jon
/
Quill
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Mirror of Quill
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
186 Commits
2 Branches
0 Tags
2.9 MiB
Tree: fa06932a9c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fa06932a9c'
${ noResults }
Quill/controllers/auth.php

330 lines
12 KiB
Raw Normal View History

Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
redo how auto-login works
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
do the micropub post and redirect after it's created!
10 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
upgrade indieauth-client to fix #28 paths are allowed in Quill URLs now
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
check for empty "me" parameter
11 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
do the micropub post and redirect after it's created!
10 years ago
redo how auto-login works
8 years ago
do the micropub post and redirect after it's created!
10 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
redo how auto-login works
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
integrates photo uploading in the main note interface Quill corrects the photo rotation based on exif data since iOS tends to take landscape photos and set the rotation bit when holding it in portrait mode.
9 years ago
only skip debugging screens if the endpoints are the same as before
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
integrates photo uploading in the main note interface Quill corrects the photo rotation based on exif data since iOS tends to take landscape photos and set the rotation bit when holding it in portrait mode.
9 years ago
only skip debugging screens if the endpoints are the same as before
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
todo
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
redo how auto-login works
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
todo
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
redo how auto-login works
8 years ago
Support full automatic no-questions-asked login - ?me=.. on homepage redirects to auth - ?dontask=1 skips confirmation questions - "reply" and other parameters are transferred across login
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
upgrade indieauth-client to fix #28 paths are allowed in Quill URLs now
9 years ago
fix error message for missing "me" param
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
fix error message for missing "me" param
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
remove hard-coded reference to client_id
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
Adds support for querying your micropub endpoint to check for syndication targets. This changes the value of "in-reply-to" to use hyphens instead of underscore separators!! Also shows you the full request made to your micropub endpoint.
11 years ago
support media endpoint, autosave notes in local storage * looks for a media endpoint in the micropub config * if media endpoint is available, both the note interface and the editor will upload files to it instead of posting the photo directly * the note interface autosaves in-progress notes in localstorage
9 years ago
Adds support for querying your micropub endpoint to check for syndication targets. This changes the value of "in-reply-to" to use hyphens instead of underscore separators!! Also shows you the full request made to your micropub endpoint.
11 years ago
pass q=config in initial micropub config query fixes #54
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
redo how auto-login works
8 years ago
do the micropub post and redirect after it's created!
10 years ago
redo how auto-login works
8 years ago
do the micropub post and redirect after it's created!
10 years ago
redo how auto-login works
8 years ago
do the micropub post and redirect after it's created!
10 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
do the micropub post and redirect after it's created!
10 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
redo how auto-login works
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
11 years ago
move some auth routes to auth.php
8 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
8 years ago
move some auth routes to auth.php
8 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
8 years ago
move some auth routes to auth.php
8 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
8 years ago
move some auth routes to auth.php
8 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
8 years ago
move some auth routes to auth.php
8 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
8 years ago
move some auth routes to auth.php
8 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
8 years ago
move some auth routes to auth.php
8 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
8 years ago
move some auth routes to auth.php
8 years ago
  1. <?php
  2. use Abraham\TwitterOAuth\TwitterOAuth;
  4. function buildRedirectURI() {
  5. return Config::$base_url . 'auth/callback';
  6. }
  8. $app->get('/auth/start', function() use($app) {
  9. $req = $app->request();
  11. $params = $req->params();
  13. // the "me" parameter is user input, and may be in a couple of different forms:
  14. // aaronparecki.com http://aaronparecki.com http://aaronparecki.com/
  15. if(!array_key_exists('me', $params) || !($me = IndieAuth\Client::normalizeMeURL($params['me']))) {
  16. $html = render('auth_error', array(
  17. 'title' => 'Sign In',
  18. 'error' => 'Invalid "me" Parameter',
  19. 'errorDescription' => 'The URL you entered, "<strong>' . $params['me'] . '</strong>" is not valid.'
