diff options
author | Aaron Parecki <aaron@parecki.com> | 2017-02-09 21:45:04 -0800 |
---|---|---|
committer | Aaron Parecki <aaron@parecki.com> | 2017-02-09 21:45:04 -0800 |
commit | eab1a65f63f227bae126a554e3bf93aa05c70695 (patch) | |
tree | 0cabb48f96585b3db60ffc7e21c25e3ceb0c87cd | |
parent | 1894da9452edaf1f2b3de5a6a969d60844645a23 (diff) |
provide option for choosing the scope to request
update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
-rw-r--r-- | composer.json | 5 | ||||
-rw-r--r-- | composer.lock | 79 | ||||
-rw-r--r-- | controllers/auth.php | 32 | ||||
-rw-r--r-- | views/auth_start.php | 14 |
4 files changed, 64 insertions, 66 deletions
diff --git a/composer.json b/composer.json index 6a6448d..7c3336c 100644 --- a/composer.json +++ b/composer.json @@ -3,10 +3,9 @@ "slim/slim": "2.2.*", "saltybeagle/savant3": "dev-master", "j4mie/idiorm": "1.4.*", - "mf2/mf2": "0.2.*", - "indieweb/mention-client": "0.*", + "mf2/mf2": "0.3.*", "indieweb/date-formatter": "0.1.*", - "indieauth/client": ">=0.1.11", + "indieauth/client": ">=0.2.0", "mpratt/relativetime": ">=1.0", "firebase/php-jwt": "2.*", "abraham/twitteroauth": "*", diff --git a/composer.lock b/composer.lock index 891f3ed..a9244b4 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "05f646a93f2c1204dddd80c4670dcf15", + "content-hash": "b7a5b281de45ad549d11a38464bdfb24", "packages": [ { "name": "abraham/twitteroauth", @@ -278,22 +278,22 @@ }, { "name": "indieauth/client", - "version": "0.1.13", + "version": "0.2.0", "source": { "type": "git", "url": "https://github.com/indieweb/indieauth-client-php.git", - "reference": "d438bb03db15b4ccc6c63228be16de7870b6ab99" + "reference": "4b9bd766a92b8abbe420f5889bf7ebac7678151d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/indieweb/indieauth-client-php/zipball/d438bb03db15b4ccc6c63228be16de7870b6ab99", - "reference": "d438bb03db15b4ccc6c63228be16de7870b6ab99", + "url": "https://api.github.com/repos/indieweb/indieauth-client-php/zipball/4b9bd766a92b8abbe420f5889bf7ebac7678151d", + "reference": "4b9bd766a92b8abbe420f5889bf7ebac7678151d", "shasum": "" }, "require": { "barnabywalters/mf-cleaner": "0.*", - "indieweb/link-rel-parser": "0.1.1", - "mf2/mf2": "0.2.*", + "indieweb/link-rel-parser": "0.1.*", + "mf2/mf2": "~0.3", "php": ">5.3.0" }, "type": "library", @@ -313,7 +313,7 @@ } ], "description": "IndieAuth Client Library", - "time": "2016-02-08T23:56:31+00:00" + "time": "2017-02-09T23:42:05+00:00" }, { "name": "indieweb/date-formatter", @@ -360,16 +360,16 @@ }, { "name": "indieweb/link-rel-parser", - "version": "0.1.1", + "version": "0.1.3", "source": { "type": "git", "url": "https://github.com/indieweb/link-rel-parser-php.git", - "reference": "9e0e635fd301a8b1da7bc181f651f029c531dbb6" + "reference": "295420e4f16d9a9d262a3c25a7a583794428f055" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/indieweb/link-rel-parser-php/zipball/9e0e635fd301a8b1da7bc181f651f029c531dbb6", - "reference": "9e0e635fd301a8b1da7bc181f651f029c531dbb6", + "url": "https://api.github.com/repos/indieweb/link-rel-parser-php/zipball/295420e4f16d9a9d262a3c25a7a583794428f055", + "reference": "295420e4f16d9a9d262a3c25a7a583794428f055", "shasum": "" }, "require": { @@ -402,46 +402,7 @@ "indieweb", "microformats2" ], - "time": "2013-12-23T00:14:58+00:00" - }, - { - "name": "indieweb/mention-client", - "version": "0.4.7", - "source": { - "type": "git", - "url": "https://github.com/indieweb/mention-client-php.git", - "reference": "15271f4988c7bf661896fad188fdf0bf91877a7f" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/indieweb/mention-client-php/zipball/15271f4988c7bf661896fad188fdf0bf91877a7f", - "reference": "15271f4988c7bf661896fad188fdf0bf91877a7f", - "shasum": "" - }, - "require": { - "mf2/mf2": "0.2.