Fixed up bootstraping; Added OAuth2 page UI for wp-login.php

Author: almirbi

.gitignore

@@ -13,4 +13,5 @@ _book
 # eBook build output
 *.epub
 *.mobi
-*.pdf
+*.pdf
+.idea

inc/types/class-base.php

@@ -47,7 +47,7 @@ public function handle_authorisation() {
 
 		// Check nonce.
 		$nonce = wp_unslash( $_POST['_wpnonce'] );
-		if ( ! wp_verify_nonce( $nonce, $this->get_nonce_action( $client ) ) {
+		if ( ! wp_verify_nonce( $nonce, $this->get_nonce_action( $client ) ) ) {
 			return new WP_Error(
 				'oauth2.types.authorization_code.handle_authorisation.invalid_nonce',
 				__( 'Invalid nonce.', 'oauth2' )

lib/class-wp-rest-oauth2-ui.php

@@ -0,0 +1,184 @@
+<?php
+/**
+ * Authorization page handler
+ *
+ * Takes care of UI and related elements for the authorization step of OAuth.
+ *
+ * @package WordPress
+ * @subpackage JSON API
+ */
+
+class WP_REST_OAuth2_UI {
+	/**
+	 * Request token for the current authorization request
+	 *
+	 * @var array
+	 */
+	protected $token;
+
+	/**
+	 * Consumer post object for the current authorization request
+	 *
+	 * @var WP_Post
+	 */
+	protected $consumer;
+
+	/**
+	 * Register required actions and filters
+	 */
+	public function register_hooks() {
+		add_action( 'login_form_oauth2_authorize', array( $this, 'handle_request' ) );
+		// add_action( 'oauth2_authorize_form', array( $this, 'page_fields' ) );
+	}
+
+	/**
+	 * Handle request to authorization page
+	 *
+	 * Handles response from {@see render_page}, then exits to avoid output from
+	 * default wp-login handlers.
+	 */
+	public function handle_request() {
+		if ( ! is_user_logged_in() ) {
+			wp_safe_redirect( wp_login_url( $_SERVER['REQUEST_URI'] ) );
+			exit;
+		}
+
+		$response = $this->render_page();
+		if ( is_wp_error( $response ) ) {
+			$this->display_error( $response );
+		}
+		exit;
+	}
+
+	/**
+	 * Render authorization page
+	 *
+	 * @return null|WP_Error Null on success, error otherwise
+	 */
+	public function render_page() {
+		// Check required fields
+		/*if ( empty( $_REQUEST['response_type'] ) ) {
+			return new WP_Error( 'json_oauth2_missing_param', sprintf( __( 'Missing parameter %s', 'rest_oauth2' ), 'response_type' ), array( 'status' => 400 ) );
+		}
+
+		if ( empty( $_REQUEST['client_id'] ) ) {
+			return new WP_Error( 'json_oauth2_missing_param', sprintf( __( 'Missing parameter %s', 'rest_oauth2' ), 'client_id' ), array( 'status' => 400 ) );
+		}*/
+
+		/*// Set up fields
+		$token_key = wp_unslash( $_REQUEST['oauth_token'] );
+		$scope = '*';
+		if ( ! empty( $_REQUEST['wp_scope'] ) ) {
+			$scope = wp_unslash( $_REQUEST['wp_scope'] );
+		}*/
+
+		// $authenticator = new WP_REST_OAuth1();
+		// $errors = array();
+		// $this->token = $authenticator->get_request_token( $token_key );
+		/*if ( is_wp_error( $this->token ) ) {
+			return $this->token;
+		}
+
+		if ( ! empty( $_REQUEST['oauth_callback'] ) ) {
+			$resp = $authenticator->set_request_token_callback( $this->token['key'], $_REQUEST['oauth_callback'] );
+			if ( is_wp_error( $resp ) ) {
+				return $resp;
+			}
+		}
+
+		if ( $this->token['authorized'] === true ) {
+			return $this->handle_callback_redirect( $this->token['verifier'] );
+		}
+
+		// Fetch consumer
+		$this->consumer = $consumer = get_post( $this->token['consumer'] );*/
+
+		/*if ( ! empty( $_POST['wp-submit'] ) ) {
+			check_admin_referer( 'json_oauth2_authorize' );
+
+			switch ( $_POST['wp-submit'] ) {
+				case 'authorize':
+					$verifier = $authenticator->authorize_request_token( $this->token['key'] );
+					if ( is_wp_error( $verifier ) ) {
+						return $verifier;
+					}
+
+					return $this->handle_callback_redirect( $verifier );
+
+				case 'cancel':
+					exit;
+
+				default:
+					return new WP_Error( 'json_oauth1_invalid_action', __( 'Invalid authorization action', 'rest_oauth1' ), array( 'status' => 400 ) );
+			}
+		}*/
+
+		$file = locate_template( 'oauth2-authorize.php' );
+		if ( empty( $file ) ) {
+			$file = dirname( dirname( __FILE__ ) ) . '/theme/oauth2-authorize.php';
+		}
+
+		include $file;
+	}
+
+	/**
+	 * Output required hidden fields
+	 *
+	 * Outputs the required hidden fields for the authorization page, including
+	 * nonce field.
+	 */
+	public function page_fields() {
+		echo '<input type="hidden" name="consumer" value="' . absint( $this->consumer->ID ) . '" />';
+		echo '<input type="hidden" name="oauth_token" value="' . esc_attr( $this->token['key'] ) . '" />';
+		wp_nonce_field( 'json_oauth2_authorize' );
+	}
+
+	/**
+	 * Handle redirecting the user after authorization
+	 *
+	 * @param string $verifier Verification code
+	 * @return null|WP_Error Null on success, error otherwise
+	 */
+	/*public function handle_callback_redirect( $verifier ) {
+		if ( empty( $this->token['callback'] ) || $this->token['callback'] === 'oob' ) {
+			// No callback registered, display verification code to the user
+			login_header( __( 'Access Token', 'rest_oauth1' ) );
+			echo '<p>' . sprintf( __( 'Your verification token is <code>%s</code>', 'rest_oauth1' ), $verifier ) . '</p>';
+			login_footer();
+
+			return null;
+		}
+
+		$callback = $this->token['callback'];
+
+		// Ensure the URL is safe to access
+		$authenticator = new WP_REST_OAuth1();
+		if ( ! $authenticator->check_callback( $callback, $this->token['consumer'] ) ) {
+			return new WP_Error( 'json_oauth1_invalid_callback', __( 'The callback URL is invalid', 'rest_oauth1' ), array( 'status' => 400 ) );
+		}
+
+		$args = array(
+			'oauth_token' => $this->token['key'],
+			'oauth_verifier' => $verifier,
+			'wp_scope' => '*',
+		);
+		$args = apply_filters( 'json_oauth2_callback_args', $args, $this->token );
+		$args = urlencode_deep( $args );
+		$callback = add_query_arg( $args, $callback );
+
+		// Offsite, so skip safety check
+		wp_redirect( $callback );
+
+		return null;
+	}*/
+
+	/**
+	 * Display an error using login page wrapper
+	 *
+	 * @param WP_Error $error Error object
+	 */
+	public function display_error( WP_Error $error ) {
+		login_header( __( 'Error', 'rest_oauth2' ), '', $error );
+		login_footer();
+	}
+}

