src/shpub/Command/Connect.php

   1 <?php
   2 namespace shpub;
   3
   4 /**
   5  * @link http://micropub.net/draft/
   6  * @link http://indieweb.org/authorization-endpoint
   7  */
   8 class Command_Connect
   9 {
  10     public static $client_id = 'http://cweiske.de/shpub.htm';
  11
  12     public function __construct(Config $cfg)
  13     {
  14         $this->cfg = $cfg;
  15     }
  16
  17     public function run($server, $user, $newKey, $force)
  18     {
  19         $host = $this->getHost($newKey != '' ? $newKey : $server, $force);
  20         if ($host === null) {
  21             //already taken
  22             return;
  23         }
  24         if ($host->endpoints->incomplete()) {
  25             $host->server = $server;
  26             $host->loadEndpoints();
  27         }
  28
  29         list($redirect_uri, $socketStr) = $this->getHttpServerData();
  30         $state = time();
  31         echo "To authenticate, open the following URL:\n"
  32             . $this->getBrowserAuthUrl($host, $user, $redirect_uri, $state)
  33             . "\n";
  34
  35         $authParams = $this->startHttpServer($socketStr);
  36         if ($authParams['state'] != $state) {
  37             Log::err('Wrong "state" parameter value: ' . $authParams['state']);
  38             exit(2);
  39         }
  40         $code    = $authParams['code'];
  41         $userUrl = $authParams['me'];
  42         $this->verifyAuthCode($host, $code, $state, $redirect_uri, $userUrl);
  43
  44         $accessToken = $this->fetchAccessToken(
  45             $host, $userUrl, $code, $redirect_uri, $state
  46         );
  47
  48         //all fine. update config
  49         $host->user  = $userUrl;
  50         $host->token = $accessToken;
  51
  52         if ($newKey != '') {
  53             $hostKey = $newKey;
  54         } else {
  55             $hostKey = $this->cfg->getHostByName($server);
  56             if ($hostKey === null) {
  57                 $keyBase = parse_url($host->server, PHP_URL_HOST);
  58                 $newKey  = $keyBase;
  59                 $count = 0;
  60                 while (isset($this->cfg->hosts[$newKey])) {
  61                     $newKey = $keyBase . ++$count;
  62                 }
  63                 $hostKey = $newKey;
  64             }
  65         }
  66         $this->cfg->hosts[$hostKey] = $host;
  67         $this->cfg->save();
  68     }
  69
  70     protected function fetchAccessToken(
  71         $host, $userUrl, $code, $redirect_uri, $state
  72     ) {
  73         $req = new \HTTP_Request2($host->endpoints->token, 'POST');
  74         if (version_compare(PHP_VERSION, '5.6.0', '<')) {
  75             //correct ssl validation on php 5.5 is a pain, so disable
  76             $req->setConfig('ssl_verify_host', false);
  77             $req->setConfig('ssl_verify_peer', false);
  78         }
  79         $req->setHeader('Content-Type: application/x-www-form-urlencoded');
  80         $req->setBody(
  81             http_build_query(
  82                 [
  83                     'me'           => $userUrl,
  84                     'code'         => $code,
  85                     'redirect_uri' => $redirect_uri,
  86                     'client_id'    => static::$client_id,
  87                     'state'        => $state,
  88                 ]
  89             )
  90         );
  91         $res = $req->send();
  92         if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') {
  93             Log::err('Wrong content type in auth verification response');
  94             exit(2);
  95         }
  96         parse_str($res->getBody(), $tokenParams);
  97         if (!isset($tokenParams['access_token'])) {
  98             Log::err('"access_token" missing');
  99             exit(2);
 100         }
 101
 102         $accessToken = $tokenParams['access_token'];
 103         return $accessToken;
 104     }
 105
 106     protected function getBrowserAuthUrl($host, $user, $redirect_uri, $state)
 107     {
 108         return $host->endpoints->authorization
 109             . '?me=' . urlencode($user)
 110             . '&client_id=' . urlencode(static::$client_id)
 111             . '&redirect_uri=' . urlencode($redirect_uri)
 112             . '&state=' . $state
 113             . '&scope=post'
 114             . '&response_type=code';
 115     }
 116
 117     protected function getHost($keyOrServer, $force)
 118     {
 119         $host = new Config_Host();
 120         $key = $this->cfg->getHostByName($keyOrServer);
 121         if ($key !== null) {
 122             $host = $this->cfg->hosts[$key];
 123             if (!$force && $host->token != '') {
