From: Robert Kaiser <kairo@kairo.at>
Date: Thu, 15 Dec 2016 14:37:47 +0000 (+0100)
Subject: KaiRo bug 415 - Consolidate some more setup code into the utilities class
X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=commitdiff_plain;h=74b24877f2b3e75aa00e7788b4ed23209e81991d

KaiRo bug 415 - Consolidate some more setup code into the utilities class
---

diff --git a/app/authsystem.inc.php b/app/authsystem.inc.php
index 45d0e0f..59d65cc 100644
--- a/app/authsystem.inc.php
+++ b/app/authsystem.inc.php
@@ -18,6 +18,7 @@ $dbdata = json_decode(file_get_contents('/etc/kairo/auth_db.json'), true);
 if (!is_array($dbdata)) { trigger_error('DB configuration not found', E_USER_ERROR); }
 $settings = json_decode(file_get_contents('/etc/kairo/auth_settings.json'), true);
 if (!is_array($settings)) { trigger_error('Auth settings not found', E_USER_ERROR); }
+$settings['dbdata'] = $dbdata;
 
 // Extended DOM document class
 require_once(__DIR__.'/../php-utility-classes/classes/document.php-class');
@@ -25,31 +26,18 @@ require_once(__DIR__.'/../php-utility-classes/classes/document.php-class');
 require_once(__DIR__.'/../php-utility-classes/classes/email.php-class');
 // Composer-provided libraries (oauth2-server-php, doctrine DBAL)
 require_once(__DIR__.'/../vendor/autoload.php');
-// Connect to our MySQL DB
-$db = new PDO($dbdata['dsn'], $dbdata['username'], $dbdata['password']);
 // Authentication utilities
 require_once(__DIR__.'/authutils.php-class');
 // Instantiate server utils.
 try {
-  $utils = new AuthUtils($settings, $db);
+  $utils = new AuthUtils($settings);
+  $db = $utils->db;
 }
 catch (Exception $e) {
   $utils = null;
 }
 
-// This is an array of locale tags in browser style mapping to unix system locale codes to use with gettext.
-$supported_locales = array(
-    'en-US' => 'en_US',
-    'de' => 'de_DE',
-);
-
-$textdomain = 'kairo_auth';
-$textlocale = $utils->negotiateLocale(array_keys($supported_locales));
-putenv('LC_ALL='.$supported_locales[$textlocale]);
-$selectedlocale = setlocale(LC_ALL, $supported_locales[$textlocale]);
-bindtextdomain($textdomain, '../locale');
-bind_textdomain_codeset($textdomain, 'utf-8');
-textdomain($textdomain);
+$utils->setUpL10n();
 
 // Sanitize settings.
 $settings['piwik_enabled'] = (@$settings['piwik_enabled']) ? true : false;
@@ -91,6 +79,6 @@ CREATE TABLE `auth_log` (
 );
 */
 
-// include our OAuth2 Server object
-require_once(__DIR__.'/server.inc.php');
+// Set up our OAuth2 Server object
+$server = $utils->getOAuthServer();
 ?>
diff --git a/app/authutils.php-class b/app/authutils.php-class
index 42f5859..690d5e7 100755
--- a/app/authutils.php-class
+++ b/app/authutils.php-class
@@ -7,10 +7,12 @@ class AuthUtils {
   // KaiRo.at authentication utilities PHP class
   // This class contains helper functions for the authentication system.
   //
-  // function __construct($settings, $db)
+  // function __construct($settings)
   //   CONSTRUCTOR
   //   Settings are an associative array with a numeric pwd_cost field and an array pwd_nonces field.
-  //   The DB is a PDO object.
+  //
+  // public $settings
+  //   Ab array of settings for the auth server website.
   //
   // public $db
   //   A PDO database object for interaction.
@@ -85,12 +87,18 @@ class AuthUtils {
   // function pwdNeedsRehash($user)
   //   Return true if the pwdhash field of the user uses an outdated standard and needs to be rehashed.
   //
+  // function setUpL10n()
+  //   Set up the localization stack (gettext).
+  //
   // function negotiateLocale($supportedLanguages)
   //   Return the language to use out of the given array of supported locales, via netotiation based on the HTTP Accept-Language header.
   //
   // function getGroupedEmails($group_id, [$exclude_email])
   //   Return all emails grouped in the specified group ID, optionally exclude a specific email (e.g. because you only want non-current entries)
   //
+  // function getOAuthServer()
+  //   Return an OAuth2 server object to use for all our actual OAuth2 interaction.
+  //
   // function initHTMLDocument($titletext, [$headlinetext]) {
   //   initialize the HTML document for the auth system, with some elements we always use, esp. all the scripts and stylesheet.
   //     Sets the title of the document to the given title, the main headline will be the same as the title if not set explicitly.
@@ -100,20 +108,22 @@ class AuthUtils {
   //   Append a login form for the given session to the given DOM element, possibly prefilling the email from the given user info array.
   //     The optional $addfields parameter is an array of name=>value pairs of hidden fields to add to the form.
 
