Compare commits
1 commit
| Author | SHA1 | Date | |
|---|---|---|---|
 Mark Wane
|
c2c7af38a5
|
36
index.php
36
index.php
|
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
/* Single user IndieAuth endpoint using server envvars from SSO
|
||||
/* Multi-user IndieAuth endpoint using server envvars from SSO
|
||||
* Based on https://github.com/inklings-io/selfauth
|
||||
*/
|
||||
require_once 'functions.php';
|
||||
|
|
@ -16,21 +16,31 @@ if ( ! is_null($code) ){
|
|||
if ( ! (
|
||||
is_string($code) &&
|
||||
is_string($redirect_uri) &&
|
||||
is_string($client_id) &&
|
||||
verify_signed_code( APP_KEY, USER_URL . $redirect_uri . $client_id, $code )
|
||||
is_string($client_id)
|
||||
) ) {
|
||||
$error = 'Invalid request';
|
||||
http_response_code(400);
|
||||
include 'form.php';
|
||||
die();
|
||||
}
|
||||
|
||||
$code_parts = explode(':', $code, 3);
|
||||
$suffix_parts = explode(':', base64_url_decode( $code_parts[2] ), 2 );
|
||||
$user = $suffix_parts[0];
|
||||
|
||||
if ( ! verify_signed_code( APP_KEY, $user . $redirect_uri . $client_id, $code ) ) {
|
||||
$error = 'Invalid code';
|
||||
http_response_code(400);
|
||||
include 'form.php';
|
||||
die();
|
||||
}
|
||||
|
||||
$response = array('me' => USER_URL);
|
||||
$code_parts = explode(':', $code, 3);
|
||||
$response = array('me' => USER_URLS[$user]);
|
||||
|
||||
$accept_header = $_SERVER['HTTP_ACCEPT'] ?: '*/*';
|
||||
|
||||
if ( '' !== $code_parts[2] ) {
|
||||
$response['scope'] = base64_url_decode($code_parts[2]);
|
||||
if ( '' !== $suffix_parts[1] ) {
|
||||
$response['scope'] = $suffix_parts[1];
|
||||
}
|
||||
|
||||
$json = get_q_value('application/json', $accept_header);
|
||||
|
|
@ -52,13 +62,14 @@ if ( ! is_null($code) ){
|
|||
|
||||
// No code submitted,
|
||||
// Check login
|
||||
if ( is_null($_SERVER["REMOTE_USER"]) ) {
|
||||
$user = $_SERVER["REMOTE_USER"];
|
||||
if ( is_null($user) ) {
|
||||
$error = 'Not logged in. Login on the <a href="https://auth.cool110.xyz/">SSO portal</a>';
|
||||
http_response_code(403);
|
||||
include 'form.php';
|
||||
die();
|
||||
} elseif ( USER_NAME !== $_SERVER["REMOTE_USER"] ){
|
||||
$error = 'This system is for ' . USER_NAME . ' only.';
|
||||
} elseif ( ! array_key_exists( $user, USER_URLS ) ){
|
||||
$error = 'Account not provisioned';
|
||||
http_response_code(403);
|
||||
include 'form.php';
|
||||
die();
|
||||
|
|
@ -108,7 +119,8 @@ if ( ! is_null($csrf_code) ) {
|
|||
$scope = implode( ' ', $scope );
|
||||
}
|
||||
|
||||
$code = create_signed_code( APP_KEY, USER_URL . $redirect_uri . $client_id, 5 * 60, $scope );
|
||||
$suffix = $user . ':' . $scope;
|
||||
$code = create_signed_code( APP_KEY, $user . $redirect_uri . $client_id, 5 * 60, $suffix );
|
||||
|
||||
$final_redir = $redirect_uri;
|
||||
if ( strpos($redirect_uri, '?') === false ) {
|
||||
|
|
@ -119,7 +131,7 @@ if ( ! is_null($csrf_code) ) {
|
|||
|
||||
$parameters = array(
|
||||
'code' => $code,
|
||||
'me' => USER_URL
|
||||
'me' => USER_URLS[$user]
|
||||
);
|
||||
if ( ! is_null($state) ) {
|
||||
$parameters['state'] = $state;
|
||||
|
|
|
|||
Loading…
Reference in a new issue