From b752c4e5b806edf25316202c652e4e38ab0379af Mon Sep 17 00:00:00 2001
From: qronald <ronald.quenta@processmaker.com>
Date: Thu, 18 May 2017 11:57:56 -0400
Subject: [PATCH 1/2] HOR-3056

---
 .../engine/src/ProcessMaker/Util/System.php   | 80 ++++++++++++++++++-
 1 file changed, 79 insertions(+), 1 deletion(-)

diff --git a/workflow/engine/src/ProcessMaker/Util/System.php b/workflow/engine/src/ProcessMaker/Util/System.php
index 25ba3c2aa..087d83100 100644
--- a/workflow/engine/src/ProcessMaker/Util/System.php
+++ b/workflow/engine/src/ProcessMaker/Util/System.php
@@ -1,12 +1,19 @@
 <?php
 namespace ProcessMaker\Util;
 
+use \ProcessMaker\Services\OAuth2\PmPdo;
+use \ProcessMaker\Services\OAuth2\Server;
+use \OAuth2\Request;
+
 class System
 {
+    const CLIENT_ID = 'x-pm-local-client';
+
     /**
      * Get Time Zone
      *
      * @return string Return Time Zone
+     * @throws \Exception
      */
     public static function getTimeZone()
     {
@@ -19,5 +26,76 @@ class System
             throw $e;
         }
     }
-}
 
+    /**
+     * Get Token with USER_LOGGED saved in $_SESSION
+     *
+     * @return array
+     */
+    public static function token()
+    {
+        $client = self::getClientCredentials();
+
+        $authCode = self::getAuthorizationCode($client);
+
+        $loader = \Maveriks\Util\ClassLoader::getInstance();
+        $loader->add(PATH_TRUNK . 'vendor/bshaffer/oauth2-server-php/src/', "OAuth2");
+
+        $request = array(
+            'grant_type' => 'authorization_code',
+            'code' => $authCode
+        );
+        $server = array(
+            'REQUEST_METHOD' => 'POST'
+        );
+        $headers = array(
+            "PHP_AUTH_USER" => $client['CLIENT_ID'],
+            "PHP_AUTH_PW" => $client['CLIENT_SECRET'],
+            "Content-Type" => "multipart/form-data;",
+            "Authorization" => "Basic " . base64_encode($client['CLIENT_ID'] . ":" . $client['CLIENT_SECRET'])
+        );
+
+        $request = new Request(array(), $request, array(), array(), array(), $server, null, $headers);
+        $oauthServer = new Server();
+        $response = $oauthServer->postToken($request, true);
+        $clientToken = $response->getParameters();
+        $clientToken["client_id"] = $client['CLIENT_ID'];
+        $clientToken["client_secret"] = $client['CLIENT_SECRET'];
+        return $clientToken;
+    }
+
+    protected function getClientCredentials()
+    {
+        $oauthQuery = new PmPdo(self::getDsn());
+        return $oauthQuery->getClientDetails(self::CLIENT_ID);
+    }
+
+    protected function getDsn()
+    {
+        list($host, $port) = strpos(DB_HOST, ':') !== false ? explode(':', DB_HOST) : array(DB_HOST, '');
+        $port = empty($port) ? '' : ";port=$port";
+        $dsn = DB_ADAPTER . ':host=' . $host . ';dbname=' . DB_NAME . $port;
+
+        return array('dsn' => $dsn, 'username' => DB_USER, 'password' => DB_PASS);
+    }
+
+    protected function getAuthorizationCode($client)
+    {
+        Server::setDatabaseSource(self::getDsn());
+        Server::setPmClientId($client['CLIENT_ID']);
+
+        $oauthServer = new Server();
+
+        $userId = $_SESSION['USER_LOGGED'];
+        $authorize = true;
+        $_GET = array_merge($_GET, array(
+            'response_type' => 'code',
+            'client_id' => $client['CLIENT_ID'],
+            'scope' => implode(' ', $oauthServer->getScope())
+        ));
+
+        $response = $oauthServer->postAuthorize($authorize, $userId, true);
+        $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
+        return $code;
+    }
+}

From 8cc1b16f286a556605edaad049290412aa5aec65 Mon Sep 17 00:00:00 2001
From: qronald <ronald.quenta@processmaker.com>
Date: Mon, 22 May 2017 09:52:17 -0400
Subject: [PATCH 2/2] change name function and add comments

---
 .../engine/src/ProcessMaker/Util/System.php   | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/workflow/engine/src/ProcessMaker/Util/System.php b/workflow/engine/src/ProcessMaker/Util/System.php
index 087d83100..754ab1eb7 100644
--- a/workflow/engine/src/ProcessMaker/Util/System.php
+++ b/workflow/engine/src/ProcessMaker/Util/System.php
@@ -32,11 +32,11 @@ class System
      *
      * @return array
      */
-    public static function token()
+    public static function tokenUserLogged()
     {
         $client = self::getClientCredentials();
 
-        $authCode = self::getAuthorizationCode($client);
+        $authCode = self::getAuthorizationCodeUserLogged($client);
 
         $loader = \Maveriks\Util\ClassLoader::getInstance();
         $loader->add(PATH_TRUNK . 'vendor/bshaffer/oauth2-server-php/src/', "OAuth2");
@@ -64,12 +64,20 @@ class System
         return $clientToken;
     }
 
+    /**
+     * Get client credentials
+     * @return array
+     */
     protected function getClientCredentials()
     {
         $oauthQuery = new PmPdo(self::getDsn());
         return $oauthQuery->getClientDetails(self::CLIENT_ID);
     }
 
+    /**
+     * Get DNS of workspace
+     * @return array
+     */
     protected function getDsn()
     {
         list($host, $port) = strpos(DB_HOST, ':') !== false ? explode(':', DB_HOST) : array(DB_HOST, '');
@@ -79,7 +87,12 @@ class System
         return array('dsn' => $dsn, 'username' => DB_USER, 'password' => DB_PASS);
     }
 
-    protected function getAuthorizationCode($client)
+    /**
+     * Get authorization code for user logged in session
+     * @param $client
+     * @return bool|string
+     */
+    protected function getAuthorizationCodeUserLogged($client)
     {
         Server::setDatabaseSource(self::getDsn());
         Server::setPmClientId($client['CLIENT_ID']);