API: New classes for OAuth and basic auth

2025-06-09 00:24:27 +02:00 · 2021-06-08 06:32:24 +00:00 · 2021-06-08 06:32:24 +00:00 · acbe9ebf9e
commit acbe9ebf9e
parent 246aa293d1
9 changed files with 346 additions and 178 deletions
--- a/src/Module/OAuth/Authorize.php
+++ b/src/Module/OAuth/Authorize.php
@ -24,6 +24,7 @@ namespace Friendica\Module\OAuth;
 use Friendica\Core\Logger;
 use Friendica\DI;
 use Friendica\Module\BaseApi;
+use Friendica\Security\OAuth;

 /**
 * @see https://docs.joinmastodon.org/spec/oauth/
@ -56,7 +57,7 @@ class Authorize extends BaseApi
 			DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Incomplete request data'));
 		}

-		$application = self::getApplication($request['client_id'], $request['client_secret'], $request['redirect_uri']);
+		$application = OAuth::getApplication($request['client_id'], $request['client_secret'], $request['redirect_uri']);
 		if (empty($application)) {
 			DI::mstdnError()->UnprocessableEntity();
 		}
@ -75,14 +76,14 @@ class Authorize extends BaseApi
 			Logger::info('Already logged in user', ['uid' => $uid]);
 		}

-		if (!self::existsTokenForUser($application, $uid) && !DI::session()->get('oauth_acknowledge')) {
+		if (!OAuth::existsTokenForUser($application, $uid) && !DI::session()->get('oauth_acknowledge')) {
 			Logger::info('Redirect to acknowledge');
 			DI::app()->redirect('oauth/acknowledge?' . http_build_query(['return_path' => $redirect, 'application' => $application['name']]));
 		}

 		DI::session()->remove('oauth_acknowledge');

-		$token = self::createTokenForUser($application, $uid, $request['scope']);
+		$token = OAuth::createTokenForUser($application, $uid, $request['scope']);
 		if (!$token) {
 			DI::mstdnError()->UnprocessableEntity();
 		}
--- a/src/Module/OAuth/Token.php
+++ b/src/Module/OAuth/Token.php
@ -26,6 +26,7 @@ use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\DI;
 use Friendica\Module\BaseApi;
+use Friendica\Security\OAuth;

 /**
 * @see https://docs.joinmastodon.org/spec/oauth/
@ -57,7 +58,7 @@ class Token extends BaseApi
 			DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Incomplete request data'));
 		}

-		$application = self::getApplication($request['client_id'], $request['client_secret'], $request['redirect_uri']);
+		$application = OAuth::getApplication($request['client_id'], $request['client_secret'], $request['redirect_uri']);
 		if (empty($application)) {
 			DI::mstdnError()->UnprocessableEntity();
 		}
@ -65,7 +66,7 @@ class Token extends BaseApi
 		if ($request['grant_type'] == 'client_credentials') {
 			// the "client_credentials" are used as a token for the application itself.
 			// see https://aaronparecki.com/oauth-2-simplified/#client-credentials
-			$token = self::createTokenForUser($application, 0, '');
+			$token = OAuth::createTokenForUser($application, 0, '');
 		} elseif ($request['grant_type'] == 'authorization_code') {
 			// For security reasons only allow freshly created tokens
 			$condition = ["`redirect_uri` = ? AND `id` = ? AND `code` = ? AND `created_at` > UTC_TIMESTAMP() - INTERVAL ? MINUTE",