From e578e1c38211e017aefc4e3e2a147a0fd231d5f0 Mon Sep 17 00:00:00 2001
From: Noah Miller <nm@lemnisc.us>
Date: Wed, 6 Sep 2023 15:38:09 -0400
Subject: [PATCH] minor improvements, and add a provider for manual testing

---
 .../Civi/Api4/OAuthSessionToken.php           | 37 +++++++++++--------
 .../Civi/OAuth/CiviGenericProvider.php        |  5 +--
 .../Civi/OAuth/TestOAuthDotComProvider.php    | 14 +++++++
 ext/oauth-client/providers/testoauth.com.json | 10 +++++
 4 files changed, 47 insertions(+), 19 deletions(-)
 create mode 100644 ext/oauth-client/Civi/OAuth/TestOAuthDotComProvider.php
 create mode 100644 ext/oauth-client/providers/testoauth.com.json

diff --git a/ext/oauth-client/Civi/Api4/OAuthSessionToken.php b/ext/oauth-client/Civi/Api4/OAuthSessionToken.php
index 5c96d018ce..198e3bf4a9 100644
--- a/ext/oauth-client/Civi/Api4/OAuthSessionToken.php
+++ b/ext/oauth-client/Civi/Api4/OAuthSessionToken.php
@@ -9,6 +9,21 @@ class OAuthSessionToken extends Generic\AbstractEntity {
 
   const ENTITY = 'OAuthSessionToken';
 
+  public static function create($checkPermissions = TRUE): Generic\BasicCreateAction {
+    $action = new Generic\BasicCreateAction(
+      self::ENTITY,
+      __FUNCTION__,
+      function ($item, $createAction) {
+        $session = \CRM_Core_Session::singleton();
+        $all = $session->get('OAuthSessionTokens') ?? [];
+        $all[] = &$item;
+        $item['cardinal'] = array_key_last($all);
+        $session->set('OAuthSessionTokens', $all);
+        return $item;
+      });
+    return $action->setCheckPermissions($checkPermissions);
+  }
+
   public static function deleteAll($checkPermissions = TRUE): AbstractAction {
     return (new class(self::ENTITY, __FUNCTION__) extends AbstractAction {
 
@@ -32,21 +47,6 @@ class OAuthSessionToken extends Generic\AbstractEntity {
     return $action->setCheckPermissions($checkPermissions);
   }
 
-  public static function create($checkPermissions = TRUE): Generic\BasicCreateAction {
-    $action = new Generic\BasicCreateAction(
-      self::ENTITY,
-      __FUNCTION__,
-      function ($item, $createAction) {
-        $session = \CRM_Core_Session::singleton();
-        $all = $session->get('OAuthSessionTokens') ?? [];
-        $all[] = &$item;
-        $item['cardinal'] = array_key_last($all);
-        $session->set('OAuthSessionTokens', $all);
-        return $item;
-      });
-    return $action->setCheckPermissions($checkPermissions);
-  }
-
   /**
    * @param bool $checkPermissions
    * @return Generic\BasicGetFieldsAction
@@ -58,6 +58,7 @@ class OAuthSessionToken extends Generic\AbstractEntity {
           'name' => 'client_id',
           'required' => TRUE,
         ],
+        ['name' => 'cardinal'],
         ['name' => 'grant_type'],
         ['name' => 'tag'],
         ['name' => 'scopes'],
@@ -65,10 +66,10 @@ class OAuthSessionToken extends Generic\AbstractEntity {
         ['name' => 'access_token'],
         ['name' => 'refresh_token'],
         ['name' => 'expires'],
-        ['name' => 'raw'],
         ['name' => 'storage'],
         ['name' => 'resource_owner_name'],
         ['name' => 'resource_owner'],
+        ['name' => 'raw'],
       ];
     });
     return $action->setCheckPermissions($checkPermissions);
@@ -84,4 +85,8 @@ class OAuthSessionToken extends Generic\AbstractEntity {
     ];
   }
 
+  protected static function getEntityTitle($plural = FALSE) {
+    return $plural ? ts('OAuth Session Tokens') : ts('OAuth Session Token');
+  }
+
 }
diff --git a/ext/oauth-client/Civi/OAuth/CiviGenericProvider.php b/ext/oauth-client/Civi/OAuth/CiviGenericProvider.php
index 6edd596a0b..9a284cdaef 100644
--- a/ext/oauth-client/Civi/OAuth/CiviGenericProvider.php
+++ b/ext/oauth-client/Civi/OAuth/CiviGenericProvider.php
@@ -14,9 +14,8 @@ use League\OAuth2\Client\Token\AccessToken;
  *   may prefer "prompt" nowadays.
  * - Allow one to fetch claims about the resource-owner from the `id_token`
  *   supported by OpenID Connect. This reduces the need for extra round-trips
- *   and proprietary scopes+URLs. To use this, set the the option:
- *
- *    "urlResourceOwnerDetails": "{{use_id_token}}",
+ *   and proprietary scopes+URLs. To use this, set the option:
+ *     "urlResourceOwnerDetails": "{{use_id_token}}",
  * - Allow support for {{tenant}} token in provider URLs, if the provider has
  *   the 'tenancy' option set to TRUE (eg: ms-exchange).
  */
diff --git a/ext/oauth-client/Civi/OAuth/TestOAuthDotComProvider.php b/ext/oauth-client/Civi/OAuth/TestOAuthDotComProvider.php
new file mode 100644
index 0000000000..4badd7609a
--- /dev/null
+++ b/ext/oauth-client/Civi/OAuth/TestOAuthDotComProvider.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace Civi\OAuth;
+
+use League\OAuth2\Client\Provider\GenericResourceOwner;
+use League\OAuth2\Client\Token\AccessToken;
+
+class TestOAuthDotComProvider extends CiviGenericProvider {
+
+  protected function createResourceOwner(array $response, AccessToken $token): GenericResourceOwner {
+    return new GenericResourceOwner($response, 'name');
+  }
+
+}
diff --git a/ext/oauth-client/providers/testoauth.com.json b/ext/oauth-client/providers/testoauth.com.json
new file mode 100644
index 0000000000..7463f968fc
--- /dev/null
+++ b/ext/oauth-client/providers/testoauth.com.json
@@ -0,0 +1,10 @@
+{
+  "title": "TestOAuth.com",
+  "class": "Civi\\OAuth\\TestOAuthDotComProvider",
+  "options": {
+    "urlAuthorize": "https://testoauth.com/oauth/authorize",
+    "urlAccessToken": "https://testoauth.com/oauth/token",
+    "urlResourceOwnerDetails": "https://testoauth.com/oauth/info",
+    "scopes": ["read"]
+  }
+}
-- 
2.25.1