plugin.php

@@ -14,16 +14,30 @@
 function bootstrap() {
 	load();
 
-	add_filter( 'determine_current_user', __NAMESPACE__ . '\\attempt_authentication' );
+	// add_filter( 'determine_current_user', __NAMESPACE__ . '\\attempt_authentication' );
 	add_filter( 'oauth2.grant_types', __NAMESPACE__ . '\\register_grant_types', 0 );
+	add_action( 'init', __NAMESPACE__ . '\\rest_oauth2_load_authorize_page' );
 }
 
 function load() {
 	require __DIR__ . '/inc/class-client.php';
 	require __DIR__ . '/inc/class-scopes.php';
 	require __DIR__ . '/inc/types/class-type.php';
+	require __DIR__ . '/inc/types/class-base.php';
 	require __DIR__ . '/inc/types/class-authorization-code.php';
-	require __DIR__ . '/inc/types/class-implicit.php';
+	// require __DIR__ . '/inc/types/class-implicit.php';
+	require __DIR__ . '/lib/class-wp-rest-oauth2-ui.php';
+}
+
+/**
+ * Register the authorization page
+ *
+ * Alas, login_init is too late to register pages, as the action is already
+ * sanitized before this.
+ */
+function rest_oauth2_load_authorize_page() {
+	$authorizer = new \WP_REST_OAuth2_UI();
+	$authorizer->register_hooks();
 }
 
 /**
@@ -112,3 +126,5 @@ function get_token_url() {
 	 */
 	return apply_filters( 'oauth2.get_token_url', $url );
 }
+
+bootstrap();

theme/oauth1-authorize.php renamed to theme/oauth2-authorize.php

@@ -54,7 +54,7 @@
 
 <form name="oauth1_authorize_form" id="oauth1_authorize_form" action="<?php echo esc_url( $url ); ?>" method="post">
 
-	<h2 class="login-title"><?php echo esc_html( sprintf( __('Connect %1$s'), $client->get_name() ) ) ?></h2>
+	<h2 class="login-title"><?php echo esc_html( sprintf( __('Connect %1$s'), "Awesome Client" ) ) ?></h2>
 
 	<div class="login-info">
 
@@ -64,7 +64,7 @@
 			printf(
 				__( 'Howdy <strong>%1$s</strong>,<br/> "%2$s" would like to connect to %3$s.', 'oauth2' ),
 				$current_user->user_login,
-				$client->get_name(),
+				"Awesome Client",
 				get_bloginfo( 'name' )
 			)
 		?></p>
@@ -76,7 +76,7 @@
 	 * Fires inside the lostpassword <form> tags.
 	 */
 	do_action( 'oauth2_authorize_form', $client );
-	wp_nonce_field( sprintf( 'oauth2_authorize:%s', $client->get_key() ) );
+	wp_nonce_field( sprintf( 'oauth2_authorize:%s', "Aajaskdjalskdjkl" ) );
 	?>
 
 	<p class="submit">