summaryrefslogtreecommitdiff
path: root/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'controllers')
-rw-r--r--controllers/auth.php46
-rw-r--r--controllers/controllers.php8
-rw-r--r--controllers/static.php8
3 files changed, 33 insertions, 29 deletions
diff --git a/controllers/auth.php b/controllers/auth.php
index e6a2d24..d812956 100644
--- a/controllers/auth.php
+++ b/controllers/auth.php
@@ -31,9 +31,11 @@ $app->get('/auth/start', function() use($app) {
$_SESSION['attempted_me'] = $me;
- $authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me);
- $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
- $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
+ $_SESSION['indieauth'] = [
+ 'authorization_endpoint' => ($authorizationEndpoint=IndieAuth\Client::discoverAuthorizationEndpoint($me)),
+ 'token_endpoint' => ($tokenEndpoint=IndieAuth\Client::discoverTokenEndpoint($me)),
+ 'micropub_endpoint' => ($micropubEndpoint=IndieAuth\Client::discoverMicropubEndpoint($me)),
+ ];
$defaultScope = 'create update media';
@@ -74,16 +76,6 @@ $app->get('/auth/start', function() use($app) {
} else {
- if(!$user)
- $user = ORM::for_table('users')->create();
- $user->url = $me;
- $user->date_created = date('Y-m-d H:i:s');
- $user->micropub_endpoint = $micropubEndpoint;
- $user->authorization_endpoint = $authorizationEndpoint;
- $user->token_endpoint = $tokenEndpoint;
- $user->micropub_access_token = ''; // blank out the access token if they attempt to sign in again
- $user->save();
-
if(k($params, 'dontask') && $params['dontask']) {
// Request whatever scope was previously granted
$authorizationURL = parse_url($authorizationURL);
@@ -131,7 +123,12 @@ $app->get('/auth/callback', function() use($app) {
// If there is no state in the session, start the login again
if(!array_key_exists('auth_state', $_SESSION)) {
- $app->redirect('/?error=missing_session_state');
+ $html = render('auth_error', array(
+ 'title' => 'Auth Callback',
+ 'error' => 'Missing session state',
+ 'errorDescription' => 'Something went wrong, please try signing in again, and make sure cookies are enabled for this domain.'
+ ));
+ $app->response()->body($html);
return;
}
@@ -182,12 +179,11 @@ $app->get('/auth/callback', function() use($app) {
// An authorization code is in the query string, and we want to exchange that for an access token at the token endpoint.
// Discover the endpoints
- $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
- $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
+ $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'];
+ $tokenEndpoint = $_SESSION['indieauth']['token_endpoint'];
if($tokenEndpoint) {
- $token = IndieAuth\Client::getAccessToken($tokenEndpoint, $params['code'], $me, buildRedirectURI(), Config::$base_url, k($params,'state'), true);
-
+ $token = IndieAuth\Client::getAccessToken($tokenEndpoint, $params['code'], $me, buildRedirectURI(), Config::$base_url, true);
} else {
$token = array('auth'=>false, 'response'=>false);
}
@@ -197,11 +193,11 @@ $app->get('/auth/callback', function() use($app) {
// If a valid access token was returned, store the token info in the session and they are signed in
if(k($token['auth'], array('me','access_token','scope'))) {
// Double check that the domain of the returned "me" matches the expected
- if(parse_url($token['auth']['me'], PHP_URL_HOST) != parse_url($me, PHP_URL_HOST)) {
+ if(!\p3k\url\host_matches($token['auth']['me'], $me)) {
$html = render('auth_error', [
'title' => 'Error Signing In',
'error' => 'Invalid user',
- 'errorDescription' => 'The user URL that was returned in the access token did not match the domain of the user signing in.'
+ 'errorDescription' => 'The user URL that was returned from the token endpoint (<code>'.$token['auth']['me'].'</code>) did not match the domain of the user signing in (<code>'.$me.'</code>).'
