diff --git a/web/system/vendor/phpoauthlib2/LICENSE b/web/system/vendor/phpoauthlib2/LICENSE new file mode 100644 index 0000000..1b50f17 --- /dev/null +++ b/web/system/vendor/phpoauthlib2/LICENSE @@ -0,0 +1,19 @@ +Copyright (c) 2015 Nathan Adams + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. \ No newline at end of file diff --git a/web/system/vendor/phpoauthlib2/OAuth.php b/web/system/vendor/phpoauthlib2/OAuth.php new file mode 100644 index 0000000..8ffe1db --- /dev/null +++ b/web/system/vendor/phpoauthlib2/OAuth.php @@ -0,0 +1,26 @@ +oauthProvider = $provider; + $this->request = $request; + } + + public function check() { + if (isset($this->request["code"]) && !empty($this->request["code"])) { + $this->oauthProvider->getProfile(); + return true; + } else { + return $this->oauthProvider->getLoginUrl(); + } + } + + public function getProfile() { + return $this->oauthProvider->getProfile(); + } +} \ No newline at end of file diff --git a/web/system/vendor/phpoauthlib2/OAuthDataProvider.php b/web/system/vendor/phpoauthlib2/OAuthDataProvider.php new file mode 100644 index 0000000..1de88ce --- /dev/null +++ b/web/system/vendor/phpoauthlib2/OAuthDataProvider.php @@ -0,0 +1,113 @@ +profile = $profile; + $this->dialog = $dialog; + $this->accessToken = $accessToken; + $this->header = $header; + $this->request = $request; + } + + public function getLoginUrl() { + $urlBuilder = []; + $urlBuilder[] = "client_id=" . $this->clientId; + $urlBuilder[] = "response_type=" . $this->responseType; + $urlBuilder[] = "scope=" . $this->scope; + $urlBuilder[] = "state=" . $this->state; + $urlBuilder[] = "redirect_uri=" . urlencode($this->redirectURL); + return $this->dialog . "?" . implode("&", $urlBuilder); + } + + protected function getToken() { + $tokenBuilder = []; + $tokenBuilder["client_id"] = $this->clientId; + $tokenBuilder["client_secret"] = $this->client_secret; + $tokenBuilder["grant_type"] = "authorization_code"; + $tokenBuilder["redirect_uri"] = htmlspecialchars($this->redirectURL); + $tokenBuilder["code"] = $this->request["code"]; + $curl = new ccurl($this->accessToken); + $curl->setPost($tokenBuilder); + $curl->createCurl(); + return (string)$curl; + } + + protected function parseToken() { + $token = $this->getToken(); + $convertedToken = json_decode($token, true); + if (!$convertedToken) { + $realToken = $token; + } else { + $realToken = $convertedToken["access_token"]; + } + + return $realToken; + } + + public function getProfile() { + $token = $this->parseToken(); + + $profileUrl = $this->profile . "=" . $token; + $curl = new ccurl($profileUrl); + $curl->addHeader($this->header . " " . $token); + $curl->createCurl(); + $this->profileData = json_decode((string)$curl, true); + return (string)$curl; + } + + public function getEmail() { + return null; + } + + public function getFirstName() { + return null; + } + + public function getLastName() { + return null; + } + + public function getGender() { + return null; + } + + public function getId() { + return null; + } + + public function getRawProfile() { + return $this->profileData; + } + + public function getSource() { + return null; + } +} \ No newline at end of file diff --git a/web/system/vendor/phpoauthlib2/ccurl.php b/web/system/vendor/phpoauthlib2/ccurl.php new file mode 100644 index 0000000..d66ec60 --- /dev/null +++ b/web/system/vendor/phpoauthlib2/ccurl.php @@ -0,0 +1,149 @@ +authentication = 0; + if($use == true) $this->authentication = 1; + } + + public function setName($name){ + $this->auth_name = $name; + } + public function setPass($pass){ + $this->auth_pass = $pass; + } + + public function addHeader($head) + { + $this->_header[] = $head; + } + + public function __construct($url,$followlocation = true,$timeOut = 30,$maxRedirecs = 4,$binaryTransfer = false,$includeHeader = false,$noBody = false) + { + $this->_url = $url; + $this->_followlocation = $followlocation; + $this->_timeout = $timeOut; + $this->_maxRedirects = $maxRedirecs; + $this->_noBody = $noBody; + $this->_includeHeader = $includeHeader; + $this->_binaryTransfer = $binaryTransfer; + + $this->_cookieFileLocation = dirname(__FILE__).'