-  function __construct($settings, $db) {
+  function __construct($settings) {
     // *** constructor ***
-    $this->db = $db;
+    $this->settings = $settings;
+    $this->db = new PDO($this->settings['dbdata']['dsn'], $this->settings['dbdata']['username'], $this->settings['dbdata']['password']);
     $this->db->exec("SET time_zone='+00:00';"); // Execute directly on PDO object, set session to UTC to make our gmdate() values match correctly.
     // For debugging, potentially add |robert\.box\.kairo\.at to that regex temporarily.
     $this->running_on_localhost = preg_match('/^((.+\.)?localhost|127\.0\.0\.\d+)$/', $_SERVER['SERVER_NAME']);
     if (array_key_exists('pwd_cost', $settings)) {
-      $this->pwd_cost = $settings['pwd_cost'];
+      $this->pwd_cost = $this->settings['pwd_cost'];
     }
     if (array_key_exists('pwd_nonces', $settings)) {
-      $this->pwd_nonces = $settings['pwd_nonces'];
+      $this->pwd_nonces = $this->settings['pwd_nonces'];
     }
   }
 
+  public $settings = null;
   public $db = null;
   public $running_on_localhost = false;
   public $client_reg_email_whitelist = array('kairo@kairo.at', 'com@kairo.at');
@@ -364,6 +374,22 @@ class AuthUtils {
     }
   }
 
+  function setUpL10n() {
+    // This is an array of locale tags in browser style mapping to unix system locale codes to use with gettext.
+    $supported_locales = array(
+        'en-US' => 'en_US',
+        'de' => 'de_DE',
+    );
+
+    $textdomain = 'kairo_auth';
+    $textlocale = $this->negotiateLocale(array_keys($supported_locales));
+    putenv('LC_ALL='.$supported_locales[$textlocale]);
+    $selectedlocale = setlocale(LC_ALL, $supported_locales[$textlocale]);
+    bindtextdomain($textdomain, '../locale');
+    bind_textdomain_codeset($textdomain, 'utf-8');
+    textdomain($textdomain);
+  }
+
   function negotiateLocale($supportedLanguages) {
     $nlocale = $supportedLanguages[0];
     $headers = getAllHeaders();
@@ -400,6 +426,35 @@ class AuthUtils {
     return $emails;
   }
 
+  function getOAuthServer() {
+    // Simple server based on https://bshaffer.github.io/oauth2-server-php-docs/cookbook
+
+    // dbata needs to be set and be an associative array with the members 'dsn', 'username', and 'password'.
+    // dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
+    $oauth2_storage = new OAuth2\Storage\Pdo($this->settings['dbdata']);
+
+    // Set configuration
+    $oauth2_config = array(
+      'require_exact_redirect_uri' => false,
+      'always_issue_new_refresh_token' => true, // Needs to be handed below as well as there it's not constructed from within the server object.
+      'refresh_token_lifetime' => 90*24*3600,
+    );
+
+    // Pass a storage object or array of storage objects to the OAuth2 server class
+    $server = new OAuth2\Server($oauth2_storage, $oauth2_config);
+
+    // Add the "Client Credentials" grant type (it is the simplest of the grant types)
+    //$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
+
+    // Add the "Authorization Code" grant type (this is where the oauth magic happens)
+    $server->addGrantType(new OAuth2\GrantType\AuthorizationCode($oauth2_storage));
+
+    // Add the "Refresh Token" grant type (required to get longer-living resource access by generating new access tokens)
+    $server->addGrantType(new OAuth2\GrantType\RefreshToken($oauth2_storage, array('always_issue_new_refresh_token' => true)));
+
+    return $server;
+  }
+
   function initHTMLDocument($titletext, $headlinetext = null) {
     global $settings;
     if (is_null($headlinetext)) { $headlinetext = $titletext; }
diff --git a/app/server.inc.php b/app/server.inc.php
deleted file mode 100644
index 53e55b4..0000000
--- a/app/server.inc.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-// Simple server based on https://bshaffer.github.io/oauth2-server-php-docs/cookbook
-
-// $dbata needs to be set and be an associative array with the members 'dsn', 'username', and 'password'.
-
-// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
-$oauth2_storage = new OAuth2\Storage\Pdo($dbdata);
-
-// Set configuration
-$oauth2_config = array(
-  'require_exact_redirect_uri' => false,
-  'always_issue_new_refresh_token' => true, // Needs to be handed below as well as there it's not constructed from within the server object.
-  'refresh_token_lifetime' => 90*24*3600,
-);
-
-// Pass a storage object or array of storage objects to the OAuth2 server class
-$server = new OAuth2\Server($oauth2_storage, $oauth2_config);
-
-// Add the "Client Credentials" grant type (it is the simplest of the grant types)
-//$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
-
-// Add the "Authorization Code" grant type (this is where the oauth magic happens)
-$server->addGrantType(new OAuth2\GrantType\AuthorizationCode($oauth2_storage));
-
-// Add the "Refresh Token" grant type (required to get longer-living resource access by generating new access tokens)
-$server->addGrantType(new OAuth2\GrantType\RefreshToken($oauth2_storage, array('always_issue_new_refresh_token' => true)));
-
-?>