From dd75f122ac42d0ea41cc195088c787b6851c9fe2 Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Tue, 2 Jul 2024 13:14:34 +0200 Subject: [PATCH] feat: allow oauth consumers to be created with consumer acceptance --- .../src/Internal/ApiWbStackOauthGet.php | 24 +++++++++----- .../Internal/WbStackPlatformReservedUser.php | 33 +++++++++++++++++-- .../src/Internal/ApiWbStackOauthGet.php | 24 +++++++++----- .../Internal/WbStackPlatformReservedUser.php | 33 +++++++++++++++++-- 4 files changed, 90 insertions(+), 24 deletions(-) diff --git a/dist-persist/wbstack/src/Internal/ApiWbStackOauthGet.php b/dist-persist/wbstack/src/Internal/ApiWbStackOauthGet.php index 419e3558f..ecd3e4572 100644 --- a/dist-persist/wbstack/src/Internal/ApiWbStackOauthGet.php +++ b/dist-persist/wbstack/src/Internal/ApiWbStackOauthGet.php @@ -26,28 +26,31 @@ public function execute() { // Try and get the required consumer $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( $this->getParameter('consumerName'), - $this->getParameter('consumerVersion') + $this->getParameter('consumerVersion'), ); // If it doesnt exist, make sure the user and consumer do - if(!$consumerData) { + if (!$consumerData) { $callbackUrl = $this->getScheme() . $GLOBALS[WBSTACK_INFO_GLOBAL]->requestDomain . $this->getParameter('callbackUrlTail'); WbStackPlatformReservedUser::createIfNotExists(); - WbStackPlatformReservedUser::createOauthConsumer( + $ok = WbStackPlatformReservedUser::createOauthConsumer( $this->getParameter('consumerName'), $this->getParameter('consumerVersion'), $this->getParameter('grants'), - $callbackUrl - ); - $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( - $this->getParameter('consumerName'), - $this->getParameter('consumerVersion') + $callbackUrl, + $this->getParameter('includeAcceptance'), ); + if ($ok) { + $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( + $this->getParameter('consumerName'), + $this->getParameter('consumerVersion') + ); + } } // Return appropriate result - if(!$consumerData) { + if (!$consumerData) { $res = ['success' => 0]; } else { $res = [ @@ -77,6 +80,9 @@ public function getAllowedParams() { ParamValidator::PARAM_TYPE => 'string', ParamValidator::PARAM_REQUIRED => true ], + 'includeAcceptance' => [ + ParamValidator::PARAM_TYPE => 'boolean', + ], ]; } } diff --git a/dist-persist/wbstack/src/Internal/WbStackPlatformReservedUser.php b/dist-persist/wbstack/src/Internal/WbStackPlatformReservedUser.php index 228d1c6dc..3a7deb1e5 100644 --- a/dist-persist/wbstack/src/Internal/WbStackPlatformReservedUser.php +++ b/dist-persist/wbstack/src/Internal/WbStackPlatformReservedUser.php @@ -50,7 +50,7 @@ public static function createIfNotExists() { return true; } - public static function createOauthConsumer($consumerName, $version, $grants, $callbackUrl) { + public static function createOauthConsumer($consumerName, $version, $grants, $callbackUrl, $includeAcceptance = false) { // ### Setup oauth consumer... // LOGIC mainly from https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/master/maintenance/createOAuthConsumer.php ? // EXECUTION of script from https://github.com/wmde/wikibase-docker/blob/master/wikibase/1.33/bundle/extra-install.sh#L7 ? @@ -100,10 +100,21 @@ public static function createOauthConsumer($consumerName, $version, $grants, $ca $approveStatus = $control->submit(); if ( !$approveStatus->isGood() ) { - // TODO return more info... return false; } + if ( $includeAcceptance ) { + $acceptanceData = [ + // TODO: figure out what is expected to go here + ]; + $control = new \MediaWiki\Extension\OAuth\Control\ConsumerAcceptanceSubmitControl( $context, $acceptanceData, $dbw, 1 ); + $acceptanceStatus = $control->submit(); + + if ( !$acceptanceStatus->isGood() ) { + return false; + } + } + return true; } @@ -131,10 +142,26 @@ public static function getOAuthConsumer($consumerName, $version) { return false; } - return [ + $data = [ 'agent' => $c->getName(), 'consumerKey' => $c->getConsumerKey(), 'consumerSecret' => \MediaWiki\Extension\OAuth\Backend\Utils::hmacDBSecret( $c->getSecretKey() ), ]; + + $a = \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::newFromUserConsumerWiki( + $db, + $user->getId(), + $c, + $c->getWiki(), + \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::READ_NORMAL, + $c->getOAuthVersion(), + ); + + if ( $a !== false ) { + $data['accessKey'] = $a->getAccessToken(); + $data['accessSecret'] = $a->getAccessSecret(); + } + + return $data; } } diff --git a/dist/wbstack/src/Internal/ApiWbStackOauthGet.php b/dist/wbstack/src/Internal/ApiWbStackOauthGet.php index 419e3558f..ecd3e4572 100644 --- a/dist/wbstack/src/Internal/ApiWbStackOauthGet.php +++ b/dist/wbstack/src/Internal/ApiWbStackOauthGet.php @@ -26,28 +26,31 @@ public function execute() { // Try and get the required consumer $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( $this->getParameter('consumerName'), - $this->getParameter('consumerVersion') + $this->getParameter('consumerVersion'), ); // If it doesnt exist, make sure the user and consumer do - if(!$consumerData) { + if (!$consumerData) { $callbackUrl = $this->getScheme() . $GLOBALS[WBSTACK_INFO_GLOBAL]->requestDomain . $this->getParameter('callbackUrlTail'); WbStackPlatformReservedUser::createIfNotExists(); - WbStackPlatformReservedUser::createOauthConsumer( + $ok = WbStackPlatformReservedUser::createOauthConsumer( $this->getParameter('consumerName'), $this->getParameter('consumerVersion'), $this->getParameter('grants'), - $callbackUrl - ); - $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( - $this->getParameter('consumerName'), - $this->getParameter('consumerVersion') + $callbackUrl, + $this->getParameter('includeAcceptance'), ); + if ($ok) { + $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( + $this->getParameter('consumerName'), + $this->getParameter('consumerVersion') + ); + } } // Return appropriate result - if(!$consumerData) { + if (!$consumerData) { $res = ['success' => 0]; } else { $res = [ @@ -77,6 +80,9 @@ public function getAllowedParams() { ParamValidator::PARAM_TYPE => 'string', ParamValidator::PARAM_REQUIRED => true ], + 'includeAcceptance' => [ + ParamValidator::PARAM_TYPE => 'boolean', + ], ]; } } diff --git a/dist/wbstack/src/Internal/WbStackPlatformReservedUser.php b/dist/wbstack/src/Internal/WbStackPlatformReservedUser.php index 228d1c6dc..3a7deb1e5 100644 --- a/dist/wbstack/src/Internal/WbStackPlatformReservedUser.php +++ b/dist/wbstack/src/Internal/WbStackPlatformReservedUser.php @@ -50,7 +50,7 @@ public static function createIfNotExists() { return true; } - public static function createOauthConsumer($consumerName, $version, $grants, $callbackUrl) { + public static function createOauthConsumer($consumerName, $version, $grants, $callbackUrl, $includeAcceptance = false) { // ### Setup oauth consumer... // LOGIC mainly from https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/master/maintenance/createOAuthConsumer.php ? // EXECUTION of script from https://github.com/wmde/wikibase-docker/blob/master/wikibase/1.33/bundle/extra-install.sh#L7 ? @@ -100,10 +100,21 @@ public static function createOauthConsumer($consumerName, $version, $grants, $ca $approveStatus = $control->submit(); if ( !$approveStatus->isGood() ) { - // TODO return more info... return false; } + if ( $includeAcceptance ) { + $acceptanceData = [ + // TODO: figure out what is expected to go here + ]; + $control = new \MediaWiki\Extension\OAuth\Control\ConsumerAcceptanceSubmitControl( $context, $acceptanceData, $dbw, 1 ); + $acceptanceStatus = $control->submit(); + + if ( !$acceptanceStatus->isGood() ) { + return false; + } + } + return true; } @@ -131,10 +142,26 @@ public static function getOAuthConsumer($consumerName, $version) { return false; } - return [ + $data = [ 'agent' => $c->getName(), 'consumerKey' => $c->getConsumerKey(), 'consumerSecret' => \MediaWiki\Extension\OAuth\Backend\Utils::hmacDBSecret( $c->getSecretKey() ), ]; + + $a = \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::newFromUserConsumerWiki( + $db, + $user->getId(), + $c, + $c->getWiki(), + \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::READ_NORMAL, + $c->getOAuthVersion(), + ); + + if ( $a !== false ) { + $data['accessKey'] = $a->getAccessToken(); + $data['accessSecret'] = $a->getAccessSecret(); + } + + return $data; } }