2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
6 // Called e.g. as /authorize?response_type=code&client_id=testclient&state=f00bar&scope=email&redirect_uri=http%3A%2F%2Ffake.example.com%2F
7 // This either redirects to the redirect URL with errors or success added as GET parameters,
8 // or sends a HTML page asking for login / permission to scope (email is always granted in this system but not always for OAuth2 generically)
9 // or sends errors as a JSOn document (hopefully shouldn't but seen that in testing).
11 // Include the common auth system files (including the OAuth2 Server object).
12 require_once(__DIR__.'/authsystem.inc.php');
14 // Start HTML document as a DOM object.
15 extract(ExtendedDocument::initHTML5()); // sets $document, $html, $head, $title, $body
16 $document->formatOutput = true; // we want a nice output
17 $style = $head->appendElement('link');
18 $style->setAttribute('rel', 'stylesheet');
19 $style->setAttribute('href', 'authsystem.css');
20 $head->appendJSFile('authsystem.js');
22 $errors = $utils->checkForSecureConnection();
24 if (!count($errors)) {
25 $session = $utils->initSession(); // Read session or create new session and set cookie.
26 $user = array('id' => 0, 'email' => '');
27 $pagetype = 'default';
28 if (is_null($session)) {
29 $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
31 elseif ($session['logged_in']) {
32 // We are logged in, process authorization request.
33 $request = OAuth2\Request::createFromGlobals();
34 $response = new OAuth2\Response();
36 // Validate the authorize request.
37 if (!$server->validateAuthorizeRequest($request, $response)) {
42 // Display an authorization form.
44 $title->appendText('Authorization Request | KaiRo.at');
45 $h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server');
47 $para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
48 $para->setAttribute('id', 'jswarning');
49 $para->setAttribute('class', 'warn');
51 $para = $body->appendElement('p', sprintf(_('Hi %s!'), $user['email']));
52 $para->setAttribute('class', 'userwelcome');
54 $form = $body->appendForm('', 'POST', 'authform');
55 $form->setAttribute('id', 'authform');
56 $form->appendElement('p', sprintf(_('Do you authorize %s to access %s?'), $request->query['client_id'], $request->query['scope']));
57 $submit = $form->appendInputSubmit(_('yes'));
58 $submit->setAttribute('name', 'authorized');
59 $form->appendText(' ');
60 $submit = $form->appendInputSubmit(_('no'));
61 $submit->setAttribute('name', 'authorized');
64 // Handle authorize request, forwarding code in GET parameters if the user has authorized your client.
65 $is_authorized = ($_POST['authorized'] === 'yes');
66 $server->handleAuthorizeRequest($request, $response, $is_authorized);
69 // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client
70 $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
71 exit("SUCCESS! Authorization Code: $code");
79 // Display login/register form.
80 $para = $body->appendElement('p', _('You need to log in or register to continue.'));
81 $para->setAttribute('class', 'logininfo');
86 $body->appendElement('p', ((count($errors) <= 1)
87 ?_('The following error was detected')
88 :_('The following errors were detected')).':');
89 $list = $body->appendElement('ul');
90 $list->setAttribute('class', 'flat warn');
91 foreach ($errors as $msg) {
92 $item = $list->appendElement('li', $msg);
94 $body->appendButton(_('Back'), 'history.back();');
97 // Send HTML to client.
98 print($document->saveHTML());
projects / authserver.git / blob