public function login_start(Request $request, Response $response) { if (!$request->get('url') || !($me = IndieAuth\Client::normalizeMeURL($request->get('url')))) { $response->setContent(view('login', ['title' => 'Sign In to Telegraph', 'error' => 'Invalid URL', 'error_description' => 'The URL you entered, "<strong>' . htmlspecialchars($request->get('url')) . '</strong>" is not valid.'])); return $response; } $authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me); $state = JWT::encode(['me' => $me, 'authorization_endpoint' => $authorizationEndpoint, 'return_to' => $request->get('return_to'), 'time' => time(), 'exp' => time() + 300], Config::$secretKey); if ($authorizationEndpoint) { // If the user specified only an authorization endpoint, use that $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, self::_buildRedirectURI(), Config::$clientID, $state); } else { // Otherwise, fall back to indieauth.com $authorizationURL = IndieAuth\Client::buildAuthorizationURL(Config::$defaultAuthorizationEndpoint, $me, self::_buildRedirectURI(), Config::$clientID, $state); } $response->setStatusCode(302); $response->headers->set('Location', $authorizationURL); return $response; }
$html = render('auth_error', array('title' => 'Sign In', 'error' => 'Invalid "me" Parameter', 'errorDescription' => 'The URL you entered, "<strong>' . $params['me'] . '</strong>" is not valid.')); $app->response()->body($html); return; } if (k($params, 'redirect')) { $_SESSION['redirect_after_login'] = $params['redirect']; } $authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me); $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me); $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me); if ($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) { // Generate a "state" parameter for the request $state = IndieAuth\Client::generateStateParameter(); $_SESSION['auth_state'] = $state; $scope = 'post'; $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), clientID(), $state, $scope); } else { $authorizationURL = false; } // If the user has already signed in before and has a micropub access token, // and the endpoints are all the same, skip the debugging screens and redirect // immediately to the auth endpoint. // This will still generate a new access token when they finish logging in. $user = ORM::for_table('users')->where('url', $me)->find_one(); if ($user && $user->micropub_access_token && $user->micropub_endpoint == $micropubEndpoint && $user->token_endpoint == $tokenEndpoint && $user->authorization_endpoint == $authorizationEndpoint && !array_key_exists('restart', $params)) { // TODO: fix this by caching the endpoints maybe in the session instead of writing them to the DB here. // Then remove the line below that blanks out the access token $user->micropub_endpoint = $micropubEndpoint; $user->authorization_endpoint = $authorizationEndpoint; $user->token_endpoint = $tokenEndpoint; $user->save();
$html = render('auth_error', array('title' => 'Sign In', 'error' => 'Invalid "me" Parameter', 'errorDescription' => 'The URL you entered, "<strong>' . $params['me'] . '</strong>" is not valid.')); $app->response()->body($html); return; } if (k($params, 'redirect')) { $_SESSION['redirect_after_login'] = $params['redirect']; } $authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me); $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me); $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me); if ($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) { // Generate a "state" parameter for the request $state = IndieAuth\Client::generateStateParameter(); $_SESSION['auth_state'] = $state; $scope = 'post'; $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $scope); } else { $authorizationURL = false; } // If the user has already signed in before and has a micropub access token, // and the endpoints are all the same, skip the debugging screens and redirect // immediately to the auth endpoint. // This will still generate a new access token when they finish logging in. $user = ORM::for_table('users')->where('url', $me)->find_one(); if ($user && $user->micropub_access_token && $user->micropub_endpoint == $micropubEndpoint && $user->token_endpoint == $tokenEndpoint && $user->authorization_endpoint == $authorizationEndpoint && !array_key_exists('restart', $params)) { // TODO: fix this by caching the endpoints maybe in the session instead of writing them to the DB here. // Then remove the line below that blanks out the access token $user->micropub_endpoint = $micropubEndpoint; $user->authorization_endpoint = $authorizationEndpoint; $user->token_endpoint = $tokenEndpoint; $user->save();
$authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me); $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me); $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me); // Generate a "state" parameter for the request $state = IndieAuth\Client::generateStateParameter(); $_SESSION['auth_state'] = $state; if ($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) { // If the user specified all three, build an authorization URL for their auth endpoint $scope = 'post'; $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), clientID(), $state, $scope); } elseif ($authorizationEndpoint) { // If the user specified only an authorization endpoint, use that $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), clientID(), $state); } else { // Otherwise, fall back to indieauth.com but tell them what's happening first $authorizationURL = IndieAuth\Client::buildAuthorizationURL(Config::$defaultAuthorizationEndpoint, $me, buildRedirectURI(), clientID(), $state); } // If the user has already signed in before and has a micropub access token, skip // the debugging screens and redirect immediately to the auth endpoint. // This will still generate a new access token when they finish logging in. $user = ORM::for_table('users')->where('url', $me)->find_one(); if ($user && $user->micropub_access_token && !array_key_exists('restart', $params)) { $user->authorization_endpoint = $authorizationEndpoint; $user->micropub_endpoint = $micropubEndpoint; $user->save(); $app->redirect($authorizationURL, 301); } elseif ($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) { // If all three endpoints are found, redirect immediately. // Normally happens with brand new users, but could also happen the first time // someone adds a micropub endpoint. if (!$user) {