✨ +Reddit provider

Author: codemasher

.config/.env_example

@@ -188,6 +188,12 @@ PAYPAL_SANDBOX_SECRET=
 PAYPAL_SANDBOX_CALLBACK_URL=
 #PAYPAL_SANDBOX_TESTUSER=
 
+# https://www.reddit.com/prefs/apps/
+REDDIT_KEY=
+REDDIT_SECRET=
+REDDIT_CALLBACK_URL=
+#REDDIT_TESTUSER=
+
 # https://api.slack.com/apps/
 SLACK_KEY=
 SLACK_SECRET=

README.md

@@ -129,6 +129,7 @@ Note: replace `dev-main` with a [version constraint](https://getcomposer.org/doc
 | [Patreon](https://docs.patreon.com/) | [link](https://www.patreon.com/portal/registration/register-clients) |  | 2 | ✓ | ✓ |  |  | ✓ |  |
 | [PayPal](https://developer.paypal.com/docs/connect-with-paypal/reference/) | [link](https://developer.paypal.com/developer/applications/) |  | 2 | ✓ | ✓ |  | ✓ | ✓ |  |
 | [PayPalSandbox](https://developer.paypal.com/docs/connect-with-paypal/reference/) | [link](https://developer.paypal.com/developer/applications/) |  | 2 | ✓ | ✓ |  | ✓ | ✓ |  |
+| [Reddit](https://www.reddit.com/dev/api) | [link](https://www.reddit.com/prefs/apps/) | [link](https://www.reddit.com/settings/privacy) | 2 | ✓ | ✓ |  | ✓ | ✓ | ✓ |
 | [Slack](https://api.slack.com) | [link](https://api.slack.com/apps) | [link](https://slack.com/apps/manage) | 2 | ✓ | ✓ |  |  |  |  |
 | [SoundCloud](https://developers.soundcloud.com/) | [link](https://soundcloud.com/you/apps) | [link](https://soundcloud.com/settings/connections) | 2 | ✓ |  |  | ✓ | ✓ |  |
 | [Spotify](https://developer.spotify.com/documentation/web-api/) | [link](https://developer.spotify.com/dashboard) | [link](https://www.spotify.com/account/apps/) | 2 | ✓ | ✓ |  | ✓ | ✓ |  |

docs/Basics/Overview.md

@@ -68,6 +68,7 @@ fully [PSR-7](https://www.php-fig.org/psr/psr-7/)/[PSR-17](https://www.php-fig.o
 | [Patreon](https://docs.patreon.com/) | [link](https://www.patreon.com/portal/registration/register-clients) |  | 2 | ✓ | ✓ |  |  | ✓ |  |
 | [PayPal](https://developer.paypal.com/docs/connect-with-paypal/reference/) | [link](https://developer.paypal.com/developer/applications/) |  | 2 | ✓ | ✓ |  | ✓ | ✓ |  |
 | [PayPalSandbox](https://developer.paypal.com/docs/connect-with-paypal/reference/) | [link](https://developer.paypal.com/developer/applications/) |  | 2 | ✓ | ✓ |  | ✓ | ✓ |  |
+| [Reddit](https://www.reddit.com/dev/api) | [link](https://www.reddit.com/prefs/apps/) | [link](https://www.reddit.com/settings/privacy) | 2 | ✓ | ✓ |  | ✓ | ✓ | ✓ |
 | [Slack](https://api.slack.com) | [link](https://api.slack.com/apps) | [link](https://slack.com/apps/manage) | 2 | ✓ | ✓ |  |  |  |  |
 | [SoundCloud](https://developers.soundcloud.com/) | [link](https://soundcloud.com/you/apps) | [link](https://soundcloud.com/settings/connections) | 2 | ✓ |  |  | ✓ | ✓ |  |
 | [Spotify](https://developer.spotify.com/documentation/web-api/) | [link](https://developer.spotify.com/dashboard) | [link](https://www.spotify.com/account/apps/) | 2 | ✓ | ✓ |  | ✓ | ✓ |  |

examples/get-token/Reddit.php

@@ -0,0 +1,24 @@
+<?php
+/**
+ * @link https://github.com/reddit-archive/reddit/wiki/OAuth2
+ *
+ * @created      09.04.2024
+ * @author       smiley <smiley@chillerlan.net>
+ * @copyright    2024 smiley
+ * @license      MIT
+ */
+declare(strict_types=1);
+
+use chillerlan\OAuth\Providers\Reddit;
+
+$ENVVAR ??= 'REDDIT';
+$PARAMS ??= ['duration' => 'permanent'];
+
+require_once __DIR__.'/../provider-example-common.php';
+
+/** @var \OAuthExampleProviderFactory $factory */
+$provider = $factory->getProvider(Reddit::class, $ENVVAR);
+
+require_once __DIR__.'/_flow-oauth2.php';
+
+exit;

src/Core/OAuth2Provider.php

@@ -100,7 +100,9 @@ protected function parseTokenResponse(ResponseInterface $response):AccessToken{
 		}
 
 		// deezer: "error_reason", paypal: "message" (along with "links", "name")
-		foreach(['error', 'error_description', 'error_reason', 'message'] as $field){
+		// reddit sends "message" and "error" as int, which will throw a TypeError when handed into the exception
+		// detection order changed accordingly
+		foreach(['message', 'error', 'error_description', 'error_reason'] as $field){
 			if(isset($data[$field])){
 