  20. ));
  21. $app->response()->body($html);
  22. return;
  23. }
  25. if(k($params, 'redirect')) {
  26. $_SESSION['redirect_after_login'] = $params['redirect'];
  27. }
  28. if(k($params, 'reply')) {
  29. $_SESSION['reply'] = $params['reply'];
  30. }
  32. $authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me);
  33. $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
  34. $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
  36. if($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) {
  37. // Generate a "state" parameter for the request
  38. $state = IndieAuth\Client::generateStateParameter();
  39. $_SESSION['auth_state'] = $state;
  41. $scope = 'post';
  42. $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $scope);
  43. } else {
  44. $authorizationURL = false;
  45. }
  47. // If the user has already signed in before and has a micropub access token,
  48. // and the endpoints are all the same, skip the debugging screens and redirect
  49. // immediately to the auth endpoint.
  50. // This will still generate a new access token when they finish logging in.
  51. $user = ORM::for_table('users')->where('url', $me)->find_one();
  52. if($user && $user->micropub_access_token
  53. && $user->micropub_endpoint == $micropubEndpoint
  54. && $user->token_endpoint == $tokenEndpoint
  55. && $user->authorization_endpoint == $authorizationEndpoint
  56. && !array_key_exists('restart', $params)) {
  58. // TODO: fix this by caching the endpoints maybe in the session instead of writing them to the DB here.
  59. // Then remove the line below that blanks out the access token
  60. $user->micropub_endpoint = $micropubEndpoint;
  61. $user->authorization_endpoint = $authorizationEndpoint;
  62. $user->token_endpoint = $tokenEndpoint;
  63. $user->save();
  65. $app->redirect($authorizationURL, 302);
  67. } else {
  69. if(!$user)
  70. $user = ORM::for_table('users')->create();
  71. $user->url = $me;
  72. $user->date_created = date('Y-m-d H:i:s');
  73. $user->micropub_endpoint = $micropubEndpoint;
  74. $user->authorization_endpoint = $authorizationEndpoint;
  75. $user->token_endpoint = $tokenEndpoint;
  76. $user->micropub_access_token = ''; // blank out the access token if they attempt to sign in again
  77. $user->save();
  79. if(k($params, 'dontask') && $params['dontask']) {
  80. $_SESSION['dontask'] = 1;
  81. $app->redirect($authorizationURL, 302);
  82. }
  84. $html = render('auth_start', array(
  85. 'title' => 'Sign In',
  86. 'me' => $me,
  87. 'authorizing' => $me,
  88. 'meParts' => parse_url($me),
  89. 'tokenEndpoint' => $tokenEndpoint,
  90. 'micropubEndpoint' => $micropubEndpoint,
  91. 'authorizationEndpoint' => $authorizationEndpoint,
  92. 'authorizationURL' => $authorizationURL
  93. ));
  94. $app->response()->body($html);
  95. }
  96. });
  98. $app->get('/auth/callback', function() use($app) {
  99. $req = $app->request();
  100. $params = $req->params();
  102. // Double check there is a "me" parameter
  103. // Should only fail for really hacked up requests
  104. if(!array_key_exists('me', $params) || !($me = IndieAuth\Client::normalizeMeURL($params['me']))) {
  105. if(array_key_exists('me', $params))
  106. $error = 'The ID you entered, <strong>' . $params['me'] . '</strong> is not valid.';
  107. else
  108. $error = 'There was no "me" parameter in the callback.';
  109. $html = render('auth_error', array(
  110. 'title' => 'Auth Callback',
  111. 'error' => 'Invalid "me" Parameter',
  112. 'errorDescription' => $error
  113. ));
  114. $app->response()->body($html);
  115. return;
  116. }
  118. // If there is no state in the session, start the login again
  119. if(!array_key_exists('auth_state', $_SESSION)) {
  120. $app->redirect('/auth/start?me='.urlencode($params['me']));
  121. return;
  122. }
  124. if(!array_key_exists('code', $params) || trim($params['code']) == '') {
  125. $html = render('auth_error', array(
  126. 'title' => 'Auth Callback',
  127. 'error' => 'Missing authorization code',
  128. 'errorDescription' => 'No authorization code was provided in the request.'
