From 3bbb57709cd1bfe101783f9a49e563cb03415ac9 Mon Sep 17 00:00:00 2001
From: Erik Amaru Ortiz <aortiz.erik@gmail.com>
Date: Tue, 22 Oct 2013 11:17:48 -0400
Subject: [PATCH] Updates for OAuth2 support

---
 workflow/engine/controllers/adminProxy.php    | 15 ++++-
 workflow/engine/methods/oauth2/authorize.php  |  9 +--
 workflow/engine/methods/oauth2/grant.php      | 35 ++++++++++
 .../engine/methods/services/oauth2_grant.php  | 51 --------------
 workflow/engine/services/oauth2/Server.php    |  2 +-
 .../engine/templates/admin/maintenance.html   |  4 +-
 .../engine/templates/oauth2/authorize.php     | 66 +++++++------------
 7 files changed, 80 insertions(+), 102 deletions(-)
 create mode 100644 workflow/engine/methods/oauth2/grant.php
 delete mode 100644 workflow/engine/methods/services/oauth2_grant.php

diff --git a/workflow/engine/controllers/adminProxy.php b/workflow/engine/controllers/adminProxy.php
index 985d1e9cd..ec4a48feb 100644
--- a/workflow/engine/controllers/adminProxy.php
+++ b/workflow/engine/controllers/adminProxy.php
@@ -1293,13 +1293,26 @@ class adminProxy extends HttpProxyController
                 $pmRestClient->delete();
             }
 
+            $http = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
+            $lang = defined( 'SYS_LANG' ) ? SYS_LANG : 'en';
+            $host = $_SERVER['SERVER_NAME'] . ($_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : '');
+
+            $endpoint = sprintf(
+                '%s://%s/sys%s/%s/%s/oauth2/grant',
+                $http,
+                $host,
+                SYS_SYS,
+                $lang,
+                SYS_SKIN
+            );
+
             $oauthClients = new OauthClients();
             $oauthClients->setClientId('x-pm-local-client');
             $oauthClients->setClientSecret('179ad45c6ce2cb97cf1029e212046e81');
             $oauthClients->setClientName('PM Web Designer');
             $oauthClients->setClientDescription('ProcessMaker Web Designer App');
             $oauthClients->setClientWebsite('www.processmaker.com');
-            $oauthClients->setRedirectUri('http://pmos/sysworkflow/en/neoclassic/services/oauth2_grant');
+            $oauthClients->setRedirectUri($endpoint);
             $oauthClients->save();
 
             $result['success'] = true;
diff --git a/workflow/engine/methods/oauth2/authorize.php b/workflow/engine/methods/oauth2/authorize.php
index b6a9bb730..3090ba1bc 100644
--- a/workflow/engine/methods/oauth2/authorize.php
+++ b/workflow/engine/methods/oauth2/authorize.php
@@ -4,6 +4,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
         $G_PUBLISH = new Publisher();
 
         $G_PUBLISH->AddContent( 'view', 'oauth2/authorize' );
+        $erik = 'neyek';
 
         G::RenderPage('publish', 'minimal');
     break;
@@ -24,11 +25,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
 
         $response = $oauthServer->postAuthorize($authorize, $userid, true);
 
-        $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
+        //$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
 
-        echo 'session_id ' . session_id() . '<br>';
-        exit("SUCCESS! ==>  Authorization Code: $code");
+        //echo 'session_id ' . session_id() . '<br>';
+        //exit("SUCCESS! ==>  Authorization Code: $code");
 
