From 7e150bd2cb754453f09df7cb6976976db3fcf63e Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Wed, 7 Sep 2016 23:14:27 +0200 Subject: [PATCH] Do not verify the auth code. Makes shpub work with known See https://github.com/idno/Known/issues/1504 --- src/shpub/Command/Connect.php | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/src/shpub/Command/Connect.php b/src/shpub/Command/Connect.php index 02f60c7..668d7e9 100644 --- a/src/shpub/Command/Connect.php +++ b/src/shpub/Command/Connect.php @@ -47,7 +47,6 @@ class Command_Connect } $code = $authParams['code']; $userUrl = $authParams['me']; - $this->verifyAuthCode($host, $code, $state, $redirect_uri, $userUrl); $accessToken = $this->fetchAccessToken( $host, $userUrl, $code, $redirect_uri, $state @@ -164,39 +163,6 @@ class Command_Connect return [$redirect_uri, $socketStr]; } - protected function verifyAuthCode($host, $code, $state, $redirect_uri, $me) - { - $req = new \HTTP_Request2($host->endpoints->authorization, 'POST'); - if (version_compare(PHP_VERSION, '5.6.0', '<')) { - //correct ssl validation on php 5.5 is a pain, so disable - $req->setConfig('ssl_verify_host', false); - $req->setConfig('ssl_verify_peer', false); - } - $req->setHeader('Content-Type: application/x-www-form-urlencoded'); - $req->setBody( - http_build_query( - [ - 'code' => $code, - 'state' => $state, - 'client_id' => static::$client_id, - 'redirect_uri' => $redirect_uri, - ] - ) - ); - $res = $req->send(); - if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') { - Log::err('Wrong content type in auth verification response'); - exit(2); - } - parse_str($res->getBody(), $verifiedParams); - if (!isset($verifiedParams['me']) - || $verifiedParams['me'] !== $me - ) { - Log::err('Non-matching "me" values'); - exit(2); - } - } - protected function startHttpServer($socketStr) { $responseOk = "HTTP/1.0 200 OK\r\n" -- 2.30.2