upgrade hybridauth

ptibogxiv · Jul 28, 2023 · ee22eb1 · ee22eb1
1 parent ee79fe8
commit ee22eb1
Show file tree

Hide file tree

Showing 6 changed files with 256 additions and 16 deletions.
diff --git a/includes/hybridauth/README.md b/includes/hybridauth/README.md
@@ -3,7 +3,7 @@
 
 [![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://supportukrainenow.org/)
 
-## [Hybridauth](https://hybridauth.github.io/) 3.8
+## [Hybridauth](https://hybridauth.github.io/) 3.10
 
 [![Build Status](https://travis-ci.org/hybridauth/hybridauth.svg?branch=master)](https://travis-ci.org/hybridauth/hybridauth) [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/hybridauth/hybridauth/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/hybridauth/hybridauth/?branch=master) [![Latest Stable Version](https://poser.pugx.org/hybridauth/hybridauth/v/stable.png)](https://packagist.org/packages/hybridauth/hybridauth) [![Join the chat at https://gitter.im/hybridauth/hybridauth](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/hybridauth/hybridauth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 

diff --git a/includes/hybridauth/src/Adapter/OAuth2.php b/includes/hybridauth/src/Adapter/OAuth2.php
@@ -260,6 +260,10 @@ protected function configure()
         if ($this->config->exists('tokens')) {
             $this->setAccessToken($this->config->get('tokens'));
         }
+
+        if ($this->config->exists('supportRequestState')) {
+            $this->supportRequestState = $this->config->get('supportRequestState');
+        }
 
         $this->setCallback($this->config->get('callback'));
         $this->setApiEndpoints($this->config->get('endpoints'));

diff --git a/includes/hybridauth/src/Provider/Apple.php b/includes/hybridauth/src/Provider/Apple.php
@@ -10,15 +10,18 @@
 use Composer\InstalledVersions;
 use Exception;
 use Firebase\JWT\ExpiredException;
+use Hybridauth\Exception\HttpClientFailureException;
+use Hybridauth\Exception\HttpRequestFailedException;
+use Hybridauth\Exception\InvalidAccessTokenException;
 use Hybridauth\Exception\InvalidApplicationCredentialsException;
 use Hybridauth\Exception\UnexpectedValueException;
 
 use Hybridauth\Adapter\OAuth2;
 use Hybridauth\Data;
 use Hybridauth\User;
 
-use phpseclib\Crypt\RSA;
-use phpseclib\Math\BigInteger;
+use phpseclib3\Crypt\PublicKeyLoader;
+use phpseclib3\Math\BigInteger;
 
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
@@ -112,6 +115,7 @@ protected function initialize()
 
     /**
      * {@inheritdoc}
+     * @throws InvalidApplicationCredentialsException
      */
     protected function configure()
     {
@@ -161,6 +165,15 @@ protected function validateAccessTokenExchange($response)
         return $collection;
     }
 
+    /**
+     * Get the user profile
+     *
+     * @throws HttpClientFailureException
+     * @throws InvalidAccessTokenException
+     * @throws UnexpectedValueException
+     * @throws HttpRequestFailedException
+     * @throws Exception
+     */
     public function getUserProfile()
     {
         $id_token = $this->getStoredData('id_token');
@@ -185,18 +198,20 @@ public function getUserProfile()
 
             foreach ($publicKeys->keys as $publicKey) {
                 try {
-                    $rsa = new RSA();
                     $jwk = (array)$publicKey;
 
-                    $rsa->loadKey(
+                    $key = PublicKeyLoader::load(
                         [
                             'e' => new BigInteger(base64_decode($jwk['e']), 256),
                             'n' => new BigInteger(base64_decode(strtr($jwk['n'], '-_', '+/'), true), 256)
                         ]
-                    );
-                    $pem = $rsa->getPublicKey();
+                    )
+                        ->withHash('sha1')
+                        ->withMGFHash('sha1');
+
+                    $pem = (string)$key;
 
-                    $payload = ($this->getJwtVersion() < '6.2') ?
+                    $payload = (version_compare($this->getJwtVersion(), '6.2') < 0) ?
                         JWT::decode($id_token, $pem, ['RS256']) :
                         JWT::decode($id_token, new Key($pem, 'RS256'));
                     break;
@@ -239,26 +254,35 @@ public function getUserProfile()
     }
 
