Refactor to allow adding oauth clients via hook_farm_oauth_client, an…

…d enable via system settings form.
farmOS · Jan 28, 2020 · 6fef5f2 · 6fef5f2
1 parent 3bc447d
commit 6fef5f2
Show file tree

Hide file tree

Showing 2 changed files with 218 additions and 17 deletions.
diff --git a/modules/farm/farm_api/farm_api_oauth/farm_api_oauth.farm_access.inc b/modules/farm/farm_api/farm_api_oauth/farm_api_oauth.farm_access.inc
@@ -0,0 +1,20 @@
+<?php
+/**
+ * @file
+ * Farm Access hooks implemented by farm_api_oauth module.
+ */
+
+/**
+ * Implements hook_farm_access_perms().
+ */
+function farm_api_oauth_farm_access_perms($role) {
+  // Load the list of farm roles.
+  $roles = farm_access_roles();
+
+  if (!empty($roles[$role]['access']['config'])) {
+    return array('administer oauth clients');
+  }
+  else {
+    return array();
+  }
+}
diff --git a/modules/farm/farm_api/farm_api_oauth/farm_api_oauth.module b/modules/farm/farm_api/farm_api_oauth/farm_api_oauth.module
@@ -5,6 +5,18 @@
  * Farm API OAuth Module.
  */
 
+/**
+ * Implements hook_permission().
+ */
+function farm_api_oauth_permission() {
+  $perms = array(
+    'administer oauth clients' => array(
+      'title' => t('Administer farmOS OAuth Clients.'),
+    ),
+  );
+  return $perms;
+}
+
 /**
  * Implements hook_menu().
  */
@@ -18,9 +30,170 @@ function farm_api_oauth_menu(){
     'access arguments' => array('use oauth2 server'),
   ];
 
+  // OAuth client configuration form.
+  $items['admin/config/farm/oauth'] = array(
+    'title' => 'OAuth',
+    'description' => 'OAuth Client settings.',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('farm_api_oauth_settings_form'),
+    'access arguments' => array('administer oauth clients'),
+  );
+
   return $items;
 }
 
+/**
+ * Implements hook_farm_oauth_client
+ */
+function farm_api_oauth_farm_oauth_client() {
+  $clients = array();
+
+  // Provide default farmos_api_client
+  $clients['farmos_api_client'] = array(
+    'label' => "farmOS API",
+    'description' => "A built in OAuth Client for interfacing with the farmOS API.",
+    'client_key' => "farmos_api_client",
+    'redirect_uri' => url('api/authorized', array('absolute'=>TRUE)),
+  );
+
+  return $clients;
+}
+
+/**
+ * OAuth client configuration form.
+ */
+function farm_api_oauth_settings_form($form, &$form_state) {
+  // Ask modules for oauth client rediect uri.
+  $clients = module_invoke_all('farm_oauth_client');
+
+  if (empty($clients)) {
+    $form['empty'] = array(
+      '#type' => 'markup',
+      '#markup' => 'There are no OAuth Clients available.',
+    );
+    return $form;
+  }
+
+  // Create a set of checkboxes for the clients.
+  $options = array();
+  foreach ($clients as $key => $client) {
+    if (!empty($client['label'])) {
+      $options[$key] = $client['label'];
+    }
+  }
+
+  // Load the list of enabled quick forms from a variable.
+  $enabled_oauth_clients = variable_get('farm_api_oauth_enabled_clients', array());
+
+  // Display as a list of checkboxes.
+  $form['farm_api_oauth_enabled_clients'] = array(
+    '#type' => 'checkboxes',
+    '#title' => t('Enable or disable OAuth Clients.'),
+    '#options' => $options,
+    '#default_value' => $enabled_oauth_clients,
+  );
+
+  // Wrap it in a system settings form.
+  $form = system_settings_form($form);
+  $form['#submit'][] = 'farm_api_oauth_settings_form_submit';
+
+  // Return the form.
+  return $form;
+
+}
+
+/**
+ * Form submit handler for farm_api_oauth_settings_form
+ */
+function farm_api_oauth_settings_form_submit(array $form, array &$form_state) {
+
+  // Save the submitted form values.
+  $submitted = $form_state['values']['farm_api_oauth_enabled_clients'];
+
+  // Filter only the enabled clients.
+  $submitted_enabled = array_filter($submitted);
+
+  // Start an array to collect existing clients.
+  // It is easier to check this list than an array of
+  // OAuth2 Server Client entities.
+  $enabled_clients = array();
+
+  // Load oauth2_server clients
+  $query = new EntityFieldQuery();
+  $query->entityCondition('entity_type', 'oauth2_server_client');
+  $result = $query->execute();
+
+  // Check if we need to disable any existing clients.
+  if (isset($result['oauth2_server_client'])) {
+
+    // Load the entities
+    $client_ids = array_keys($result['oauth2_server_client']);
+    $active_clients = entity_load('oauth2_server_client', $client_ids);
+
+    // Check for the "client_key" in supplied hooks.
+    foreach ($active_clients as $active_client) {
+      // Load the client key.
+      $client_wrapper = entity_metadata_wrapper('oauth2_server_client', $active_client);
+      $client_key = $client_wrapper->client_key->value();
+      $client_label = $client_wrapper->label->value();
+
+      // Check if client is included with the the form.
+      if (isset($submitted[$client_key])) {
+
+        // See if the client should be enabled.
+        $enabled = isset($submitted_enabled[$client_key]);
+
+        // If disabled, remove the client.
+        if (!$enabled) {
+
+          // Delete OAuth2 Server Client Entity
+          $client_id = $client_wrapper->getIdentifier();
+          entity_delete('oauth2_server_client', $client_id);
+
+          // Notify that client was disabled.
+          drupal_set_message('Disabled OAuth Client: ' . $client_label);
+        } else {
+
+          // This client is still enabled. Add to enabled list.
+          $enabled_clients[] = $client_key;
+        }
+      }
+    }
+  }
+
+  // Ask modules for oauth clients.
+  $clients = module_invoke_all('farm_oauth_client');
+  foreach($clients as $client) {
+
+    // Save the client key.
+    $client_key = $client['client_key'];
+
+    // See if the client should be enabled.
+    $enabled = isset($submitted_enabled[$client_key]);
+
+    // Enable the client if not already enabled.
+    if ($enabled && !in_array($client_key, $enabled_clients)) {
+
+      $server_name = variable_get('farmos_oauth2_server_name', 'farmos_oauth');
+
+      // Create OAuth2 Server Client Entity
+      $new_client = entity_create('oauth2_server_client', array());
+      $new_client->server = $server_name;
+      $new_client->label = $client['label'];
+      $new_client->client_key = $client['client_key'];
+      // The module supports entering multiple redirect uris separated by a
+      // newline. Both a dummy and the real uri are specified to confirm that
+      // validation passes.
+      $new_client->redirect_uri = $client['redirect_uri'];
+      $new_client->automatic_authorization = FALSE;
+      $new_client->save();
+
+      // Notify that client was created.
+      drupal_set_message('Created OAuth Client for ' . $client['label']);
+    }
+  }
+}
+
 /**
  * Implements hook_form().
  * Callback page after authorizing OAuth2 farmOS API Clients.
@@ -167,17 +340,19 @@ function farm_api_oauth_enable(){
   $scope->description = 'Allow access to farmOS server info.';
   $scope->save();
 
