$html = render('auth_error', array('title' => 'Auth Callback', 'error' => 'Missing state parameter', 'errorDescription' => 'No state parameter was provided in the request. This shouldn\'t happen. It is possible this is a malicious authorization attempt.')); $app->response()->body($html); return; } if ($params['state'] != $_SESSION['auth_state']) { $html = render('auth_error', array('title' => 'Auth Callback', 'error' => 'Invalid state', 'errorDescription' => 'The state parameter provided did not match the state provided at the start of authorization. This is most likely caused by a malicious authorization attempt.')); $app->response()->body($html); return; } // Now the basic sanity checks have passed. Time to start providing more helpful messages when there is an error. // An authorization code is in the query string, and we want to exchange that for an access token at the token endpoint. // Discover the endpoints $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me); $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me); if ($tokenEndpoint) { $token = IndieAuth\Client::getAccessToken($tokenEndpoint, $params['code'], $params['me'], buildRedirectURI(), clientID(), k($params, 'state'), true); } else { $token = array('auth' => false, 'response' => false); } $redirectToDashboardImmediately = false; // If a valid access token was returned, store the token info in the session and they are signed in if (k($token['auth'], array('me', 'access_token', 'scope'))) { $_SESSION['auth'] = $token['auth']; $_SESSION['me'] = $params['me']; $user = ORM::for_table('users')->where('url', $me)->find_one(); if ($user) { // Already logged in, update the last login date $user->last_login = date('Y-m-d H:i:s'); // If they have logged in before and we already have an access token, then redirect to the dashboard now if ($user->micropub_access_token) { $redirectToDashboardImmediately = true;
$html = render('auth_error', array('title' => 'Auth Callback', 'error' => 'Invalid state', 'errorDescription' => 'The state parameter provided did not match the state provided at the start of authorization. This is most likely caused by a malicious authorization attempt.')); $app->response()->body($html); return; } // Now the basic sanity checks have passed. Time to start providing more helpful messages when there is an error. // An authorization code is in the query string, and we want to exchange that for an access token at the token endpoint. // Discover the endpoints $authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me); $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me); $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me); if ($tokenEndpoint) { $token = IndieAuth\Client::getAccessToken($tokenEndpoint, $params['code'], $params['me'], buildRedirectURI(), clientID(), $params['state'], true); } elseif ($authorizationEndpoint) { $token = IndieAuth\Client::verifyIndieAuthCode($authorizationEndpoint, $params['code'], $params['me'], buildRedirectURI(), clientID(), $params['state'], true); } else { $token = IndieAuth\Client::verifyIndieAuthCode(Config::$defaultAuthorizationEndpoint, $params['code'], $params['me'], buildRedirectURI(), clientID(), $params['state'], true); } $redirectToDashboardImmediately = false; // If a valid access token was returned, store the token info in the session and they are signed in if (k($token['auth'], array('me'))) { $_SESSION['auth'] = $token['auth']; $_SESSION['me'] = $params['me']; $redirectToDashboardImmediately = true; $user = ORM::for_table('users')->where('url', $me)->find_one(); if (!$user) { // New user! Store the user in the database $user = ORM::for_table('users')->create(); $user->url = $me; $user->date_created = date('Y-m-d H:i:s'); } $user->subscriptions_url = '';