 124                 Log::err('Token already available');
 125                 return;
 126             }
 127         }
 128         return $host;
 129     }
 130
 131     protected function getHttpServerData()
 132     {
 133         //FIXME: get IP from SSH_CONNECTION
 134         $ip   = '127.0.0.1';
 135         $port = 12345;
 136         $redirect_uri = 'http://' . $ip . ':' . $port . '/callback';
 137         $socketStr    = 'tcp://' . $ip . ':' . $port;
 138         return [$redirect_uri, $socketStr];
 139     }
 140
 141     protected function verifyAuthCode($host, $code, $state, $redirect_uri, $me)
 142     {
 143         $req = new \HTTP_Request2($host->endpoints->authorization, 'POST');
 144         if (version_compare(PHP_VERSION, '5.6.0', '<')) {
 145             //correct ssl validation on php 5.5 is a pain, so disable
 146             $req->setConfig('ssl_verify_host', false);
 147             $req->setConfig('ssl_verify_peer', false);
 148         }
 149         $req->setHeader('Content-Type: application/x-www-form-urlencoded');
 150         $req->setBody(
 151             http_build_query(
 152                 [
 153                     'code'         => $code,
 154                     'state'        => $state,
 155                     'client_id'    => static::$client_id,
 156                     'redirect_uri' => $redirect_uri,
 157                 ]
 158             )
 159         );
 160         $res = $req->send();
 161         if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') {
 162             Log::err('Wrong content type in auth verification response');
 163             exit(2);
 164         }
 165         parse_str($res->getBody(), $verifiedParams);
 166         if (!isset($verifiedParams['me'])
 167             || $verifiedParams['me'] !== $me
 168         ) {
 169             Log::err('Non-matching "me" values');
 170             exit(2);
 171         }
 172     }
 173
 174     protected function startHttpServer($socketStr)
 175     {
 176         $responseOk = "HTTP/1.0 200 OK\r\n"
 177             . "Content-Type: text/plain\r\n"
 178             . "\r\n"
 179             . "Ok. You may close this tab and return to the shell.\r\n";
 180         $responseErr = "HTTP/1.0 400 Bad Request\r\n"
 181             . "Content-Type: text/plain\r\n"
 182             . "\r\n"
 183             . "Bad Request\r\n";
 184
 185         //5 minutes should be enough for the user to confirm
 186         ini_set('default_socket_timeout', 60 * 5);
 187         $server = stream_socket_server($socketStr, $errno, $errstr);
 188         if (!$server) {
 189             Log::err('Error starting HTTP server');
 190             return false;
 191         }
 192
 193         do {
 194             $sock = stream_socket_accept($server);
 195             if (!$sock) {
 196                 Log::err('Error accepting socket connection');
 197                 exit(1);
 198             }
 199
 200             $headers = [];
 201             $body    = null;
 202             $content_length = 0;
 203             //read request headers
 204             while (false !== ($line = trim(fgets($sock)))) {
 205                 if ('' === $line) {
 206                     break;
 207                 }
 208                 $regex = '#^Content-Length:\s*([[:digit:]]+)\s*$#i';
 209                 if (preg_match($regex, $line, $matches)) {
 210                     $content_length = (int) $matches[1];
 211                 }
 212                 $headers[] = $line;
 213             }
 214
 215             // read content/body
 216             if ($content_length > 0) {
 217                 $body = fread($sock, $content_length);
 218             }
 219
 220             // send response
 221             list($method, $url, $httpver) = explode(' ', $headers[0]);
 222             if ($method == 'GET') {
 223                 $parts = parse_url($url);
 224                 if (isset($parts['path']) && $parts['path'] == '/callback'
 225                     && isset($parts['query'])
 226                 ) {
 227                     parse_str($parts['query'], $query);
 228                     if (isset($query['code'])
 229                         && isset($query['state'])
 230                         && isset($query['me'])
 231                     ) {
 232                         fwrite($sock, $responseOk);
 233                         fclose($sock);
 234                         return $query;
 235                     }
 236                 }
 237             }
 238
 239             fwrite($sock, $responseErr);
 240             fclose($sock);
 241         } while (true);
 242     }
 243 }
 244 ?>