*", - "php": ">=5.3" - }, - "type": "library", - "autoload": { - "psr-0": { - "IndieWeb": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "Apache-2.0" - ], - "authors": [ - { - "name": "Aaron Parecki", - "email": "aaron@parecki.com", - "homepage": "http://aaronparecki.com/" - } - ], - "description": "Client library for sending webmention and pingback notifications", - "homepage": "https://github.com/indieweb/mention-client-php", - "time": "2015-04-03T11:21:06+00:00" + "time": "2017-01-11T17:14:49+00:00" }, { "name": "j4mie/idiorm", @@ -503,20 +464,20 @@ }, { "name": "mf2/mf2", - "version": "v0.2.12", + "version": "v0.3.0", "source": { "type": "git", "url": "https://github.com/indieweb/php-mf2.git", - "reference": "6701504876d6c9242eb310b35f41d40d9785ab4e" + "reference": "4fb2eb5365cbc0fd2e0c26ca748777d6c2539763" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/indieweb/php-mf2/zipball/6701504876d6c9242eb310b35f41d40d9785ab4e", - "reference": "6701504876d6c9242eb310b35f41d40d9785ab4e", + "url": "https://api.github.com/repos/indieweb/php-mf2/zipball/4fb2eb5365cbc0fd2e0c26ca748777d6c2539763", + "reference": "4fb2eb5365cbc0fd2e0c26ca748777d6c2539763", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": ">=5.4.0" }, "require-dev": { "phpunit/phpunit": "3.7.*" @@ -536,7 +497,7 @@ }, "notification-url": "https://packagist.org/downloads/", "license": [ - "MIT" + "CC0" ], "authors": [ { @@ -552,7 +513,7 @@ "parser", "semantic" ], - "time": "2015-07-12T14:10:01+00:00" + "time": "2016-03-14T12:13:34+00:00" }, { "name": "mpratt/relativetime", diff --git a/controllers/auth.php b/controllers/auth.php index baf5c2f..15ecd61 100644 --- a/controllers/auth.php +++ b/controllers/auth.php @@ -33,13 +33,14 @@ $app->get('/auth/start', function() use($app) { $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me); $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me); + $defaultScope = 'create'; + if($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) { // Generate a "state" parameter for the request $state = IndieAuth\Client::generateStateParameter(); $_SESSION['auth_state'] = $state; - $scope = 'post'; - $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $scope); + $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $defaultScope); } else { $authorizationURL = false; } @@ -62,6 +63,11 @@ $app->get('/auth/start', function() use($app) { $user->token_endpoint = $tokenEndpoint; $user->save(); + // Request whatever scope was previously granted + $authorizationURL = parse_url($authorizationURL); + $authorizationURL['scope'] = $user->micropub_scope; + $authorizationURL = http_build_url($authorizationURL); + $app->redirect($authorizationURL, 302); } else { @@ -77,6 +83,11 @@ $app->get('/auth/start', function() use($app) { $user->save(); if(k($params, 'dontask') && $params['dontask']) { + // Request whatever scope was previously granted + $authorizationURL = parse_url($authorizationURL); + $authorizationURL['scope'] = $user->micropub_scope ?: $defaultScope; + $authorizationURL = http_build_url($authorizationURL); + $_SESSION['dontask'] = 1; $app->redirect($authorizationURL, 302); } @@ -95,6 +106,23 @@ $app->get('/auth/start', function() use($app) { } }); +$app->get('/auth/redirect', function() use($app) { + $req = $app->request(); + $params = $req->params(); + + if(!isset($params['scope'])) + $params['scope'] = ''; + + $authorizationURL = parse_url($params['authorization_url']); + parse_str($authorizationURL['query'], $query); + $query['scope'] = $params['scope']; + $authorizationURL['query'] = http_build_query($query); + $authorizationURL = http_build_url($authorizationURL); + + $app->redirect($authorizationURL); + return; +}); + $app->get('/auth/callback', function() use($app) { $req = $app->request(); $params = $req->params(); diff --git a/views/auth_start.php b/views/auth_start.php index 93f45e3..1fe0cdb 100644 --- a/views/auth_start.php +++ b/views/auth_start.php @@ -53,8 +53,18 @@ <p>Clicking the button below will take you to <strong>your</strong> authorization server which is where you will allow this app to be able to post to your site.</p> - <a href="<?= $this->authorizationURL ?>" class="btn btn-primary">Authorize</a> + <form action="/auth/redirect" method="get"> + <p>Choose the scope to request:</p> + <ul style="list-style-type: none;"> + <li><input type="radio" name="scope" value="create" checked="checked"> create</li> + <li><input type="radio" name="scope" value="post"> post (legacy)</li> + </ul> + + <button class="btn btn-primary" type="submit" id="auth-submit">Authorize</button> + + <input type="hidden" name="authorization_url" value="<?= $this->authorizationURL ?>"> + </form> <?php endif; ?> -</div>
\ No newline at end of file +</div> |