Commit 8aff13e2 authored by Steve Johnson's avatar Steve Johnson

first commit

parents
./log
./auth/log
./auth/cookies
./auth/userapps
./auth/applications/*
This diff is collapsed.
{
"friendlyName" : "My DropBox",
"uuid" : "eb974160-c084-4330-b327-b32ac6239ca7c",
"clientId" : "a0f540z7cz2knc8",
"clientSecret" : "wrxl81aeij091db",
"shared" : {
"url" : "atg/mse/html/demo/dbxmedia/dbxms.html"
},
"remote" : {
"url" : "atg/mse/html/demo/dbxmedia/dbxmr.html"
},
"authType" : "oauth",
"serviceProvider" : "dropbox",
"defaultUser" : "demo@shareddom.ws",
"description" : "",
"enableInst" : "To enable access to your DropBox Account, click the button below. You will be asked to sign in to Dropbox account to allow this application to display your photos on the second screen.",
"disableInst" : "To disable access to your DropBox Account, click the button below"
}
\ No newline at end of file
{
"friendlyName" : "USPS",
"uuid" : "eb977160-c084-4370-b329-b32ac62391234",
"clientId" : "usps_id0123456789",
"clientSecret" : "usps_secret0123456789",
"type" : "login",
"remoteLoginUrl" : "/atg/mse/usps/php/remote_authenticate.php",
"authType" : "oauth",
"serviceProvider" : "usps",
"description" : "",
"enableInst" : "To enable logins to your USPS Account by scanning a QR Code with your mobile device, click the button below. You will be asked to sign in to your USPS account to enable this feature."
}
\ No newline at end of file
{
"friendlyName" : "My DropBox",
"uuid" : "eb974160-c084-4330-b327-b32ac6239ca7c",
"clientId" : "a0f540z7cz2knc8",
"clientSecret" : "wrxl81aeij091db",
"shared" : {
"url" : "atg/mse/html/demo/dbxmedia/dbxms.html"
},
"remote" : {
"url" : "atg/mse/html/demo/dbxmedia/dbxmr.html"
},
"authType" : "oauth",
"serviceProvider" : "dropbox",
"defaultUser" : "demo@shareddom.ws",
"description" : "",
"enableInst" : "To enable access to your DropBox Account, click the button below. You will be asked to sign in to Dropbox account to allow this application to display your photos on the second screen.",
"disableInst" : "To disable access to your DropBox Account, click the button below"
}
\ No newline at end of file
{
"friendlyName" : "YouTube Trailers",
"uuid" : "38e1b3a3-cc8a-482f-a201-26914fb4f79c",
"shared" : {
"url" : "atg/mse/html/demo/ytt/ytts.html"
},
"remote" : {
"url" : "atg/mse/html/demo/ytt/yttr.html"
},
"exclude" : "true",
"authType" : "default",
"serviceProvider" : "cablelabs", "description" : "This application lets you view YouTube Trailers on your TV using a Chromecast device.",
"enableInst" : "To enable this application, click the button below.",
"disableInst" : "To disable this application, click the button below"
}
\ No newline at end of file
{
"friendlyName" : "My YouTube",
"uuid" : "eb974160-c024-4330-b127-b32ac62373366",
"clientId" : "137729263103-ife92s9rq363ufnkigkngblkofl56b51.apps.googleusercontent.com",
"clientSecret" : "yd_FkKN4q2Kv7b_VGCZDe0sV",
"shared" : {
"url" : "atg/mse/html/demo/youTubeChannels/ytcs.html"
},
"remote" : {
"url" : "atg/mse/html/demo/youTubeChannels/ytcr.html"
},
"authType" : "oauth",
"serviceProvider" : "google",
"defaultUser" : "demo@shareddom.ws",
"description" : "",
"enableInst" : "To enable access to your YouTube Account, click the button below. You will be asked to sign in to YouTube account to allow this application to display your photos on the second screen.",
"disableInst" : "To disable access to your YouTube Account, click the button below"
}
\ No newline at end of file
<?php
// Here to get a default access token. This uses only MSO authentication
// to authorize a user to access an application
// Called from sessionToken.php
function auth_default($uid, $appid) {
$token = array();
$token['sp_email'] = $uid.'@mycableco.com';
$token['sp_user'] = $uid;
$token['appid'] = $appid;
$token['auth_type'] = 'default';
// Set cookie type and create a cookie
//$user = array();
//$user['uid'] = $uid;
//$user['duration'] = 3600;
//$token = array();
//set_user_cookie($user, $token);
// Update auth file
save_userapp($uid, $appid, $token);
// We always succeed
$token_json = json_encode($token);
header('HTTP/1.0 200 OK');
header('Content-type: application/json');
echo $token_json;
}
?>
<?php
/*
Here to get a Dropbox access token.
