nextcloud/apps/remoteStorage/auth.php

80 lines
2.6 KiB
PHP
Raw Normal View History

<?php
/**
* ownCloud
*
* Original:
* @author Frank Karlitschek
2012-05-26 21:14:24 +04:00
* @copyright 2012 Frank Karlitschek frank@owncloud.org
*
* Adapted:
2012-03-02 00:55:12 +04:00
* @author Michiel de Jong, 2012
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
2012-03-02 00:55:12 +04:00
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
2012-03-02 00:55:12 +04:00
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
2012-06-09 23:01:12 +04:00
header("X-Frame-Options: Sameorigin");
2012-05-02 21:08:37 +04:00
OCP\App::checkAppEnabled('remoteStorage');
2012-05-11 13:05:44 +04:00
require_once('Sabre/autoload.php');
require_once('lib_remoteStorage.php');
require_once('oauth_ro_auth.php');
ini_set('default_charset', 'UTF-8');
#ini_set('error_reporting', '');
@ob_clean();
2012-05-11 13:05:44 +04:00
foreach($_GET as $k => $v) {
if($k=='userid'){
$userId=$v;
} else if($k=='redirect_uri'){
$appUrlParts=explode('/', $v);
2012-06-09 23:03:50 +04:00
$appUrl = htmlentities($appUrlParts[2]);//TODO: check if this is equal to client_id
2012-05-11 13:05:44 +04:00
} else if($k=='scope'){
2012-06-09 23:03:50 +04:00
$categories=htmlentities($v);
2012-05-11 13:05:44 +04:00
}
}
$currUser = OCP\USER::getUser();
if($userId && $appUrl && $categories) {
if($currUser == $userId) {
if(isset($_POST['allow'])) {
//TODO: check if this can be faked by editing the cookie in firebug!
$token=OC_remoteStorage::createCategories($appUrl, $categories);
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
} else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
} else {
//params ok, logged in ok, but need to click Allow still:
$appUrlParts = explode('/', $_GET['redirect_uri']);
$host = $appUrlParts[2];
$categories = explode(',', $_GET['scope']);
OCP\Util::addStyle('', 'auth');
OCP\Template::printGuestPage('remoteStorage', 'auth', array(
'host' => $host,
'categories' => $categories,
));
}//end 'need to click Allow still'
2012-05-11 13:05:44 +04:00
} else {//login not ok
2012-03-02 00:55:12 +04:00
if($currUser) {
die('You are logged in as '.$currUser.' instead of '.htmlentities($userId));
2012-03-02 00:55:12 +04:00
} else {
// this will display the login page for us
OCP\Util::checkLoggedIn();
2012-03-02 00:55:12 +04:00
}
}
2012-05-11 13:05:44 +04:00
} else {//params not ok
die('please use e.g. '.OCP\Util::linkTo('remoteStorage', 'auth.php').'?userid=admin&redirect_uri=http://host/path&scope=...');
}