gnu-social/plugins/OAuth2/Controller/Authorize.php

<?php

declare(strict_types = 1);

// {{{ License
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social.  If not, see <http://www.gnu.org/licenses/>.
// }}}

/**
 * OAuth2 implementation for GNU social
 *
 * @package   OAuth2
 * @category  API
 *
 * @author    Diogo Peralta Cordeiro <mail@diogo.site>
 * @author    Hugo Sales <hugo@hsal.es>
 * @copyright 2022 Free Software Foundation, Inc http://www.fsf.org
 * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
 */

namespace Plugin\OAuth2\Controller;

use App\Core\Controller;
use App\Util\Common;
use App\Util\Exception\NotFoundException;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use Nyholm\Psr7\Factory\Psr17Factory;
use Plugin\OAuth2\OAuth2;
use Psr\Http\Message\ResponseFactoryInterface;
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestStack;

class Authorize extends Controller
{
    public function __construct(
        RequestStack $stack,
        private ResponseFactoryInterface $response_factory,
    ) {
        parent::__construct($stack);
    }

    public function handle(Request $request)
    {
        // @var \League\OAuth2\Server\AuthorizationServer $server
        $server                = OAuth2::$authorization_server;
        $response              = $this->response_factory->createResponse();
        $httpFoundationFactory = new HttpFoundationFactory;

        try {
            // Validate the HTTP request and return an AuthorizationRequest object.
            // The auth request object can be serialized into a user's session
            $psr17Factory   = new Psr17Factory();
            $psrHttpFactory = new PsrHttpFactory($psr17Factory, $psr17Factory, $psr17Factory, $psr17Factory);
            $psrRequest     = $psrHttpFactory->createRequest($request);
            $authRequest    = $server->validateAuthorizationRequest($psrRequest);

            $user = Common::ensureLoggedIn($request);

            // Once the user has logged in set the user on the AuthorizationRequest
            $authRequest->setUser(
                new class($user->getId()) implements UserEntityInterface {
                    public function __construct(private int $id)
                    {
                    }

                    public function getIdentifier(): int
                    {
                        return $this->id;
                    }
                },
            );

            // Once the user has approved or denied the client update the status
            // (true = approved, false = denied)
            $authRequest->setAuthorizationApproved(true);

            // Return the HTTP redirect response
            return $httpFoundationFactory->createResponse($server->completeAuthorizationRequest($authRequest, $response));
        } catch (OAuthServerException $exception) {
            return $httpFoundationFactory->createResponse($exception->generateHttpResponse($response));
        } catch (NotFoundException) {
            return new JsonResponse(['error' => 'No such client', 'error_description' => 'This client is not registered']);
        }
    }
}
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`<?php`

			`declare(strict_types = 1);`

			`// {{{ License`
			`// This file is part of GNU social - https://www.gnu.org/software/social`
			`//`
			`// GNU social is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// GNU social is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with GNU social. If not, see <http://www.gnu.org/licenses/>.`
			`// }}}`

			`/**`
			`* OAuth2 implementation for GNU social`
			`*`
			`* @package OAuth2`
			`* @category API`
			`*`
			`* @author Diogo Peralta Cordeiro <mail@diogo.site>`
			`* @author Hugo Sales <hugo@hsal.es>`
			`* @copyright 2022 Free Software Foundation, Inc http://www.fsf.org`
			`* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later`
			`*/`

			`namespace Plugin\OAuth2\Controller;`

			`use App\Core\Controller;`
[PLUGIN][OAuth] Fix login for OAuth 2022-03-13 22:27:59 +00:00			`use App\Util\Common;`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`use App\Util\Exception\NotFoundException;`
			`use League\OAuth2\Server\Entities\UserEntityInterface;`
			`use League\OAuth2\Server\Exception\OAuthServerException;`
			`use Nyholm\Psr7\Factory\Psr17Factory;`
			`use Plugin\OAuth2\OAuth2;`
			`use Psr\Http\Message\ResponseFactoryInterface;`
			`use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;`
			`use Symfony\Bridge\PsrHttpMessage\Factory\PsrHttpFactory;`
			`use Symfony\Component\HttpFoundation\JsonResponse;`
			`use Symfony\Component\HttpFoundation\Request;`
			`use Symfony\Component\HttpFoundation\RequestStack;`

			`class Authorize extends Controller`
			`{`
			`public function __construct(`
			`RequestStack $stack,`
			`private ResponseFactoryInterface $response_factory,`
			`) {`
			`parent::__construct($stack);`
			`}`

[PLUGIN][OAuth] Fix login for OAuth 2022-03-13 22:27:59 +00:00			`public function handle(Request $request)`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`{`
			`// @var \League\OAuth2\Server\AuthorizationServer $server`
			`$server = OAuth2::$authorization_server;`
			`$response = $this->response_factory->createResponse();`
			`$httpFoundationFactory = new HttpFoundationFactory;`

			`try {`
			`// Validate the HTTP request and return an AuthorizationRequest object.`
			`// The auth request object can be serialized into a user's session`
			`$psr17Factory = new Psr17Factory();`
			`$psrHttpFactory = new PsrHttpFactory($psr17Factory, $psr17Factory, $psr17Factory, $psr17Factory);`
			`$psrRequest = $psrHttpFactory->createRequest($request);`
			`$authRequest = $server->validateAuthorizationRequest($psrRequest);`

[PLUGIN][OAuth] Fix login for OAuth 2022-03-13 22:27:59 +00:00			`$user = Common::ensureLoggedIn($request);`

[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`// Once the user has logged in set the user on the AuthorizationRequest`
			`$authRequest->setUser(`
[PLUGIN][OAuth] Fix login for OAuth 2022-03-13 22:27:59 +00:00			`new class($user->getId()) implements UserEntityInterface {`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`public function __construct(private int $id)`
			`{`
			`}`
[PLUGIN][OAuth2] Fix some static issues 2022-02-04 18:34:08 +00:00
			`public function getIdentifier(): int`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`{`
			`return $this->id;`
			`}`
			`},`
			`);`

			`// Once the user has approved or denied the client update the status`
			`// (true = approved, false = denied)`
			`$authRequest->setAuthorizationApproved(true);`

			`// Return the HTTP redirect response`
			`return $httpFoundationFactory->createResponse($server->completeAuthorizationRequest($authRequest, $response));`
			`} catch (OAuthServerException $exception) {`
			`return $httpFoundationFactory->createResponse($exception->generateHttpResponse($response));`
			`} catch (NotFoundException) {`
			`return new JsonResponse(['error' => 'No such client', 'error_description' => 'This client is not registered']);`
			`}`
			`}`
			`}`