View source
<?php
class OAuth2ServerUIController extends EntityDefaultUIController {
public function hook_menu() {
$items = parent::hook_menu();
$items[$this->path]['description'] = 'Manage servers and their associated clients and scopes.';
unset($items[$this->path . '/add']['title callback']);
unset($items[$this->path . '/add']['title arguments']);
unset($items[$this->path . '/import']['title callback']);
unset($items[$this->path . '/import']['title arguments']);
$items[$this->path . '/add']['title'] = 'Add server';
$items[$this->path . '/import']['title'] = 'Import server';
return $items;
}
protected function overviewTableHeaders($conditions, $rows, $additional_header = array()) {
$additional_header[] = t('Clients');
$additional_header[] = t('Scopes');
return parent::overviewTableHeaders($conditions, $rows, $additional_header);
}
protected function overviewTableRow($conditions, $id, $entity, $additional_cols = array()) {
$additional_cols[] = l(t('clients'), $this->path . '/manage/' . $id . '/clients');
$additional_cols[] = l(t('scopes'), $this->path . '/manage/' . $id . '/scopes');
return parent::overviewTableRow($conditions, $id, $entity, $additional_cols);
}
public function operationForm($form, &$form_state, $entity, $op) {
if ($op == 'delete') {
$query = new EntityFieldQuery();
$query
->entityCondition('entity_type', 'oauth2_server_scope');
$query
->propertyCondition('server', $entity->name);
$query
->count();
$num_scopes = $query
->execute();
$num_clients = 0;
if ($num_scopes == 0) {
$query = new EntityFieldQuery();
$query
->entityCondition('entity_type', 'oauth2_server_client');
$query
->propertyCondition('server', $entity->name);
$query
->count();
$num_clients = $query
->execute();
}
if ($num_scopes > 0 || $num_clients > 0) {
drupal_set_message(t('This server has associated scopes and/or clients, it cannot be deleted.'), 'error');
return array();
}
}
return parent::operationForm($form, $form_state, $entity, $op);
}
}
function oauth2_server_form($form, &$form_state, $server, $op = 'edit') {
$new_server = entity_create('oauth2_server', array());
$server->settings += $new_server->settings;
if ($op == 'clone') {
$server->label .= ' (cloned)';
}
$form['#tree'] = TRUE;
$form['label'] = array(
'#title' => t('Label'),
'#type' => 'textfield',
'#default_value' => $server->label,
'#description' => t('The human-readable name of this server.'),
'#required' => TRUE,
);
$form['name'] = array(
'#type' => 'machine_name',
'#default_value' => $server->name,
'#disabled' => entity_has_status('oauth2_server', $server, ENTITY_IN_CODE) || $op == 'edit',
'#machine_name' => array(
'exists' => 'oauth2_server_load',
'source' => array(
'label',
),
),
'#description' => t('A unique machine-readable name for this server. It must only contain lowercase letters, numbers, and underscores.'),
);
field_attach_form('oauth2_server', $server, $form, $form_state);
$form['settings'] = array(
'#type' => 'fieldset',
'#title' => t('Settings'),
);
$form['settings']['enforce_state'] = array(
'#type' => 'value',
'#value' => $server->settings['enforce_state'],
);
$form['settings']['default_scope'] = array(
'#type' => 'value',
'#value' => $server->settings['default_scope'],
);
$form['settings']['allow_implicit'] = array(
'#type' => 'checkbox',
'#title' => t('Allow the implicit flow'),
'#description' => t('Allows clients to receive an access token without the need for an authorization request token.'),
'#default_value' => !empty($server->settings['allow_implicit']),
);
$form['settings']['use_openid_connect'] = array(
'#type' => 'checkbox',
'#title' => t('Use OpenID Connect'),
'#description' => t("Strongly recommended for login providers."),
'#default_value' => !empty($server->settings['use_openid_connect']),
'#access' => extension_loaded('openssl'),
);
$documentation_link = l('documentation', 'http://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens/');
$form['settings']['use_crypto_tokens'] = array(
'#type' => 'checkbox',
'#title' => t('Use JWT Access Tokens'),
'#description' => t("Sends encrypted JWT access tokens that aren't stored in the database. See the !documentation for more details.", array(
'!documentation' => $documentation_link,
)),
'#default_value' => !empty($server->settings['use_crypto_tokens']),
'#access' => extension_loaded('openssl'),
);
$grant_types = oauth2_server_grant_types();
$grant_type_options = array();
foreach ($grant_types as $type => $grant_type) {
$grant_type_options[$type] = $grant_type['name'];
}
$form['settings']['grant_types'] = array(
