v1.3.0: 2 bug fixes, 2 new features

* Fix execute permissions on interface pages (visit ACP > Community > OAuth2 Server > Applications to fix)
* Fix double-login required on initial visit (RFC3986 compatible argument passing)
* Enable site template on authorization page
* Allow localisation of "Yes" and "No" on authorization page

Closes #16
Closes #6
Closes #7

Author: wohali

data/versions.json

@@ -6,5 +6,6 @@
     "102001": "1.2.1",
     "102002": "1.2.2",
     "102003": "1.2.3",
-    "102004": "1.2.4"
-}
+    "102004": "1.2.4",
+    "103000": "1.3.0"
+}

dev/html/front/server/authorize.phtml

@@ -7,7 +7,7 @@
 {{endforeach}}
 </ul>
 <form method="post">
-    <input type="submit" class="input_submit" name="authorized" value="Yes" />
-    <input type="submit" class="input_submit ipsButton_secondary" name="authorized" value="No" />
+    <button name="authorized" class="input_submit" value="Yes" type="submit">{lang="authorize_yes"}</button>
+    <button name="authorized" class="input_submit ipsButton_secondary" value="No">{lang="authorize_no"}</button>
     <input type="hidden" name="csrfKey" value="{expression="\IPS\Session::i()->csrfKey"}" />
 </form>

dev/lang.php

@@ -28,5 +28,8 @@
     'task__expiretokens' => "Expires obsolete access tokens, refresh tokens and authorization codes.",
     'perm_request_prefix' => "Do you authorize the application",
     'perm_request_suffix' => "to access this site?",
-    'perm_list_prefix' => "The following access permissions will be granted to the application:"
+    'perm_list_prefix' => "The following access permissions will be granted to the application:",
+    'authorize_title' => "Authorize external application",
+    'authorize_yes' => "Yes",
+    'authorize_no' => "No",
 );

interface/oauth/authorize.php

@@ -2,7 +2,7 @@
 /**
  * @brief               OAuth 2 Server Authorization Gateway
  * @author              Joan Touzet
- * @copyright           (c) 2016 Joan Touzet
+ * @copyright           (c) 2016-2017 Joan Touzet
  * @license             GPL 2
  */
 
@@ -17,7 +17,7 @@
 $member_id = \IPS\Member::loggedIn()->member_id;
 if ( ! $member_id ) {
     // ref parameter is base64 encoding of destination URL
-    $ref_url = \IPS\Settings::i()->base_url . "applications/oauth2server/interface/oauth/authorize.php?" . http_build_query($_GET);
+    $ref_url = \IPS\Settings::i()->base_url . "applications/oauth2server/interface/oauth/authorize.php?" . http_build_query($_GET, null, ini_get('arg_separator.output'), PHP_QUERY_RFC3986);
     $ref = base64_encode( $ref_url );
     \IPS\Output::i()->redirect( \IPS\Http\Url::internal( 'app=core&module=system&controller=login&ref=' . $ref, 'front', 'login' ) );
 }
@@ -76,11 +76,10 @@
         $scope = explode( ' ', $client['scope'] );
     }
 
-    // scope is contained, request permission from user
-    $header = \IPS\Theme::i()->getTemplate( 'global', 'core', 'front' )->logo();
     // TODO: Surface scope in template output
     $form = \IPS\Theme::i()->getTemplate( 'server', 'oauth2server', 'front' )->authorize( $client, $scope );
-    \IPS\Output::i()->sendOutput( $header . $form, 200, 'text/html', \IPS\Output::i()->httpHeaders );
+    $title = \IPS\Member::loggedIn()->language()->addToStack('authorize_title');
+    \IPS\Output::i()->sendOutput( \IPS\Theme::i()->getTemplate( 'global', 'core' )->globalTemplate( $title, $form, true, \IPS\ROOT_PATH ) , 200, 'text/html', \IPS\Output::i()->httpHeaders );
 }
 
 // print the authorization code if the user has authorized your client

interface/oauth/me.php

@@ -32,6 +32,9 @@ class _clients extends \IPS\Node\Controller
     public function execute()
     {
         \IPS\Dispatcher::i()->checkAcpPermission( 'clients_manage' );
+        chmod( \IPS\ROOT_PATH . '/applications/oauth2server/interface/oauth/authorize.php', 0755 );
+        chmod( \IPS\ROOT_PATH . '/applications/oauth2server/interface/oauth/me.php', 0755 );
+        chmod( \IPS\ROOT_PATH . '/applications/oauth2server/interface/oauth/token.php', 0755 );
         parent::execute();
     }
 

interface/oauth/token.php

@@ -0,0 +1,33 @@
+<?php
+
+
+namespace IPS\oauth2server\setup\upg_103000;
+
+/* To prevent PHP errors (extending class does not exist) revealing path */
+if ( !defined( '\IPS\SUITE_UNIQUE_KEY' ) )
+{
+	header( ( isset( $_SERVER['SERVER_PROTOCOL'] ) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0' ) . ' 403 Forbidden' );
+	exit;
+}
+
+/**
+ * 1.3.0 Upgrade Code
+ */
+class _Upgrade
+{
+	/**
+	 * ...
+	 *
+	 * @return	array	If returns TRUE, upgrader will proceed to next step. If it returns any other value, it will set this as the value of the 'extra' GET parameter and rerun this step (useful for loops)
+	 */
+	public function step1()
+	{
+		chmod( \IPS\ROOT_PATH . '/applications/oauth2server/interface/oauth/authorize.php', 0755 );
+		chmod( \IPS\ROOT_PATH . '/applications/oauth2server/interface/oauth/me.php', 0755 );
+		chmod( \IPS\ROOT_PATH . '/applications/oauth2server/interface/oauth/token.php', 0755 );
+		return TRUE;
+	}
+	
+	// You can create as many additional methods (step2, step3, etc.) as is necessary.
+	// Each step will be executed in a new HTTP request
+}