-  // Create an OAuth2 Client for general Farm API access.
-  $client = entity_create('oauth2_server_client', array());
-  $client->server = $server->name;
-  $client->label = 'farmOS API';
-  $client->client_key = 'farmos_api_client';
-  // The module supports entering multiple redirect uris separated by a
-  // newline. Both a dummy and the real uri are specified to confirm that
-  // validation passes.
-  $client->redirect_uri = url('api/authorized', array('absolute' => TRUE));
-  $client->automatic_authorization = FALSE;
-  $client->save();
+  // Add community-trusted OAuth Clients.
+  $enabled_clients = array(
+    'farmos_api_client'=>'farmos_api_client',
+  );
+  variable_set('farm_api_oauth_enabled_clients', $enabled_clients);
+
+  // Enable oauth clients.
+  // Prepare a form_state with values to submit.
+  $form_state = array();
+  $form_state['values']['farm_api_oauth_enabled_clients'] = $enabled_clients;
+
+  // Submit the oauth config form to enable clients.
+  drupal_form_submit('farm_api_oauth_settings_form', $form_state);
 }
 
 /**
@@ -189,14 +364,20 @@ function farm_api_oauth_disable(){
   // potentially delete other configured OAuth2 Servers and Scopes.
   $server_name = variable_get('restws_oauth2_server_name', 'farmos_oauth');
 
-  // Delete farmOS OAuth Client.
-  $query = new EntityFieldQuery();
-  $query->entityCondition('entity_type', 'oauth2_server_client')
-      ->entityCondition('client_key', 'farmos_api_client');
-  $result = $query->execute();
-  if (isset($result['oauth2_server_client'])) {
+  // Get enabled OAuth Clients.
+  $enabled_clients = variable_get('farm_api_oauth_enabled_clients', array());
+
+  foreach ($enabled_clients as $client_key) {
+
+    // Delete OAuth Client.
+    $query = new EntityFieldQuery();
+    $query->entityCondition('entity_type', 'oauth2_server_client')
+      ->entityCondition('client_key', $client_key);
+    $result = $query->execute();
+    if (isset($result['oauth2_server_client'])) {
       $client_id = array_keys($result['oauth2_server_client']);
       entity_delete('oauth2_server_client', $client_id);
+    }
   }
 
   // Delete farmOS OAuth Scopes.