5 * @link http://micropub.net/draft/
6 * @link http://indieweb.org/authorization-endpoint
10 public static $client_id = 'http://cweiske.de/shpub.htm';
12 public function __construct(Config $cfg)
17 public function run($server, $user, $newKey, $force)
19 $host = $this->getHost($newKey != '' ? $newKey : $server, $force);
24 if ($host->endpoints->incomplete()) {
25 $host->server = $server;
26 $host->loadEndpoints();
29 list($redirect_uri, $socketStr) = $this->getHttpServerData();
31 echo "To authenticate, open the following URL:\n"
32 . $this->getBrowserAuthUrl($host, $user, $redirect_uri, $state)
35 $authParams = $this->startHttpServer($socketStr);
36 if ($authParams['state'] != $state) {
37 Log::err('Wrong "state" parameter value: ' . $authParams['state']);
40 $code = $authParams['code'];
41 $userUrl = $authParams['me'];
42 $this->verifyAuthCode($host, $code, $state, $redirect_uri, $userUrl);
44 $accessToken = $this->fetchAccessToken(
45 $host, $userUrl, $code, $redirect_uri, $state
48 //all fine. update config
49 $host->user = $userUrl;
50 $host->token = $accessToken;
55 $hostKey = $this->cfg->getHostByName($server);
56 if ($hostKey === null) {
57 $keyBase = parse_url($host->server, PHP_URL_HOST);
60 while (isset($this->cfg->hosts[$newKey])) {
61 $newKey = $keyBase . ++$count;
66 $this->cfg->hosts[$hostKey] = $host;
70 protected function fetchAccessToken(
71 $host, $userUrl, $code, $redirect_uri, $state
73 $req = new \HTTP_Request2($host->endpoints->token, 'POST');
74 if (version_compare(PHP_VERSION, '5.6.0', '<')) {
75 //correct ssl validation on php 5.5 is a pain, so disable
76 $req->setConfig('ssl_verify_host', false);
77 $req->setConfig('ssl_verify_peer', false);
79 $req->setHeader('Content-Type: application/x-www-form-urlencoded');
85 'redirect_uri' => $redirect_uri,
86 'client_id' => static::$client_id,
92 if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') {
93 Log::err('Wrong content type in auth verification response');
96 parse_str($res->getBody(), $tokenParams);
97 if (!isset($tokenParams['access_token'])) {
98 Log::err('"access_token" missing');
102 $accessToken = $tokenParams['access_token'];
106 protected function getBrowserAuthUrl($host, $user, $redirect_uri, $state)
108 return $host->endpoints->authorization
109 . '?me=' . urlencode($user)
110 . '&client_id=' . urlencode(static::$client_id)
111 . '&redirect_uri=' . urlencode($redirect_uri)
114 . '&response_type=code';
117 protected function getHost($keyOrServer, $force)
119 $host = new Config_Host();
120 $key = $this->cfg->getHostByName($keyOrServer);
122 $host = $this->cfg->hosts[$key];
123 if (!$force && $host->token != '') {
124 Log::err('Token already available');
131 protected function getHttpServerData()
133 //FIXME: get IP from SSH_CONNECTION
136 $redirect_uri = 'http://' . $ip . ':' . $port . '/callback';
137 $socketStr = 'tcp://' . $ip . ':' . $port;
138 return [$redirect_uri, $socketStr];
141 protected function verifyAuthCode($host, $code, $state, $redirect_uri, $me)
143 $req = new \HTTP_Request2($host->endpoints->authorization, 'POST');
144 if (version_compare(PHP_VERSION, '5.6.0', '<')) {
145 //correct ssl validation on php 5.5 is a pain, so disable
146 $req->setConfig('ssl_verify_host', false);
147 $req->setConfig('ssl_verify_peer', false);
149 $req->setHeader('Content-Type: application/x-www-form-urlencoded');
155 'client_id' => static::$client_id,
156 'redirect_uri' => $redirect_uri,
161 if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') {
162 Log::err('Wrong content type in auth verification response');
165 parse_str($res->getBody(), $verifiedParams);
166 if (!isset($verifiedParams['me'])
167 || $verifiedParams['me'] !== $me
169 Log::err('Non-matching "me" values');
174 protected function startHttpServer($socketStr)
176 $responseOk = "HTTP/1.0 200 OK\r\n"
177 . "Content-Type: text/plain\r\n"
179 . "Ok. You may close this tab and return to the shell.\r\n";
180 $responseErr = "HTTP/1.0 400 Bad Request\r\n"
181 . "Content-Type: text/plain\r\n"
185 //5 minutes should be enough for the user to confirm
186 ini_set('default_socket_timeout', 60 * 5);
187 $server = stream_socket_server($socketStr, $errno, $errstr);
189 Log::err('Error starting HTTP server');
194 $sock = stream_socket_accept($server);
196 Log::err('Error accepting socket connection');
203 //read request headers
204 while (false !== ($line = trim(fgets($sock)))) {
208 $regex = '#^Content-Length:\s*([[:digit:]]+)\s*$#i';
209 if (preg_match($regex, $line, $matches)) {
210 $content_length = (int) $matches[1];
216 if ($content_length > 0) {
217 $body = fread($sock, $content_length);
221 list($method, $url, $httpver) = explode(' ', $headers[0]);
222 if ($method == 'GET') {
223 $parts = parse_url($url);
224 if (isset($parts['path']) && $parts['path'] == '/callback'
225 && isset($parts['query'])
227 parse_str($parts['query'], $query);
228 if (isset($query['code'])
229 && isset($query['state'])
230 && isset($query['me'])
232 fwrite($sock, $responseOk);
239 fwrite($sock, $responseErr);