Initial commit

Pirati.php

+<?php
+
+namespace OAuth\OAuth2\Service;
+
+use OAuth\OAuth2\Token\StdOAuth2Token;
+use OAuth\Common\Http\Exception\TokenResponseException;
+use OAuth\Common\Http\Uri\Uri;
+use OAuth\Common\Consumer\CredentialsInterface;
+use OAuth\Common\Http\Client\ClientInterface;
+use OAuth\Common\Storage\TokenStorageInterface;
+use OAuth\Common\Http\Uri\UriInterface;
+
+class Pirati extends AbstractService
+{   
+    const SCOPE_OPENID = 'openid';
+    const SCOPE_EMAIL  = 'email';
+
+    public function __construct(
+        CredentialsInterface $credentials,
+        ClientInterface $httpClient,
+        TokenStorageInterface $storage,
+        $scopes = array(),
+        UriInterface $baseApiUri = null
+    ) { 
+
+        parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri, true);
+
+        if (null === $baseApiUri) {
+            $this->baseApiUri = new Uri('https://auth.pirati.cz/auth/realms/pirati/');
+        }
+    }
+
+    public function getAuthorizationUri(array $additionalParameters = array())
+    {   
+        $parameters = array_merge(
+            $additionalParameters,
+            array(
+                //'type'          => 'web_server',
+                'client_id'     => $this->credentials->getConsumerId(),
+                'redirect_uri'  => $this->credentials->getCallbackUrl(),
+                'response_type' => 'code',
+                'scope'         => 'openid email',    // do not mention basic.       
+            )
+        );
+
+        if (!isset($parameters['state'])) {
+            $parameters['state'] = $this->generateAuthorizationState();
+        }
+        $this->storeAuthorizationState($parameters['state']);
+
+        // Build the url
+        $url = clone $this->getAuthorizationEndpoint();
+        foreach ($parameters as $key => $val) {
+            $url->addToQuery($key, $val);
+        }
+        return $url;
+    }
+
+    /**
+    * {@inheritdoc}
+    */
+    public function getAuthorizationEndpoint()
+    {   
+        return new Uri('https://auth.pirati.cz/auth/realms/pirati/protocol/openid-connect/auth');
+    }
+
+    /**
+    * {@inheritdoc}
+    */
+    public function getAccessTokenEndpoint()
+    {   
+        return new Uri('https://auth.pirati.cz/auth/realms/pirati/protocol/openid-connect/token');
+    }
+
+    /**
+    * {@inheritdoc}
+    */
+    protected function getAuthorizationMethod()
+    {   
+        return static::AUTHORIZATION_METHOD_HEADER_BEARER;       
+    }
+
+    /**
+    * {@inheritdoc}
+    */
+    protected function parseAccessTokenResponse($responseBody)
+    {   
+        $data = json_decode($responseBody, true);
+
+        if (null === $data || !is_array($data)) {
+            throw new TokenResponseException('Unable to parse response.');
+        } elseif (isset($data['message'])) {
+            throw new TokenResponseException('Error in retrieving token: "' . $data['message'] . '"');
+        } elseif (isset($data['name'])) {
+            throw new TokenResponseException('Error in retrieving token: "' . $data['name'] . '"');
+        }
+
+        $token = new StdOAuth2Token();
+        $token->setAccessToken($data['access_token']);
+        $token->setLifeTime($data['expires_in']);
+
+        if (isset($data['refresh_token'])) {
+            $token->setRefreshToken($data['refresh_token']);
+            unset($data['refresh_token']);
+        }
+
+        unset($data['access_token']);
+        unset($data['expires_in']);
+
+        $token->setExtraParams($data);
+
+        return $token;
+    }
+
+    /**
+    * {@inheritdoc}
+    */
+    public function requestAccessToken($code, $state = null)
+    {   
+        if (null !== $state) {
+            $this->validateAuthorizationState($state);
+        }
+
+        $bodyParams = array(
+            'code'          => $code,
+            'client_id'     => $this->credentials->getConsumerId(),
+            'client_secret' => $this->credentials->getConsumerSecret(),
+            'redirect_uri'  => $this->credentials->getCallbackUrl(),
+            'grant_type'    => 'authorization_code',
+        );
+
+        $responseBody = $this->httpClient->retrieveResponse(
+            $this->getAccessTokenEndpoint(),
+            $bodyParams,
+            $this->getExtraOAuthHeaders()
+        );
+
+        $token = $this->parseAccessTokenResponse($responseBody);
+        $this->storage->storeAccessToken($this->service(), $token);
+
+        return $token;
+    }
+}

README.md

+# Pirátská identita OAuth2 extension
+
+## Install
+
+1. Download the latest release.
+2. Unzip the downloaded release, and copy to your phpbb `ext` folder. (The files should now be located unter ./ext/pirati/pitid/)
+3. Copy `Pirati.php` to `vendor/lusitanian/oauth/src/OAuth/OAuth2/Service` 
+4. Navigate in the ACP to `Customise -> Manage extensions`.
+5. Look for `Piratska Identita (Auth Extension)` under the Disabled Extensions list, and click its `Enable` link.
+
+## Uninstall
+
+1. Navigate in the ACP to `Customise -> Extension Management -> Extensions`.
+2. Look for `Piratska Identita (Auth Extension)` under the Enabled Extensions list, and click its `Disable` link.
+3. To permanently uninstall, click `Delete Data` and then delete the `./ext/pirati/pitid/` folder.
+
+## License
+[GNU General Public License v2](http://opensource.org/licenses/GPL-2.0)

