Merge pull request #6 from cluebotng/move-to-oauth

Implement Wikimedia OAuth for access
cluebotng · Jul 24, 2021 · 397a2fc · 397a2fc
2 parents e83a2ca + 5265464
commit 397a2fc
Show file tree

Hide file tree

Showing 13 changed files with 147 additions and 168 deletions.
diff --git a/composer.json b/composer.json
@@ -7,7 +7,8 @@
         "phpmd/phpmd" : "@stable"
     },
     "require": {
-        "monolog/monolog": "^1.17"
+        "monolog/monolog": "^1.17",
+        "mediawiki/oauthclient": "^1.0"
     },
     "config": {
         "platform": {

diff --git a/composer.lock b/composer.lock
diff --git a/composer.phar b/composer.phar
diff --git a/includes/header.php b/includes/header.php
@@ -4,10 +4,10 @@
 error_reporting(E_ALL | E_STRICT);
 session_start();
 
+require_once 'vendor/autoload.php';
 require_once 'includes/Page.php';
 require_once 'web-settings.php';
 require_once 'includes/dbFunctions.php';
-require_once 'includes/recaptchalib.php';
 
 foreach (glob('pages/*.page.php') as $page) {
     require_once $page;

diff --git a/includes/index.tpl.php b/includes/index.tpl.php
@@ -5,7 +5,6 @@
     <link type='text/css' rel='stylesheet' href='index.css'>
     <link type='text/css' rel='stylesheet' href='diff.css'>
     <title>ClueBot NG Report Interface</title>
-    <script src='https://www.google.com/recaptcha/api.js'></script>
 </head>
 <body>
 <div id="top">

diff --git a/includes/recaptchalib.php b/includes/recaptchalib.php
diff --git a/pages/CreateAccount.page.php b/pages/CreateAccount.page.php
diff --git a/pages/Options.page.php b/pages/Options.page.php
@@ -17,15 +17,6 @@ public function __construct()
             $query = "UPDATE `users` SET `next_on_review` = '" . mysqli_real_escape_string($mysql, $next_on_review) . "'";
             $_SESSION['next_on_review'] = ($next_on_review) ? true : false;
 
-            if (trim($_POST['email']) != "") {
-                $query .= ", `email` = '" . mysqli_real_escape_string($mysql, $_POST['email']) . "'";
-                $_SESSION['email'] = mysqli_real_escape_string($mysql, $_POST['email']);
-            }
-
-            if (trim($_POST['password']) != "") {
-                $query .= ", `password` = PASSWORD('" . mysqli_real_escape_string($mysql, $_POST['password']) . "')";
-            }
-
             $query .= " WHERE `userid` = '" . mysqli_real_escape_string($mysql, $_SESSION['userid']) . "'";
             mysqli_query($mysql, $query);
 
@@ -45,15 +36,11 @@ public function writeContent()
             echo '<p>Saved!</p>';
         }
         echo '<form action="" method="post">';
-        echo '<h3>Change password</h3>';
-        echo '<p>(Leave blank to ignore change)</p>';
-        echo '<p>Password: <input type="text" id="password" name="password" value="" /></p>';
 
         echo '<h3>General options</h3>';
         echo '<p>Redirect on review: <input type="checkbox" id="next_on_review" name="next_on_review" value="Yes"';
         echo ($_SESSION['next_on_review']) ? ' checked=checked' : '';
         echo ' /></p>';
-        echo '<p>Email: <input type="text" id="email" name="email" value="' . $_SESSION['email'] . '" /></p>';
 
         echo '<p><input id="submit" name="submit" type="submit" value="Save" /></p>';
         echo '</form>';

diff --git a/pages/SignIn.page.php b/pages/SignIn.page.php
@@ -2,48 +2,94 @@
 
 namespace ReportInterface;
 
+use MediaWiki\OAuthClient\Client;
+use MediaWiki\OAuthClient\ClientConfig;
+use MediaWiki\OAuthClient\Consumer;
+use MediaWiki\OAuthClient\Token;
+
 class SignInPage extends Page
 {
-    public function __construct()
+    private function lookupUser($username)
     {
         global $mysql;
-        if (isset($_POST['submit'])) {
-            $query = 'SELECT `userid`, `username`, `admin`, `superadmin`, `next_on_review`, `email` FROM `users` WHERE `username` = ';
-            $query .= '\'' . mysqli_real_escape_string($mysql, $_POST['username']) . '\' AND `password` = ';
-            $query .= 'PASSWORD(\'' . mysqli_real_escape_string($mysql, $_POST['password']) . '\')';
-            $row = mysqli_fetch_assoc(mysqli_query($mysql, $query));
-            if ($row) {
-                $_SESSION['userid'] = $row['userid'];
-                $_SESSION['next_on_review'] = $row['next_on_review'] ? true : false;
-                $_SESSION['email'] = $row['email'];
-                $_SESSION['username'] = $row['username'];
-                $_SESSION['admin'] = $row['admin'] ? true : false;
-                $_SESSION['sadmin'] = $row['superadmin'] ? true : false;
+        $query = 'SELECT `userid`, `username`, `admin`, `superadmin`, `next_on_review`, `email` FROM `users` WHERE `username` = ';
+        $query .= '\'' . mysqli_real_escape_string($mysql, $username) . '\'';
+        return mysqli_fetch_assoc(mysqli_query($mysql, $query));
+    }
 
