mirror of
https://github.com/friendica/friendica
synced 2024-12-22 18:00:16 +00:00
Refactor OAuth Token
This commit is contained in:
parent
5772c70216
commit
3d97280f52
3 changed files with 45 additions and 25 deletions
|
@ -456,7 +456,7 @@ abstract class BaseModule implements ICanHandleRequests
|
|||
* @param string $content
|
||||
* @param string $type
|
||||
* @param string|null $content_type
|
||||
* @return void
|
||||
* @return never
|
||||
* @throws HTTPException\InternalServerErrorException
|
||||
*/
|
||||
public function httpExit(string $content, string $type = Response::TYPE_HTML, ?string $content_type = null)
|
||||
|
@ -493,7 +493,7 @@ abstract class BaseModule implements ICanHandleRequests
|
|||
* @param mixed $content
|
||||
* @param string $content_type
|
||||
* @param int $options A combination of json_encode() binary flags
|
||||
* @return void
|
||||
* @return never
|
||||
* @throws HTTPException\InternalServerErrorException
|
||||
* @see json_encode()
|
||||
*/
|
||||
|
@ -508,7 +508,7 @@ abstract class BaseModule implements ICanHandleRequests
|
|||
* @param int $httpCode
|
||||
* @param mixed $content
|
||||
* @param string $content_type
|
||||
* @return void
|
||||
* @return never
|
||||
* @throws HTTPException\InternalServerErrorException
|
||||
*/
|
||||
public function jsonError(int $httpCode, $content, string $content_type = 'application/json')
|
||||
|
|
|
@ -509,7 +509,7 @@ class BaseApi extends BaseModule
|
|||
/**
|
||||
* @param int $errorno
|
||||
* @param Error $error
|
||||
* @return void
|
||||
* @return never
|
||||
* @throws HTTPException\InternalServerErrorException
|
||||
*/
|
||||
protected function logAndJsonError(int $errorno, Error $error)
|
||||
|
|
|
@ -66,12 +66,30 @@ class Token extends BaseApi
|
|||
$this->logAndJsonError(401, $this->errorFactory->Unauthorized('invalid_client', $this->t('Invalid data or unknown client')));
|
||||
}
|
||||
|
||||
if ($request['grant_type'] == 'client_credentials') {
|
||||
$grant_type = (string) $request['grant_type'];
|
||||
|
||||
if (!in_array($grant_type, ['client_credentials', 'authorization_code'])) {
|
||||
Logger::warning('Unsupported or missing grant type', ['request' => $_REQUEST]);
|
||||
$this->logAndJsonError(422, $this->errorFactory->UnprocessableEntity($this->t('Unsupported or missing grant type')));
|
||||
}
|
||||
|
||||
if ($grant_type === 'client_credentials') {
|
||||
// the "client_credentials" are used as a token for the application itself.
|
||||
// see https://aaronparecki.com/oauth-2-simplified/#client-credentials
|
||||
$token = OAuth::createTokenForUser($application, 0, '');
|
||||
$me = null;
|
||||
} elseif ($request['grant_type'] == 'authorization_code') {
|
||||
|
||||
$object = new \Friendica\Object\Api\Mastodon\Token(
|
||||
$token['access_token'],
|
||||
'Bearer',
|
||||
$application['scopes'],
|
||||
$token['created_at'],
|
||||
null
|
||||
);
|
||||
|
||||
$this->jsonExit($object->toArray());
|
||||
}
|
||||
|
||||
// now check for $grant_type === 'authorization_code'
|
||||
// For security reasons only allow freshly created tokens
|
||||
$redirect_uri = strtok($request['redirect_uri'],'?');
|
||||
$condition = [
|
||||
|
@ -84,14 +102,16 @@ class Token extends BaseApi
|
|||
$this->logger->notice('Token not found or outdated', $condition);
|
||||
$this->logAndJsonError(401, $this->errorFactory->Unauthorized());
|
||||
}
|
||||
$owner = User::getOwnerDataById($token['uid']);
|
||||
$me = $owner['url'];
|
||||
} else {
|
||||
Logger::warning('Unsupported or missing grant type', ['request' => $_REQUEST]);
|
||||
$this->logAndJsonError(422, $this->errorFactory->UnprocessableEntity($this->t('Unsupported or missing grant type')));
|
||||
}
|
||||
|
||||
$object = new \Friendica\Object\Api\Mastodon\Token($token['access_token'], 'Bearer', $application['scopes'], $token['created_at'], $me);
|
||||
$owner = User::getOwnerDataById($token['uid']);
|
||||
|
||||
$object = new \Friendica\Object\Api\Mastodon\Token(
|
||||
$token['access_token'],
|
||||
'Bearer',
|
||||
$application['scopes'],
|
||||
$token['created_at'],
|
||||
$owner['url']
|
||||
);
|
||||
|
||||
$this->jsonExit($object->toArray());
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue