From 0c03581be4d0f1a9154430e2d9052392a8ef34b7 Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Thu, 27 Jun 2024 14:36:44 +0200 Subject: [PATCH] feat(oauth): when requested, include ConsumerAcceptance in oauth data --- .../src/Internal/ApiWbStackOauthGet.php | 10 ++++++-- .../Internal/WbStackPlatformReservedUser.php | 24 +++++++++++++++++-- .../src/Internal/ApiWbStackOauthGet.php | 10 ++++++-- .../Internal/WbStackPlatformReservedUser.php | 24 +++++++++++++++++-- 4 files changed, 60 insertions(+), 8 deletions(-) diff --git a/dist-persist/wbstack/src/Internal/ApiWbStackOauthGet.php b/dist-persist/wbstack/src/Internal/ApiWbStackOauthGet.php index 419e3558f..f9a87f5c5 100644 --- a/dist-persist/wbstack/src/Internal/ApiWbStackOauthGet.php +++ b/dist-persist/wbstack/src/Internal/ApiWbStackOauthGet.php @@ -26,7 +26,8 @@ public function execute() { // Try and get the required consumer $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( $this->getParameter('consumerName'), - $this->getParameter('consumerVersion') + $this->getParameter('consumerVersion'), + $this->getParameter('includeAccess'), ); // If it doesnt exist, make sure the user and consumer do @@ -42,7 +43,8 @@ public function execute() { ); $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( $this->getParameter('consumerName'), - $this->getParameter('consumerVersion') + $this->getParameter('consumerVersion'), + $this->getParameter('includeAccess'), ); } @@ -73,6 +75,10 @@ public function getAllowedParams() { ParamValidator::PARAM_TYPE => 'string', ParamValidator::PARAM_ISMULTI => true, ], + 'includeAccess' => [ + ParamValidator::PARAM_TYPE => 'boolean', + ParamValidator::PARAM_REQUIRED => false + ], 'callbackUrlTail' => [ ParamValidator::PARAM_TYPE => 'string', ParamValidator::PARAM_REQUIRED => true diff --git a/dist-persist/wbstack/src/Internal/WbStackPlatformReservedUser.php b/dist-persist/wbstack/src/Internal/WbStackPlatformReservedUser.php index 228d1c6dc..697faccac 100644 --- a/dist-persist/wbstack/src/Internal/WbStackPlatformReservedUser.php +++ b/dist-persist/wbstack/src/Internal/WbStackPlatformReservedUser.php @@ -107,7 +107,7 @@ public static function createOauthConsumer($consumerName, $version, $grants, $ca return true; } - public static function getOAuthConsumer($consumerName, $version) { + public static function getOAuthConsumer($consumerName, $version, $includeAccess = false) { $user = self::getUser(); // TODO create the oauth consumer on the fly if it doesn't exist (needs grants and callbackurl) @@ -131,10 +131,30 @@ public static function getOAuthConsumer($consumerName, $version) { return false; } - return [ + $data = [ 'agent' => $c->getName(), 'consumerKey' => $c->getConsumerKey(), 'consumerSecret' => \MediaWiki\Extension\OAuth\Backend\Utils::hmacDBSecret( $c->getSecretKey() ), ]; + + if ( $includeAccess ) { + $a = \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::newFromUserConsumerWiki( + $db, + $user->getId(), + $c, + $c->getWiki(), + \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::READ_NORMAL, + $c->getOAuthVersion(), + ); + + if ( $a === false ) { + return false; + } + + $data['accessKey'] = $a->getAccessToken(); + $data['accessSecret'] = $a->getAccessSecret(); + } + + return $data; } } diff --git a/dist/wbstack/src/Internal/ApiWbStackOauthGet.php b/dist/wbstack/src/Internal/ApiWbStackOauthGet.php index 419e3558f..f9a87f5c5 100644 --- a/dist/wbstack/src/Internal/ApiWbStackOauthGet.php +++ b/dist/wbstack/src/Internal/ApiWbStackOauthGet.php @@ -26,7 +26,8 @@ public function execute() { // Try and get the required consumer $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( $this->getParameter('consumerName'), - $this->getParameter('consumerVersion') + $this->getParameter('consumerVersion'), + $this->getParameter('includeAccess'), ); // If it doesnt exist, make sure the user and consumer do @@ -42,7 +43,8 @@ public function execute() { ); $consumerData = WbStackPlatformReservedUser::getOAuthConsumer( $this->getParameter('consumerName'), - $this->getParameter('consumerVersion') + $this->getParameter('consumerVersion'), + $this->getParameter('includeAccess'), ); } @@ -73,6 +75,10 @@ public function getAllowedParams() { ParamValidator::PARAM_TYPE => 'string', ParamValidator::PARAM_ISMULTI => true, ], + 'includeAccess' => [ + ParamValidator::PARAM_TYPE => 'boolean', + ParamValidator::PARAM_REQUIRED => false + ], 'callbackUrlTail' => [ ParamValidator::PARAM_TYPE => 'string', ParamValidator::PARAM_REQUIRED => true diff --git a/dist/wbstack/src/Internal/WbStackPlatformReservedUser.php b/dist/wbstack/src/Internal/WbStackPlatformReservedUser.php index 228d1c6dc..697faccac 100644 --- a/dist/wbstack/src/Internal/WbStackPlatformReservedUser.php +++ b/dist/wbstack/src/Internal/WbStackPlatformReservedUser.php @@ -107,7 +107,7 @@ public static function createOauthConsumer($consumerName, $version, $grants, $ca return true; } - public static function getOAuthConsumer($consumerName, $version) { + public static function getOAuthConsumer($consumerName, $version, $includeAccess = false) { $user = self::getUser(); // TODO create the oauth consumer on the fly if it doesn't exist (needs grants and callbackurl) @@ -131,10 +131,30 @@ public static function getOAuthConsumer($consumerName, $version) { return false; } - return [ + $data = [ 'agent' => $c->getName(), 'consumerKey' => $c->getConsumerKey(), 'consumerSecret' => \MediaWiki\Extension\OAuth\Backend\Utils::hmacDBSecret( $c->getSecretKey() ), ]; + + if ( $includeAccess ) { + $a = \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::newFromUserConsumerWiki( + $db, + $user->getId(), + $c, + $c->getWiki(), + \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::READ_NORMAL, + $c->getOAuthVersion(), + ); + + if ( $a === false ) { + return false; + } + + $data['accessKey'] = $a->getAccessToken(); + $data['accessSecret'] = $a->getAccessSecret(); + } + + return $data; } }