X-Git-Url: https://git.cweiske.de/shpub.git/blobdiff_plain/d573cd45cde3631ed5bdfd51e35084c1602cebc8..6c791f2d0c159d56c570802c8d9bd3612262aa9e:/src/shpub/Command/Connect.php diff --git a/src/shpub/Command/Connect.php b/src/shpub/Command/Connect.php index 2e7e266..6634267 100644 --- a/src/shpub/Command/Connect.php +++ b/src/shpub/Command/Connect.php @@ -14,19 +14,69 @@ class Command_Connect $this->cfg = $cfg; } + public static function opts(\Console_CommandLine $optParser) + { + $cmd = $optParser->addCommand('connect'); + $cmd->description = 'Obtain access token from a micropub server'; + $cmd->addOption( + 'force', + array( + 'short_name' => '-f', + 'long_name' => '--force-update', + 'description' => 'Force token update if token already available', + 'action' => 'StoreTrue', + 'default' => false, + ) + ); + $cmd->addArgument( + 'server', + [ + 'optional' => false, + 'description' => 'Server URL', + ] + ); + $cmd->addArgument( + 'user', + [ + 'optional' => true, + 'description' => 'User URL', + ] + ); + $cmd->addArgument( + 'key', + [ + 'optional' => true, + 'description' => 'Short name (key)', + ] + ); + } + public function run($server, $user, $newKey, $force) { + $server = Validator::url($server, 'server'); + if ($user === null) { + //indieweb: homepage is your identity + $user = $server; + } else { + $user = Validator::url($user, 'user'); + } + $host = $this->getHost($newKey != '' ? $newKey : $server, $force); + if ($host === null) { + //already taken + return; + } if ($host->endpoints->incomplete()) { $host->server = $server; - $this->discoverEndpoints($server, $host->endpoints); + $host->loadEndpoints(); } list($redirect_uri, $socketStr) = $this->getHttpServerData(); $state = time(); - echo "To authenticate, open the following URL:\n" + Log::msg( + "To authenticate, open the following URL:\n" . $this->getBrowserAuthUrl($host, $user, $redirect_uri, $state) - . "\n"; + ); $authParams = $this->startHttpServer($socketStr); if ($authParams['state'] != $state) { @@ -35,7 +85,6 @@ class Command_Connect } $code = $authParams['code']; $userUrl = $authParams['me']; - $this->verifyAuthCode($host, $code, $state, $redirect_uri, $userUrl); $accessToken = $this->fetchAccessToken( $host, $userUrl, $code, $redirect_uri, $state @@ -61,12 +110,18 @@ class Command_Connect } $this->cfg->hosts[$hostKey] = $host; $this->cfg->save(); + Log::info("Server configuration $hostKey saved successfully."); } protected function fetchAccessToken( $host, $userUrl, $code, $redirect_uri, $state ) { $req = new \HTTP_Request2($host->endpoints->token, 'POST'); + if (version_compare(PHP_VERSION, '5.6.0', '<')) { + //correct ssl validation on php 5.5 is a pain, so disable + $req->setConfig('ssl_verify_host', false); + $req->setConfig('ssl_verify_peer', false); + } $req->setHeader('Content-Type: application/x-www-form-urlencoded'); $req->setBody( http_build_query( @@ -80,6 +135,12 @@ class Command_Connect ) ); $res = $req->send(); + if (intval($res->getStatus() / 100) !== 2) { + Log::err('Failed to fetch access token'); + Log::err('Server responded with HTTP status code ' . $res->getStatus()); + Log::err($res->getBody()); + exit(2); + } if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') { Log::err('Wrong content type in auth verification response'); exit(2); @@ -116,88 +177,30 @@ class Command_Connect return; } } - if ($host->endpoints === null) { - $host->endpoints = new Config_Endpoints(); - } return $host; } - function discoverEndpoints($url, $cfg) + protected function getHttpServerData() { - //TODO: discovery via link headers - $sx = simplexml_load_file($url); - if ($sx === false) { - Log::err('Error loading URL: ' . $url); - exit(1); - } - $sx->registerXPathNamespace('h', 'http://www.w3.org/1999/xhtml'); - - $auths = $sx->xpath( - '/h:html/h:head/h:link[@rel="authorization_endpoint" and @href]' - ); - if (!count($auths)) { - Log::err('No authorization endpoint found'); - exit(1); - } - $cfg->authorization = (string) $auths[0]['href']; + $ip = '127.0.0.1'; + $port = 12345; - $tokens = $sx->xpath( - '/h:html/h:head/h:link[@rel="token_endpoint" and @href]' - ); - if (!count($tokens)) { - Log::err('No token endpoint found'); - exit(1); + if (isset($_SERVER['SSH_CONNECTION'])) { + $parts = explode(' ', $_SERVER['SSH_CONNECTION']); + if (count($parts) >= 3) { + $ip = $parts[2]; + } } - $cfg->token = (string) $tokens[0]['href']; - - $mps = $sx->xpath( - '/h:html/h:head/h:link[@rel="micropub" and @href]' - ); - if (!count($mps)) { - Log::err('No micropub endpoint found'); - exit(1); + if (strpos($ip, ':') !== false) { + //ipv6 + $ip = '[' . $ip . ']'; } - $cfg->micropub = (string) $mps[0]['href']; - } - protected function getHttpServerData() - { - //FIXME: get IP from SSH_CONNECTION - $ip = '127.0.0.1'; - $port = 12345; $redirect_uri = 'http://' . $ip . ':' . $port . '/callback'; $socketStr = 'tcp://' . $ip . ':' . $port; return [$redirect_uri, $socketStr]; } - protected function verifyAuthCode($host, $code, $state, $redirect_uri, $me) - { - $req = new \HTTP_Request2($host->endpoints->authorization, 'POST'); - $req->setHeader('Content-Type: application/x-www-form-urlencoded'); - $req->setBody( - http_build_query( - [ - 'code' => $code, - 'state' => $state, - 'client_id' => static::$client_id, - 'redirect_uri' => $redirect_uri, - ] - ) - ); - $res = $req->send(); - if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') { - Log::err('Wrong content type in auth verification response'); - exit(2); - } - parse_str($res->getBody(), $verifiedParams); - if (!isset($verifiedParams['me']) - || $verifiedParams['me'] !== $me - ) { - Log::err('Non-matching "me" values'); - exit(2); - } - } - protected function startHttpServer($socketStr) { $responseOk = "HTTP/1.0 200 OK\r\n"