diff --git a/data/acpmenu.json b/data/acpmenu.json old mode 100644 new mode 100755 index f6b8dc5..eaa23d9 --- a/data/acpmenu.json +++ b/data/acpmenu.json @@ -5,6 +5,12 @@ "controller": "clients", "do": "", "restriction": "clients_manage" + }, + "settings": { + "tab": "community", + "controller": "settings", + "do": "", + "restriction": "settings_manage" } } } diff --git a/data/acprestrictions.json b/data/acprestrictions.json old mode 100644 new mode 100755 index eddec14..064819c --- a/data/acprestrictions.json +++ b/data/acprestrictions.json @@ -2,6 +2,9 @@ "oauthserver": { "clients": { "clients_manage": "clients_manage" + }, + "settings": { + "settings_manage": "settings_manage" } } } \ No newline at end of file diff --git a/data/modules.json b/data/modules.json old mode 100644 new mode 100755 index 3b04efd..0a700f5 --- a/data/modules.json +++ b/data/modules.json @@ -1,7 +1,13 @@ { "admin": { "oauthserver": { - "default_controller": "clients", + "default_controller": "", + "protected": false + } + }, + "front": { + "redirect": { + "default_controller": "redirect", "protected": 0 } } diff --git a/data/settings.json b/data/settings.json old mode 100644 new mode 100755 index 0637a08..040b981 --- a/data/settings.json +++ b/data/settings.json @@ -1 +1,6 @@ -[] \ No newline at end of file +[ + { + "key": "oauth2server_wrap_global_template", + "default": "1" + } +] \ No newline at end of file diff --git a/data/versions.json b/data/versions.json index 4a67064..3659066 100755 --- a/data/versions.json +++ b/data/versions.json @@ -7,5 +7,6 @@ "102002": "1.2.2", "102003": "1.2.3", "102004": "1.2.4", - "103000": "1.3.0" + "103000": "1.3.0", + "104000": "1.4.0" } \ No newline at end of file diff --git a/dev/lang.php b/dev/lang.php index 9e1925a..efb4960 100644 --- a/dev/lang.php +++ b/dev/lang.php @@ -1,12 +1,14 @@ "OAuth2 Server", + '__app_oauth2server' => "OAuth2 Server", 'module__oauth2server_client' => "Applications (OAuth2 Clients)", 'r__clients' => "Clients", 'r__clients_manage' => "Can manage clients?", 'menu__oauth2server_oauthserver' => "OAuth2 Server", 'menu__oauth2server_oauthserver_clients' => "Applications", + 'menu__oauth2server_oauthserver_settings' => "Settings", + 'add_client' => "Add Application", 'client_name' => "Application Name", 'client_name_desc' => "Name of the OAuth2 Application (Client)", @@ -32,4 +34,8 @@ 'authorize_title' => "Authorize external application", 'authorize_yes' => "Yes", 'authorize_no' => "No", + + 'oauth2server_settings' => "OAuth 2 Server Settings", + 'oauth2server_wrap_global_template' => 'Wrap authorization page with global template?', + 'oauth2server_wrap_global_template_desc' => "If enabled, the authorization page will be displayed inside of your website's global template. Disable if you are having problems with redirection or advertisements interrupting the OAuth 2 authorization flow." ); diff --git a/interface/oauth/authorize.php b/interface/oauth/authorize.php index fdf3df6..92854ec 100755 --- a/interface/oauth/authorize.php +++ b/interface/oauth/authorize.php @@ -17,7 +17,10 @@ $member_id = \IPS\Member::loggedIn()->member_id; if ( ! $member_id ) { // ref parameter is base64 encoding of destination URL - $ref_url = \IPS\Settings::i()->base_url . "applications/oauth2server/interface/oauth/authorize.php?" . http_build_query($_GET, null, ini_get('arg_separator.output'), PHP_QUERY_RFC3986); + // Since 