Esempio n. 1
0
 /**
  * Check that this token is either a user token or the
  * site's API token, and auth the current request for that user if so.
  *
  * @return \Idno\Entities\User user on success
  */
 private static function authenticate()
 {
     $access_token = \Idno\Core\Input::getInput('access_token');
     $headers = \Idno\Common\Page::getallheaders();
     if (!empty($headers['Authorization'])) {
         $token = $headers['Authorization'];
         $token = trim(str_replace('Bearer', '', $token));
     } else {
         if ($token = \Idno\Core\Input::getInput('access_token')) {
             $token = trim($token);
         }
     }
     if (!empty($token)) {
         $found = Token::findUserForToken($token);
         if (!empty($found)) {
             \Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
             $user = $found['user'];
             \Idno\Core\Idno::site()->session()->refreshSessionUser($user);
             return $user;
         }
         $user = \Idno\Entities\User::getOne(array('admin' => true));
         if ($token == $user->getAPIkey()) {
             \Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
             \Idno\Core\Idno::site()->session()->refreshSessionUser($user);
             return $user;
         }
     }
     return false;
 }
Esempio n. 2
0
 /**
  * Sets the page owner on the homepage
  */
 function init()
 {
     \Idno\Core\Idno::site()->events()->addListener('page/get', function (\Idno\Core\Event $event) {
         if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') {
             \Idno\Core\Idno::site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => 1]));
         }
     });
 }
Esempio n. 3
0
 /**
  * Sets the page owner on the homepage
  */
 function init()
 {
     \Idno\Core\site()->events()->addListener('page/get', function (\Idno\Core\Event $event) {
         if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') {
             \Idno\Core\site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => true]));
         }
     });
     \Idno\Core\site()->addPageHandler('/admin/cherwell/?', 'Themes\\Cherwell\\Pages\\Admin');
 }
Esempio n. 4
0
 /**
  * Sets the page owner on the homepage
  */
 function init()
 {
     \Idno\Core\Idno::site()->events()->addListener('page/get', function (\Idno\Core\Event $event) {
         if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') {
             if (!empty(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) {
                 if ($profile_user = User::getByHandle(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) {
                     \Idno\Core\Idno::site()->currentPage()->setOwner($profile_user);
                 }
             }
             if (empty($profile_user)) {
                 \Idno\Core\Idno::site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => true]));
             }
         }
     });
     \Idno\Core\Idno::site()->addPageHandler('/admin/cherwell/?', 'Themes\\Cherwell\\Pages\\Admin');
 }
Esempio n. 5
0
File: Token.php Progetto: hank/Known
 function post()
 {
     // Get parameters
     $code = $this->getInput('code');
     $me = $this->getInput('me');
     $redirect_uri = $this->getInput('redirect_uri');
     $state = $this->getInput('state');
     $client_id = $this->getInput('client_id');
     // Verify code
     $response = Webservice::post('https://indieauth.com/auth', array('me' => $me, 'code' => $code, 'redirect_uri' => $redirect_uri, 'state' => $state, 'client_id' => $client_id));
     if ($response['response'] == 200) {
         parse_str($response['content'], $content);
         if (!empty($content['me']) && (parse_url($content['me'], PHP_URL_HOST) == parse_url(\Idno\Core\site()->config()->getURL(), PHP_URL_HOST) || 'www.' . parse_url($content['me'], PHP_URL_HOST) == parse_url(\Idno\Core\site()->config()->getURL(), PHP_URL_HOST))) {
             // Get user & existing tokens
             $user = \Idno\Entities\User::getOne(array('admin' => true));
             $indieauth_tokens = $user->indieauth_tokens;
             if (empty($indieauth_tokens)) {
                 $indieauth_tokens = array();
             }
             // Generate access token and save it to the user
             $token = md5(rand(0, 99999) . time() . $user->getUUID() . $client_id . $state . rand(0, 999999));
             $indieauth_tokens[$token] = array('me' => $me, 'redirect_uri' => $redirect_uri, 'scope' => 'post', 'client_id' => $client_id, 'issued_at' => time(), 'nonce' => mt_rand(1000000, pow(2, 30)));
             $user->indieauth_tokens = $indieauth_tokens;
             $user->save();
             if (\Idno\Core\site()->session()->isLoggedOn() && $user->getUUID() == \Idno\Core\site()->session()->currentUser()->getUUID()) {
                 \Idno\Core\site()->session()->refreshSessionUser($user);
             }
             // Output to the browser
             $this->setResponse(200);
             header('Content-Type: application/x-www-form-urlencoded');
             echo http_build_query(array('access_token' => $token, 'scope' => 'post', 'me' => $me));
             exit;
         } else {
             $this->setResponse(404);
             echo "Client mismatch.";
         }
     }
 }
Esempio n. 6
0
 function getContent()
 {
     $user = \Idno\Entities\User::getOne(array('admin' => true));
     // This is for single user sites; will retrieve the main user
     $code = $this->getInput('code');
     if (!empty($code)) {
         $client = new Webservice();
