+ public function run($server, $user, $newKey, $force)
+ {
+ $host = $this->getHost($newKey != '' ? $newKey : $server, $force);
+ if ($host === null) {
+ //already taken
+ return;
+ }
+ if ($host->endpoints->incomplete()) {
+ $host->server = $server;
+ $host->loadEndpoints();
+ }
+
+ list($redirect_uri, $socketStr) = $this->getHttpServerData();
+ $state = time();
+ echo "To authenticate, open the following URL:\n"
+ . $this->getBrowserAuthUrl($host, $user, $redirect_uri, $state)
+ . "\n";
+
+ $authParams = $this->startHttpServer($socketStr);
+ if ($authParams['state'] != $state) {
+ Log::err('Wrong "state" parameter value: ' . $authParams['state']);
+ exit(2);
+ }
+ $code = $authParams['code'];
+ $userUrl = $authParams['me'];
+ $this->verifyAuthCode($host, $code, $state, $redirect_uri, $userUrl);
+
+ $accessToken = $this->fetchAccessToken(
+ $host, $userUrl, $code, $redirect_uri, $state
+ );
+
+ //all fine. update config
+ $host->user = $userUrl;
+ $host->token = $accessToken;
+
+ if ($newKey != '') {
+ $hostKey = $newKey;
+ } else {
+ $hostKey = $this->cfg->getHostByName($server);
+ if ($hostKey === null) {
+ $keyBase = parse_url($host->server, PHP_URL_HOST);
+ $newKey = $keyBase;
+ $count = 0;
+ while (isset($this->cfg->hosts[$newKey])) {
+ $newKey = $keyBase . ++$count;
+ }
+ $hostKey = $newKey;
+ }
+ }
+ $this->cfg->hosts[$hostKey] = $host;
+ $this->cfg->save();
+ echo "Server configuration $hostKey saved successfully.\n";
+ }
+
+ protected function fetchAccessToken(
+ $host, $userUrl, $code, $redirect_uri, $state
+ ) {
+ $req = new \HTTP_Request2($host->endpoints->token, 'POST');
+ if (version_compare(PHP_VERSION, '5.6.0', '<')) {
+ //correct ssl validation on php 5.5 is a pain, so disable
+ $req->setConfig('ssl_verify_host', false);
+ $req->setConfig('ssl_verify_peer', false);
+ }
+ $req->setHeader('Content-Type: application/x-www-form-urlencoded');
+ $req->setBody(
+ http_build_query(
+ [
+ 'me' => $userUrl,
+ 'code' => $code,
+ 'redirect_uri' => $redirect_uri,
+ 'client_id' => static::$client_id,
+ 'state' => $state,
+ ]
+ )
+ );
+ $res = $req->send();
+ if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') {
+ Log::err('Wrong content type in auth verification response');
+ exit(2);
+ }
+ parse_str($res->getBody(), $tokenParams);
+ if (!isset($tokenParams['access_token'])) {
+ Log::err('"access_token" missing');
+ exit(2);
+ }
+
+ $accessToken = $tokenParams['access_token'];
+ return $accessToken;
+ }
+
+ protected function getBrowserAuthUrl($host, $user, $redirect_uri, $state)
+ {
+ return $host->endpoints->authorization
+ . '?me=' . urlencode($user)
+ . '&client_id=' . urlencode(static::$client_id)
+ . '&redirect_uri=' . urlencode($redirect_uri)
+ . '&state=' . $state
+ . '&scope=post'
+ . '&response_type=code';
+ }
+
+ protected function getHost($keyOrServer, $force)
+ {
+ $host = new Config_Host();
+ $key = $this->cfg->getHostByName($keyOrServer);
+ if ($key !== null) {
+ $host = $this->cfg->hosts[$key];
+ if (!$force && $host->token != '') {
+ Log::err('Token already available');
+ return;
+ }
+ }
+ return $host;
+ }
+
+ protected function getHttpServerData()
+ {
+ $ip = '127.0.0.1';
+ $port = 12345;
+
+ if (isset($_SERVER['SSH_CONNECTION'])) {
+ $parts = explode(' ', $_SERVER['SSH_CONNECTION']);
+ if (count($parts) >= 3) {
+ $ip = $parts[2];
+ }
+ }
+ if (strpos($ip, ':') !== false) {
+ //ipv6
+ $ip = '[' . $ip . ']';
+ }
+
+ $redirect_uri = 'http://' . $ip . ':' . $port . '/callback';
+ $socketStr = 'tcp://' . $ip . ':' . $port;
+ return [$redirect_uri, $socketStr];
+ }
+
+ protected function verifyAuthCode($host, $code, $state, $redirect_uri, $me)
+ {
+ $req = new \HTTP_Request2($host->endpoints->authorization, 'POST');
+ if (version_compare(PHP_VERSION, '5.6.0', '<')) {
+ //correct ssl validation on php 5.5 is a pain, so disable
+ $req->setConfig('ssl_verify_host', false);
+ $req->setConfig('ssl_verify_peer', false);
+ }
+ $req->setHeader('Content-Type: application/x-www-form-urlencoded');
+ $req->setBody(
+ http_build_query(
+ [
+ 'code' => $code,
+ 'state' => $state,
+ 'client_id' => static::$client_id,
+ 'redirect_uri' => $redirect_uri,
+ ]
+ )
+ );
+ $res = $req->send();
+ if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') {
+ Log::err('Wrong content type in auth verification response');
+ exit(2);
+ }
+ parse_str($res->getBody(), $verifiedParams);
+ if (!isset($verifiedParams['me'])
+ || $verifiedParams['me'] !== $me
+ ) {
+ Log::err('Non-matching "me" values');
+ exit(2);
+ }
+ }
+
+ protected function startHttpServer($socketStr)