Improvement for OAuth2 Server. Implicit, Resource Owner Password and Client Credentials were added, and refactoring of oauth2 endpoints

workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php

@@ -2,6 +2,7 @@
 namespace ProcessMaker\Services\OAuth2;
 
 use Luracast\Restler\iAuthenticate;
+use Luracast\Restler\RestException;
 
 
 /**
@@ -28,6 +29,7 @@ class Server implements iAuthenticate
     protected static $dbUser;
     protected static $dbPassword;
     protected static $dsn;
+    protected static $workspace;
 
     public function __construct()
     {
@@ -35,7 +37,8 @@ class Server implements iAuthenticate
 
         $this->scope = array(
             'view_processes' => 'View Processes',
-            'edit_processes' => 'Edit Processes'
+            'edit_processes' => 'Edit Processes',
+            '*' => '*'
         );
 
         // $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
@@ -44,7 +47,7 @@ class Server implements iAuthenticate
         $this->storage = new PmPdo($config);
 
         // Pass a storage object or array of storage objects to the OAuth2 server class
-        $this->server = new \OAuth2\Server($this->storage);
+        $this->server = new \OAuth2\Server($this->storage, array('allow_implicit' => true));
 
         $this->server->setConfig('enforce_state', false);
 
@@ -52,14 +55,21 @@ class Server implements iAuthenticate
         $this->server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->storage));
 
         // Add the "Client Credentials" grant type (it is the simplest of the grant types)
-        //$this->server->addGrantType(new \OAuth2\GrantType\ClientCredentials($this->storage));
+        $this->server->addGrantType(new \OAuth2\GrantType\ClientCredentials($this->storage));
 
         // Add the "Refresh token" grant type
         $this->server->addGrantType(new \OAuth2\GrantType\RefreshToken($this->storage));
 
-        $scope = new \OAuth2\Scope(array(
-            'supported_scopes' => array_keys($this->scope)
-        ));
+        // create some users in memory
+        //$users = array('bshaffer' => array('password' => 'brent123', 'first_name' => 'Brent', 'last_name' => 'Shaffer'));
+        // create a storage object
+        //$storage = new \OAuth2\Storage\Memory(array('user_credentials' => $users));
+        // create the grant type
+        $grantType = new \OAuth2\GrantType\UserCredentials($this->storage);
+        // add the grant type to your OAuth server
+        $this->server->addGrantType($grantType);
+
+        $scope = new \OAuth2\Scope(array('supported_scopes' => array_keys($this->scope)));
         $this->server->setScopeUtil($scope);
     }
 
@@ -76,6 +86,28 @@ class Server implements iAuthenticate
         }
     }
 
+    public static function setWorkspace($workspace)
+    {
+        self::$workspace = $workspace;
+    }
+
+    public function index()
+    {
+        $http = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
+        $host = $_SERVER['SERVER_NAME'] . ($_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : '');
+        $host = $http .'://'. $host;
+
+        $applicationsLink = sprintf('%s/%s/oauth2/apps', $host, SYS_SYS);
+        $authorizationLink = sprintf('%s/%s/oauth2/authorize?response_type=code&client_id=[the-client-id]&scope=*', $host, SYS_SYS);
+
+        $view = new \Maveriks\Pattern\Mvc\SmartyView(PATH_CORE . "templates/oauth2/index.html");
+        $view->assign('host', $host);
+        $view->assign('workspace', self::$workspace);
+
+        $view->render();
+    }
+
+
     /**
      * @view oauth2/server/register.php
      * @format HtmlFormat
@@ -91,25 +123,53 @@ class Server implements iAuthenticate
      *
      * User responds by accepting or denying
      *
-     * @view oauth2/server/authorize.php
-     * @format HtmlFormat
      */
     public function authorize()
     {
-        $clientId = \OAuth2\Request::createFromGlobals()->query('client_id', '');
-        $requestedScope = \OAuth2\Request::createFromGlobals()->query('scope', '');
-        $requestedScope = empty($requestedScope) ? array() : explode(' ', $requestedScope);
+        session_start();
 
-        if (! empty($clientId)) {
-            $clientDetails = $this->storage->getClientDetails(\OAuth2\Request::createFromGlobals()->query('client_id'));
+        if (! isset($_SESSION['USER_LOGGED'])) {
+            $http = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
+            $host = $http . '://' . $_SERVER['SERVER_NAME'] . ($_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : '');
+            $redirect = urlencode($host.'/'.self::$workspace.$_SERVER['REQUEST_URI']);
+
+            $loginLink = sprintf('%s/sys%s/%s/%s/login/login?u=%s', $host, SYS_SYS, SYS_LANG, SYS_SKIN, $redirect);
+            header('location: ' . $loginLink);
+            die;
         }
 
-        return array(
-            'client_details' => $clientDetails,
-            'query_string'   => $_SERVER['QUERY_STRING'],
-            'supportedScope' => $this->scope,
-            'requestedScope' => $requestedScope
+        $this->scope = array(
+            'view_processes' => 'View Processes',
+            'edit_processes' => 'Edit Processes'
         );
+
+        if (! array_key_exists('client_id', $_GET)) {
+            throw new RestException(400, "Invalid request. The 'client_id' parameter is missing!");
+        }
+        if (! array_key_exists('response_type', $_GET)) {
+            throw new RestException(400, "Invalid request. The 'response_type' parameter is missing!");
+        }
+
+        $clientId = $_GET['client_id'];
+        $requestedScope = isset($_GET['scope']) ? $_GET['scope'] : '*';
+        $requestedScope = empty($requestedScope) ? array() : explode(' ', $requestedScope);
+        $client = $this->storage->getClientDetails($clientId);;
+
+        if (empty($client)) {
+            // throw error, client does not exist.
+            throw new RestException(400, "Error, unknown client. The client with id '".$clientId."' is not registered");
+        }
+
+        //echo '<pre>';print_r($client); echo '</pre>'; die;
+        $client = array('name' => $client['client_name'], 'desc' => $client['client_description']);
+        $user = array('name' => $_SESSION['USR_FULLNAME']);
+
+        $view = new \Maveriks\Pattern\Mvc\SmartyView(PATH_CORE . "templates/oauth2/authorize.html");
+        $view->assign('user', $user);
+        $view->assign('client', $client);
+        $view->assign('postUri', '/' . SYS_SYS . '/oauth2/authorize?' . $_SERVER['QUERY_STRING']);
+        $view->render();
+        exit();
     }
 
     /**
@@ -120,15 +180,19 @@ class Server implements iAuthenticate
      *
      * On success authorization code is sent along
      *
-     *
-     * @param bool $authorize
-     * @param string $userId optional user id
-     * @param bool $returnResponse optional flag to specify if the function should return the Response object
-     * @return \OAuth2\ResponseInterface
      * @format JsonFormat,UploadFormat
      */
-    public function postAuthorize($authorize = false, $userId = null, $returnResponse = false)
+    public function postAuthorize()
     {
+        session_start();
+
+        if (! isset($_SESSION['USER_LOGGED'])) {
+            throw new RestException(400, "Local Authentication Error, user session is not started.");
+        }
+
+        $userId = $_SESSION['USER_LOGGED'];
+        $authorize = array_key_exists('cancel', $_REQUEST)? false: true;
+
         $request = \OAuth2\Request::createFromGlobals();
         $response = new \OAuth2\Response();
 
@@ -139,10 +203,6 @@ class Server implements iAuthenticate
             $userId
         );
 
-        if ($returnResponse) {
-            return $response;
-        }
-
         die($response->send());
     }