/cookie.txt'; + + } + + public function setReferer($referer){ + $this->_referer = $referer; + } + + public function setCookiFileLocation($path) + { + $this->_cookieFileLocation = $path; + } + + public function setPost ($postFields) + { + $this->_post = true; + $this->_postFields = $postFields; + } + + public function setUserAgent($userAgent) + { + $this->_useragent = $userAgent; + } + + public function createCurl($url = 'nul') + { + if($url != 'nul'){ + $this->_url = $url; + } + + $s = curl_init(); + + curl_setopt($s,CURLOPT_URL,$this->_url); + + // I understand the implications here - but this isn't a client application + // if my ISP is performing MITM sniffing I have bigger fish to fry + // also the security of a CA signed certificate is questionable at best + // https://www.schneier.com/blog/archives/2012/02/verisign_hacked.html + // Email me if you want to discus this adamsna@datanethost.net + // NA - 12/10/2014 + curl_setopt($s, CURLOPT_SSL_VERIFYPEER, false); + + curl_setopt($s,CURLOPT_HTTPHEADER,$this->_header); + curl_setopt($s,CURLOPT_TIMEOUT,$this->_timeout); + curl_setopt($s,CURLOPT_MAXREDIRS,$this->_maxRedirects); + curl_setopt($s,CURLOPT_RETURNTRANSFER,true); + curl_setopt($s,CURLOPT_FOLLOWLOCATION,$this->_followlocation); + curl_setopt($s,CURLOPT_COOKIEJAR,$this->_cookieFileLocation); + curl_setopt($s,CURLOPT_COOKIEFILE,$this->_cookieFileLocation); + + if($this->authentication == 1){ + curl_setopt($s, CURLOPT_USERPWD, $this->auth_name.':'.$this->auth_pass); + } + if($this->_post) + { + //curl_setopt($s,CURLOPT_POST,true); + curl_setopt($s, CURLOPT_CUSTOMREQUEST, "POST"); + curl_setopt($s,CURLOPT_POSTFIELDS,$this->_postFields); + + } + + if($this->_includeHeader) + { + curl_setopt($s,CURLOPT_HEADER,true); + } + + if($this->_noBody) + { + curl_setopt($s,CURLOPT_NOBODY,true); + } + + curl_setopt($s,CURLOPT_USERAGENT,$this->_useragent); + curl_setopt($s,CURLOPT_REFERER,$this->_referer); + + $this->_webpage = curl_exec($s); + $this->_status = curl_getinfo($s,CURLINFO_HTTP_CODE); + curl_close($s); + + } + + public function getHttpStatus() + { + return $this->_status; + } + + public function __tostring(){ + return $this->_webpage; + } +} \ No newline at end of file diff --git a/web/system/vendor/phpoauthlib2/cookie.txt b/web/system/vendor/phpoauthlib2/cookie.txt new file mode 100644 index 0000000..04cd5d3 --- /dev/null +++ b/web/system/vendor/phpoauthlib2/cookie.txt @@ -0,0 +1,5 @@ +# Netscape HTTP Cookie File +# http://curl.haxx.se/docs/http-cookies.html +# This file was generated by libcurl! Edit at your own risk. + +#HttpOnly_.google.com TRUE / FALSE 1463331114 NID 73=wOGSMwy8vYCu7qJjpMYLVMQ_gYCNZXru2x8g0p5InvQIpj8X4P2uiXE8QdX50ZcpHvxCXo35XdDS8P5trQSsI0s3UmQ-tmG_01TTIVil6YeJIzFKqoGmKAdWo_0o8MOQ diff --git a/web/system/vendor/phpoauthlib2/example.php b/web/system/vendor/phpoauthlib2/example.php new file mode 100644 index 0000000..5a4813f --- /dev/null +++ b/web/system/vendor/phpoauthlib2/example.php @@ -0,0 +1,24 @@ + "apps.googleusercontent.com", + "client_secret" => "", + "redirect_uri" => "http://example.com/phpoauthlib2/example.php" +]); + +$oauth = new OAuth($authProvider, $_GET); + +$check = $oauth->check(); + +if ($check === true) { + echo "Hello - " . $authProvider->getFirstName(); + echo "