User must have previously authenticated with Dropbox through the MSE user portal. The access
token is valid until revoked (no refresh token)
Called from sessionToken.php
*/
function auth_dropbox($uid, $appid) {
// Token is static, no refresh required.
$auth = load_userapp($uid, $appid);
if (!$auth) {
header('HTTP/1.0 404 Not Found');
dbg_log("auth_dropbox - userapp not found for user/app: ".$uid." - ".$appid);
echo "<h4>404 Not Found.</h4>";
echo "<p>uid: ".$uid." appid: ".$appid;
exit(1);
}
dbg_log("auth record: ".$auth);
// Add our application identifier (informational)
$auth['appid'] = $appid;
// Return token to caller
$auth_json = json_encode($auth);
// Return token to caller
header('HTTP/1.0 200 OK');
header('Content-type: application/json');
echo $auth_json;
}
// Don't think this is needed.
/*
function logout_dropbox() {
unset($_SESSION['access_token']);
}
*/
// Here to generate a DropBox access token.
function authurl_dropbox($appid, $redirect_uri) {
$app = load_application($appid);
$client_id = $app['clientId'];
$url = "https://www.dropbox.com/1/oauth2/authorize?response_type=code&client_id=".$client_id."&redirect_uri=".$redirect_uri;
dbg_log("authurl_dropbox: ".$url);
return $url;
}
/* Sample responses
- code: (code expires in one hour from issue)
7JzIe4Mbv8AAAAAAAAAAARwzIWLDrgIw_0fuBk8M9ck
- token:
{
"access_token": "q_LNXMgn-k0AAAAAAAAAAaNjHU9yBp4dqHGwVQDNrdL5p9VPOXczMcuCVnhXD3sc",
"token_type": "bearer",
"uid": "9518453"
}
- account info:
{
"referral_link": "https://db.tt/32Ld5W8I",
"display_name": "S J",
"uid": 9518453,
"country": "US",
"quota_info": {
"datastores": 0,
"shared": 358496,
"quota": 5100273664,
"normal": 3136970287
},
"email": "steve@svenyonson.com"
}
*/
/*
function parse_response($ch,$response) {
$result = array();
$header_size = curl_getinfo($ch,CURLINFO_HEADER_SIZE);
$result['header'] = substr($response, 0, $header_size);
$result['body'] = substr( $response, $header_size );
$result['http_status'] = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$result['last_url'] = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
//dbg_log("parse_response: ".$response);
//dbg_log(" - http_status: ".$result['http_status']);
//dbg_log(" - header_size: ".$header_size);
//dbg_log(" - header: ".$result['header']);
//dbg_log(" - body: ".$result['body']);
return $result;
}
*/
/*
// This is only used for debugging (commented out below)
function exec_curl_log($ch) {
if (!isset($_SESSION['request_num'])) {
$_SESSION['request_num'] = 0;
}
$log_dir = dirname(__FILE__).'/log';
if (!file_exists($log_dir)) {
mkdir($log_dir, 0777, true);
}
$f = fopen($log_dir.'/request_'.$_SESSION['request_num'].'.txt', 'w');
curl_setopt_array($ch, array(
//CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FOLLOWLOCATION => 1,
CURLOPT_VERBOSE => 1,
CURLOPT_STDERR => $f,
));
$response = curl_exec($ch);
fclose($f);
$_SESSION['request_num'] = $_SESSION['request_num']+1;
return $response;
}
*/
// Here to redeem an access code for an access token. We pass the redirect_uri only
// for validation - no redirect occurs.