-        //die($response->send());
+        die($response->send());
     break;
 }
\ No newline at end of file
diff --git a/workflow/engine/methods/oauth2/grant.php b/workflow/engine/methods/oauth2/grant.php
new file mode 100644
index 000000000..e2ddcfad1
--- /dev/null
+++ b/workflow/engine/methods/oauth2/grant.php
@@ -0,0 +1,35 @@
+<?php
+
+G::pr($_GET);
+
+if (! empty($_GET['error'])) {
+    G::pr($_GET);
+    die();
+}
+
+$http = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
+$host = $_SERVER['SERVER_NAME'] . ($_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : '');
+$endpoint = sprintf('%s://%s/api/1.0/%s/token', $http, $host, SYS_SYS);
+$code = empty($_GET['code']) ? 'NN' : $_GET['code'];
+
+$clientId = 'x-pm-local-client';
+$secret = '179ad45c6ce2cb97cf1029e212046e81';
+
+$data = array(
+    'grant_type' => 'authorization_code',
+    'code' => $code
+);
+
+$ch = curl_init($endpoint);
+
+curl_setopt($ch, CURLOPT_HEADER, false);
+curl_setopt($ch, CURLOPT_USERPWD, "$clientId:$secret");
+curl_setopt($ch, CURLOPT_TIMEOUT, 30);
+curl_setopt($ch, CURLOPT_POST, 1);
+curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+$data = @json_decode(curl_exec($ch));
+curl_close($ch);
+
+G::pr((array) $data);
\ No newline at end of file
diff --git a/workflow/engine/methods/services/oauth2_grant.php b/workflow/engine/methods/services/oauth2_grant.php
deleted file mode 100644
index b17278580..000000000
--- a/workflow/engine/methods/services/oauth2_grant.php
+++ /dev/null
@@ -1,51 +0,0 @@
-<?php
-
-if (! empty($_GET['error'])) {
-    echo '<h1>'.$_GET['error'] . '</h1><br/>';
-    die($_GET['error_description']);
-}
-
-
-$host = 'http://pmos/api/1.0/workflow/token';
-$code = empty($_GET['code']) ? 'NN' : $_GET['code'];
-
-$clientId = 'x-pm-local-client';
-$secret = '179ad45c6ce2cb97cf1029e212046e81';
-
-$data = array(
-    'grant_type' => 'authorization_code',
-    'code' => $code
-);
-
-$ch = curl_init($host);
-//curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
-curl_setopt($ch, CURLOPT_HEADER, false);
-curl_setopt($ch, CURLOPT_USERPWD, "$clientId:$secret");
-curl_setopt($ch, CURLOPT_TIMEOUT, 30);
-curl_setopt($ch, CURLOPT_POST, 1);
-curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
-curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-
-$data = @json_decode(curl_exec($ch));
-
-if (is_object($data)) {
-    /*$data = (array) $data;
-    require_once PATH_CORE . 'classes/model/DesignerOauthAccessTokens.php';
-
-    $model = new DesignerOauthAccessTokens();
-    $model->setAccessToken($data['access_token']);
-    $model->setExpires($data['expires_in']);
-    $model->setTokenType($data['token_type']);
-    $model->setScope($data['scope']);
-    $model->setRefreshToken($data['refresh_token']);
-    $model->setClientId($clientId);
-    $model->setUserId($_SESSION['USER_LOGGED']);
-
-    $model->save();*/
-}
-
-echo '<pre>';
-//print_r($_SESSION);
-print_r($data);
-
-curl_close($ch);
\ No newline at end of file
diff --git a/workflow/engine/services/oauth2/Server.php b/workflow/engine/services/oauth2/Server.php
index 8830d1cb5..7a0a10d74 100644
--- a/workflow/engine/services/oauth2/Server.php
+++ b/workflow/engine/services/oauth2/Server.php
@@ -195,7 +195,7 @@ class Server implements iAuthenticate
             return $allowed;
         }
 
-        // making a partcular session verification for PM Web Designer Client
+        // making a local session verification for PM Web Designer Client
         if (! isset($_SESSION) || ! array_key_exists('USER_LOGGED', $_SESSION)) {
             return false;
         }
diff --git a/workflow/engine/templates/admin/maintenance.html b/workflow/engine/templates/admin/maintenance.html
index 1be3b0d9a..19fa3df9b 100644
--- a/workflow/engine/templates/admin/maintenance.html
+++ b/workflow/engine/templates/admin/maintenance.html
@@ -32,7 +32,9 @@ function main()
         enableColumnResize: false,
         enableHdMenu: false,
         disableSelection: true,
-        loading: true,
+        trackMouseOver:false,
+        columnLines: true,
+        loadMask: true,
         store : store,
         columns : [
             {
diff --git a/workflow/engine/templates/oauth2/authorize.php b/workflow/engine/templates/oauth2/authorize.php
index 569c62289..677b6d4e1 100644
--- a/workflow/engine/templates/oauth2/authorize.php
+++ b/workflow/engine/templates/oauth2/authorize.php
@@ -33,20 +33,17 @@ $response = array(
 
