summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Parecki <aaron@parecki.com>2018-06-10 13:09:40 -0700
committerAaron Parecki <aaron@parecki.com>2018-06-10 13:09:40 -0700
commitbb0752a72692d03b61f1719dca2a7cdc2b3052cc (patch)
tree3732b7fb712d5755d48801ed3dc84bef5796d5b5
parent510c5a52a812515de0af3fef93b7a0eb55c3fea7 (diff)
add support for token revocation
-rw-r--r--controllers/auth.php4
-rw-r--r--lib/helpers.php11
-rw-r--r--views/settings.php2
3 files changed, 15 insertions, 2 deletions
diff --git a/controllers/auth.php b/controllers/auth.php
index d90652b..f6d357e 100644
--- a/controllers/auth.php
+++ b/controllers/auth.php
@@ -278,6 +278,8 @@ $app->get('/signout', function() use($app) {
$app->post('/auth/reset', function() use($app) {
if($user=require_login($app, false)) {
+ revoke_micropub_token($user->micropub_access_token, $user->token_endpoint);
+
$user->authorization_endpoint = '';
$user->token_endpoint = '';
$user->micropub_endpoint = '';
@@ -286,7 +288,7 @@ $app->post('/auth/reset', function() use($app) {
$user->micropub_scope = '';
$user->micropub_access_token = '';
$user->save();
-
+
unset($_SESSION['auth']);
unset($_SESSION['me']);
unset($_SESSION['auth_state']);
diff --git a/lib/helpers.php b/lib/helpers.php
index a3d289d..bfcdf63 100644
--- a/lib/helpers.php
+++ b/lib/helpers.php
@@ -223,6 +223,17 @@ function micropub_get($endpoint, $params, $access_token) {
);
}
+function revoke_micropub_token($access_token, $token_endpoint) {
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $token_endpoint);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
+ 'action' => 'revoke',
+ 'token' => $access_token,
+ ]));
+ curl_exec($ch);
+}
+
function parse_headers($headers) {
$retVal = array();
$fields = explode("\r\n", preg_replace('/\x0D\x0A[\x09\x20]+/', ' ', $headers));
diff --git a/views/settings.php b/views/settings.php
index 537418c..6b69bc2 100644
--- a/views/settings.php
+++ b/views/settings.php
@@ -29,7 +29,7 @@
<input type="button" class="btn btn-default" value="Reset Login" id="reset-login">
</td>
<td>
- Clicking this button will erase the access token Quill has stored for you, forget all cached endpoints, and sign you out. If you sign back in, you will start over and see the debugging screens and scope options again.
+ Clicking this button will tell your token endpoint to revoke the token, Quill will forget the access token stored, forget all cached endpoints, and sign you out. If you sign back in, you will start over and see the debugging screens and scope options again.
</td>
</tr>
</table>