public function login_start(Request $request, Response $response)
{
if (!$request->get('url') || !($me = IndieAuth\Client::normalizeMeURL($request->get('url')))) {
$response->setContent(view('login', ['title' => 'Sign In to Telegraph', 'error' => 'Invalid URL', 'error_description' => 'The URL you entered, "<strong>' . htmlspecialchars($request->get('url')) . '</strong>" is not valid.']));
return $response;
}
$authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me);
$state = JWT::encode(['me' => $me, 'authorization_endpoint' => $authorizationEndpoint, 'return_to' => $request->get('return_to'), 'time' => time(), 'exp' => time() + 300], Config::$secretKey);
if ($authorizationEndpoint) {
// If the user specified only an authorization endpoint, use that
$authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, self::_buildRedirectURI(), Config::$clientID, $state);
} else {
// Otherwise, fall back to indieauth.com
$authorizationURL = IndieAuth\Client::buildAuthorizationURL(Config::$defaultAuthorizationEndpoint, $me, self::_buildRedirectURI(), Config::$clientID, $state);
}
$response->setStatusCode(302);
$response->headers->set('Location', $authorizationURL);
return $response;
}
$html = render('auth_error', array('title' => 'Sign In', 'error' => 'Invalid "me" Parameter', 'errorDescription' => 'The URL you entered, "<strong>' . $params['me'] . '</strong>" is not valid.'));
$app->response()->body($html);
return;
}
if (k($params, 'redirect')) {
$_SESSION['redirect_after_login'] = $params['redirect'];
}
$authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me);
$tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
$micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
if ($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) {
// Generate a "state" parameter for the request
$state = IndieAuth\Client::generateStateParameter();
$_SESSION['auth_state'] = $state;
$scope = 'post';
$authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), clientID(), $state, $scope);
} else {
$authorizationURL = false;
}
// If the user has already signed in before and has a micropub access token,
// and the endpoints are all the same, skip the debugging screens and redirect
// immediately to the auth endpoint.
// This will still generate a new access token when they finish logging in.
$user = ORM::for_table('users')->where('url', $me)->find_one();
if ($user && $user->micropub_access_token && $user->micropub_endpoint == $micropubEndpoint && $user->token_endpoint == $tokenEndpoint && $user->authorization_endpoint == $authorizationEndpoint && !array_key_exists('restart', $params)) {
// TODO: fix this by caching the endpoints maybe in the session instead of writing them to the DB here.
// Then remove the line below that blanks out the access token
$user->micropub_endpoint = $micropubEndpoint;
$user->authorization_endpoint = $authorizationEndpoint;
$user->token_endpoint = $tokenEndpoint;
$user->save();
$html = render('auth_error', array('title' => 'Sign In', 'error' => 'Invalid "me" Parameter', 'errorDescription' => 'The URL you entered, "<strong>' . $params['me'] . '</strong>" is not valid.'));
$app->response()->body($html);
return;
}
if (k($params, 'redirect')) {
$_SESSION['redirect_after_login'] = $params['redirect'];
}
$authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me);
$tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
$micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
if ($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) {
// Generate a "state" parameter for the request
$state = IndieAuth\Client::generateStateParameter();
$_SESSION['auth_state'] = $state;
$scope = 'post';
$authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $scope);
} else {
$authorizationURL = false;
}
// If the user has already signed in before and has a micropub access token,
// and the endpoints are all the same, skip the debugging screens and redirect
// immediately to the auth endpoint.
// This will still generate a new access token when they finish logging in.
$user = ORM::for_table('users')->where('url', $me)->find_one();
if ($user && $user->micropub_access_token && $user->micropub_endpoint == $micropubEndpoint && $user->token_endpoint == $tokenEndpoint && $user->authorization_endpoint == $authorizationEndpoint && !array_key_exists('restart', $params)) {
// TODO: fix this by caching the endpoints maybe in the session instead of writing them to the DB here.
// Then remove the line below that blanks out the access token
$user->micropub_endpoint = $micropubEndpoint;
$user->authorization_endpoint = $authorizationEndpoint;
$user->token_endpoint = $tokenEndpoint;
$user->save();
$authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me);
$tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
$micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
// Generate a "state" parameter for the request
$state = IndieAuth\Client::generateStateParameter();
$_SESSION['auth_state'] = $state;
if ($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) {
// If the user specified all three, build an authorization URL for their auth endpoint
$scope = 'post';
$authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), clientID(), $state, $scope);
} elseif ($authorizationEndpoint) {
// If the user specified only an authorization endpoint, use that
$authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), clientID(), $state);
} else {
// Otherwise, fall back to indieauth.com but tell them what's happening first
$authorizationURL = IndieAuth\Client::buildAuthorizationURL(Config::$defaultAuthorizationEndpoint, $me, buildRedirectURI(), clientID(), $state);
}
// If the user has already signed in before and has a micropub access token, skip
// the debugging screens and redirect immediately to the auth endpoint.
// This will still generate a new access token when they finish logging in.
$user = ORM::for_table('users')->where('url', $me)->find_one();
if ($user && $user->micropub_access_token && !array_key_exists('restart', $params)) {
$user->authorization_endpoint = $authorizationEndpoint;
$user->micropub_endpoint = $micropubEndpoint;
$user->save();
$app->redirect($authorizationURL, 301);
} elseif ($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) {
// If all three endpoints are found, redirect immediately.
// Normally happens with brand new users, but could also happen the first time
// someone adds a micropub endpoint.
if (!$user) {
