oauth2_loginprovider.module

<?php
/**
 * @file
 * Module file for oauth2_loginprovider.
 */

/**
 * Implements hook_ctools_plugin_api().
 */
function oauth2_loginprovider_ctools_plugin_api() {
  list($module, $api) = func_get_args();
  if ($module == "services" && $api == "services") {
    return array("version" => "3");
  }
}

/**
 * Implements hook_default_oauth2_server().
 */
function oauth2_loginprovider_default_oauth2_server() {
  $items = array();
  $items['oauth2'] = entity_import('oauth2_server', '{
    "name" : "oauth2",
    "label" : "OAuth2 Server",
    "settings" : {
      "enforce_state" : true,
      "default_scope" : "user_profile",
      "allow_implicit" : 1,
      "grant_types" : {
        "authorization_code" : "authorization_code",
        "client_credentials" : "client_credentials",
        "refresh_token" : "refresh_token",
        "password" : "password"
      },
      "always_issue_new_refresh_token" : 1,
      "access_lifetime" : "3600",
      "refresh_token_lifetime" : "1209600",
      "require_exact_redirect_uri" : 0
    },
    "rdf_mapping" : [],
    "scopes" : [ { "name" : "user_profile", "description" : "Access to the User Profile", "rdf_mapping" : [] } ]
  }');
  return $items;
}

/**
 * Implements hook_user_default_permissions().
 */
function oauth2_loginprovider_user_default_permissions() {
  $permissions = array();

  // Exported permission: use oauth2 server.
  $permissions['use oauth2 server'] = array(
    'name' => 'use oauth2 server',
    'roles' => array(
      0 => 'administrator',
      1 => 'anonymous user',
      2 => 'authenticated user',
    ),
    'module' => 'oauth2_server',
  );

  return $permissions;
}

/**
 * Implements hook_default_services_endpoint().
 */
function oauth2_loginprovider_default_services_endpoint() {
  $endpoints = array();

  $endpoint = new stdClass();
  $endpoint->disabled = FALSE; /* Edit this to true to make a default endpoint disabled initially */
  $endpoint->api_version = 3;
  $endpoint->label = 'OAuth2 Login Provider';
  $endpoint->name = 'oauth2_login_provider';
  $endpoint->server = 'rest_server';
  $endpoint->path = 'oauth2';
  $endpoint->authentication = array(
    'oauth2_server' => array(
      'server' => 'oauth2',
    ),
  );
  $endpoint->server_settings = array(
    'formatters' => array(
      'bencode' => TRUE,
      'json' => TRUE,
      'jsonp' => TRUE,
      'php' => TRUE,
      'xml' => TRUE,
    ),
    'parsers' => array(
      'application/json' => TRUE,
      'application/vnd.php.serialized' => TRUE,
      'application/x-www-form-urlencoded' => TRUE,
      'application/xml' => TRUE,
      'multipart/form-data' => TRUE,
      'text/xml' => TRUE,
    ),
  );
  $endpoint->resources = array(
    'user_profile' => array(
      'operations' => array(
        'index' => array(
          'enabled' => '1',
          'settings' => array(
            'oauth2_server' => array(
              'require_authentication' => '1',
              'scope' => 'user_profile',
            ),
          ),
        ),
      ),
    ),
    'user' => array(
      'actions' => array(
        'profile' => array(
          'enabled' => '1',
          'settings' => array(
            'oauth2_server' => array(
              'require_authentication' => '1',
              'scope' => 'user_profile',
            ),
          ),
        ),
      ),
    ),
  );
  $endpoint->debug = 0;
  $endpoints[$endpoint->name] = $endpoint;

  return $endpoints;
}

/**
 * Implements hook_services_resources().
 */
function oauth2_loginprovider_services_resources() {
  $resources['user_profile']['operations']['index'] = array(
    'help' => t('Provides the profile data of the authenticated user.'),
    'callback' => 'oauth2_loginprovider_user_profile_callback',
    'access callback' => 'user_is_logged_in',
  );
  $resources['user']['actions']['profile'] = array(
    'help' => t('Provides the profile data of the authenticated user.'),
    'callback' => 'oauth2_loginprovider_user_profile_callback',
    'access callback' => 'user_is_logged_in',
  );
  return $resources;
}