4.2.0, we have to "Inception" this because login-based redirect can only target an internal URL + $real_ref_url = \IPS\Settings::i()->base_url . "applications/oauth2server/interface/oauth/authorize.php?" . http_build_query($_GET, null, ini_get('arg_separator.output'), PHP_QUERY_RFC3986); + $real_ref = base64_encode( $real_ref_url ); + $ref_url = \IPS\Http\Url::internal( 'app=oauth2server&module=redirect&controller=redirect&ref=' . $real_ref, 'front'); $ref = base64_encode( $ref_url ); \IPS\Output::i()->redirect( \IPS\Http\Url::internal( 'app=core&module=system&controller=login&ref=' . $ref, 'front', 'login' ) ); } @@ -78,8 +81,13 @@ // TODO: Surface scope in template output $form = \IPS\Theme::i()->getTemplate( 'server', 'oauth2server', 'front' )->authorize( $client, $scope ); - $title = \IPS\Member::loggedIn()->language()->addToStack('authorize_title'); - \IPS\Output::i()->sendOutput( \IPS\Theme::i()->getTemplate( 'global', 'core' )->globalTemplate( $title, $form, true, \IPS\ROOT_PATH ) , 200, 'text/html', \IPS\Output::i()->httpHeaders ); + if ( \IPS\Settings::i()->oauth2server_wrap_global_template ) { + $title = \IPS\Member::loggedIn()->language()->addToStack('authorize_title'); + \IPS\Output::i()->sendOutput( \IPS\Theme::i()->getTemplate( 'global', 'core' )->globalTemplate( $title, $form, true, \IPS\ROOT_PATH ) , 200, 'text/html', \IPS\Output::i()->httpHeaders ); + } else { + $header = \IPS\Theme::i()->getTemplate( 'global', 'core', 'front' )->logo(); + \IPS\Output::i()->sendOutput( $header . $form, 200, 'text/html', \IPS\Output::i()->httpHeaders ); + } } // print the authorization code if the user has authorized your client diff --git a/modules/admin/oauthserver/settings.php b/modules/admin/oauthserver/settings.php new file mode 100644 index 0000000..56c3c5b --- /dev/null +++ b/modules/admin/oauthserver/settings.php @@ -0,0 +1,45 @@ +Joan Touzet + * @copyright (c) 2017 Joan Touzet + */ + +namespace IPS\oauth2server\modules\admin\oauthserver; + +/* To prevent PHP errors (extending class does not exist) revealing path */ +if ( !defined( '\IPS\SUITE_UNIQUE_KEY' ) ) +{ + header( ( isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0' ) . ' 403 Forbidden' ); + exit; +} + +/** + * settings + */ +class _settings extends \IPS\Dispatcher\Controller +{ + /** + * Execute + * + * @return void + */ + public function execute() + { + \IPS\Dispatcher::i()->checkAcpPermission( 'settings_manage' ); + parent::execute(); + } + + protected function manage() + { + \IPS\Output::i()->title = \IPS\Member::loggedIn()->language()->addToStack('settings'); + $form = new \IPS\Helpers\Form; + $form->addHeader( 'oauth2server_settings' ); + $form->add( new \IPS\Helpers\Form\YesNo( 'oauth2server_wrap_global_template', \IPS\Settings::i()->oauth2server_wrap_global_template ) ); + if ( $values = $form->values() ) + { + $form->saveAsSettings(); + } + \IPS\Output::i()->output = $form; + } +} diff --git a/modules/front/redirect/redirect.php b/modules/front/redirect/redirect.php new file mode 100644 index 0000000..6b81b59 --- /dev/null +++ b/modules/front/redirect/redirect.php @@ -0,0 +1,43 @@ +ref; + /* Did we just log in? */ + if ( \IPS\Member::loggedIn()->member_id and isset( \IPS\Request::i()->_fromLogin ) ) { + \IPS\Output::i()->redirect( base64_decode($ref) ); + } else { + \IPS\Output::i()->redirect( \IPS\Http\Url::internal('') ); + } + } +}