Merge pull request #5 from almirbi/master

Make the login page work with action=oauth2_authorize

Author: rmccue

.gitignore

@@ -13,4 +13,5 @@ _book
 # eBook build output
 *.epub
 *.mobi
-*.pdf
+*.pdf
+.idea

inc/class-client.php

@@ -246,6 +246,33 @@ public static function get_by_id( $id ) {
 		return new static( $post );
 	}
 
+	/**
+	 * Get a client by Client ID.
+	 *
+	 * @param int $id Client ID of the app.
+	 * @return static|null Client instance on success, null if invalid/not found.
+	 */
+	public static function get_by_client_id( $id ) {
+		$args = array(
+			'meta_query' => array(
+				array(
+					'key' => '_oauth2_client_id',
+					'value' => $id,
+					'compare' => '=',
+				)
+			),
+			'post_type' => 'oauth2_client',
+			'post_status' => 'any'
+		);
+
+		$client_ids = get_posts( $args );
+		if ( count( $client_ids ) !== 1 ) {
+			return null;
+		}
+
+		return new static( $client_ids[0] );
+	}
+
 	/**
 	 * Create a new client.
 	 *

inc/endpoints/class-authorization.php

@@ -13,7 +13,6 @@ class Authorization {
 	 */
 	public function register_hooks() {
 		add_action( 'login_form_' . static::LOGIN_ACTION, array( $this, 'handle_request' ) );
-		add_action( 'oauth2_authorize_form', array( $this, 'render_page_fields' ) );
 	}
 
 	public function handle_request() {
@@ -22,7 +21,7 @@ public function handle_request() {
 
 		switch ( $type ) {
 			case 'code':
-				$handler = new Types\Authorization_Code();
+				$handler = new Types\AuthorizationCode();
 				break;
 
 			case 'token':

inc/tokens/class-token.php

@@ -29,5 +29,5 @@ public function is_valid() {
 	public function get_meta_key() {
 		return static::get_meta_prefix() . $this->get_key();
 	}
-	public function to_meta_value();
+	public abstract function to_meta_value();
 }

inc/types/class-authorization-code.php

@@ -5,7 +5,7 @@
 use WP_Http;
 use WP\OAuth2\Client;
 
-class Authorization_Code extends Base {
+class AuthorizationCode extends Base {
 	protected function handle_authorization_submission( $submit, Client $client, $data ) {
 		$redirect_uri = $data['redirect_uri'];
 

inc/types/class-base.php

@@ -2,6 +2,7 @@
 
 namespace WP\OAuth2\Types;
 
+use WP_Http;
 use WP_Error;
 use WP\OAuth2\Client;
 
@@ -10,6 +11,7 @@ abstract class Base implements Type {
 	 * Handle authorisation page.
 	 */
 	public function handle_authorisation() {
+
 		if ( empty( $_GET['client_id'] ) ) {
 			return new WP_Error(
 				'oauth2.types.authorization_code.handle_authorisation.missing_client_id',
@@ -23,7 +25,7 @@ public function handle_authorisation() {
 		$scope        = isset( $_GET['scope'] ) ? wp_unslash( $_GET['scope'] ) : null;
 		$state        = isset( $_GET['state'] ) ? wp_unslash( $_GET['state'] ) : null;
 
-		$client = Client::get_by_id( $client_id );
+		$client = Client::get_by_client_id( $client_id );
 		if ( empty( $client ) ) {
 			return new WP_Error(
 				'oauth2.types.authorization_code.handle_authorisation.invalid_client_id',
@@ -99,10 +101,10 @@ protected function validate_redirect_uri( Client $client, $redirect_uri = null )
 	 *
 	 * @param Client $client Client being authorised.
 	 */
-	protected function render_form( Client $client ) {
-		$file = locate_template( 'oauth1-authorize.php' );
+	public function render_form( Client $client ) {
+		$file = locate_template( 'oauth2-authorize.php' );
 		if ( empty( $file ) ) {
-			$file = dirname( dirname( __DIR__ ) ) . '/theme/oauth1-authorize.php';
+			$file = dirname( dirname( __DIR__ ) ) . '/theme/oauth2-authorize.php';
 		}
 
 		include $file;
@@ -114,6 +116,7 @@ protected function render_form( Client $client ) {
 	 * @param Client $client Client to generate nonce for.
 	 */
 	protected function get_nonce_action( Client $client ) {
-		return sprintf( 'oauth2_authorize:%s', $client->get_key() );
+		// return sprintf( 'oauth2_authorize:%s', $client->get_post_id() );
+		return 'json_oauth2_authorize';
 	}
 }