function access_token_dropbox($appid, $code, $redirect_uri) {
dbg_log("access_token_dropbox(".$appid.", ".$code.", ".$redirect_uri);
global $client_id, $client_secret;
$app = load_application($appid);
$client_id = $app['clientId'];
$client_secret = $app['clientSecret'];
$url = "https://api.dropbox.com/1/oauth2/token?code=".$code."&grant_type=authorization_code";
$fields = array('client_id' => $client_id, 'client_secret' => $client_secret, 'redirect_uri' => $redirect_uri);
dbg_log(" - fields: ".json_encode($fields));
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
$response = exec_curl_log($ch);
//$response = curl_exec($ch);
$message = parse_response($ch, $response);
curl_close($ch);
dbg_log("access_token_dropbox - POST (token) response: ".$message['http_status']);
if ($message['http_status'] == 200) {
$token = json_decode($message['body'], true);
$access_token = $token['access_token'];
$auth_str = "Bearer ".$access_token;
dbg_log("auth_str: ".$auth_str);
$url = "https://api.dropbox.com/1/account/info";
// Note: $options is an array of strings, not an associative array!!
$options = array('Authorization: '.$auth_str);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $options);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
$response = curl_exec($ch);
//$response = exec_curl_log($ch);
$message = parse_response($ch, $response);
curl_close($ch);
dbg_log("access_token_dropbox - GET (account/info) response: ".$message['http_status']);
if ($message['http_status'] == 200) {
$account_info = json_decode($message['body'], true);
$email = $account_info['email'];
$token['sp_email'] = $email;
$pieces = explode("@",$email);
if (count($pieces)>1) {
$token['sp_user'] = $pieces[0];
}
}
else {
$token['sp_email'] = "unknown";
}
$token_json = json_encode($token);
dbg_log("token: ".$token_json);
return $token_json;
}
else {
dbg_log("error: ".$response);
}
return NULL;
}
?>
<?php
/*
Here to get a Google access token.
User must have previously authenticated with Google through the MSE user portal, which gives us a refresh token.
We use the refresh token to generate a new token, good for one hour.
*/
set_include_path("../../api/" . PATH_SEPARATOR . get_include_path());
require_once 'Google/Client.php';
$client = null;
// Called from sessionToken.php
function auth_google($uid, $appid) {
// Authorization file for this user/app must exist
$userapps_dir = dirname(__FILE__).'/userapps/'.$uid;
$auth_file = $userapps_dir.'/'.$appid.'_auth.json'; // eg. ./userapps/fred/drive_auth.json
if (!file_exists($auth_file)) {
header('HTTP/1.0 404 Not Found');
echo "<h4>404 Not Found</h4>";
exit(1);
}
// File must minimally contain a refresh token
$auth_json = file_get_contents($auth_file);
$auth = json_decode($auth_json,true);
if (!isset($auth['refresh_token'])) {
header('WWW-Authenticate: Basic/MSE realm='.$realm);
header('HTTP/1.0 401 Unauthorized');
echo "<h4>Unauthorized - Missing Refresh Token.</h4>";
echo "(".$auth_json.")";
exit(1);
}
$refresh_token = $auth['refresh_token'];
$app = load_application($appid);
$client_id = $app['clientId'];
$client_secret = $app['clientSecret'];
$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setRedirectUri($redirect_uri);
$client->setScopes(array('email', 'https://www.googleapis.com/auth/drive','https://www.googleapis.com/auth/userinfo.profile'));
$client->setAccessType('offline');
// Get new access token
$client->refreshToken($refresh_token);
$token_json = $client->getAccessToken();
// Insert/replace token in auth record. Leave existing refresh token intact.