     /**
+     * Get the Apple secret as a JWT token
+     *
      * @return string secret token
+     * @throws InvalidApplicationCredentialsException
      */
     private function getSecret()
     {
         // Your 10-character Team ID
-        if (!$team_id = $this->config->filter('keys')->get('team_id')) {
+        $team_id = $this->config->filter('keys')->get('team_id');
+
+        if (!$team_id) {
             throw new InvalidApplicationCredentialsException(
                 'Missing parameter team_id: your team id is required to generate the JWS token.'
             );
         }
 
         // Your Services ID, e.g. com.aaronparecki.services
-        if (!$client_id = $this->config->filter('keys')->get('id') ?: $this->config->filter('keys')->get('key')) {
+        $client_id = $this->config->filter('keys')->get('id') ?: $this->config->filter('keys')->get('key');
+
+        if (!$client_id) {
             throw new InvalidApplicationCredentialsException(
                 'Missing parameter id: your client id is required to generate the JWS token.'
             );
         }
 
         // Find the 10-char Key ID value from the portal
-        if (!$key_id = $this->config->filter('keys')->get('key_id')) {
+        $key_id = $this->config->filter('keys')->get('key_id');
+
+        if (!$key_id) {
             throw new InvalidApplicationCredentialsException(
                 'Missing parameter key_id: your key id is required to generate the JWS token.'
             );
@@ -269,7 +293,9 @@ private function getSecret()
 
         // Save your private key from Apple in a file called `key.txt`
         if (!$key_content) {
-            if (!$key_file = $this->config->filter('keys')->get('key_file')) {
+            $key_file = $this->config->filter('keys')->get('key_file');
+
+            if (!$key_file) {
                 throw new InvalidApplicationCredentialsException(
                     'Missing parameter key_content or key_file: your key is required to generate the JWS token.'
                 );
@@ -292,13 +318,22 @@ private function getSecret()
             'sub' => $client_id
         ];
 
-        $secret = JWT::encode($data, $key_content, 'ES256', $key_id);
-
-        return $secret;
+        return JWT::encode($data, $key_content, 'ES256', $key_id);
     }
 
+    /**
+     * Try to get the installed JWT version
+     *
+     * If composer 2 is installed use InstalledVersions::getVersion,
+     * otherwise return an empty string because no version check is available
+     *
+     * @return string|null
+     */
     private function getJwtVersion()
     {
-        return InstalledVersions::getVersion('firebase/php-jwt');
+        // assume old JWT version if no version check is possible because composer 1 is installed
+        return class_exists('Composer\InstalledVersions') ?
+            InstalledVersions::getVersion('firebase/php-jwt') :
+            '';
     }
 }
diff --git a/includes/hybridauth/src/Provider/LinkedIn.php b/includes/hybridauth/src/Provider/LinkedIn.php
@@ -42,6 +42,21 @@ class LinkedIn extends OAuth2
      */
     protected $apiDocumentation = 'https://docs.microsoft.com/en-us/linkedin/shared/authentication/authentication';
 
+    /**
+     * {@inheritdoc}
+     */
+    protected function initialize()
+    {
+        parent::initialize();
+
+        if ($this->isRefreshTokenAvailable()) {
+            $this->tokenRefreshParameters += [
+                'client_id' => $this->clientId,
+                'client_secret' => $this->clientSecret
+            ];
+        }
+    }
+
     /**
      * {@inheritdoc}
      */

