-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathauthorize.php
57 lines (50 loc) · 2.22 KB
/
authorize.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php
// authorize.php -- Peteramati authorization page
// Peteramati is Copyright (c) 2006-2019 Eddie Kohler and others
// See LICENSE for open-source distribution terms
require_once("src/initweb.php");
if ($Me->is_empty() || !$Me->privChair) {
$Me->escape();
}
$clientid = $Conf->opt("githubOAuthClientId");
$clientsecret = $Conf->opt("githubOAuthClientSecret");
function error_exit($conf, $msg) {
$conf->header("GitHub authorization", "home");
$conf->error_msg($msg);
$conf->footer();
exit(0);
}
if (!$clientid || !$clientsecret) {
error_exit($Conf, "This installation has not been configured yet. Follow the instructions in <code>README.md</code> to obtain a GitHub OAuth Client ID and Client Secret, then configure those values in <code>conf/options.php</code>.");
}
if ($Qreq->code) {
$when = $Conf->setting("__github_oauth");
$state = $Conf->setting_data("__github_oauth");
if (Conf::$now - $when > 120) {
error_exit($Conf, "Unexpected attempt to authorize (too old).");
} else if ($state !== $Qreq->state) {
error_exit($Conf, "Unexpected attempt to authorize (bad state).");
}
$response = new GitHubResponse("https://github.com/login/oauth/access_token");
$response->run_post($Conf, "application/x-www-form-urlencoded", [
"client_id" => $clientid, "client_secret" => $clientsecret,
"code" => $Qreq->code, "state" => $state
], "Accept: application/json\r\n");
if ($response->status === 200
&& $response->response
&& isset($response->response->access_token)) {
$Conf->save_setting("opt.githubOAuthToken", 1, $response->response->access_token);
$Conf->save_setting("__github_oauth", null);
$Conf->redirect();
} else {
error_exit($Conf, "Failed response to authorization attempt.");
}
} else {
$state = bin2hex(random_bytes(24));
$Conf->save_setting("__github_oauth", Conf::$now, $state);
$Conf->redirect("https://github.com/login/oauth/authorize"
. "?client_id=" . urlencode($clientid)
. "&redirect_uri=" . urlencode($Conf->hoturl_absolute("authorize"))
. "&scope=" . urlencode("repo read:org read:user user:email user:follow")
. "&state=" . $state);
}