]);
$app->response()->body($html);
return;
@@ -223,6 +219,8 @@ $app->get('/auth/callback', function() use($app) {
$user->url = $me;
$user->date_created = date('Y-m-d H:i:s');
}
+ $user->authorization_endpoint = $_SESSION['indieauth']['authorization_endpoint'];
+ $user->token_endpoint = $tokenEndpoint;
$user->micropub_endpoint = $micropubEndpoint;
$user->micropub_access_token = $token['auth']['access_token'];
$user->micropub_scope = $token['auth']['scope'];
@@ -237,6 +235,7 @@ $app->get('/auth/callback', function() use($app) {
unset($_SESSION['auth_state']);
unset($_SESSION['attempted_me']);
+ unset($_SESSION['indieauth']);
if($redirectToDashboardImmediately || k($_SESSION, 'dontask')) {
unset($_SESSION['dontask']);
@@ -253,6 +252,11 @@ $app->get('/auth/callback', function() use($app) {
$app->redirect('/new?' . http_build_query($query), 302);
}
} else {
+ $tokenResponse = $token['response'];
+ $parsed = @json_decode($tokenResponse);
+ if($parsed)
+ $tokenResponse = json_encode($parsed, JSON_PRETTY_PRINT+JSON_UNESCAPED_SLASHES);
+
$html = render('auth_callback', array(
'title' => 'Sign In',
'me' => $me,
@@ -260,7 +264,7 @@ $app->get('/auth/callback', function() use($app) {
'meParts' => parse_url($me),
'tokenEndpoint' => $tokenEndpoint,
'auth' => $token['auth'],
- 'response' => $token['response'],
+ 'response' => $tokenResponse,
'curl_error' => (array_key_exists('error', $token) ? $token['error'] : false),
'destination' => (k($_SESSION, 'redirect_after_login') ?: '/new')
));
diff --git a/controllers/controllers.php b/controllers/controllers.php
index 237c4bb..cc74674 100644
--- a/controllers/controllers.php
+++ b/controllers/controllers.php
@@ -724,7 +724,7 @@ $app->get('/code', function() use($app) {
'nginx' => ['conf'],
'apache' => [],
'text' => ['txt'],
- ];
+ ];
ksort($languages);
$language_map = [];
foreach($languages as $lang=>$exts) {
@@ -989,18 +989,18 @@ $app->get('/edit', function() use($app) {
'error' => 'There was a problem!',
'error_description' => $error
]);
- return;
+ return;
}
// Until all interfaces are complete, show an error here for unsupported ones
- if(!in_array($url, ['/favorite','/repost'])) {
+ if(!in_array($url, ['/favorite','/repost','/code'])) {
render('edit/error', [
'title' => 'Not Yet Supported',
'summary' => '',
'error' => 'Not Yet Supported',
'error_description' => 'Editing is not yet supported for this type of post.'
]);
- return;
+ return;
}
$app->redirect($url . '?edit=' . $params['url'], 302);
diff --git a/controllers/static.php b/controllers/static.php
index 9822d6b..8c4425d 100644
--- a/controllers/static.php
+++ b/controllers/static.php
@@ -11,7 +11,7 @@ function doc_pages($page=null) {
'syndication' => 'Syndication',
'post-status' => 'Post Status',
];
- if($page == null)
+ if($page == null)
return $pages;
else
return $pages[$page];
@@ -28,7 +28,7 @@ $app->get('/', function($format='html') use($app) {
render('index', array(
'title' => 'Quill',
'meta' => '',
- 'authorizing' => false
+ 'authorizing' => false,
));
});
@@ -42,7 +42,7 @@ $app->get('/creating-a-micropub-endpoint', function() use($app) {
$app->get('/docs', function() use($app) {
render('docs/index', array(
- 'title' => 'Documentation',
+ 'title' => 'Documentation',
'authorizing' => false,
'pages' => doc_pages()
));
@@ -51,7 +51,7 @@ $app->get('/docs', function() use($app) {
$app->get('/docs/:page', function($page) use($app) {
if(file_exists('views/docs/'.$page.'.php'))
render('docs/'.$page, array(
- 'title' => doc_pages($page).' - Quill Documentation',
+ 'title' => doc_pages($page).' - Quill Documentation',
'authorizing' => false
));
else