2011-12-07 18:51:47 +04:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ownCloud
|
|
|
|
*
|
|
|
|
* Original:
|
|
|
|
* @author Frank Karlitschek
|
2012-05-26 21:14:24 +04:00
|
|
|
* @copyright 2012 Frank Karlitschek frank@owncloud.org
|
2011-12-07 18:51:47 +04:00
|
|
|
*
|
|
|
|
* Adapted:
|
2012-03-02 00:55:12 +04:00
|
|
|
* @author Michiel de Jong, 2012
|
2011-12-07 18:51:47 +04:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 3 of the License, or any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
2012-03-02 00:55:12 +04:00
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2011-12-07 18:51:47 +04:00
|
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public
|
2012-03-02 00:55:12 +04:00
|
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
2011-12-07 18:51:47 +04:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2012-06-09 23:01:12 +04:00
|
|
|
header("X-Frame-Options: Sameorigin");
|
2011-12-07 18:51:47 +04:00
|
|
|
|
2012-05-02 21:08:37 +04:00
|
|
|
OCP\App::checkAppEnabled('remoteStorage');
|
2012-05-11 13:05:44 +04:00
|
|
|
require_once('Sabre/autoload.php');
|
2011-12-07 18:51:47 +04:00
|
|
|
require_once('lib_remoteStorage.php');
|
|
|
|
require_once('oauth_ro_auth.php');
|
|
|
|
|
|
|
|
ini_set('default_charset', 'UTF-8');
|
|
|
|
#ini_set('error_reporting', '');
|
|
|
|
@ob_clean();
|
|
|
|
|
2012-05-11 13:05:44 +04:00
|
|
|
foreach($_GET as $k => $v) {
|
|
|
|
if($k=='userid'){
|
|
|
|
$userId=$v;
|
|
|
|
} else if($k=='redirect_uri'){
|
|
|
|
$appUrlParts=explode('/', $v);
|
2012-06-09 23:03:50 +04:00
|
|
|
$appUrl = htmlentities($appUrlParts[2]);//TODO: check if this is equal to client_id
|
2012-05-11 13:05:44 +04:00
|
|
|
} else if($k=='scope'){
|
2012-06-09 23:03:50 +04:00
|
|
|
$categories=htmlentities($v);
|
2012-05-11 13:05:44 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
$currUser = OCP\USER::getUser();
|
|
|
|
if($userId && $appUrl && $categories) {
|
|
|
|
if($currUser == $userId) {
|
|
|
|
if(isset($_POST['allow'])) {
|
|
|
|
//TODO: check if this can be faked by editing the cookie in firebug!
|
|
|
|
$token=OC_remoteStorage::createCategories($appUrl, $categories);
|
|
|
|
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
|
|
|
|
} else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
|
|
|
|
header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
|
|
|
|
} else {
|
|
|
|
//params ok, logged in ok, but need to click Allow still:
|
2012-08-07 21:31:19 +04:00
|
|
|
$appUrlParts = explode('/', $_GET['redirect_uri']);
|
|
|
|
$host = $appUrlParts[2];
|
|
|
|
$categories = explode(',', $_GET['scope']);
|
|
|
|
OCP\Util::addStyle('', 'auth');
|
|
|
|
OCP\Template::printGuestPage('remoteStorage', 'auth', array(
|
|
|
|
'host' => $host,
|
|
|
|
'categories' => $categories,
|
|
|
|
));
|
|
|
|
}//end 'need to click Allow still'
|
2012-05-11 13:05:44 +04:00
|
|
|
} else {//login not ok
|
2012-03-02 00:55:12 +04:00
|
|
|
if($currUser) {
|
2012-06-09 22:39:24 +04:00
|
|
|
die('You are logged in as '.$currUser.' instead of '.htmlentities($userId));
|
2012-03-02 00:55:12 +04:00
|
|
|
} else {
|
2012-08-07 22:31:23 +04:00
|
|
|
// this will display the login page for us
|
|
|
|
OCP\Util::checkLoggedIn();
|
2012-03-02 00:55:12 +04:00
|
|
|
}
|
2011-12-07 18:51:47 +04:00
|
|
|
}
|
2012-05-11 13:05:44 +04:00
|
|
|
} else {//params not ok
|
2012-08-07 22:31:23 +04:00
|
|
|
die('please use e.g. '.OCP\Util::linkTo('remoteStorage', 'auth.php').'?userid=admin&redirect_uri=http://host/path&scope=...');
|
2011-12-07 18:51:47 +04:00
|
|
|
}
|