Add clean redir url, web demo

csteipp · csteipp · commit c00534cd9b22 · 2014-06-17T12:16:47.000-07:00
Add a client redirect url option, so we can use clean urls required by
mobile, etc.

Also added a web authentication demo.
diff --git a/MWOAuthClient.php b/MWOAuthClient.php
@@ -16,6 +16,12 @@ class MWOAuthClientConfig {
 	// Canonical server url, used to check /identify's iss
 	public $canonicalServerUrl;
 
+	// Url that the user is sent to. Can be different from
+	// $endpointURL to play nice with MobileFrontend, etc.
+	public $redirURL = null;
+
+	// Use https when calling the server.
+	// TODO: detect this from $endpointURL
 	public $useSSL = true;
 
 	// If you're testing against a server with self-signed certificates, you
@@ -80,7 +86,8 @@ public function initiate() {
 			throw new Exception( "Callback wasn't confirmed" );
 		}
 		$requestToken = new OAuthToken( $return->key, $return->secret );
-		$url = $this->config->endpointURL . "/authorize&oauth_token={$requestToken->key}&oauth_consumer_key={$this->consumerToken->key}";
+		$url = $this->config->redirURL ?: $this->config->endpointURL . "/authorize&";
+		$url .= "oauth_token={$requestToken->key}&oauth_consumer_key={$this->consumerToken->key}";
 
 		return array( $url, $requestToken );
 	}
diff --git a/demo.php b/demo.php
@@ -15,6 +15,7 @@
 	false // do we validate the SSL certificate? Always use 'true' in production.
 );
 $config->canonicalServerUrl = 'http://localhost';
+$config->redirURL = 'https://localhost/view/Special:OAuth?';
 
 $cmrToken = new OAuthToken( $consumerKey, $consumerSecret );
 $client = new MWOAuthClient( $config, $cmrToken );
diff --git a/webdemo.php b/webdemo.php
@@ -0,0 +1,98 @@
+<?php
+
+include 'MWOAuthClient.php';
+$consumerKey = '';
+$consumerSecret = '';
+
+// Configure the connection to the wiki you want to use. Passing title=Special:OAuth as a
+// GET parameter makes the signature easier. Otherwise you need to call
+// $client->setExtraParam('title','Special:OAuth/whatever') for each step.
+// If your wiki uses wgSecureLogin, the canonicalServerUrl will point to http://
+$config = new MWOAuthClientConfig(
+	'http://en.wikipedia.beta.wmflabs.org/w/index.php?title=Special:OAuth', // url to use
+	false, // do we use SSL? (we should probably detect that from the url)
+	false // do we validate the SSL certificate? Always use 'true' in production.
+);
+$config->canonicalServerUrl = 'http://en.wikipedia.beta.wmflabs.org';
+// Optional clean url here (i.e., to work with mobile), otherwise the
+// base url just has /authorize& added
+$config->redirURL = 'http://en.wikipedia.beta.wmflabs.org/wiki/Special:OAuth/authorize?';
+$cmrToken = new OAuthToken( $consumerKey, $consumerSecret );
+$client = new MWOAuthClient( $config, $cmrToken );
+
+session_start();
+
+if ( !isset( $_GET['action'] ) ) {
+	echo "<html><body><p><a href='webdemo.php?action=init'>Start OAuth</a></p></body></html>";
+	exit;
+} else {
+	$action = $_GET['action'];
+}
+
+
+if ( $action == 'init' ) {
+
+	// Step 1 - Get a request token
+	list( $redir, $requestToken ) = $client->initiate();
+	$_SESSION['oauthreqtoken'] = "{$requestToken->key}:{$requestToken->secret}";
+
+	// Step 2 - Have the user authorize your app.
+	header( "Location: $redir" );
+	exit;
+
+} elseif ( $action == 'finish' ) {
+
+	$verifyCode = $_GET['oauth_verifier'];
+	$recKey = $_GET['oauth_token'];
+	list( $requestKey, $requestSecret ) = explode( ':', $_SESSION['oauthreqtoken'] );
+	$requestToken = new OAuthToken( $requestKey, $requestSecret );
+	unset( $_SESSION['oauthreqtoken'] );
+
+	//check for csrf
+	if ( $requestKey !== $recKey ) {
+		die( "CSRF detected" );
+	}
+
+	// Step 3 - Exchange the request token and verification code for an access token
+	$accessToken = $client->complete( $requestToken,  $verifyCode );
+
+	// You're done! Setup your application's session state. Keep the accessToken
+	// to use for later calls by your application into MediaWiki.
+	session_regenerate_id();
+	$identity = $client->identify( $accessToken );
+	$_SESSION['oauthtoken'] = "{$accessToken->key}:{$accessToken->secret}";
+	$_SESSION['username'] = $identity->username;
+
+	// Redirect to your application's main entry point
+	header( "Location: webdemo.php?action=info" );
+
+	exit;
+} elseif ( $action == 'info' ) {
+	// This is what you're app should do for logged in users
+	if ( !isset( $_SESSION['username'] ) || !isset( $_SESSION['oauthtoken'] ) ) {
+		die( "Lost Session, <a href='webdemo.php?action=init'>start over</a>" );
+	}
+
+	list( $accessKey, $accessSecret ) = explode( ':', $_SESSION['oauthtoken'] );
+	$accessToken = new OAuthToken( $accessKey, $accessSecret );
+
+	// Check their current identity
+	$identity = $client->identify( $accessToken );
+	echo "<pre>\n";
+	echo "Authenticated as user {$identity->username}\n";
+
+	// Do a simple API call as the user
+	echo "Getting user info: ";
+	echo $client->makeOAuthCall(
+		$accessToken,
+		'https://localhost/wiki/api.php?action=query&meta=userinfo&uiprop=rights&format=json'
+	);
+	echo "</pre>\n";
+	echo "<a href='webdemo.php?action=logout'>Logout</a>";
+	exit;
+
+} elseif ( $action == 'logout' ) {
+	session_destroy();
+	echo "<a href='webdemo.php?action=init'>Start Over</a>";
+}
+