lib/class-wp-rest-oauth2-ui.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * Authorization page handler
+ *
+ * Takes care of UI and related elements for the authorization step of OAuth.
+ *
+ * @package WordPress
+ * @subpackage JSON API
+ */
+
+class WP_REST_OAuth2_UI {
+	/**
+	 * Request token for the current authorization request
+	 *
+	 * @var array
+	 */
+	protected $token;
+
+	/**
+	 * Consumer post object for the current authorization request
+	 *
+	 * @var WP_Post
+	 */
+	protected $consumer;
+
+	/**
+	 * Register required actions and filters
+	 */
+	public function register_hooks() {
+		add_action( 'login_form_oauth2_authorize', array( $this, 'handle_request' ) );
+	}
+
+	/**
+	 * Handle request to authorization page
+	 *
+	 * Handles response from {@see render_page}, then exits to avoid output from
+	 * default wp-login handlers.
+	 */
+	public function handle_request() {
+		if ( ! is_user_logged_in() ) {
+			wp_safe_redirect( wp_login_url( $_SERVER['REQUEST_URI'] ) );
+			exit;
+		}
+
+		$auth_code = new \WP\OAuth2\Types\AuthorizationCode();
+
+		$auth_code->handle_authorisation();
+		exit;
+	}
+
+	/**
+	 * Render authorization page
+	 *
+	 * @return null|WP_Error Null on success, error otherwise
+	 */
+	public function render_page() {
+		$auth_code = new \WP\OAuth2\Types\AuthorizationCode();
+		$auth_code->handle_authorisation();
+	}
+
+	/**
+	 * Display an error using login page wrapper
+	 *
+	 * @param WP_Error $error Error object
+	 */
+	public function display_error( WP_Error $error ) {
+		login_header( __( 'Error', 'rest_oauth2' ), '', $error );
+		login_footer();
+	}
+}

plugin.php

@@ -19,7 +19,7 @@ function bootstrap() {
 	/** @todo Implement this :) */
 //	add_filter( 'determine_current_user', __NAMESPACE__ . '\\attempt_authentication' );
 	add_filter( 'oauth2.grant_types', __NAMESPACE__ . '\\register_grant_types', 0 );
-
+	add_action( 'init', __NAMESPACE__ . '\\rest_oauth2_load_authorize_page' );
 	add_action( 'admin_menu', array( __NAMESPACE__ . '\\admin\\Admin', 'register' ) );
 }
 
@@ -31,6 +31,18 @@ function load() {
 	require __DIR__ . '/inc/types/class-authorization-code.php';
 	require __DIR__ . '/inc/types/class-implicit.php';
 	require __DIR__ . '/inc/admin/class-admin.php';
+	require __DIR__ . '/lib/class-wp-rest-oauth2-ui.php';
+}
+
+/**
+ * Register the authorization page
+ *
+ * Alas, login_init is too late to register pages, as the action is already
+ * sanitized before this.
+ */
+function rest_oauth2_load_authorize_page() {
+	$authorizer = new \WP_REST_OAuth2_UI();
+	$authorizer->register_hooks();
 }
 
 /**
@@ -60,7 +72,7 @@ function get_grant_types() {
  * @return array Grant types with additional types registered.
  */
 function register_grant_types( $types ) {
-	$types['authorization_code'] = new Types\Authorization_Code();
+	$types['authorization_code'] = new Types\AuthorizationCode();
 	$types['implicit'] = new Types\Implicit();
 
 	return $types;

theme/oauth1-authorize.php renamed to theme/oauth2-authorize.php

@@ -64,7 +64,7 @@
 			printf(
 				__( 'Howdy <strong>%1$s</strong>,<br/> "%2$s" would like to connect to %3$s.', 'oauth2' ),
 				$current_user->user_login,
-				$client->get_name(),
+		    $client->get_name(),
 				get_bloginfo( 'name' )
 			)
 		?></p>
@@ -76,7 +76,7 @@
 	 * Fires inside the lostpassword <form> tags.
 	 */
 	do_action( 'oauth2_authorize_form', $client );
-	wp_nonce_field( sprintf( 'oauth2_authorize:%s', $client->get_key() ) );
+	wp_nonce_field( 'json_oauth2_authorize' );
 	?>
 
 	<p class="submit">