Merge pull request #119 from ucfcdl/UDOIT_issue75

Fix to major issue with Oauth2 saving API keys

public/index.php

@@ -89,6 +89,36 @@
 $sth->execute();
 
 $result = $sth->fetchAll();
+// print_r($result);
+
+/* TODO:
+if (isset($result[0])) {
+	$_SESSION['refresh_token'] = $result[0]['api_key'];
+
+	//Exchange code for API key (Can break this part into its own function, have it return the api key)
+	$url = $base_url . '/login/oauth2/token';
+
+	$postdata = array(
+		'grant_type' => 'refresh_token',
+		'client_id' => $oauth2_id,
+		'redirect_uri' => $oauth2_uri,
+		'client_secret' => $oauth2_key,
+		'refresh_token' => $_SESSION['refresh_token']
+	);
+
+	$post = http_build_query($postdata);
+	$ch = curl_init($url);
+
+	curl_setopt($ch, CURLOPT_POST, 1);
+	curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
+	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+	$response = json_decode(curl_exec($ch));
+	curl_close($ch);
+
+	$_SESSION['api_key'] = $response->access_token;
+}
+*/
 
 if (isset($result[0])) {
 	$_SESSION['api_key'] = $result[0]['api_key'];
@@ -97,9 +127,14 @@
 // Do we have an API key?
 if (isset($_SESSION['api_key'])) {
 	//If we do, test it out
-	$url = $base_url.'/api/v1/users/'.$_SESSION['launch_params']['custom_canvas_user_id'].'/profile?access_token='.$_SESSION['api_key'];
-	$resp = Request::get($url)->send();
+	$url = $base_url.'api/v1/users/'.$_SESSION['launch_params']['custom_canvas_user_id'].'/profile';
+	$resp = Request::get($url)
+		->addHeader('Authorization', 'Bearer '.$_SESSION['api_key'])
+		->send();
 	$redirect = !isset($resp->body->id);
+	// echo $url;
+	// print_r($resp);
+	// die();
 } else {
 	//Otherwise, redirect to the oauth2 process
 	$redirect = true;

public/oauth2response.php

@@ -50,6 +50,7 @@ function printError($msg){
 	$url = $base_url . '/login/oauth2/token';
 
 	$postdata = array(
+		'grant_type' => 'authorization_code',
 		'client_id' => $oauth2_id,
 		'redirect_uri' => $oauth2_uri,
 		'client_secret' => $oauth2_key,
@@ -68,24 +69,24 @@ function printError($msg){
 
 	$_SESSION['api_key'] = $response->access_token;
 
+	// TODO: Modify to save refresh token instead
 	// Save API Key to DB
 	$dbh = include('../lib/db.php');
 
-
-	$sth = $dbh->prepare("SELECT * FROM $db_user_table WHERE id=:userid");
+	$sth = $dbh->prepare("SELECT * FROM $db_user_table WHERE id=:userid LIMIT 1");
 	$sth->bindParam(':userid', $_SESSION['launch_params']['custom_canvas_user_id'], PDO::PARAM_INT);
 	$sth->execute();
 
-	if($sth->rowCount()) {
-		$sth = $dbh->prepare("UPDATE $db_user_table (api_key, date_created) VALUES (:key, :time)");
-	}
-	else {
-		$sth = $dbh->prepare("INSERT INTO $db_user_table (id, api_key, date_created) VALUES (:userid, :key, :time)");
-		$sth->bindParam(':userid', $_SESSION['launch_params']['custom_canvas_user_id'], PDO::PARAM_INT);
+	$result = $sth->fetchAll();
+
+	if(isset($result[0])) {
+		$sth = $dbh->prepare("UPDATE $db_user_table SET api_key=:key WHERE id=:userid LIMIT 1");
+	} else {
+		$sth = $dbh->prepare("INSERT INTO $db_user_table (id, api_key, date_created) VALUES (:userid, :key, CURRENT_TIMESTAMP)");
 	}
 
 	$sth->bindParam(':key', $_SESSION['api_key'], PDO::PARAM_STR);
-	$sth->bindValue(':time', time(), PDO::PARAM_INT);
+	$sth->bindParam(':userid', $_SESSION['launch_params']['custom_canvas_user_id'], PDO::PARAM_INT);
 	$sth->execute();
 
 	session_write_close();