wip

1 files changed, 178 insertions, 0 deletions

diff --git a/controller/oauthcontroller.php b/controller/oauthcontroller.php
new file mode 100644
index 0000000..cb20832
--- /dev/null
+++ b/controller/oauthcontroller.php
@@ -0,0 +1,178 @@
+<?php
+/**
+ * Part of grauphel
+ *
+ * PHP version 5
+ *
+ * @category  Tools
+ * @package   Grauphel
+ * @author    Christian Weiske <cweiske@cweiske.de>
+ * @copyright 2014 Christian Weiske
+ * @license   http://www.gnu.org/licenses/agpl.html GNU AGPL v3
+ * @link      http://cweiske.de/grauphel.htm
+ */
+namespace OCA\Grauphel\Controller;
+use \OCP\AppFramework\Controller;
+
+/**
+ * OAuth handling
+ *
+ * @category  Tools
+ * @package   Grauphel
+ * @author    Christian Weiske <cweiske@cweiske.de>
+ * @copyright 2014 Christian Weiske
+ * @license   http://www.gnu.org/licenses/agpl.html GNU AGPL v3
+ * @version   Release: @package_version@
+ * @link      http://cweiske.de/grauphel.htm
+ */
+class OAuthController extends Controller
+{
+    /**
+     * Handle out an access token after verifying the verification token
+     * OAuth step 3 of 3
+     */
+    public function accessTokenAction()
+    {
+        $oauth = new OAuth();
+        $oauth->setDeps($this->deps);
+
+        try {
+            $provider = new \OAuthProvider();
+            $oauth->registerHandler($provider)
+                ->registerVerificationTokenHandler($provider);
+            $provider->checkOAuthRequest($this->deps->urlGen->oauthAccessToken());
+
+            $token = $this->deps->tokens->loadAndDelete('verify', $provider->token);
+
+            $newToken = new OAuth_Token('access');
+            $newToken->tokenKey = 'a' . bin2hex($provider->generateToken(8));
+            $newToken->secret   = 's' . bin2hex($provider->generateToken(8));
+            $newToken->user     = $token->user;
+            $this->deps->tokens->store($newToken);
+
+            $this->deps->renderer->sendFormData(
+                array(
+                    'oauth_token'        => $newToken->tokenKey,
+                    'oauth_token_secret' => $newToken->secret,
+                )
+            );
+            exit(0);
+        } catch (\OAuthException $e) {
+            $oauth->error($e);
+        }
+    }
+
+    /**
+     * Log the user in and let him authorize that the app may access notes
+     * OAuth step 2 of 3
+     */
+    public function authorizeAction()
+    {
+        $oauth = new OAuth();
+        $oauth->setDeps($this->deps);
+
+        if (!isset($_REQUEST['oauth_token'])) {
+            $this->deps->renderer->errorOut('oauth_token missing');
+        }
+        if (!$oauth->validateToken($_REQUEST['oauth_token'])) {
+            $this->deps->renderer->errorOut('Invalid token string');
+        }
+
+        $reqToken = $_REQUEST['oauth_token'];
+
+        try {
+            $token = $this->deps->tokens->load('temp', $reqToken);
+        } catch (OAuth_Exception $e) {
+            $this->deps->renderer->errorOut($e->getMessage());
+        }
+
+        $authState = $this->deps->frontend->doAuthorize(
+            $this->deps->urlGen->current()
+        );
+        if ($authState === null) {
+            //this should not happen; doAuthorize() must block
+            exit(1);
+        }
+
+        try {
+            $token = $this->deps->tokens->loadAndDelete('temp', $reqToken);
+        } catch (OAuth_Exception $e) {
+            $this->deps->renderer->errorOut($e->getMessage());
+        }
+
+        if ($authState === false) {
+            //user declined
+
+            //http://wiki.oauth.net/w/page/12238543/ProblemReporting
+            $callback = $this->deps->urlGen->addParams(
+                $token->callback,
+                array(
+                    'oauth_token'   => $token->tokenKey,
+                    'oauth_problem' => 'permission_denied',
+                )
+            );
+            header('Location: ' . $callback, true, 302);
+            exit(0);
+        }
+
+        //the user is logged in and authorized
+        $provider = new \OAuthProvider();
+
+        $newToken = new OAuth_Token('verify');
+        $newToken->tokenKey = $token->tokenKey;
+        $newToken->secret   = $token->secret;
+        $newToken->verifier = 'v' . bin2hex($provider->generateToken(8));
+        $newToken->user     = $this->deps->frontend->getUser();
+
+        $this->deps->tokens->store($newToken);
+
+        //redirect
+        //FIXME: if no callback is given, show the token to the user
+        $callback = $this->deps->urlGen->addParams(
+            $token->callback,
+            array(
+                'oauth_token'    => $newToken->tokenKey,
+                'oauth_verifier' => $newToken->verifier
+            )
+        );
+
+        header('Location: ' . $callback, true, 302);
+        exit();
+    }
+
+    /**
+     * Create and return a request token.
+     * OAuth step 1 of 3
+     */
+    public function requestTokenAction()
+    {
+        $oauth = new OAuth();
+        $oauth->setDeps($this->deps);
+
+        try {
+            $provider = new \OAuthProvider();
+            $oauth->registerHandler($provider);
+            $provider->isRequestTokenEndpoint(true);
+            $provider->checkOAuthRequest($this->deps->urlGen->oauthRequestToken());
+
+            //store token + callback URI for later
+            $token = new OAuth_Token('temp');
+            $token->tokenKey = 'r' . bin2hex($provider->generateToken(8));
+            $token->secret   = 's' . bin2hex($provider->generateToken(8));
+            $token->callback = $provider->callback;
+
+            $this->deps->tokens->store($token);
+
+            $this->deps->renderer->sendFormData(
+                array(
+                    'oauth_token'              => $token->tokenKey,
+                    'oauth_token_secret'       => $token->secret,
+                    'oauth_callback_confirmed' => 'TRUE'
+                )
+            );
+        } catch (\OAuthException $e) {
+            $oauth->error($e);
+        }
+    }
+}
+?>