From b302c08cfff073c29bceb6bda7cefc80eb62eaa7 Mon Sep 17 00:00:00 2001
From: Aaron Parecki <aaron@parecki.com>
Date: Sat, 25 Jul 2015 16:49:07 -0700
Subject: lock to JWT 2.* version

---
 controllers/controllers.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'controllers/controllers.php')

diff --git a/controllers/controllers.php b/controllers/controllers.php
index fc8425c..b3e23a7 100644
--- a/controllers/controllers.php
+++ b/controllers/controllers.php
@@ -1,11 +1,10 @@
 <?php
-use Firebase\JWT\JWT;
 
 function require_login(&$app, $redirect=true) {
   $params = $app->request()->params();
   if(array_key_exists('token', $params)) {
     try {
-      $data = JWT::decode($params['token'], Config::$jwtSecret);
+      $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256'));
       $_SESSION['user_id'] = $data->user_id;
       $_SESSION['me'] = $data->me;
     } catch(DomainException $e) {
@@ -194,12 +193,14 @@ $app->get('/privacy', function() use($app) {
 
 $app->get('/add-to-home', function() use($app) {
   $params = $app->request()->params();
+  header("Cache-Control: no-cache, must-revalidate");
 
   if(array_key_exists('token', $params) && !session('add-to-home-started')) {
+    unset($_SESSION['add-to-home-started']);
 
     // Verify the token and sign the user in
     try {
-      $data = JWT::decode($params['token'], Config::$jwtSecret);
+      $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256'));
       $_SESSION['user_id'] = $data->user_id;
       $_SESSION['me'] = $data->me;
       $app->redirect('/new', 301);
-- 
cgit v1.2.3