 				if(in_array($response->getStatusCode(), [400, 401, 403], true)){

src/Providers/Reddit.php

@@ -0,0 +1,169 @@
+<?php
+/**
+ * Class Reddit
+ *
+ * @created      09.04.2024
+ * @author       smiley <smiley@chillerlan.net>
+ * @copyright    2024 smiley
+ * @license      MIT
+ *
+ * @noinspection PhpUnused
+ */
+declare(strict_types=1);
+
+namespace chillerlan\OAuth\Providers;
+
+use chillerlan\HTTP\Utils\QueryUtil;
+use chillerlan\OAuth\Core\{
+	AccessToken, AuthenticatedUser, ClientCredentials, CSRFToken, OAuth2Interface,
+	OAuth2Provider, TokenInvalidate, TokenRefresh, UserInfo
+};
+use Psr\Http\Message\ResponseInterface;
+use function sodium_bin2base64, sprintf;
+use const PHP_QUERY_RFC1738, SODIUM_BASE64_VARIANT_ORIGINAL;
+
+/**
+ * @see https://github.com/reddit-archive/reddit/wiki/OAuth2
+ * @see https://github.com/reddit-archive/reddit/wiki/API
+ * @see https://support.reddithelp.com/hc/en-us/articles/16160319875092-Reddit-Data-API-Wiki
+ * @see https://www.reddit.com/dev/api
+ */
+class Reddit extends OAuth2Provider implements ClientCredentials, CSRFToken, TokenRefresh, TokenInvalidate, UserInfo{
+
+	public const SCOPE_ACCOUNT          = 'account';
+	public const SCOPE_CREDDITS         = 'creddits';
+	public const SCOPE_EDIT             = 'edit';
+	public const SCOPE_FLAIR            = 'flair';
+	public const SCOPE_HISTORY          = 'history';
+	public const SCOPE_IDENTITY         = 'identity';
+	public const SCOPE_LIVEMANAGE       = 'livemanage';
+	public const SCOPE_MODCONFIG        = 'modconfig';
+	public const SCOPE_MODCONTRIBUTORS  = 'modcontributors';
+	public const SCOPE_MODFLAIR         = 'modflair';
+	public const SCOPE_MODLOG           = 'modlog';
+	public const SCOPE_MODMAIL          = 'modmail';
+	public const SCOPE_MODNOTE          = 'modnote';
+	public const SCOPE_MODOTHERS        = 'modothers';
+	public const SCOPE_MODPOSTS         = 'modposts';
+	public const SCOPE_MODSELF          = 'modself';
+	public const SCOPE_MODTRAFFIC       = 'modtraffic';
+	public const SCOPE_MODWIKI          = 'modwiki';
+	public const SCOPE_MYSUBREDDITS     = 'mysubreddits';
+	public const SCOPE_PRIVATEMESSAGES  = 'privatemessages';
+	public const SCOPE_READ             = 'read';
+	public const SCOPE_REPORT           = 'report';
+	public const SCOPE_SAVE             = 'save';
+	public const SCOPE_STRUCTUREDSTYLES = 'structuredstyles';
+	public const SCOPE_SUBMIT           = 'submit';
+	public const SCOPE_SUBSCRIBE        = 'subscribe';
+	public const SCOPE_VOTE             = 'vote';
+	public const SCOPE_WIKIEDIT         = 'wikiedit';
+	public const SCOPE_WIKIREAD         = 'wikiread';
+
+	public const DEFAULT_SCOPES = [
+		self::SCOPE_ACCOUNT,
+		self::SCOPE_IDENTITY,
+		self::SCOPE_READ,
+	];
+
+	public const USER_AGENT = OAuth2Interface::USER_AGENT.' (by /u/chillerlan)';
+
+	public const HEADERS_AUTH = [
+		'User-Agent' => self::USER_AGENT,
+	];
+
+	public const HEADERS_API = [
+		'User-Agent' => self::USER_AGENT,
+	];
+
+	protected string      $authorizationURL = 'https://www.reddit.com/api/v1/authorize';
+	protected string      $accessTokenURL   = 'https://www.reddit.com/api/v1/access_token';
+	protected string      $apiURL           = 'https://oauth.reddit.com/api';
+	protected string      $revokeURL        = 'https://www.reddit.com/api/v1/revoke_token';
+	protected string|null $apiDocs          = 'https://www.reddit.com/dev/api';
+	protected string|null $applicationURL   = 'https://www.reddit.com/prefs/apps/';
+	protected string|null $userRevokeURL    = 'https://www.reddit.com/settings/privacy';
+
+	/**
+	 * @inheritDoc
+	 */
+	protected function getAccessTokenRequestBodyParams(string $code):array{
+		return [
+			'code'         => $code,
+			'grant_type'   => 'authorization_code',
+			'redirect_uri' => $this->options->callbackURL,
+		];
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	protected function sendAccessTokenRequest(string $url, array $body):ResponseInterface{
+		$auth = sodium_bin2base64(sprintf('%s:%s', $this->options->key, $this->options->secret), SODIUM_BASE64_VARIANT_ORIGINAL);
+
+		$request = $this->requestFactory
+			->createRequest('POST', $url)
+			->withHeader('Accept-Encoding', 'identity')
+			->withHeader('Authorization', sprintf('Basic %s', $auth))
+			->withHeader('Content-Type', 'application/x-www-form-urlencoded')
+			->withBody($this->streamFactory->createStream(QueryUtil::build($body, PHP_QUERY_RFC1738)))
+		;
+
+		return $this->http->sendRequest($request);
+	}
+
+	/**
+	 * @inheritDoc
+	 * @codeCoverageIgnore
+	 */
+	public function me():AuthenticatedUser{
+		$json = $this->getMeResponseData('/v1/me');
+
+		$userdata = [
+			'data'        => $json,
+			'avatar'      => $json['subreddit']['icon_img'],
+			'handle'      => $json['name'],
+			'displayName' => $json['subreddit']['title'],
+			'id'          => $json['id'],
+			'url'         => sprintf('https://www.reddit.com%s', $json['subreddit']['url']),
+		];
+
+		return new AuthenticatedUser($userdata);
+	}
+
+	/**
+	 * @see https://github.com/reddit-archive/reddit/wiki/OAuth2#manually-revoking-a-token
+	 * @inheritDoc
+	 */
+	public function invalidateAccessToken(AccessToken $token = null):bool{
+		$tokenToInvalidate = ($token ?? $this->storage->getAccessToken($this->name));
+
+		$bodyParams = [
+			'token'           => $tokenToInvalidate->accessToken,
+			'token_type_hint' => 'access_token',
+		];
+
+		$auth = sodium_bin2base64(sprintf('%s:%s', $this->options->key, $this->options->secret), SODIUM_BASE64_VARIANT_ORIGINAL);
+
+		$request = $this->requestFactory
+			->createRequest('POST', $this->revokeURL)
+			->withHeader('Authorization', sprintf('Basic %s', $auth))
+			->withHeader('Content-Type', 'application/x-www-form-urlencoded')
+		;
+
+		$request  = $this->setRequestBody($bodyParams, $request);
+		$response = $this->http->sendRequest($request);
+
+		if($response->getStatusCode() === 204){
+
+			if($token === null){
+				$this->storage->clearAccessToken($this->name);
+			}
+
+			return true;
+		}
+
+		return false;
+	}
+
+}