$token = json_decode($token_json, true);
$auth['access_token'] = $token['access_token'];
$auth['expires_in'] = $token['expires_in'];
$auth['created'] = $token['created'];
$auth_json = json_encode($auth);
$fp = fopen($auth_file, 'w');
fwrite($fp, $auth_json);
fclose($fp);
// Return token to caller
header('HTTP/1.0 200 OK');
header('Content-type: application/json');
echo $token_json;
}
// Uncomment to test this script standalone
//auth_google("demo", "drive");
function logout_google() {
unset($_SESSION['access_token']);
}
function authurl_google($appid, $redirect_uri) {
$app = load_application($appid);
$client_id = $app['clientId'];
$client_secret = $app['clientSecret'];
$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setApprovalPrompt('force');
$client->setRedirectUri($redirect_uri);
$client->setScopes(array('https://www.googleapis.com/auth/youtube','https://www.googleapis.com/auth/userinfo.profile'));
//https://www.googleapis.com/auth/youtube
$client->setAccessType('offline');
// Retain for callbacks
$_SESSION['redirect_uri'] = $redirect_uri;
$_SESSION['client_id'] = $client_id;
$_SESSION['client_secret'] = $client_secret;
return $client->createAuthUrl();
}
function access_token_google($uid, $code) {
$client_id = $_SESSION['client_id'];
$client_secret = $_SESSION['client_secret'];
$redirect_uri = $_SESSION['redirect_uri'];
$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setRedirectUri($redirect_uri);
$client->authenticate($code);
$access_token_json = $client->getAccessToken();
$access_token = json_decode($access_token_json,true);
$token_data = $client->verifyIdToken()->getAttributes();
// strip username from email
$pieces = explode("@", $token_data['payload']['email']);
$access_token['sp_user'] = $pieces[0];
return json_encode($access_token);
}
?>
<?php
/*
Here to get a USPS access token.
User must have previously authenticated with USPS through the MSE user portal. The access
token is valid until revoked (no refresh token)
Called from usps/php/login_token.php
*/
function auth_usps($uid, $appid) {
// Token is static, no refresh required.
$auth = load_userapp($uid, $appid);
if (!$auth) {
header('HTTP/1.0 404 Not Found');
dbg_log("auth_usps - userapp not found for user/app: ".$uid." - ".$appid);
echo "<h4>404 Not Found.</h4>";
echo "<p>uid: ".$uid." appid: ".$appid;
exit(1);
}
dbg_log("auth record: ".$auth);
// Add our application identifier (informational)
$auth['appid'] = $appid;
// Return token to caller
$auth_json = json_encode($auth);
// Return token to caller
header('HTTP/1.0 200 OK');
header('Content-type: application/json');
echo $auth_json;
}
function login_usps($uid, $appid, $ccode) {
dbg_log("login_usps: ".$uid." - ".$appid." - ".$ccode);
$realm = 'MSE User Authentication';
// Token is static, no refresh required.
$auth = load_userapp($uid, $appid);
if (!$auth) {
header("WWW-Authenticate: Basic/MSE realm=$realm");
header("HTTP/1.0 401 Unauthorized");
dbg_log("login_usps - user not authorized for service: ".$uid." - ".$appid);
echo "<h4>login_usps - user not authorized for service: ".$uid." - ".$appid."</h4>";
exit(1);
}
$app = load_application($appid);
$url = base_uri().$app['remoteLoginUrl'];
$fields = array('token' => $auth['access_token'], 'code' => $ccode);
dbg_log(" - ".$url." - fields: ".json_encode($fields));
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
$response = exec_curl_log($ch);
//$response = curl_exec($ch);
$message = parse_response($ch, $response);
curl_close($ch);
dbg_log(" - response: ".json_encode($message));
}
// Don't think this is needed.
/*
function logout_usps() {
unset($_SESSION['access_token']);
}
*/
// Here to generate a USPS access token.
function authurl_usps($appid, $redirect_uri) {
$app = load_application($appid);
$client_id = $app['clientId'];
//$url = "https://www.usps.com/1/oauth2/authorize?response_type=code&client_id=".$client_id."&redirect_uri=".$redirect_uri;
$url = base_uri()."/mse/test/usps/php/oauth2/authorize?response_type=code&client_id=".$client_id."&redirect_uri=".$redirect_uri;
dbg_log("authurl_usps: ".$url);
return $url;
}
/*
function parse_response($ch,$response) {
$result = array();
$header_size = curl_getinfo($ch,CURLINFO_HEADER_SIZE);
$result['header'] = substr($response, 0, $header_size);
$result['body'] = substr( $response, $header_size );
$result['http_status'] = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$result['last_url'] = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
return $result;
}
*/
/*
// This is only used for debugging (commented out below)
function exec_curl_log($ch) {
if (!isset($_SESSION['request_num'])) {
$_SESSION['request_num'] = 0;
}
$log_dir = dirname(__FILE__).'/log';
if (!file_exists($log_dir)) {
mkdir($log_dir, 0777, true);
}
$f = fopen($log_dir.'/request_'.$_SESSION['request_num'].'.txt', 'w');
curl_setopt_array($ch, array(
//CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FOLLOWLOCATION => 1,