mirror/Arsse
1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2025-01-10 18:02:40 +00:00
Code Issues Activity

Bearer validation

Browse source
This commit is contained in:
J. King 2019-09-20 18:49:09 -04:00
parent e6482bb8aa
commit e1318ee736
1 changed files with 22 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
lib/REST/Microsub/Auth.php
View file

@ -210,7 +210,7 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
/** Handles the auth code verification of the basic "Authentication" flow of IndieAuth /** Handles the auth code verification of the basic "Authentication" flow of IndieAuth
* *
* This is not used by Microsub * This is not used by Microsub, but is part of the IndieAuth specification
* *
* @see https://indieauth.spec.indieweb.org/#authorization-code-verification * @see https://indieauth.spec.indieweb.org/#authorization-code-verification
*/ */
@ -258,17 +258,18 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
/** Validates an auth code and throws appropriate exceptions otherwise /** Validates an auth code and throws appropriate exceptions otherwise
* *
* Returns an indexed araay containing the username and the grant type (either "id" or "code") * Returns an indexed array containing the username and the grant type (either "id" or "code")
* *
* It is the responsibility of the calling function to revoke the auth code if the code is accepted * It is the responsibility of the calling function to revoke the auth code if the code is ultimately accepted
*/ */
protected function validateAuthCode(string $code, string $clientId, string $redirUrl, string $me = null): array { protected function validateAuthCode(string $code, string $clientId, string $redirUrl, string $me = null): array {
if (!strlen($code) || !strlen($clientId) || !strlen($redirUrl)) { if (!strlen($code) || !strlen($clientId) || !strlen($redirUrl)) {
throw new ExceptionAuth("invalid_request"); throw new ExceptionAuth("invalid_request");
} }
// check that the auth code exists // check that the auth code exists
$token = Arsse::$db->tokenLookup("microsub.auth", $code); try {
if (!$token) { $token = Arsse::$db->tokenLookup("microsub.auth", $code);
} catch (\JKingWeb\Arsse\Db\ExceptionInput $e) {
throw new ExceptionAuth("invalid_grant"); throw new ExceptionAuth("invalid_grant");
} }
$data = @json_decode($token['data'], true); $data = @json_decode($token['data'], true);
@ -287,4 +288,20 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
protected function opTokenVerification(string $user, ServerRequestInterface $req): ResponseInterface { protected function opTokenVerification(string $user, ServerRequestInterface $req): ResponseInterface {
} }
/** Checks that the simplied bearer token is valid
*
* Returns an indexed array with the user associated with the token, as well as the granted scope
*
* @throws \JKingWeb\Arsse\REST\Microsub\ExceptionAuth
*/
public static function validateBearer(string $token): array {
try {
$token = Arsse::$db->tokenLookup("microsub.auth", $token);
} catch (\JKingWeb\Arsse\Db\ExceptionInput $e) {
throw new ExceptionAuth("invalid_grant");
}
// scope is hard-coded for now
return [$token['user'], self::SCOPES];
}
} }