  129. ));
  130. $app->response()->body($html);
  131. return;
  132. }
  134. // Verify the state came back and matches what we set in the session
  135. // Should only fail for malicious attempts, ok to show a not as nice error message
  136. if(!array_key_exists('state', $params)) {
  137. $html = render('auth_error', array(
  138. 'title' => 'Auth Callback',
  139. 'error' => 'Missing state parameter',
  140. 'errorDescription' => 'No state parameter was provided in the request. This shouldn\'t happen. It is possible this is a malicious authorization attempt.'
  141. ));
  142. $app->response()->body($html);
  143. return;
  144. }
  146. if($params['state'] != $_SESSION['auth_state']) {
  147. $html = render('auth_error', array(
  148. 'title' => 'Auth Callback',
  149. 'error' => 'Invalid state',
  150. 'errorDescription' => 'The state parameter provided did not match the state provided at the start of authorization. This is most likely caused by a malicious authorization attempt.'
  151. ));
  152. $app->response()->body($html);
  153. return;
  154. }
  156. // Now the basic sanity checks have passed. Time to start providing more helpful messages when there is an error.
  157. // An authorization code is in the query string, and we want to exchange that for an access token at the token endpoint.
  159. // Discover the endpoints
  160. $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
  161. $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
  163. if($tokenEndpoint) {
  164. $token = IndieAuth\Client::getAccessToken($tokenEndpoint, $params['code'], $params['me'], buildRedirectURI(), Config::$base_url, k($params,'state'), true);
  166. } else {
  167. $token = array('auth'=>false, 'response'=>false);
  168. }
  170. $redirectToDashboardImmediately = false;
  172. // If a valid access token was returned, store the token info in the session and they are signed in
  173. if(k($token['auth'], array('me','access_token','scope'))) {
  174. $_SESSION['auth'] = $token['auth'];
  175. $_SESSION['me'] = $params['me'];
  177. $user = ORM::for_table('users')->where('url', $me)->find_one();
  178. if($user) {
  179. // Already logged in, update the last login date
  180. $user->last_login = date('Y-m-d H:i:s');
  181. // If they have logged in before and we already have an access token, then redirect to the dashboard now
  182. if($user->micropub_access_token)
  183. $redirectToDashboardImmediately = true;
  184. } else {
  185. // New user! Store the user in the database
  186. $user = ORM::for_table('users')->create();
  187. $user->url = $me;
  188. $user->date_created = date('Y-m-d H:i:s');
  189. }
  190. $user->micropub_endpoint = $micropubEndpoint;
  191. $user->micropub_access_token = $token['auth']['access_token'];
  192. $user->micropub_scope = $token['auth']['scope'];
  193. $user->micropub_response = $token['response'];
  194. $user->save();
  195. $_SESSION['user_id'] = $user->id();
  197. // Make a request to the micropub endpoint to discover the syndication targets and media endpoint if any.
  198. // Errors are silently ignored here. The user will be able to retry from the new post interface and get feedback.