 ?>
 
-
 <table width="100%" cellspacing="0" cellpadding="0" border="0">
-    <tbody><tr>
-        <td width="100%" style="height:25px">
-        </td>
+    <tbody>
+    <tr>
+        <td width="100%" style="height:25px"></td>
     </tr>
     <tr>
         <td width="100%" align="center">
-
             <table width="100%" cellspacing="0" cellpadding="0" border="0" style="padding-top: 3px">
                 <tbody><tr>
                     <td align="center">
                         <div align="center" style="; margin:0px;" id="publisherContent[0]">
-
                             <form  style="margin:0px;" enctype="multipart/form-data" method="post" class="formDefault" action="authorize?<?php echo $response['query_string']?>" name="authorizeForm" id="authorizeForm">
                                 <div style="width:400px; padding-left:0; padding-right:0; border-width:1;" class="borderForm">
                                     <div class="boxTop"><div class="a"></div><div class="b"></div><div class="c"></div></div>
@@ -54,7 +51,6 @@ $response = array(
                                         <table width="99%">
                                             <tbody><tr>
                                                 <td valign="top">
-
                                                     <table width="100%" cellspacing="0" cellpadding="0" border="0">
                                                         <tbody>
                                                         <tr>
@@ -64,56 +60,37 @@ $response = array(
                                                                 </span>
                                                             </td>
                                                         </tr>
-
-
                                                         <tr>
                                                             <td align="" colspan="2" class="FormSubTitle">
                                                                 <span name="form[TITLE]" id="form[TITLE]">
+                                                                    <ul>
+                                                                        <?php foreach($response['requestedScope'] as $scope) {?>
+                                                                        <li><?php echo $response['supportedScope'][$scope] ?></li>
+                                                                        <?php } ?>
+                                                                    </ul>
+                                                                    <p>It will use this data to:</p>
+                                                                    <ul>
+                                                                        <li>integrate with ProcessMaker</li>
+                                                                        <li>miscellaneous purposes</li>
+                                                                    </ul>
 
-                                                        <ul>
-                                                            <?php foreach($response['requestedScope'] as $scope) {?>
-                                                                <li><?php echo $response['supportedScope'][$scope] ?></li>
-                                                            <?php } ?>
-                                                        </ul>
-                                                        <p>It will use this data to:</p>
-                                                        <ul>
-                                                            <li>integrate with ProcessMaker</li>
-                                                            <li>make your life better</li>
-                                                            <li>miscellaneous nefarious purposes</li>
-                                                        </ul>
-
-                                                            <div align="center">
-
-                                                                <input type="submit" value="Yes, I Authorize This Request" name="authorize" class="module_app_button___gray " value="1">
-                                                                <input type="button" value="Reject this Request" name="reject_btn" id="reject_btn" class="module_app_button___gray " onclick="doSubmit()">
-                                                                <input type="hidden" name="authorize" id="authorize" value="1">
-
-                                                            </div>
-
-
+                                                                    <div align="center">
+                                                                        <input type="submit" value="Yes, I Authorize This Request" name="authorize" class="module_app_button___gray " value="1">
+                                                                        <input type="button" value="Reject this Request" name="reject_btn" id="reject_btn" class="module_app_button___gray " onclick="doSubmit()">
+                                                                        <input type="hidden" name="authorize" id="authorize" value="1">
+                                                                    </div>
                                                                 </span>
                                                             </td>
                                                         </tr>
-
-
-
-
-
-
-
                                                         </tbody>
                                                     </table>
                                                 </td>
                                             </tr>
-                                            </tbody></table>
+                                            </tbody>
+                                        </table>
                                     </div>
                                     <div class="boxBottom"><div class="a"></div><div class="b"></div><div class="c"></div></div>
                                 </div>
-
-
-
-
-
                             </form>
                         </div>
                     </td>
@@ -122,7 +99,8 @@ $response = array(
             </table>
         </td>
     </tr>
-    </tbody></table>
+    </tbody>
+</table>
 
 
 <script>