diff --git a/includes/hybridauth/src/Provider/Mastodon.php b/includes/hybridauth/src/Provider/Mastodon.php
@@ -0,0 +1,123 @@
+<?php
+
+namespace Hybridauth\Provider;
+
+use Hybridauth\Adapter\OAuth2;
+use Hybridauth\Exception\InvalidApplicationCredentialsException;
+use Hybridauth\Exception\UnexpectedApiResponseException;
+use Hybridauth\Data;
+use Hybridauth\User\Profile;
+
+class Mastodon extends OAuth2
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $scope = 'read';
+
+    /**
+     * {@inheritdoc}
+     */
+    protected $apiDocumentation = 'https://docs.joinmastodon.org/spec/oauth/';
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function configure()
+    {
+        parent::configure();
+
+        if (!$this->config->exists('url')) {
+            throw new InvalidApplicationCredentialsException(
+                'You must define a Mastodon instance url'
+            );
+        }
+        $url = $this->config->get('url');
+
+        $this->apiBaseUrl = $url . '/api/v1';
+
+        $this->authorizeUrl = $url . '/oauth/authorize';
+        $this->accessTokenUrl = $url . '/oauth/token';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getUserProfile()
+    {
+        $response = $this->apiRequest('accounts/verify_credentials', 'GET', []);
+
+        $data = new Data\Collection($response);
+
+        if (!$data->exists('id') || !$data->get('id')) {
+            throw new UnexpectedApiResponseException(
+                'Provider API returned an unexpected response.'
+            );
+        }
+
+        $userProfile = new Profile();
+
+        $userProfile->identifier = $data->get('id');
+        $userProfile->displayName = $data->get('username');
+        $userProfile->photoURL =
+            $data->get('avatar') ?: $data->get('avatar_static');
+        $userProfile->webSiteURL = $data->get('url');
+        $userProfile->description = $data->get('note');
+        $userProfile->firstName = $data->get('display_name');
+
+        return $userProfile;
+    }
+
+    public function setUserStatus($status)
+    {
+        // Prepare request parameters.
+        $params = [];
+        if (isset($status['message'])) {
+            $params['status'] = $status['message'];
+        }
+
+        if (isset($status['picture'])) {
+            $headers = [
+                'Content-Type' => 'multipart/form-data',
+            ];
+
+            $pictures = $status['picture'];
+
+            $ids = [];
+
+            foreach ($pictures as $picture) {
+                $images = $this->apiRequest(
+                    $this->config->get('url') . '/api/v2/media',
+                    'POST',
+                    [
+                        'file' => new \CurlFile(
+                            $picture,
+                            'image/jpg',
+                            'filename'
+                        ),
+                    ],
+                    $headers,
+                    true
+                );
+
+                $ids[] = $images->id;
+            }
+
+            $params['media_ids'] = $ids;
+        }
+
+        $headers = [
+            'Content-Type' => 'application/json',
+        ];
+
+        $response = $this->apiRequest(
+            'statuses',
+            'POST',
+            $params,
+            $headers,
+            false
+        );
+
+        return $response;
+    }
+}
diff --git a/includes/hybridauth/src/Provider/Seznam.php b/includes/hybridauth/src/Provider/Seznam.php
@@ -0,0 +1,63 @@
+<?php
+/*!
+* Hybridauth
+* https://hybridauth.github.io | https://github.com/hybridauth/hybridauth
+*  (c) 2017 Hybridauth authors | https://hybridauth.github.io/license.html
+*/
+
+namespace Hybridauth\Provider;
+
+use Hybridauth\Adapter\OAuth2;
+use Hybridauth\Exception\UnexpectedApiResponseException;
+use Hybridauth\Data;
+use Hybridauth\User;
+
+/**
+ * Seznam OAuth2 provider adapter.
+ */
+class Seznam extends OAuth2
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected $apiBaseUrl = 'https://login.szn.cz/';
+
+    /**
+     * {@inheritdoc}
+     */
+    protected $authorizeUrl = 'https://login.szn.cz/api/v1/oauth/auth';
+
+    /**
+     * {@inheritdoc}
+     */
+    protected $accessTokenUrl = 'https://login.szn.cz/api/v1/oauth/token';
+
+    /**
+     * {@inheritdoc}
+     */
+    protected $apiDocumentation = 'https://vyvojari.seznam.cz/oauth/doc';
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getUserProfile()
+    {
+        $response = $this->apiRequest('api/v1/user', 'GET', ['format' => 'json']);
+
+        $data = new Data\Collection($response);
+
+        if (!$data->exists('oauth_user_id')) {
+            throw new UnexpectedApiResponseException('Provider API returned an unexpected response.');
+        }
+
+        $userProfile = new User\Profile();
+
+        $userProfile->identifier = $data->get('oauth_user_id');
+        $userProfile->email = $data->get('account_name');
+        $userProfile->firstName = $data->get('firstname');
+        $userProfile->lastName = $data->get('lastname');
+        $userProfile->photoURL = $data->get('avatar_url');
+
+        return $userProfile;
+    }
+}