Your email is - " . $authProvider->getEmail(); +} else { + header("Location: " . $check); +} \ No newline at end of file diff --git a/web/system/vendor/phpoauthlib2/providers/FacebookAuthProvider.php b/web/system/vendor/phpoauthlib2/providers/FacebookAuthProvider.php new file mode 100644 index 0000000..3dba4de --- /dev/null +++ b/web/system/vendor/phpoauthlib2/providers/FacebookAuthProvider.php @@ -0,0 +1,70 @@ +client_secret = $conf["client_secret"]; + $this->redirectURL = $conf["redirect_uri"]; + $this->clientId = $conf["client_id"]; + $tempScopes = []; + foreach($scopes as $scope) { + switch ($scope) { + case OAUTH_SCOPES::EMAIL: + $tempScopes[] = "email"; + } + } + $tempScopes[] = "public_profile"; + $this->scope = implode(" ", $tempScopes); + } + + public function getEmail() { + return $this->profileData["email"]; + } + + public function getFirstName() { + return $this->profileData["first_name"]; + } + + public function getLastName() { + return $this->profileData["last_name"]; + } + + public function getId() { + return $this->profileData["id"]; + } + + public function getSource() { + return "FACEBOOK"; + } + + public function parseToken() { + $token = $this->getToken(); + return explode("=", $token)[1]; + } + + public function getProfile() { + $token = $this->parseToken(); + $profileUrl = $this->profile . "?fields=first_name,last_name,name,email,age_range&access_token=" . $token; + $curl = new ccurl($profileUrl); + $curl->createCurl(); + $ret = (string)$curl; + $this->profileData = json_decode($ret, true); + return $ret; + } + +} \ No newline at end of file diff --git a/web/system/vendor/phpoauthlib2/providers/GoogleAuthProvider.php b/web/system/vendor/phpoauthlib2/providers/GoogleAuthProvider.php new file mode 100644 index 0000000..f3302e6 --- /dev/null +++ b/web/system/vendor/phpoauthlib2/providers/GoogleAuthProvider.php @@ -0,0 +1,56 @@ +client_secret = $conf["client_secret"]; + $this->redirectURL = $conf["redirect_uri"]; + $this->clientId = $conf["client_id"]; + + $tmpScopes = []; + foreach($scopes as $scope) { + switch ($scope) { + case OAUTH_SCOPES::EMAIL: + $tmpScopes[] = "https://www.googleapis.com/auth/userinfo.email"; + } + } + + $this->scope = implode(" ", $tmpScopes); + } + + public function getEmail() { + return $this->profileData["email"]; + } + + public function getFirstName() { + return $this->profileData["given_name"]; + } + + public function getLastName() { + return $this->profileData["family_name"]; + } + + public function getGender() { + return $this->profileData["gender"]; + } + + public function getId() { + return $this->profileData["id"]; + } + + public function getSource() { + return "GOOGLE"; + } +} \ No newline at end of file diff --git a/web/system/vendor/phpoauthlib2/readme.md b/web/system/vendor/phpoauthlib2/readme.md new file mode 100644 index 0000000..2acf8c8 --- /dev/null +++ b/web/system/vendor/phpoauthlib2/readme.md @@ -0,0 +1,86 @@ +# phpoauthlib2 + +phpoauthlib2 is another OAuth 2.0 library for PHP. The goal of the project is to make it as easy as possible to integrate OAuth into your web application. + +You can think of phpoauthlib2 as a combination of ideas from the following projects: + +- PHPoAuthLib +- li3_socialauth +- oauth-4-laravel +- PHPoAuthUserData + +All wrapped in one simple library. + +# Why phpoauthlib2? + +Or more specifically why "2"? + +For me this is version 2.0. Originally I developed this in private for PHP and it worked but after a refactoring to Django/Python (Python version coming soon to a pip repository near you) then I ported it back to PHP. + +# How to use + +It's very easy to use this library. Examine the following line - + + $authProvider = new GoogleAuthProvider($_GET, [ + "client_id" => "apps.googleusercontent.com", + "client_secret" => "", + "redirect_uri" => "http://example.com/phpoauthlib2/example.php" + ]); + +client_id and client_secret are provided by the OAauth provider (in this case Google) and the redirect_uri is where you want to the user to end up on successful login. It should go without saying that client_id and client_secret should be kept private - you should avoid committing them a public place like github (yes - people have services running and monitoring for people who commit credentials. Don't believe me? Commit your Amazon AWS keys and see how fast people will spin up VMs). The library will handle the verification and present you with some simple base