X-Git-Url: https://git.cweiske.de/shpub.git/blobdiff_plain/d573cd45cde3631ed5bdfd51e35084c1602cebc8..96196413bef5ffb4ec3e09770b4e6847090dd71e:/src/shpub/Command/Connect.php diff --git a/src/shpub/Command/Connect.php b/src/shpub/Command/Connect.php index 2e7e266..2fd6d38 100644 --- a/src/shpub/Command/Connect.php +++ b/src/shpub/Command/Connect.php @@ -16,17 +16,30 @@ class Command_Connect public function run($server, $user, $newKey, $force) { + $server = Validator::url($server, 'server'); + if ($user === null) { + //indieweb: homepage is your identity + $user = $server; + } else { + $user = Validator::url($user, 'user'); + } + $host = $this->getHost($newKey != '' ? $newKey : $server, $force); + if ($host === null) { + //already taken + return; + } if ($host->endpoints->incomplete()) { $host->server = $server; - $this->discoverEndpoints($server, $host->endpoints); + $host->loadEndpoints(); } list($redirect_uri, $socketStr) = $this->getHttpServerData(); $state = time(); - echo "To authenticate, open the following URL:\n" + Log::msg( + "To authenticate, open the following URL:\n" . $this->getBrowserAuthUrl($host, $user, $redirect_uri, $state) - . "\n"; + ); $authParams = $this->startHttpServer($socketStr); if ($authParams['state'] != $state) { @@ -35,7 +48,6 @@ class Command_Connect } $code = $authParams['code']; $userUrl = $authParams['me']; - $this->verifyAuthCode($host, $code, $state, $redirect_uri, $userUrl); $accessToken = $this->fetchAccessToken( $host, $userUrl, $code, $redirect_uri, $state @@ -61,12 +73,18 @@ class Command_Connect } $this->cfg->hosts[$hostKey] = $host; $this->cfg->save(); + Log::info("Server configuration $hostKey saved successfully."); } protected function fetchAccessToken( $host, $userUrl, $code, $redirect_uri, $state ) { $req = new \HTTP_Request2($host->endpoints->token, 'POST'); + if (version_compare(PHP_VERSION, '5.6.0', '<')) { + //correct ssl validation on php 5.5 is a pain, so disable + $req->setConfig('ssl_verify_host', false); + $req->setConfig('ssl_verify_peer', false); + } $req->setHeader('Content-Type: application/x-www-form-urlencoded'); $req->setBody( http_build_query( @@ -80,6 +98,12 @@ class Command_Connect ) ); $res = $req->send(); + if (intval($res->getStatus() / 100) !== 2) { + Log::err('Failed to fetch access token'); + Log::err('Server responded with HTTP status code ' . $res->getStatus()); + Log::err($res->getBody()); + exit(2); + } if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') { Log::err('Wrong content type in auth verification response'); exit(2); @@ -116,88 +140,30 @@ class Command_Connect return; } } - if ($host->endpoints === null) { - $host->endpoints = new Config_Endpoints(); - } return $host; } - function discoverEndpoints($url, $cfg) + protected function getHttpServerData() { - //TODO: discovery via link headers - $sx = simplexml_load_file($url); - if ($sx === false) { - Log::err('Error loading URL: ' . $url); - exit(1); - } - $sx->registerXPathNamespace('h', 'http://www.w3.org/1999/xhtml'); - - $auths = $sx->xpath( - '/h:html/h:head/h:link[@rel="authorization_endpoint" and @href]' - ); - if (!count($auths)) { - Log::err('No authorization endpoint found'); - exit(1); - } - $cfg->authorization = (string) $auths[0]['href']; + $ip = '127.0.0.1'; + $port = 12345; - $tokens = $sx->xpath( - '/h:html/h:head/h:link[@rel="token_endpoint" and @href]' - ); - if (!count($tokens)) { - Log::err('No token endpoint found'); - exit(1); + if (isset($_SERVER['SSH_CONNECTION'])) { + $parts = explode(' ', $_SERVER['SSH_CONNECTION']); + if (count($parts) >= 3) { + $ip = $parts[2]; + } } - $cfg->token = (string) $tokens[0]['href']; - - $mps = $sx->xpath( - '/h:html/h:head/h:link[@rel="micropub" and @href]' - ); - if (!count($mps)) { - Log::err('No micropub endpoint found'); - exit(1); + if (strpos($ip, ':') !== false) { + //ipv6 + $ip = '[' . $ip . ']'; } - $cfg->micropub = (string) $mps[0]['href']; - } - protected function getHttpServerData() - { - //FIXME: get IP from SSH_CONNECTION - $ip = '127.0.0.1'; - $port = 12345; $redirect_uri = 'http://' . $ip . ':' . $port . '/callback'; $socketStr = 'tcp://' . $ip . ':' . $port; return [$redirect_uri, $socketStr]; } - protected function verifyAuthCode($host, $code, $state, $redirect_uri, $me) - { - $req = new \HTTP_Request2($host->endpoints->authorization, 'POST'); - $req->setHeader('Content-Type: application/x-www-form-urlencoded'); - $req->setBody( - http_build_query( - [ - 'code' => $code, - 'state' => $state, - 'client_id' => static::$client_id, - 'redirect_uri' => $redirect_uri, - ] - ) - ); - $res = $req->send(); - if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') { - Log::err('Wrong content type in auth verification response'); - exit(2); - } - parse_str($res->getBody(), $verifiedParams); - if (!isset($verifiedParams['me']) - || $verifiedParams['me'] !== $me - ) { - Log::err('Non-matching "me" values'); - exit(2); - } - } - protected function startHttpServer($socketStr) { $responseOk = "HTTP/1.0 200 OK\r\n"