/**
 * Returns the data of the authenticated user.
 */
function oauth2_loginprovider_user_profile_callback() {
  global $user;

  $data = (array) $user;
  unset($data['pass']);

  // Add the full URL to the user picture, if one is present.
  if (variable_get('user_pictures', FALSE) && isset($data['picture']->uri)) {
    $data['picture']->url = file_create_url($data['picture']->uri);
  }

  // Add the profileURL field.
  $path = drupal_get_path_alias('user/' . $data['uid']);
  $data['profileURL'] = url($path, ['absolute' => TRUE]);

  // Allow any other modules to modify the user data.
  drupal_alter('oauth2_loginprovider_userprofile', $data);

  return (object) $data;
}

/**
 * Implements hook_user_logout().
 */
function oauth2_loginprovider_user_logout($account) {
  if (!isset($_SERVER['HTTP_REFERER']))  return;
  if (!isset($_GET['token']))  return;

  // Check that the referer is one of the registered hosts.
  $http_referer = $_SERVER['HTTP_REFERER'];
  $host = parse_url($http_referer, PHP_URL_HOST);
  $token = $_GET['token'];
  $client_hosts = _oauth2_loginprovider_get_client_hosts($token);
  if (!in_array($host, $client_hosts))  return;

  // Redirect back to the original page.
  drupal_register_shutdown_function('_redirect_to_the_original_page', $http_referer);
}

/**
 * Return the registered hosts of the client that has the given token.
 */
function _oauth2_loginprovider_get_client_hosts($token) {
  $client_ids = array();
  $query = new EntityFieldQuery();
  $entities = $query->entityCondition('entity_type', 'oauth2_server_token')
    ->propertyCondition('type', 'access')
    ->propertyCondition('token',  $token)
    ->execute();
  if (isset($entities['oauth2_server_token'])) {
    $entity_ids = array_keys($entities['oauth2_server_token']);
    $tokens = entity_load('oauth2_server_token', $entity_ids);
    foreach ($tokens as $id => $token) {
      $client_ids[] = $token->client_id;
    }
  }

  $client_hosts = array();
  $clients = entity_load('oauth2_server_client', $client_ids);
  foreach ($clients as $id => $client) {
    $client_hosts[] = parse_url($client->redirect_uri, PHP_URL_HOST);
  }

  return $client_hosts;
}

/**
 * Redirect back to the original page.
 */
function _redirect_to_the_original_page($url) {
  drupal_goto($url);
}

/**
 * Get a list of oauth2_server clients.
 */
function oauth2_client_list() {
  $query = new EntityFieldQuery();
  $query->entityCondition('entity_type', 'oauth2_server_client')
    ->propertyCondition('server', 'oauth2', '=');

  $result = $query->execute();
  $clients = array();
  if (isset($result['oauth2_server_client'])) {
    $client_nids = array_keys($result['oauth2_server_client']);
    $clients = entity_load('oauth2_server_client', $client_nids);
  }
  return $clients;
}

/**
 * Create a new oauth2_server client.
 */
function oauth2_client_add($client_key, $client_secret, $redirect_uri) {
  // Delete the given client if already exists.
  oauth2_client_del($client_key);

  // Register a client on the oauth2 server.
  $client = entity_create('oauth2_server_client', array());
  $client->server = 'oauth2';
  $client->label = $client_key;
  $client->client_key = $client_key;
  $client->client_secret = oauth2_server_hash_client_secret($client_secret);
  $client->redirect_uri = $redirect_uri;
  $client->automatic_authorization = TRUE;
  $client->save();
}

/**
 * Delete the given client if exists.
 */
function oauth2_client_del($client_key) {
  $query = new EntityFieldQuery();
  $query->entityCondition('entity_type', 'oauth2_server_client')
    ->propertyCondition('server', 'oauth2')
    ->propertyCondition('client_key',  $client_key);
  $result = $query->execute();
  if (isset($result['oauth2_server_client'])) {
    $cids = array_keys($result['oauth2_server_client']);
    foreach ($cids as $cid) {
      entity_delete('oauth2_server_client', $cid);
    }
  }
}