-                header('Location: ?page=List');
-                die();
-            } else {
+    private function createUser($username)
+    {
+        global $mysql;
+        $query = 'INSERT INTO `users` (`username`,`admin`) VALUES (';
+        $query .= '\'' . mysqli_real_escape_string($mysql, $username) . '\',';
+        $query .= '0)';
+        mysqli_query($mysql, $query);
+    }
+
+    public function __construct()
+    {
+        global $oauthConsumerKey, $oauthConsumerSecret;
+        $conf = new ClientConfig('https://en.wikipedia.org/w/index.php?title=Special:OAuth');
+        $conf->setConsumer(new Consumer($oauthConsumerKey, $oauthConsumerSecret));
+        $client = new Client($conf);
+
+        if (isset($_GET['oauth_verifier'])) {
+            // Callback URL - verify
+            $requestToken = new Token($_SESSION['request_key'], $_SESSION['request_secret']);
+            $accessToken = $client->complete($requestToken, $_GET['oauth_verifier']);
+            $identity = $client->identify($accessToken);
+
+            // We are done with these
+            unset($_SESSION['request_key']);
+            unset($_SESSION['request_secret']);
+
+            if (!$identity) {
                 header('Location: ?page=Sign+In');
                 die();
             }
+
+            if ($identity->blocked) {
+                print('Access blocked');
+                die();
+            }
+
+            // This is a bit odd, but basically we lazy create users
+            $user = $this->lookupUser($identity->username);
+            if (!$user) {
+                $this->createUser($identity->username);
+                $user = $this->lookupUser($identity->username);
+            }
+
+            // If we managed to do the dance above, then we are logged in
+            if ($user) {
+                $_SESSION['userid'] = $user['userid'];
+                $_SESSION['next_on_review'] = $user['next_on_review'] ? true : false;
+                $_SESSION['username'] = $user['username'];
+                $_SESSION['admin'] = $user['admin'] ? true : false;
+                $_SESSION['sadmin'] = $user['superadmin'] ? true : false;
+
+                header('Location: ?page=List');
+                die();
+            }
+
+            // Else go through the process again
+            header('Location: ?page=Sign+In');
+            die();
+        } else {
+            // SignIn URl - redirect
+            list($authUrl, $token) = $client->initiate();
+            $_SESSION['request_key'] = $token->key;
+            $_SESSION['request_secret'] = $token->secret;
+
+            header('Location: ' . $authUrl);
+            die();
         }
     }
 
     public function writeHeader()
     {
         echo 'Sign In';
     }
-
-    public function writeContent()
-    {
-        echo '<form method="post">';
-        echo '<table>';
-        echo '<tr><th>Username:</th><td><input type="text" name="username" /></td></tr>';
-        echo '<tr><th>Password:</th><td><input type="password" name="password" /></td></tr>';
-        echo '<tr><td colspan=2><input type="submit" name="submit" value="Sign In" /></td></tr>';
-        echo '</table>';
-        echo '</form>';
-    }
 }
 
 if (!isset($_SESSION['username'])) {

diff --git a/pages/SignOut.page.php b/pages/SignOut.page.php
@@ -7,7 +7,7 @@ class SignOutPage extends Page
     public function __construct()
     {
         session_destroy();
-        header('Location: ?page=Sign+In');
+        header('Location: ?page=List');
         die();
     }
 

diff --git a/pages/View.page.php b/pages/View.page.php
@@ -7,8 +7,6 @@ class ViewPage extends Page
     private $row;
     private $id;
     private $data;
-    private $bad_captca;
-    private $bad_comment;
 
     public function __construct()
     {
@@ -22,25 +20,11 @@ public function __construct()
             die();
         }
 
-        if (isset($_POST['submit'])) {
+        if (isset($_POST['submit']) && isset($_SESSION['username'])) {
             if (trim($_POST['comment']) != '') {
-                $this->bad_captca = false;
-                if (!isset($_SESSION['username'])) {
-                    if (!recaptca_is_valid()) {
-                        $this->bad_captca = true;
-                    }
-                }
-
-                $this->bad_comment = false;
-                if (strpos($_POST['comment'], 'http://') !== false) {
-                    $this->bad_comment = true;
-                }
-
-                if ($this->bad_captca === false && $this->bad_comment === false) {
-                    createComment($this->id, $_POST['user'], $_POST['comment']);
-                    header('Location: ?page=View&id=' . $this->id);
-                    die();
-                }
+                createComment($this->id, $_SESSION['username'], $_POST['comment']);
+                header('Location: ?page=View&id=' . $this->id);
+                die();
             }
         }