'#type' => 'checkboxes',
'#title' => t('Enabled grant types'),
'#options' => $grant_type_options,
'#default_value' => $server->settings['grant_types'],
);
foreach ($grant_types as $type => $grant_type) {
if (isset($grant_type['default settings'])) {
$server->settings += $grant_type['default settings'];
}
if (isset($grant_type['settings callback'])) {
$dom_ids = array();
$dom_ids[] = 'edit-settings-grant-types-' . str_replace('_', '-', $type);
$form['settings'] += $grant_type['settings callback']($server->settings, $dom_ids);
}
}
$form['settings']['advanced_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Advanced settings'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
);
$form['settings']['advanced_settings']['access_lifetime'] = array(
'#type' => 'textfield',
'#title' => t('Access token lifetime'),
'#description' => t('The number of seconds the access token will be valid for.'),
'#default_value' => $server->settings['access_lifetime'],
'#size' => 11,
);
$form['settings']['advanced_settings']['id_lifetime'] = array(
'#type' => 'textfield',
'#title' => t('ID token lifetime'),
'#description' => t('The number of seconds the ID token will be valid for.'),
'#default_value' => $server->settings['id_lifetime'],
'#size' => 11,
'#states' => array(
'visible' => array(
'#edit-settings-use-openid-connect' => array(
'checked' => TRUE,
),
),
),
);
$form['settings']['advanced_settings']['refresh_token_lifetime'] = array(
'#type' => 'textfield',
'#title' => t('Refresh token lifetime'),
'#description' => t('The number of seconds the refresh token will be valid for. 0 for forever.'),
'#default_value' => $server->settings['refresh_token_lifetime'],
'#size' => 11,
);
$form['settings']['advanced_settings']['require_exact_redirect_uri'] = array(
'#type' => 'checkbox',
'#title' => t('Require exact redirect uri'),
'#description' => t("Require the redirect url to be an exact match of the client's redirect url\n If not enabled, the redirect url in the request can contain additional segments, such as a query string."),
'#default_value' => isset($server->settings['require_exact_redirect_uri']) ? $server->settings['require_exact_redirect_uri'] : TRUE,
);
$form['actions'] = array(
'#type' => 'actions',
);
$form['actions']['submit'] = array(
'#type' => 'submit',
'#value' => t('Save server'),
'#weight' => 40,
);
if (!entity_has_status('oauth2_server', $server, ENTITY_IN_CODE) && !in_array($op, array(
'add',
'clone',
))) {
$form['actions']['delete'] = array(
'#type' => 'submit',
'#value' => t('Delete server'),
'#weight' => 45,
'#limit_validation_errors' => array(),
'#submit' => array(
'oauth2_server_form_submit_delete',
),
);
}
return $form;
}
function oauth2_server_form_validate($form, &$form_state) {
entity_form_field_validate('oauth2_server', $form, $form_state);
}
function oauth2_server_form_submit(&$form, &$form_state) {
$previous_settings = $form_state['build_info']['args'][0]->settings;
$form_state['values']['settings'] += $form_state['values']['settings']['advanced_settings'];
unset($form_state['values']['settings']['advanced_settings']);
$server = entity_ui_form_submit_build_entity($form, $form_state);
$server
->save();
$previous_value = !empty($previous_settings['use_openid_connect']);
$current_value = !empty($server->settings['use_openid_connect']);
if (!$previous_value && $current_value) {
$site_name = variable_get('site_name', 'Drupal');
$openid_scopes = array(
'openid' => format_string('Know who you are on @site', array(
'@site' => $site_name,
)),
'offline_access' => "Access the API when you're not present.",
'email' => 'View your email address.',
'profile' => 'View basic information about your account.',
);
foreach ($openid_scopes as $name => $description) {
$scope = entity_create('oauth2_server_scope', array());
$scope->server = $server->name;
$scope->name = $name;
$scope->description = $description;
$scope
->save();
}
}
if ($previous_value && !$current_value) {
$scope_names = array(
'openid',
'offline_access',
'email',
'profile',
);
$scopes = oauth2_server_scope_load_multiple($server->name, $scope_names);
foreach ($scopes as $scope) {
$scope
->delete();
}
if (in_array($server->settings['default_scope'], $scope_names)) {
$server->settings['default_scope'] = '';
$server
->save();
}
}
$form_state['redirect'] = 'admin/structure/oauth2-servers';
}
function oauth2_server_form_submit_delete(&$form, &$form_state) {
$form_state['redirect'] = 'admin/structure/oauth2-servers/manage/' . $form_state['oauth2_server']->name . '/delete';
}