/** * Check that this token is either a user token or the * site's API token, and auth the current request for that user if so. * * @return \Idno\Entities\User user on success */ private static function authenticate() { $access_token = \Idno\Core\Input::getInput('access_token'); $headers = \Idno\Common\Page::getallheaders(); if (!empty($headers['Authorization'])) { $token = $headers['Authorization']; $token = trim(str_replace('Bearer', '', $token)); } else { if ($token = \Idno\Core\Input::getInput('access_token')) { $token = trim($token); } } if (!empty($token)) { $found = Token::findUserForToken($token); if (!empty($found)) { \Idno\Core\Idno::site()->session()->setIsAPIRequest(true); $user = $found['user']; \Idno\Core\Idno::site()->session()->refreshSessionUser($user); return $user; } $user = \Idno\Entities\User::getOne(array('admin' => true)); if ($token == $user->getAPIkey()) { \Idno\Core\Idno::site()->session()->setIsAPIRequest(true); \Idno\Core\Idno::site()->session()->refreshSessionUser($user); return $user; } } return false; }
/** * Sets the page owner on the homepage */ function init() { \Idno\Core\Idno::site()->events()->addListener('page/get', function (\Idno\Core\Event $event) { if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') { \Idno\Core\Idno::site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => 1])); } }); }
/** * Sets the page owner on the homepage */ function init() { \Idno\Core\site()->events()->addListener('page/get', function (\Idno\Core\Event $event) { if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') { \Idno\Core\site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => true])); } }); \Idno\Core\site()->addPageHandler('/admin/cherwell/?', 'Themes\\Cherwell\\Pages\\Admin'); }
/** * Sets the page owner on the homepage */ function init() { \Idno\Core\Idno::site()->events()->addListener('page/get', function (\Idno\Core\Event $event) { if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') { if (!empty(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) { if ($profile_user = User::getByHandle(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) { \Idno\Core\Idno::site()->currentPage()->setOwner($profile_user); } } if (empty($profile_user)) { \Idno\Core\Idno::site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => true])); } } }); \Idno\Core\Idno::site()->addPageHandler('/admin/cherwell/?', 'Themes\\Cherwell\\Pages\\Admin'); }
function post() { // Get parameters $code = $this->getInput('code'); $me = $this->getInput('me'); $redirect_uri = $this->getInput('redirect_uri'); $state = $this->getInput('state'); $client_id = $this->getInput('client_id'); // Verify code $response = Webservice::post('https://indieauth.com/auth', array('me' => $me, 'code' => $code, 'redirect_uri' => $redirect_uri, 'state' => $state, 'client_id' => $client_id)); if ($response['response'] == 200) { parse_str($response['content'], $content); if (!empty($content['me']) && (parse_url($content['me'], PHP_URL_HOST) == parse_url(\Idno\Core\site()->config()->getURL(), PHP_URL_HOST) || 'www.' . parse_url($content['me'], PHP_URL_HOST) == parse_url(\Idno\Core\site()->config()->getURL(), PHP_URL_HOST))) { // Get user & existing tokens $user = \Idno\Entities\User::getOne(array('admin' => true)); $indieauth_tokens = $user->indieauth_tokens; if (empty($indieauth_tokens)) { $indieauth_tokens = array(); } // Generate access token and save it to the user $token = md5(rand(0, 99999) . time() . $user->getUUID() . $client_id . $state . rand(0, 999999)); $indieauth_tokens[$token] = array('me' => $me, 'redirect_uri' => $redirect_uri, 'scope' => 'post', 'client_id' => $client_id, 'issued_at' => time(), 'nonce' => mt_rand(1000000, pow(2, 30))); $user->indieauth_tokens = $indieauth_tokens; $user->save(); if (\Idno\Core\site()->session()->isLoggedOn() && $user->getUUID() == \Idno\Core\site()->session()->currentUser()->getUUID()) { \Idno\Core\site()->session()->refreshSessionUser($user); } // Output to the browser $this->setResponse(200); header('Content-Type: application/x-www-form-urlencoded'); echo http_build_query(array('access_token' => $token, 'scope' => 'post', 'me' => $me)); exit; } else { $this->setResponse(404); echo "Client mismatch."; } } }