methods to extract data you might be interested in or the ability to work with the entire OAuth data. + + $oauth = new OAuth($authProvider, $_GET); + +OAuth is really a wrapper to do the verification check. In both this line and the previous one we are passing $_GET but phpoauthlib2 can accept any request array from your framework (provided your framework can emit the GET request as an array - which I know at least Symfony can do this). + + $check = $oauth->check(); + +The check method will return true or a string. Not ideal but I couldn't think of any simpler way to do it (obviously not a problem in a lose typed language - but I don't personally like mixing return types). true indicates that the user successfully logged in and you have access to the user's information. A string indicates that you need to redirect them to the OAuth provider to login (the string itself is the redirect URL). + + if ($check === true) { + echo "Hello - " . $authProvider->getFirstName(); + echo "
Your email is - " . $authProvider->getEmail(); + } else { + header("Location: " . $check); + } + +This library is designed to be very minimal - so you need to decide how to hook into the login subsystem of your web application. In the example file - it's checking to make sure that the login was successful and then can call $authProvider->getXXX (such as getFirstName and getEmail in this example) and the provider class will return those fields from the raw profile data so you don't have to worry about it. + +The work flow to integrate to your system is usually: + + if ($check === true) { + $mySystem->login($authProvider->getEmail()); // which sets a cookie or session that they logged in with this specific user + header("Location: http://example.com/yoursystem/user.php"); // The line above logs them in to your system - then immediately bounce back to your system and potentially send them straight to their user dashboard + +The reasoning behind the getXXX methods is to provide some commonality between providers. That way you can present a OAuth login prompt for different services to the user and you can just call $provider->getEmail() to get their email without having to worry about the actual field that the OAuth provider decided to put it in. + +If after you have verified the login was successful you may call + + $provider->getRawProfile(); + +To return the raw return from the OAuth provider (which will be an associative array). + +# Google + +To get OAuth credentials for Google just go to this URL: https://console.developers.google.com/ + +And create a project (which is free) and go to APIs & auth -> Credentials. +If you are creating a new project - it may complain that you need to setup the OAuth consent screen. Do this and return to the credentials section and you should be able to setup the project. + +Add credentials -> OAuth 2.0 client ID +Then select Web application + +It is very important that you input a correct authorized redirect URI. This will be where the user will be sent back on successful login. + +# License + +I am licensing this under the MIT license. Which essentially grants you the right TDWTFYWWI (to do whatever the f you want with it) - assuming that you acknowledge that I don't provide a warranty. + +# What this library is/is not + +- This library is a simple interface to use PHP OAuth 2.0 in your web application. +- This library is designed to be as flexible as possible to use in any framework. + +- This library is not designed to hold your hand to secure your client_id, client_secret, or other data. +- This library is not designed to be specific to a certain framework. +- This library is not designed to be abstract. The only class you should ever have to extend is OAuthDataProvider - and that is to create a "provider" for different OAuth providers (which merely contains the URLs to send for login, where to query for user data and normalizing data). \ No newline at end of file