         $response = Webservice::post('http://indieauth.com/auth', array('code' => $code, 'redirect_uri' => \Idno\Core\Idno::site()->config()->getURL(), 'client_id' => \Idno\Core\Idno::site()->config()->getURL()));
         if ($response['response'] == 200) {
             parse_str($response['content'], $content);
             if (!empty($content['me']) && parse_url($content['me'], PHP_URL_HOST) == parse_url(\Idno\Core\Idno::site()->config()->getURL, PHP_URL_HOST)) {
                 $user = \Idno\Core\Idno::site()->session()->currentUser();
                 $user->indieauth_code = $code;
                 $user->save();
                 \Idno\Core\Idno::site()->session()->logUserOn($user);
             } else {
                 \Idno\Core\Idno::site()->session()->addMessage("Couldn't log you in: the token hostname didn't match.");
             }
         } else {
             \Idno\Core\Idno::site()->session()->addMessage("Uh oh! We got a " . $response['response'] . " response.");
         }
     }
 }
Esempio n. 7
0
 function post()
 {
     $headers = $this->getallheaders();
     $user = \Idno\Entities\User::getOne(array('admin' => true));
     \Idno\Core\site()->session()->refreshSessionUser($user);
     $indieauth_tokens = $user->indieauth_tokens;
     if (!empty($headers['Authorization'])) {
         $token = $headers['Authorization'];
         $token = trim(str_replace('Bearer', '', $token));
     } else {
         if ($token = $this->getInput('access_token')) {
             $token = trim($token);
         }
     }
     $user_token = $user->getAPIkey();
     if (!empty($indieauth_tokens[$token]) || $token == $user_token) {
         // If we're here, we're authorized
         // Get details
         $type = $this->getInput('h');
         $content = $this->getInput('content');
         $name = $this->getInput('name');
         $in_reply_to = $this->getInput('in-reply-to');
         $syndicate = $this->getInput('syndicate-to');
         if ($type == 'entry') {
             if (!empty($_FILES['photo'])) {
                 $type = 'photo';
                 if (empty($name) && !empty($content)) {
                     $name = $content;
                     $content = '';
                 }
             } else {
                 if (empty($name)) {
                     $type = 'note';
                 } else {
                     $type = 'article';
                 }
             }
         }
         // Get an appropriate plugin, given the content type
         if ($contentType = ContentType::getRegisteredForIndieWebPostType($type)) {
             if ($entity = $contentType->createEntity()) {
                 $this->setInput('title', $name);
                 $this->setInput('body', $content);
                 $this->setInput('inreplyto', $in_reply_to);
                 if ($created = $this->getInput('published')) {
                     $this->setInput('created', $created);
                 }
                 if (!empty($syndicate)) {
                     $syndication = array(trim(str_replace('.com', '', $syndicate)));
                     $this->setInput('syndication', $syndication);
                 }
                 if ($entity->saveDataFromInput()) {
                     //$this->setResponse(201);
                     header('Location: ' . $entity->getURL());
                     exit;
                 } else {
                     $this->setResponse(500);
                     echo "Couldn't create {$type}";
                     exit;
                 }
             }
         } else {
             $this->setResponse(500);
             echo "Couldn't find content type {$type}";
             exit;
         }
     }
     $this->setResponse(403);
     echo 'Bad token';
 }
Esempio n. 8
0
 /**
  * A webmention to the homepage means someone mentioned our site's root.
  */
 function webmentionContent($source, $target, $source_response, $source_mf2)
 {
     // if this is a single-user site, let's forward on the root mention
     // to their user page
     \Idno\Core\Idno::site()->logging()->info("received homepage mention from {$source}");
     if (\Idno\Core\Idno::site()->config()->single_user) {
         $user = \Idno\Entities\User::getOne(['admin' => true]);
         if ($user) {
             \Idno\Core\Idno::site()->logging()->debug("pass on webmention to solo user: {$user->getHandle()}");
             $userPage = \Idno\Core\Idno::site()->getPageHandler($user->getURL());
             if ($userPage) {
                 return $userPage->webmentionContent($source, $target, $source_response, $source_mf2);
             } else {
                 \Idno\Core\Idno::site()->logging()->debug("failed to find a Page to serve route " . $user->getURL());
             }
         } else {
             \Idno\Core\Idno::site()->logging()->debug("query for an admin-user failed to find one");
         }
     } else {
         \Idno\Core\Idno::site()->logging()->debug("disregarding mention to multi-user site");
     }
     return false;
 }
Esempio n. 9
0
 private function validateToken($token)
 {
     if (!empty($token)) {
         $found = Token::findUserForToken($token);
         if (!empty($found)) {
             $user = $found['user'];
             \Idno\Core\Idno::site()->session()->refreshSessionUser($user);
             return true;
         }
         $user = \Idno\Entities\User::getOne(array('admin' => true));
         if ($token == $user->getAPIkey()) {
             \Idno\Core\Idno::site()->session()->refreshSessionUser($user);
             return true;
         }
     }
     return false;
 }