composer.json

+{
+    "name": "pirates/pirid",
+    "type": "phpbb-extension",
+    "description": "Piratska Identita (Auth Extension)",
+    "homepage": "https://gitlab.pirati.cz/to/phpbb-oauth2-pirati/",
+    "version": "0.1.0",
+    "time": "2022-09-10",
+    "keywords": ["phpbb", "extension", "pirati", "sso"],
+    "license": "GPL-2.0-only",
+    "authors": [
+        {
+            "name": "Andrej Ramaszeuski",
+            "email": "andrej.ramaseuski@pirati.cz",
+            "homepage": "https://gitlab.pirati.cz/ramaseuski",
+            "role": "System Administrator"
+        }
+    ],
+    "require": {
+        "php": ">=5.4.0",
+        "composer/installers": "~1.0"
+    },
+    "require-dev": {
+        "phpbb/epv": "dev-master"
+    },
+    "extra": {
+        "display-name": "Piratska Identita (Auth Extension)",
+        "soft-require": {
+            "phpbb/phpbb": "~3.2"
+        }
+    }
+}

config/services.yml

+services:
+    auth.provider.oauth.service.pirati:
+        class: pirates\pirid\pirati
+        arguments:
+            - '@config'
+            - '@request'
+        tags:
+            - { name: auth.provider.oauth.service }

language/cs/acp/common.php

+<?php
+
+if (!defined('IN_PHPBB'))
+{
+   exit;
+}
+
+if (empty($lang) || !is_array($lang))
+{
+	$lang = array();
+}
+
+$lang = array_merge($lang, array(
+   'AUTH_PROVIDER_OAUTH_SERVICE_PIRATI' => 'Pirátská identita',
+));

language/cs/common.php

+<?php
+
+if (!defined('IN_PHPBB'))
+{
+   exit;
+}
+
+if (empty($lang) || !is_array($lang))
+{
+	$lang = array();
+}
+
+$lang = array_merge($lang, array(
+   'AUTH_PROVIDER_OAUTH_SERVICE_PIRATI' => 'Pirátská identita',
+));

language/en/acp/common.php

+<?php
+
+if (!defined('IN_PHPBB'))
+{
+   exit;
+}
+
+if (empty($lang) || !is_array($lang))
+{
+	$lang = array();
+}
+
+$lang = array_merge($lang, array(
+   'AUTH_PROVIDER_OAUTH_SERVICE_PIRATI' => 'Pirate identity',
+));

language/en/common.php

+<?php
+
+if (!defined('IN_PHPBB'))
+{
+   exit;
+}
+
+if (empty($lang) || !is_array($lang))
+{
+	$lang = array();
+}
+
+$lang = array_merge($lang, array(
+   'AUTH_PROVIDER_OAUTH_SERVICE_PIRATI' => 'Pirate identity',
+));

pirati.php

+<?php
+/**
+*
+* This file is not a part of the phpBB Forum Software package.
+*
+* @copyleft (c) Czech Pirates Party <https://www.pirati.cz>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+*/
+
+
+namespace pirates\pirid;
+
+/**
+* Pirati OAuth service
+*/
+class pirati extends \phpbb\auth\provider\oauth\service\base
+{
+
+    /**
+    * phpBB config
+    *
+    * @var \phpbb\config\config
+    */
+    protected $config;
+
+    /**
+    * phpBB request
+    *
+    * @var \phpbb\request\request_interface
+    */
+    protected $request;
+
+    /**
+    * Constructor
+    *
+    * @param    \phpbb\config\config               $config
+    * @param    \phpbb\request\request_interface   $request
+    */
+    public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
+    {
+
+	$this->config = $config;
+        $this->request = $request;
+    
+	global $phpbb_container;
+        $language = $phpbb_container->get('language');
+        $language->add_lang(array('common', 'acp/common'), 'pirates/pirid');
+
+    }
+
+    public function get_external_service_class()
+    {
+            return 'Pirati';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function get_auth_scope()
+    {
+            return [
+                   'openid',
+                   'email',
+            ];
+    }
+
+    /**
+    * {@inheritdoc}
+    */
+    public function get_service_credentials()
+    {
+        return array(
+            'key'     => $this->config['auth_oauth_pirid_key'],
+            'secret'  => $this->config['auth_oauth_pirid_secret'],
+        );
+    }
+
+    /**
+    * {@inheritdoc}
+    */
+    public function perform_auth_login()
+    {
+      if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Pirati))
+        {
+            throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+        }
+
+        try
+        {
+                // This was a callback request, get the token
+                $this->service_provider->requestAccessToken($this->request->variable('code', ''));
+        }
+        catch (\OAuth\Common\Http\Exception\TokenResponseException $e)
+        {
+                throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+        }
+
+        try
+        {
+                // Send a request with it
+                $result = (array) json_decode($this->service_provider->request('protocol/openid-connect/userinfo'), true);
+        }
+        catch (\OAuth\Common\Exception\Exception $e)
+        {
+                throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+        }
+
+        // Prevent SQL error
+        if (!isset($result['preferred_username']))
+        {
+                throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_RETURN_ERROR');
+        }
+
+        return $result['sub'];
+
+    }
+
+    /**
+    * {@inheritdoc}
+    */
+    public function perform_token_auth()
+    {
+        if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Pirati))
+        {
+            throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+        }
+
+        try
+        {
+                // Send a request with it
+                $result = (array) json_decode($this->service_provider->request('protocol/openid-connect/userinfo'), true);
+        }
+        catch (\OAuth\Common\Exception\Exception $e)
+        {
+                throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+        }
+
+	// Prevent SQL error
+        if (!isset($result['preferred_username']))
+        {
+                throw new exception('AUTH_PROVIDER_OAUTH_RETURN_ERROR');
+        }
+
+        return $result['sub'];
+   
+    }
+}