Browse Source

fix IndieAuth protocol

use `me` and `authorization_endpoint` from session
main
Aaron Parecki 7 years ago
parent
commit
9863fd3bd2
No known key found for this signature in database GPG Key ID: 276C2817346D6056
1 changed files with 6 additions and 6 deletions
  1. +6
    -6
      controllers/Auth.php

+ 6
- 6
controllers/Auth.php View File

@ -66,11 +66,11 @@ class Auth {
public function login_callback(Request $request, Response $response) { public function login_callback(Request $request, Response $response) {
if(!$request->get('state') || !$request->get('code') || !$request->get('me')) {
if(!$request->get('state') || !$request->get('code')) {
$response->setContent(view('login', [ $response->setContent(view('login', [
'title' => 'Sign In to Telegraph', 'title' => 'Sign In to Telegraph',
'error' => 'Missing Parameters', 'error' => 'Missing Parameters',
'error_description' => 'The auth server did not return the necessary parameters, <code>state</code> and <code>code</code> and <code>me</code>.'
'error_description' => 'The auth server did not return the necessary parameters, <code>state</code> and <code>code</code>.'
])); ]));
return $response; return $response;
} }
@ -99,21 +99,21 @@ class Auth {
// Discover the authorization endpoint from the "me" that was returned by the auth server // Discover the authorization endpoint from the "me" that was returned by the auth server
// This allows the auth server to return a different URL than the user originally entered, // This allows the auth server to return a different URL than the user originally entered,
// for example if the user enters multiusersite.example the auth server can return multiusersite.example/alice // for example if the user enters multiusersite.example the auth server can return multiusersite.example/alice
if($state->authorization_endpoint) { // only discover the auth endpoint if one was originally found, otherwise use our fallback
$authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($request->get('me'));
if($state->authorization_endpoint) { // only use the discovered endpoint if one was originally found
$authorizationEndpoint = $state->authorization_endpoint;
} else { } else {
$authorizationEndpoint = Config::$defaultAuthorizationEndpoint; $authorizationEndpoint = Config::$defaultAuthorizationEndpoint;
} }
// Verify the code with the auth server // Verify the code with the auth server
$token = IndieAuth\Client::verifyIndieAuthCode($authorizationEndpoint, $request->get('code'), $request->get('me'), self::_buildRedirectURI(), Config::$clientID, $request->get('state'), true);
$token = IndieAuth\Client::verifyIndieAuthCode($authorizationEndpoint, $request->get('code'), $state->me, self::_buildRedirectURI(), Config::$clientID, $request->get('state'), true);
if(!array_key_exists('auth', $token) || !array_key_exists('me', $token['auth'])) { if(!array_key_exists('auth', $token) || !array_key_exists('me', $token['auth'])) {
// The auth server didn't return a "me" URL // The auth server didn't return a "me" URL
$response->setContent(view('login', [ $response->setContent(view('login', [
'title' => 'Sign In to Telegraph', 'title' => 'Sign In to Telegraph',
'error' => 'Invalid Auth Server Response', 'error' => 'Invalid Auth Server Response',
'error_description' => 'The authorization server did not return a valid response:<br>'.htmlspecialchars(json_encode($token))
'error_description' => 'The authorization server did not return a valid response:<br><pre>'.htmlspecialchars(json_encode($token)).'</pre>'
])); ]));
return $response; return $response;
} }

Loading…
Cancel
Save