mirror of
https://github.com/friendica/friendica
synced 2025-04-24 00:30:11 +00:00
API: Parameter cleanup
This commit is contained in:
Michael
parent
453e6a9d75
commit
e3d227f3c9
22 changed files with 147 additions and 80 deletions
|
|
@ -37,24 +37,26 @@ class Authorize extends BaseApi
|
|||
*/
|
||||
public static function rawContent(array $parameters = [])
|
||||
{
|
||||
$response_type = $_REQUEST['response_type'] ?? '';
|
||||
$client_id = $_REQUEST['client_id'] ?? '';
|
||||
$client_secret = $_REQUEST['client_secret'] ?? ''; // Isn't normally provided. We will use it if present.
|
||||
$redirect_uri = $_REQUEST['redirect_uri'] ?? '';
|
||||
$scope = $_REQUEST['scope'] ?? 'read';
|
||||
$state = $_REQUEST['state'] ?? '';
|
||||
$request = self::getRequest([
|
||||
'response_type' => '',
|
||||
'client_id' => '',
|
||||
'client_secret' => '', // Isn't normally provided. We will use it if present.
|
||||
'redirect_uri' => '',
|
||||
'scope' => 'read',
|
||||
'state' => '',
|
||||
]);
|
||||
|
||||
if ($response_type != 'code') {
|
||||
if ($request['response_type'] != 'code') {
|
||||
Logger::warning('Unsupported or missing response type', ['request' => $_REQUEST]);
|
||||
DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Unsupported or missing response type'));
|
||||
}
|
||||
|
||||
if (empty($client_id) || empty($redirect_uri)) {
|
||||
if (empty($request['client_id']) || empty($request['redirect_uri'])) {
|
||||
Logger::warning('Incomplete request data', ['request' => $_REQUEST]);
|
||||
DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Incomplete request data'));
|
||||
}
|
||||
|
||||
$application = self::getApplication($client_id, $client_secret, $redirect_uri);
|
||||
$application = self::getApplication($request['client_id'], $request['client_secret'], $request['redirect_uri']);
|
||||
if (empty($application)) {
|
||||
DI::mstdnError()->UnprocessableEntity();
|
||||
}
|
||||
|
|
@ -80,11 +82,11 @@ class Authorize extends BaseApi
|
|||
|
||||
DI::session()->remove('oauth_acknowledge');
|
||||
|
||||
$token = self::createTokenForUser($application, $uid, $scope);
|
||||
$token = self::createTokenForUser($application, $uid, $request['scope']);
|
||||
if (!$token) {
|
||||
DI::mstdnError()->UnprocessableEntity();
|
||||
}
|
||||
|
||||
DI::app()->redirect($application['redirect_uri'] . (strpos($application['redirect_uri'], '?') ? '&' : '?') . http_build_query(['code' => $token['code'], 'state' => $state]));
|
||||
DI::app()->redirect($application['redirect_uri'] . (strpos($application['redirect_uri'], '?') ? '&' : '?') . http_build_query(['code' => $token['code'], 'state' => $request['state']]));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,39 +35,41 @@ class Token extends BaseApi
|
|||
{
|
||||
public static function post(array $parameters = [])
|
||||
{
|
||||
$grant_type = $_REQUEST['grant_type'] ?? '';
|
||||
$code = $_REQUEST['code'] ?? '';
|
||||
$redirect_uri = $_REQUEST['redirect_uri'] ?? '';
|
||||
$client_id = $_REQUEST['client_id'] ?? '';
|
||||
$client_secret = $_REQUEST['client_secret'] ?? '';
|
||||
$request = self::getRequest([
|
||||
'grant_type' => '',
|
||||
'code' => '',
|
||||
'redirect_uri' => '',
|
||||
'client_id' => '',
|
||||
'client_secret' => '',
|
||||
]);
|
||||
|
||||
// AndStatus transmits the client data in the AUTHORIZATION header field, see https://github.com/andstatus/andstatus/issues/530
|
||||
if (empty($client_id) && !empty($_SERVER['HTTP_AUTHORIZATION']) && (substr($_SERVER['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ')) {
|
||||
if (empty($request['client_id']) && !empty($_SERVER['HTTP_AUTHORIZATION']) && (substr($_SERVER['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ')) {
|
||||
$datapair = explode(':', base64_decode(trim(substr($_SERVER['HTTP_AUTHORIZATION'], 6))));
|
||||
if (count($datapair) == 2) {
|
||||
$client_id = $datapair[0];
|
||||
$client_secret = $datapair[1];
|
||||
$request['client_id'] = $datapair[0];
|
||||
$request['client_secret'] = $datapair[1];
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($client_id) || empty($client_secret)) {
|
||||
if (empty($request['client_id']) || empty($request['client_secret'])) {
|
||||
Logger::warning('Incomplete request data', ['request' => $_REQUEST]);
|
||||
DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Incomplete request data'));
|
||||
}
|
||||
|
||||
$application = self::getApplication($client_id, $client_secret, $redirect_uri);
|
||||
$application = self::getApplication($request['client_id'], $request['client_secret'], $request['redirect_uri']);
|
||||
if (empty($application)) {
|
||||
DI::mstdnError()->UnprocessableEntity();
|
||||
}
|
||||
|
||||
if ($grant_type == 'client_credentials') {
|
||||
if ($request['grant_type'] == 'client_credentials') {
|
||||
// the "client_credentials" are used as a token for the application itself.
|
||||
// see https://aaronparecki.com/oauth-2-simplified/#client-credentials
|
||||
$token = self::createTokenForUser($application, 0, '');
|
||||
} elseif ($grant_type == 'authorization_code') {
|
||||
} elseif ($request['grant_type'] == 'authorization_code') {
|
||||
// For security reasons only allow freshly created tokens
|
||||
$condition = ["`redirect_uri` = ? AND `id` = ? AND `code` = ? AND `created_at` > UTC_TIMESTAMP() - INTERVAL ? MINUTE",
|
||||
$redirect_uri, $application['id'], $code, 5];
|
||||
$request['redirect_uri'], $application['id'], $request['code'], 5];
|
||||
|
||||
$token = DBA::selectFirst('application-view', ['access_token', 'created_at'], $condition);
|
||||
if (!DBA::isResult($token)) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue