From fbddc7c7eb074532a0f038d68605f9ce9dd14c11 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Sun, 28 Jun 2020 01:30:03 +0300 Subject: [PATCH 1/7] Unable to use GitHub OAuth provider Fixes #456 --- src/Appwrite/Auth/OAuth2.php | 2 +- src/Appwrite/Auth/OAuth2/GitHub.php | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Appwrite/Auth/OAuth2.php b/src/Appwrite/Auth/OAuth2.php index 2882746608..5a92049fce 100644 --- a/src/Appwrite/Auth/OAuth2.php +++ b/src/Appwrite/Auth/OAuth2.php @@ -138,7 +138,7 @@ abstract class OAuth2 \curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); \curl_setopt($ch, CURLOPT_HEADER, 0); \curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - \curl_setopt($ch, CURLOPT_USERAGENT, ''); + \curl_setopt($ch, CURLOPT_USERAGENT, 'Appwrite OAuth2'); if (!empty($payload)) { \curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); diff --git a/src/Appwrite/Auth/OAuth2/GitHub.php b/src/Appwrite/Auth/OAuth2/GitHub.php index 882f2d3f2a..73a0793e9e 100644 --- a/src/Appwrite/Auth/OAuth2/GitHub.php +++ b/src/Appwrite/Auth/OAuth2/GitHub.php @@ -15,7 +15,7 @@ class Github extends OAuth2 * @var array */ protected $scopes = [ - 'user:email' + 'user', ]; /** @@ -78,6 +78,7 @@ class Github extends OAuth2 { $user = $this->getUser($accessToken); + var_dump($user); if (isset($user['id'])) { return $user['id']; } @@ -125,7 +126,7 @@ class Github extends OAuth2 * @return array */ protected function getUser(string $accessToken) - { + { if (empty($this->user)) { $this->user = \json_decode($this->request('GET', 'https://api.github.com/user', ['Authorization: token '.\urlencode($accessToken)]), true); } From caefe03bc30e769b14843fa2b3713f073d3b5f20 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Sun, 28 Jun 2020 01:39:35 +0300 Subject: [PATCH 2/7] Unable to use GitHub OAuth provider Fixes #456 --- docker-compose.yml | 2 +- src/Appwrite/Auth/OAuth2/GitHub.php | 136 ---------------------------- 2 files changed, 1 insertion(+), 137 deletions(-) delete mode 100644 src/Appwrite/Auth/OAuth2/GitHub.php diff --git a/docker-compose.yml b/docker-compose.yml index 26a2ed016f..2a8265d00d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,7 @@ services: - ./phpunit.xml:/usr/share/nginx/html/phpunit.xml - ./tests:/usr/share/nginx/html/tests - ./app:/usr/share/nginx/html/app - # - ./vendor:/usr/share/nginx/html/vendor + - ./vendor:/usr/share/nginx/html/vendor - ./docs:/usr/share/nginx/html/docs - ./public:/usr/share/nginx/html/public - ./src:/usr/share/nginx/html/src diff --git a/src/Appwrite/Auth/OAuth2/GitHub.php b/src/Appwrite/Auth/OAuth2/GitHub.php deleted file mode 100644 index 73a0793e9e..0000000000 --- a/src/Appwrite/Auth/OAuth2/GitHub.php +++ /dev/null @@ -1,136 +0,0 @@ - $this->appID, - 'redirect_uri' => $this->callback, - 'scope' => \implode(' ', $this->getScopes()), - 'state' => \json_encode($this->state) - ]); - } - - /** - * @param string $code - * - * @return string - */ - public function getAccessToken(string $code):string - { - $accessToken = $this->request( - 'POST', - 'https://github.com/login/oauth/access_token', - [], - \http_build_query([ - 'client_id' => $this->appID, - 'redirect_uri' => $this->callback, - 'client_secret' => $this->appSecret, - 'code' => $code - ]) - ); - - $output = []; - - \parse_str($accessToken, $output); - - if (isset($output['access_token'])) { - return $output['access_token']; - } - - return ''; - } - - /** - * @param $accessToken - * - * @return string - */ - public function getUserID(string $accessToken):string - { - $user = $this->getUser($accessToken); - - var_dump($user); - if (isset($user['id'])) { - return $user['id']; - } - - return ''; - } - - /** - * @param $accessToken - * - * @return string - */ - public function getUserEmail(string $accessToken):string - { - $emails = \json_decode($this->request('GET', 'https://api.github.com/user/emails', ['Authorization: token '.\urlencode($accessToken)]), true); - - foreach ($emails as $email) { - if ($email['primary'] && $email['verified']) { - return $email['email']; - } - } - - return ''; - } - - /** - * @param $accessToken - * - * @return string - */ - public function getUserName(string $accessToken):string - { - $user = $this->getUser($accessToken); - - if (isset($user['name'])) { - return $user['name']; - } - - return ''; - } - - /** - * @param string $accessToken - * - * @return array - */ - protected function getUser(string $accessToken) - { - if (empty($this->user)) { - $this->user = \json_decode($this->request('GET', 'https://api.github.com/user', ['Authorization: token '.\urlencode($accessToken)]), true); - } - - return $this->user; - } -} From e1387b5e809c02dba67ccbc28975bccffc9c7bc1 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Sun, 28 Jun 2020 01:40:36 +0300 Subject: [PATCH 3/7] Fixed capital letter issue --- src/Appwrite/Auth/OAuth2/Github.php | 136 ++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 src/Appwrite/Auth/OAuth2/Github.php diff --git a/src/Appwrite/Auth/OAuth2/Github.php b/src/Appwrite/Auth/OAuth2/Github.php new file mode 100644 index 0000000000..73a0793e9e --- /dev/null +++ b/src/Appwrite/Auth/OAuth2/Github.php @@ -0,0 +1,136 @@ + $this->appID, + 'redirect_uri' => $this->callback, + 'scope' => \implode(' ', $this->getScopes()), + 'state' => \json_encode($this->state) + ]); + } + + /** + * @param string $code + * + * @return string + */ + public function getAccessToken(string $code):string + { + $accessToken = $this->request( + 'POST', + 'https://github.com/login/oauth/access_token', + [], + \http_build_query([ + 'client_id' => $this->appID, + 'redirect_uri' => $this->callback, + 'client_secret' => $this->appSecret, + 'code' => $code + ]) + ); + + $output = []; + + \parse_str($accessToken, $output); + + if (isset($output['access_token'])) { + return $output['access_token']; + } + + return ''; + } + + /** + * @param $accessToken + * + * @return string + */ + public function getUserID(string $accessToken):string + { + $user = $this->getUser($accessToken); + + var_dump($user); + if (isset($user['id'])) { + return $user['id']; + } + + return ''; + } + + /** + * @param $accessToken + * + * @return string + */ + public function getUserEmail(string $accessToken):string + { + $emails = \json_decode($this->request('GET', 'https://api.github.com/user/emails', ['Authorization: token '.\urlencode($accessToken)]), true); + + foreach ($emails as $email) { + if ($email['primary'] && $email['verified']) { + return $email['email']; + } + } + + return ''; + } + + /** + * @param $accessToken + * + * @return string + */ + public function getUserName(string $accessToken):string + { + $user = $this->getUser($accessToken); + + if (isset($user['name'])) { + return $user['name']; + } + + return ''; + } + + /** + * @param string $accessToken + * + * @return array + */ + protected function getUser(string $accessToken) + { + if (empty($this->user)) { + $this->user = \json_decode($this->request('GET', 'https://api.github.com/user', ['Authorization: token '.\urlencode($accessToken)]), true); + } + + return $this->user; + } +} From 8c5ae66b77e1a37720af7dce24dcffd0c5dc33aa Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Sun, 28 Jun 2020 01:56:48 +0300 Subject: [PATCH 4/7] Require less permissions by default --- src/Appwrite/Auth/OAuth2/Github.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Appwrite/Auth/OAuth2/Github.php b/src/Appwrite/Auth/OAuth2/Github.php index 73a0793e9e..cd02252092 100644 --- a/src/Appwrite/Auth/OAuth2/Github.php +++ b/src/Appwrite/Auth/OAuth2/Github.php @@ -15,7 +15,7 @@ class Github extends OAuth2 * @var array */ protected $scopes = [ - 'user', + 'user:email', ]; /** From a8848e770fb928619b9a6739c32f1b6ba9ed5649 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Sun, 28 Jun 2020 08:58:16 +0300 Subject: [PATCH 5/7] Updated deps --- composer.lock | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/composer.lock b/composer.lock index 595045b9b5..a7d030f06a 100644 --- a/composer.lock +++ b/composer.lock @@ -2141,24 +2141,23 @@ "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "790426f28bfcbfc1a6f1d59ee8c986edfa45395c" + "reference": "664187301bfbc87e686df212094e6817805c3ab8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/790426f28bfcbfc1a6f1d59ee8c986edfa45395c", - "reference": "790426f28bfcbfc1a6f1d59ee8c986edfa45395c", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/664187301bfbc87e686df212094e6817805c3ab8", + "reference": "664187301bfbc87e686df212094e6817805c3ab8", "shasum": "" }, "require": { - "ext-filter": "^7.1", - "php": "^7.2", + "ext-filter": "*", + "php": "^7.2 || ^8.0", "phpdocumentor/reflection-common": "^2.0", "phpdocumentor/type-resolver": "^1.0", "webmozart/assert": "^1" }, "require-dev": { - "doctrine/instantiator": "^1", - "mockery/mockery": "^1" + "mockery/mockery": "1.3.*" }, "type": "library", "extra": { @@ -2186,7 +2185,7 @@ } ], "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", - "time": "2020-06-19T18:58:43+00:00" + "time": "2020-06-27T17:33:53+00:00" }, { "name": "phpdocumentor/type-resolver", From d1587e5ceeaffcc3cdad14941fa3f287da89f474 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Sun, 28 Jun 2020 12:00:12 +0300 Subject: [PATCH 6/7] Unable to use GitHub OAuth provider Fixes #456 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2a8265d00d..0ec0701b70 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,7 @@ services: - ./phpunit.xml:/usr/share/nginx/html/phpunit.xml - ./tests:/usr/share/nginx/html/tests - ./app:/usr/share/nginx/html/app - - ./vendor:/usr/share/nginx/html/vendor + # - ./vendor:/usr/share/nginx/html/vendor - ./docs:/usr/share/nginx/html/docs - ./public:/usr/share/nginx/html/public - ./src:/usr/share/nginx/html/src From a6158178346d7f2c1eaf17bad19db69876deb5e6 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Sun, 28 Jun 2020 12:04:27 +0300 Subject: [PATCH 7/7] Updated changelog --- CHANGES.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES.md b/CHANGES.md index f9c56062c7..ce47a26783 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -36,6 +36,7 @@ - Fixed bug preventing the deletion of the project logo - Fixed Bug when trying to overwrite OAuth cookie in the Flutter SDK - Fixed OAuth redirect when using the self-hosted instance default success URL ([#454](https://github.com/appwrite/appwrite/issues/454)) +- Fixed bug denying authentication with Github OAuth provider ## Security