X-Git-Url: https://git.cweiske.de/shpub.git/blobdiff_plain/225b3ebc519d651dd2fda1b000483961352f2e84..059c6ab77b8e63210b9afc266d62c9f543d4d7ae:/src/shpub/Command/Connect.php

diff --git a/src/shpub/Command/Connect.php b/src/shpub/Command/Connect.php
index b59de5c..2fd6d38 100644
--- a/src/shpub/Command/Connect.php
+++ b/src/shpub/Command/Connect.php
@@ -16,6 +16,14 @@ class Command_Connect
 
     public function run($server, $user, $newKey, $force)
     {
+        $server = Validator::url($server, 'server');
+        if ($user === null) {
+            //indieweb: homepage is your identity
+            $user = $server;
+        } else {
+            $user = Validator::url($user, 'user');
+        }
+
         $host = $this->getHost($newKey != '' ? $newKey : $server, $force);
         if ($host === null) {
             //already taken
@@ -28,9 +36,10 @@ class Command_Connect
 
         list($redirect_uri, $socketStr) = $this->getHttpServerData();
         $state = time();
-        echo "To authenticate, open the following URL:\n"
+        Log::msg(
+            "To authenticate, open the following URL:\n"
             . $this->getBrowserAuthUrl($host, $user, $redirect_uri, $state)
-            . "\n";
+        );
 
         $authParams = $this->startHttpServer($socketStr);
         if ($authParams['state'] != $state) {
@@ -39,7 +48,6 @@ class Command_Connect
         }
         $code    = $authParams['code'];
         $userUrl = $authParams['me'];
-        $this->verifyAuthCode($host, $code, $state, $redirect_uri, $userUrl);
 
         $accessToken = $this->fetchAccessToken(
             $host, $userUrl, $code, $redirect_uri, $state
@@ -65,7 +73,7 @@ class Command_Connect
         }
         $this->cfg->hosts[$hostKey] = $host;
         $this->cfg->save();
-        echo "Server configuration $hostKey saved successfully.\n";
+        Log::info("Server configuration $hostKey saved successfully.");
     }
 
     protected function fetchAccessToken(
@@ -90,6 +98,12 @@ class Command_Connect
             )
         );
         $res = $req->send();
+        if (intval($res->getStatus() / 100) !== 2) {
+            Log::err('Failed to fetch access token');
+            Log::err('Server responded with HTTP status code ' . $res->getStatus());
+            Log::err($res->getBody());
+            exit(2);
+        }
         if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') {
             Log::err('Wrong content type in auth verification response');
             exit(2);
@@ -150,39 +164,6 @@ class Command_Connect
         return [$redirect_uri, $socketStr];
     }
 
-    protected function verifyAuthCode($host, $code, $state, $redirect_uri, $me)
-    {
-        $req = new \HTTP_Request2($host->endpoints->authorization, 'POST');
-        if (version_compare(PHP_VERSION, '5.6.0', '<')) {
-            //correct ssl validation on php 5.5 is a pain, so disable
-            $req->setConfig('ssl_verify_host', false);
-            $req->setConfig('ssl_verify_peer', false);
-        }
-        $req->setHeader('Content-Type: application/x-www-form-urlencoded');
-        $req->setBody(
-            http_build_query(
-                [
-                    'code'         => $code,
-                    'state'        => $state,
-                    'client_id'    => static::$client_id,
-                    'redirect_uri' => $redirect_uri,
-                ]
-            )
-        );
-        $res = $req->send();
-        if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') {
-            Log::err('Wrong content type in auth verification response');
-            exit(2);
-        }
-        parse_str($res->getBody(), $verifiedParams);
-        if (!isset($verifiedParams['me'])
-            || $verifiedParams['me'] !== $me
-        ) {
-            Log::err('Non-matching "me" values');
-            exit(2);
-        }
-    }
-
     protected function startHttpServer($socketStr)
     {
         $responseOk = "HTTP/1.0 200 OK\r\n"