  199. get_micropub_config($user, ['q'=>'config']);
  200. }
  202. unset($_SESSION['auth_state']);
  204. if($redirectToDashboardImmediately || k($_SESSION, 'dontask')) {
  205. unset($_SESSION['dontask']);
  206. if(k($_SESSION, 'redirect_after_login')) {
  207. $dest = $_SESSION['redirect_after_login'];
  208. unset($_SESSION['redirect_after_login']);
  209. $app->redirect($dest, 302);
  210. } else {
  211. $query = [];
  212. if(k($_SESSION, 'reply')) {
  213. $query['reply'] = $_SESSION['reply'];
  214. unset($_SESSION['reply']);
  215. }
  216. $app->redirect('/new?' . http_build_query($query), 302);
  217. }
  218. } else {
  219. $html = render('auth_callback', array(
  220. 'title' => 'Sign In',
  221. 'me' => $me,
  222. 'authorizing' => $me,
  223. 'meParts' => parse_url($me),
  224. 'tokenEndpoint' => $tokenEndpoint,
  225. 'auth' => $token['auth'],
  226. 'response' => $token['response'],
  227. 'curl_error' => (array_key_exists('error', $token) ? $token['error'] : false),
  228. 'destination' => (k($_SESSION, 'redirect_after_login') ?: '/new')
  229. ));
  230. $app->response()->body($html);
  231. }
  232. });
  234. $app->get('/signout', function() use($app) {
  235. unset($_SESSION['auth']);
  236. unset($_SESSION['me']);
  237. unset($_SESSION['auth_state']);
  238. unset($_SESSION['user_id']);
  239. $app->redirect('/', 302);
  240. });
  243. $app->post('/auth/twitter', function() use($app) {
  244. if($user=require_login($app, false)) {
  245. $params = $app->request()->params();
  246. // User just auth'd with twitter, store the access token
  247. $user->twitter_access_token = $params['twitter_token'];
  248. $user->twitter_token_secret = $params['twitter_secret'];
  249. $user->save();
  251. $app->response()['Content-type'] = 'application/json';
  252. $app->response()->body(json_encode(array(
  253. 'result' => 'ok'
  254. )));
  255. } else {
  256. $app->response()['Content-type'] = 'application/json';
  257. $app->response()->body(json_encode(array(
  258. 'result' => 'error'
  259. )));
  260. }
  261. });
  263. function getTwitterLoginURL(&$twitter) {
  264. $request_token = $twitter->oauth('oauth/request_token', [
  265. 'oauth_callback' => Config::$base_url . 'auth/twitter/callback'
  266. ]);
  267. $_SESSION['twitter_auth'] = $request_token;
  268. return $twitter->url('oauth/authorize', ['oauth_token' => $request_token['oauth_token']]);
  269. }
  271. $app->get('/auth/twitter', function() use($app) {
  272. $params = $app->request()->params();
  273. if($user=require_login($app, false)) {
  275. // If there is an existing Twitter token, check if it is valid
  276. // Otherwise, generate a Twitter login link
  277. $twitter_login_url = false;
  279. if(array_key_exists('login', $params)) {
  280. $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret);
  281. $twitter_login_url = getTwitterLoginURL($twitter);
  282. } else {
  283. $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret,
  284. $user->twitter_access_token, $user->twitter_token_secret);
  286. if($user->twitter_access_token) {
  287. if($twitter->get('account/verify_credentials')) {
  288. $app->response()['Content-type'] = 'application/json';
  289. $app->response()->body(json_encode(array(
  290. 'result' => 'ok'
  291. )));
  292. return;
  293. } else {
  294. // If the existing twitter token is not valid, generate a login link
  295. $twitter_login_url = getTwitterLoginURL($twitter);
  296. }
  297. } else {
  298. $twitter_login_url = getTwitterLoginURL($twitter);
  299. }
  300. }
  302. $app->response()['Content-type'] = 'application/json';
  303. $app->response()->body(json_encode(array(
  304. 'url' => $twitter_login_url
  305. )));
  307. } else {
  308. $app->response()['Content-type'] = 'application/json';
  309. $app->response()->body(json_encode(array(
  310. 'result' => 'error'
  311. )));
  312. }
  313. });
  315. $app->get('/auth/twitter/callback', function() use($app) {
  316. if($user=require_login($app)) {
  317. $params = $app->request()->params();
  319. $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret,
  320. $_SESSION['twitter_auth']['oauth_token'], $_SESSION['twitter_auth']['oauth_token_secret']);
  321. $credentials = $twitter->oauth('oauth/access_token', ['oauth_verifier' => $params['oauth_verifier']]);
  323. $user->twitter_access_token = $credentials['oauth_token'];
  324. $user->twitter_token_secret = $credentials['oauth_token_secret'];
  325. $user->twitter_username = $credentials['screen_name'];
  326. $user->save();
  328. $app->redirect('/settings');
  329. }
  330. });