Merge pull request #21 from pdsinterop/fix/trustedApps

add allowedOrigins to the user from the client registrations

Author: ylebre

lib/Routes/SolidStorage.php

@@ -43,16 +43,8 @@ public static function respondToStorage() {
 			$owner = StorageServer::getOwner();
 
 			$allowedClients = $owner['allowedClients'] ?? [];
-			$allowedOrigins = TRUSTED_APPS ?? [];
-			foreach ($allowedClients as $clientId) {
-				$clientRegistration = ClientRegistration::getRegistration($clientId);
-				if (isset($clientRegistration['client_name'])) {
-					$allowedOrigins[] = $clientRegistration['client_name'];
-				}
-				if (isset($clientRegistration['origin'])) {
-					$allowedOrigins[] = $clientRegistration['origin'];
-				}
-			}
+			$allowedOrigins = ($owner['allowedOrigins'] ?? []) + (TRUSTED_APPS ?? []);
+
 			if (!isset($origin) || ($origin === "")) {
 				$allowedOrigins[] = "app://unset"; // FIXME: this should not be here.
 				$origin = "app://unset";

lib/Routes/SolidUserProfile.php

@@ -46,16 +46,7 @@ public static function respondToProfile() {
 			$owner = ProfileServer::getOwner();
 
 			$allowedClients = $owner['allowedClients'] ?? [];
-                        $allowedOrigins = TRUSTED_APPS ?? [];
-			foreach ($allowedClients as $clientId) {
-				$clientRegistration = ClientRegistration::getRegistration($clientId);
-				if (isset($clientRegistration['client_name'])) {
-					$allowedOrigins[] = $clientRegistration['client_name'];
-				}
-				if (isset($clientRegistration['origin'])) {
-					$allowedOrigins[] = $clientRegistration['origin'];
-				}
-			}
+			$allowedOrigins = ($owner['allowedOrigins'] ?? []) + (TRUSTED_APPS ?? []);
 			if (!isset($origin) || ($origin === "")) {
 				$allowedOrigins[] = "app://unset"; // FIXME: this should not be here.
 				$origin = "app://unset";

lib/User.php

@@ -170,6 +170,21 @@ public static function getAllowedClients($userId) {
 			return $result;
 		}
 
+		public static function getAllowedOrigins($userId) {
+			Db::connect();
+			$query = Db::$pdo->prepare(
+				'SELECT origin from clients LEFT JOIN allowedClients ON clients.clientId=allowedClients.clientId where allowedClients.userId=:userId'
+			);
+			$query->execute([
+				':userId' => $userId
+			]);
+			$result = [];
+			while($row = $query->fetch()) {
+				$result[] = $row['origin'];
+			}
+			return $result;
+		}
+
 		public static function getStorage($userId) {
 			Db::connect();
 			$query = Db::$pdo->prepare(
@@ -214,6 +229,8 @@ public static function getUser($email) {
 
 				$allowedClients = self::getAllowedClients($userData['userId']);
 				$userData['allowedClients'] = $allowedClients;
+				$allowedOrigins = self::getAllowedOrigins($userData['userId']);
+				$userData['allowedOrigins'] = $allowedOrigins;
 				$userData['issuer'] = BASEURL;
 				$storage = self::getStorage($userData['userId']);
 				if ($storage) {
@@ -239,6 +256,8 @@ public static function getUserById($userId) {
 
 				$allowedClients = self::getAllowedClients($userData['userId']);
 				$userData['allowedClients'] = $allowedClients;
+				$allowedOrigins = self::getAllowedOrigins($userData['userId']);
+				$userData['allowedOrigins'] = $allowedOrigins;
 				$userData['issuer'] = BASEURL;
 				$storage = self::getStorage($userData['userId']);
 				if ($storage) {