[PLUGIN][OAuth2] Start adding OAuth2 support with client registration

This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field.
2022-01-25 12:17:32 +00:00
parent 4736146b80
commit fa0d02a9ac
20 changed files with 1961 additions and 0 deletions
--- a/plugins/OAuth2/Repository/Scope.php
+++ b/plugins/OAuth2/Repository/Scope.php
@@ -0,0 +1,92 @@
+<?php
+
+declare(strict_types = 1);
+
+// {{{ License
+// This file is part of GNU social - https://www.gnu.org/software/social
+//
+// GNU social is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// GNU social is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with GNU social.  If not, see <http://www.gnu.org/licenses/>.
+// }}}
+
+/**
+ * OAuth2 implementation for GNU social
+ *
+ * @package   OAuth2
+ * @category  API
+ *
+ * @author    Diogo Peralta Cordeiro <mail@diogo.site>
+ * @author    Hugo Sales <hugo@hsal.es>
+ * @copyright 2022 Free Software Foundation, Inc http://www.fsf.org
+ * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
+ */
+
+namespace Plugin\OAuth2\Repository;
+
+use League\OAuth2\Server\Entities\ClientEntityInterface;
+use League\OAuth2\Server\Entities\ScopeEntityInterface;
+use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
+
+class Scope implements ScopeRepositoryInterface
+{
+    /**
+     * @return ?ScopeEntityInterface
+     */
+    public function getScopeEntityByIdentifier($scopeIdentifier)
+    {
+        $scopes = [
+            'basic' => [
+                'description' => 'Basic details about you',
+            ],
+            'email' => [
+                'description' => 'Your email address',
+            ],
+            'read' => [
+                'description' => 'Read',
+            ],
+            'write' => [
+                'description' => 'Read',
+            ],
+            'follow' => [
+                'description' => 'Read',
+            ],
+        ];
+
+        if (\array_key_exists($scopeIdentifier, $scopes) === false) {
+            return;
+        }
+
+        return new class($scopeIdentifier) implements ScopeEntityInterface {
+            public function __construct(private string $identifier)
+            {
+            }
+            public function getIdentifier()
+            {
+                return $this->identifier;
+            }
+            public function jsonSerialize(): mixed
+            {
+                return $this->getIdentifier();
+            }
+        };
+    }
+
+    public function finalizeScopes(
+        array $scopes,
+        $grantType,
+        ClientEntityInterface $clientEntity,
+        $userIdentifier = null,
+    ) {
+        return $scopes;
+    }
+}