Browse Source

add support for token revocation

pull/108/head
Aaron Parecki 6 years ago
parent
commit
bb0752a726
No known key found for this signature in database GPG Key ID: 276C2817346D6056
  1. 4
      controllers/auth.php
  2. 11
      lib/helpers.php
  3. 2
      views/settings.php

4
controllers/auth.php

@ -278,6 +278,8 @@ $app->get('/signout', function() use($app) {
$app->post('/auth/reset', function() use($app) {
if($user=require_login($app, false)) {
revoke_micropub_token($user->micropub_access_token, $user->token_endpoint);
$user->authorization_endpoint = '';
$user->token_endpoint = '';
$user->micropub_endpoint = '';
@ -286,7 +288,7 @@ $app->post('/auth/reset', function() use($app) {
$user->micropub_scope = '';
$user->micropub_access_token = '';
$user->save();
unset($_SESSION['auth']);
unset($_SESSION['me']);
unset($_SESSION['auth_state']);

11
lib/helpers.php

@ -223,6 +223,17 @@ function micropub_get($endpoint, $params, $access_token) {
);
}
function revoke_micropub_token($access_token, $token_endpoint) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $token_endpoint);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
'action' => 'revoke',
'token' => $access_token,
]));
curl_exec($ch);
}
function parse_headers($headers) {
$retVal = array();
$fields = explode("\r\n", preg_replace('/\x0D\x0A[\x09\x20]+/', ' ', $headers));

2
views/settings.php

@ -29,7 +29,7 @@
<input type="button" class="btn btn-default" value="Reset Login" id="reset-login">
</td>
<td>
Clicking this button will erase the access token Quill has stored for you, forget all cached endpoints, and sign you out. If you sign back in, you will start over and see the debugging screens and scope options again.
Clicking this button will tell your token endpoint to revoke the token, Quill will forget the access token stored, forget all cached endpoints, and sign you out. If you sign back in, you will start over and see the debugging screens and scope options again.
</td>
</tr>
</table>

Loading…
Cancel
Save