From c72f2ed108c0a10ad26087c47db637d951078bab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franc=CC=A7ois=20Hodierne?= Date: Sat, 1 Apr 2023 20:49:13 +0200 Subject: [PATCH 1/4] wip: oauth --- application/modules/oauth.module.php | 59 ++ application/partials/top.partial.php | 12 +- application/start.action.php | 3 + application/views/oauth/membership.view.php | 16 + classes/service/oauth.php | 84 +++ composer.json | 3 +- composer.lock | 724 +++++++++++++++++++- public/img/opencollective-contribute.png | Bin 0 -> 139847 bytes replaceables/session/signout.php | 2 + 9 files changed, 897 insertions(+), 6 deletions(-) create mode 100644 application/modules/oauth.module.php create mode 100644 application/views/oauth/membership.view.php create mode 100644 classes/service/oauth.php create mode 100644 public/img/opencollective-contribute.png diff --git a/application/modules/oauth.module.php b/application/modules/oauth.module.php new file mode 100644 index 0000000..c263335 --- /dev/null +++ b/application/modules/oauth.module.php @@ -0,0 +1,59 @@ +state(); + return redirect($oauth->authorization_url()); +} + +else if (url_is('/oauth/callback')) { + check_parameters(['code', 'state']); + + $code = get_param('code'); + $state = get_param('state'); + + # Recommended security checks + # https://oauth2-client.thephpleague.com/usage/ + if (isset($_SESSION['oauth_state']) && $state !== $_SESSION['oauth_state']) { + if (isset($_SESSION['oauth_state'])) { + unset($_SESSION['oauth_state']); + } + throw blogmarks::http_error(400, 'Invalid state.'); + } + + # error_log("access_token:$access_token"); + $_SESSION['oauth_access_token'] = $oauth->access_token($code); + + return redirect('/oauth/membership'); +} + +else if (url_is('/oauth/membership')) { + $access_token = $_SESSION['oauth_access_token']; + + $authenticated_user = $oauth->authenticated_user($access_token); + if (empty($authenticated_user)) { + return redirect('/oauth/connect'); + } + + # error_log(json_encode($authenticated_user)); + $_SESSION['oauth_authenticated_user'] = $authenticated_user; + + $member_of = $authenticated_user['memberOf']['nodes']; + # If member of blogmarks on Open Collective + if (!empty($member_of)) { + $user = table('users')->get_one('email', $authenticated_user['email']); + # If user found + if ($user) { + signin($user); + return redirect(get_param('redirect_url', '/my/')); + } + } + + title(_('Membership')); + return render('oauth/membership'); +} + +else { + return unknown_url(); +} diff --git a/application/partials/top.partial.php b/application/partials/top.partial.php index cc93c60..39ec76c 100644 --- a/application/partials/top.partial.php +++ b/application/partials/top.partial.php @@ -20,11 +20,15 @@ / - - - / + + + + + + / + + -