From e9fedf3e5cd63aea4da7a71f6647ee427c62fa49 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 5 Dec 2015 20:31:27 -0500
Subject: Rewrite of the authentication and authorization system

---
 app/Core/Http/OAuth2.php | 121 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100644 app/Core/Http/OAuth2.php

(limited to 'app/Core/Http/OAuth2.php')

diff --git a/app/Core/Http/OAuth2.php b/app/Core/Http/OAuth2.php
new file mode 100644
index 00000000..6fa1fb0a
--- /dev/null
+++ b/app/Core/Http/OAuth2.php
@@ -0,0 +1,121 @@
+<?php
+
+namespace Kanboard\Core\Http;
+
+use Kanboard\Core\Base;
+
+/**
+ * OAuth2 Client
+ *
+ * @package  http
+ * @author   Frederic Guillot
+ */
+class OAuth2 extends Base
+{
+    private $clientId;
+    private $secret;
+    private $callbackUrl;
+    private $authUrl;
+    private $tokenUrl;
+    private $scopes;
+    private $tokenType;
+    private $accessToken;
+
+    /**
+     * Create OAuth2 service
+     *
+     * @access public
+     * @param  string  $clientId
+     * @param  string  $secret
+     * @param  string  $callbackUrl
+     * @param  string  $authUrl
+     * @param  string  $tokenUrl
+     * @param  array   $scopes
+     * @return OAuth2
+     */
+    public function createService($clientId, $secret, $callbackUrl, $authUrl, $tokenUrl, array $scopes)
+    {
+        $this->clientId = $clientId;
+        $this->secret = $secret;
+        $this->callbackUrl = $callbackUrl;
+        $this->authUrl = $authUrl;
+        $this->tokenUrl = $tokenUrl;
+        $this->scopes = $scopes;
+
+        return $this;
+    }
+
+    /**
+     * Get authorization url
+     *
+     * @access public
+     * @return string
+     */
+    public function getAuthorizationUrl()
+    {
+        $params = array(
+            'response_type' => 'code',
+            'client_id' => $this->clientId,
+            'redirect_uri' => $this->callbackUrl,
+            'scope' => implode(' ', $this->scopes),
+        );
+
+        return $this->authUrl.'?'.http_build_query($params);
+    }
+
+    /**
+     * Get authorization header
+     *
+     * @access public
+     * @return string
+     */
+    public function getAuthorizationHeader()
+    {
+        if (strtolower($this->tokenType) === 'bearer') {
+            return 'Authorization: Bearer '.$this->accessToken;
+        }
+
+        return '';
+    }
+
+    /**
+     * Get access token
+     *
+     * @access public
+     * @param  string  $code
+     * @return string
+     */
+    public function getAccessToken($code)
+    {
+        if (empty($this->accessToken) && ! empty($code)) {
+            $params = array(
+                'code' => $code,
+                'client_id' => $this->clientId,
+                'client_secret' => $this->secret,
+                'redirect_uri' => $this->callbackUrl,
+                'grant_type' => 'authorization_code',
+            );
+
+            $response = json_decode($this->httpClient->postForm($this->tokenUrl, $params, array('Accept: application/json')), true);
+
+            $this->tokenType = isset($response['token_type']) ? $response['token_type'] : '';
+            $this->accessToken = isset($response['access_token']) ? $response['access_token'] : '';
+        }
+
+        return $this->accessToken;
+    }
+
+    /**
+     * Set access token
+     *
+     * @access public
+     * @param  string  $token
+     * @param  string  $type
+     * @return string
+     */
+    public function setAccessToken($token, $type = 'bearer')
+    {
+        $this->accessToken = $token;
+        $this->tokenType = $type;
+    }
+}
-- 
cgit v1.2.3