tests/Providers/Live/RedditAPITest.php

@@ -0,0 +1,32 @@
+<?php
+/**
+ * Class RedditAPITest
+ *
+ * @created      09.04.2024
+ * @author       smiley <smiley@chillerlan.net>
+ * @copyright    2024 smiley
+ * @license      MIT
+ */
+declare(strict_types=1);
+
+namespace chillerlan\OAuthTest\Providers\Live;
+
+use chillerlan\OAuth\Providers\Reddit;
+use PHPUnit\Framework\Attributes\Group;
+
+/**
+ * @property \chillerlan\OAuth\Providers\Reddit $provider
+ */
+#[Group('shortTokenExpiry')]
+#[Group('providerLiveTest')]
+class RedditAPITest extends OAuth2ProviderLiveTestAbstract{
+
+	protected function getProviderFQCN():string{
+		return Reddit::class;
+	}
+
+	protected function getEnvPrefix():string{
+		return 'REDDIT';
+	}
+
+}

tests/Providers/Unit/RedditTest.php

@@ -0,0 +1,64 @@
+<?php
+/**
+ * Class RedditTest
+ *
+ * @created      09.04.2024
+ * @author       smiley <smiley@chillerlan.net>
+ * @copyright    2024 smiley
+ * @license      MIT
+ */
+declare(strict_types=1);
+
+namespace chillerlan\OAuthTest\Providers\Unit;
+
+use chillerlan\OAuth\Core\AccessToken;
+use chillerlan\OAuth\Core\TokenInvalidate;
+use chillerlan\OAuth\Providers\Reddit;
+
+/**
+ * @property \chillerlan\OAuth\Providers\Reddit $provider
+ */
+class RedditTest extends OAuth2ProviderUnitTestAbstract{
+
+	protected function getProviderFQCN():string{
+		return Reddit::class;
+	}
+
+	public function testGetAccessTokenRequestBodyParams():void{
+		$params = $this->invokeReflectionMethod('getAccessTokenRequestBodyParams', ['*test_code*']);
+
+		$this::assertSame('*test_code*', $params['code']);
+		$this::assertSame($this->options->callbackURL, $params['redirect_uri']);
+		$this::assertSame('authorization_code', $params['grant_type']);
+	}
+
+	public function testTokenInvalidate():void{
+
+		if(!$this->provider instanceof TokenInvalidate){
+			$this::markTestSkipped('TokenInvalidate N/A');
+		}
+
+		$token = new AccessToken(['expires' => 42]);
+
+		// Reddit responds with a 204
+		$this->setMockResponse($this->responseFactory->createResponse(204));
+
+		$this->provider->storeAccessToken($token);
+
+		$this::assertTrue($this->storage->hasAccessToken($this->provider->name));
+		$this::assertTrue($this->provider->invalidateAccessToken());
+		$this::assertFalse($this->storage->hasAccessToken($this->provider->name));
+
+		// token via param
+
+		// the current token shouldn't be deleted
+		$token2 = clone $token;
+		$token2->accessToken = 'still here';
+
+		$this->provider->storeAccessToken($token2);
+
+		$this::assertTrue($this->provider->invalidateAccessToken($token));
+		$this::assertSame('still here', $this->provider->getStorage()->getAccessToken($this->provider->name)->accessToken);
+	}
+
+}