1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-22 21:22:40 +00:00

Documentation and auth code client ID tracking

This commit is contained in:
J. King 2019-09-13 11:02:56 -04:00
parent 1b149e770c
commit 8308fbad31

View file

@ -15,6 +15,9 @@ use Zend\Diactoros\Response\HtmlResponse as Response;
use Zend\Diactoros\Response\EmptyResponse;
class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
/** The scopes which we grant to Microsub clients. Mute and block are not included because they have no meaning in an RSS/Atom context; this may signal to clients to suppress muting and blocking in their UI */
const SCOPES = "read follow channels";
public function __construct() {
}
@ -35,20 +38,33 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
}
}
/** Produces a user-identifier URL consiustent with the request
*
* This involves reconstructing the scheme and authority based on $_SERVER
* variables; it may fail depending on server configuration
*/
protected function buildIdentifier(ServerRequestInterface $req, bool $baseOnly = false): string {
// construct the base user identifier URL; the user is never checked against the database
$s = $req->getServerParams();
$path = $req->getRequestTarget()['path'];
$https = (strlen($s['HTTPS'] ?? "") && $s['HTTPS'] !== "off");
$port = (int) $s['SERVER_PORT'];
$port = (int) ($s['SERVER_PORT'] ?? 0);
$port = (!$port || ($https && $port == 443) || (!$https && $port == 80)) ? "" : ":$port";
$base = URL::normalize(($https ? "https" : "http")."://".$s['HTTP_HOST'].$port."/");
return !$baseOnly ? URL::normalize($base.$path) : $base;
}
/** Presents a very basic user profile for discovery purposes
*
* The HTML document itself consists only of link elements and an
* encoding declaration; Link header-fields are also included for
* HEAD requests
*
* Since discovery is publicly accessible, we produce a discovery
* page for all potential user name so as not to facilitate user
* enumeration
*/
protected function doDiscovery(string $user, ServerRequestInterface $req): ResponseInterface {
// as this route is publicly accessible, for reasons of privacy requests for user discovery work regardless of whether the user exists
// prepare authroizer, token, and Microsub endpoint URLs
$base = $this->buildIdentifier($req, true);
$id = $this->buildIdentifier($req);
$urlAuth = $id."?proc=login";
@ -63,6 +79,13 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
]);
}
/** Handles the authentication/authorization process
*
* Authentication is achieved via an HTTP Basic authentiation
* challenge; once the user successfully logs in a code is issued
* and redirection occurs. Scopes are for all intents and purposes
* ignored and client information is not presented.
*/
protected function doLogin(string $user, ServerRequestInterface $req): ResponseInterface {
if (!$req->getAttribute("authenticated", false)) {
// user has not yet logged in, or has failed to log in
@ -83,7 +106,7 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
return new EmptyResponse(400);
}
// issue an authorization code and build the redirect URL
$code = Arsse::$db->tokenCreate($id, "microsub.auth", null, Date::add("PT2M"));
$code = Arsse::$db->tokenCreate($id, "microsub.auth", null, Date::add("PT2M"), $query['client_id']);
$next = URL::queryAppend($redir, "code=$code&state=$state");
return new EmptyResponse(302, ["Location: $next"]);
}
@ -91,5 +114,6 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
}
protected function doIssue(string $user, ServerRequestInterface $req): ResponseInterface {
}
}