function getContent() { $user = \Idno\Entities\User::getOne(array('admin' => true)); // This is for single user sites; will retrieve the main user $code = $this->getInput('code'); if (!empty($code)) { $client = new Webservice(); $response = Webservice::post('http://indieauth.com/auth', array('code' => $code, 'redirect_uri' => \Idno\Core\Idno::site()->config()->getURL(), 'client_id' => \Idno\Core\Idno::site()->config()->getURL())); if ($response['response'] == 200) { parse_str($response['content'], $content); if (!empty($content['me']) && parse_url($content['me'], PHP_URL_HOST) == parse_url(\Idno\Core\Idno::site()->config()->getURL, PHP_URL_HOST)) { $user = \Idno\Core\Idno::site()->session()->currentUser(); $user->indieauth_code = $code; $user->save(); \Idno\Core\Idno::site()->session()->logUserOn($user); } else { \Idno\Core\Idno::site()->session()->addMessage("Couldn't log you in: the token hostname didn't match."); } } else { \Idno\Core\Idno::site()->session()->addMessage("Uh oh! We got a " . $response['response'] . " response."); } } }
function post() { $headers = $this->getallheaders(); $user = \Idno\Entities\User::getOne(array('admin' => true)); \Idno\Core\site()->session()->refreshSessionUser($user); $indieauth_tokens = $user->indieauth_tokens; if (!empty($headers['Authorization'])) { $token = $headers['Authorization']; $token = trim(str_replace('Bearer', '', $token)); } else { if ($token = $this->getInput('access_token')) { $token = trim($token); } } $user_token = $user->getAPIkey(); if (!empty($indieauth_tokens[$token]) || $token == $user_token) { // If we're here, we're authorized // Get details $type = $this->getInput('h'); $content = $this->getInput('content'); $name = $this->getInput('name'); $in_reply_to = $this->getInput('in-reply-to'); $syndicate = $this->getInput('syndicate-to'); if ($type == 'entry') { if (!empty($_FILES['photo'])) { $type = 'photo'; if (empty($name) && !empty($content)) { $name = $content; $content = ''; } } else { if (empty($name)) { $type = 'note'; } else { $type = 'article'; } } } // Get an appropriate plugin, given the content type if ($contentType = ContentType::getRegisteredForIndieWebPostType($type)) { if ($entity = $contentType->createEntity()) { $this->setInput('title', $name); $this->setInput('body', $content); $this->setInput('inreplyto', $in_reply_to); if ($created = $this->getInput('published')) { $this->setInput('created', $created); } if (!empty($syndicate)) { $syndication = array(trim(str_replace('.com', '', $syndicate))); $this->setInput('syndication', $syndication); } if ($entity->saveDataFromInput()) { //$this->setResponse(201); header('Location: ' . $entity->getURL()); exit; } else { $this->setResponse(500); echo "Couldn't create {$type}"; exit; } } } else { $this->setResponse(500); echo "Couldn't find content type {$type}"; exit; } } $this->setResponse(403); echo 'Bad token'; }
/** * A webmention to the homepage means someone mentioned our site's root. */ function webmentionContent($source, $target, $source_response, $source_mf2) { // if this is a single-user site, let's forward on the root mention // to their user page \Idno\Core\Idno::site()->logging()->info("received homepage mention from {$source}"); if (\Idno\Core\Idno::site()->config()->single_user) { $user = \Idno\Entities\User::getOne(['admin' => true]); if ($user) { \Idno\Core\Idno::site()->logging()->debug("pass on webmention to solo user: {$user->getHandle()}"); $userPage = \Idno\Core\Idno::site()->getPageHandler($user->getURL()); if ($userPage) { return $userPage->webmentionContent($source, $target, $source_response, $source_mf2); } else { \Idno\Core\Idno::site()->logging()->debug("failed to find a Page to serve route " . $user->getURL()); } } else { \Idno\Core\Idno::site()->logging()->debug("query for an admin-user failed to find one"); } } else { \Idno\Core\Idno::site()->logging()->debug("disregarding mention to multi-user site"); } return false; }
private function validateToken($token) { if (!empty($token)) { $found = Token::findUserForToken($token); if (!empty($found)) { $user = $found['user']; \Idno\Core\Idno::site()->session()->refreshSessionUser($user); return true; } $user = \Idno\Entities\User::getOne(array('admin' => true)); if ($token == $user->getAPIkey()) { \Idno\Core\Idno::site()->session()->refreshSessionUser($user); return true; } } return false; }