseDataTransferObject $this->muted = $userAttributes->muted; $this->bookmarked = $userAttributes->bookmarked; $this->pinned = $userAttributes->pinned; - $this->content = BBCode::convert($item['raw-body'] ?? $item['body'], false); + $this->content = BBCode::convert($item['raw-body'] ?? $item['body'], false, BBCode::API); $this->reblog = $reblog; $this->application = $application->toArray(); $this->account = $account->toArray(); @@ -134,7 +134,7 @@ class Status extends BaseDataTransferObject $this->mentions = $mentions; $this->tags = $tags; $this->emojis = []; - $this->card = $card->toArray(); + //$this->card = $card; $this->poll = null; } diff --git a/src/Security/Authentication.php b/src/Security/Authentication.php index eab75ba5d0..acbb4bfd4f 100644 --- a/src/Security/Authentication.php +++ b/src/Security/Authentication.php @@ -39,6 +39,7 @@ use Friendica\Util\Network; use Friendica\Util\Strings; use LightOpenID; use Friendica\Core\L10n; +use Friendica\Core\Logger; use Psr\Log\LoggerInterface; /** diff --git a/static/dbstructure.config.php b/static/dbstructure.config.php index 052f73b9cf..41515681e4 100644 --- a/static/dbstructure.config.php +++ b/static/dbstructure.config.php @@ -55,7 +55,7 @@ use Friendica\Database\DBA; if (!defined('DB_UPDATE_VERSION')) { - define('DB_UPDATE_VERSION', 1415); + define('DB_UPDATE_VERSION', 1416); } return [ @@ -442,6 +442,20 @@ return [ "client_id" => ["UNIQUE", "client_id"] ] ], + "application-token" => [ + "comment" => "OAuth user token", + "fields" => [ + "application-id" => ["type" => "int unsigned", "not null" => "1", "primary" => "1", "foreign" => ["application" => "id"], "comment" => ""], + "uid" => ["type" => "mediumint unsigned", "not null" => "1", "primary" => "1", "foreign" => ["user" => "uid"], "comment" => "Owner User id"], + "code" => ["type" => "varchar(64)", "not null" => "1", "comment" => ""], + "access_token" => ["type" => "varchar(64)", "not null" => "1", "comment" => ""], + "created_at" => ["type" => "datetime", "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => "creation time"], + ], + "indexes" => [ + "PRIMARY" => ["application-id", "uid"], + "uid_id" => ["uid", "application-id"], + ] + ], "attach" => [ "comment" => "file attachments", "fields" => [ diff --git a/static/routes.config.php b/static/routes.config.php index 5fbcffbd7c..f666feeff5 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -331,9 +331,9 @@ return [ '/mark/all' => [Module\Notifications\Notification::class, [R::GET]], '/{id:\d+}' => [Module\Notifications\Notification::class, [R::GET, R::POST]], ], - '/oauth/authorize' => [Module\Api\Mastodon\Unimplemented::class, [R::GET]], - '/oauth/revoke' => [Module\Api\Mastodon\Unimplemented::class, [R::POST]], - '/oauth/token' => [Module\Api\Mastodon\Unimplemented::class, [R::POST]], + '/oauth/authorize' => [Module\OAuth\Authorize::class, [R::GET]], + '/oauth/revoke' => [Module\OAuth\Revoke::class, [R::POST]], + '/oauth/token' => [Module\OAuth\Token::class, [R::POST]], '/objects/{guid}[/{activity}]' => [Module\Objects::class, [R::GET]], '/oembed' => [