Adjustments to WWW-Authenticate header and altered device routes.
This commit is contained in:
parent
f6346e3f25
commit
1149341cc9
1 changed files with 42 additions and 13 deletions
|
|
@ -378,8 +378,20 @@ final class OAuth2Routes extends RouteHandler {
|
|||
return $info;
|
||||
}
|
||||
|
||||
#[HttpPost('/oauth2/authorise-device')]
|
||||
public function postAuthoriseDevice($response, $request) {
|
||||
#[HttpGet('/oauth2/device/verify')]
|
||||
public function getDeviceVerify() {
|
||||
return 'TODO: make this page';
|
||||
}
|
||||
|
||||
#[HttpPost('/oauth2/device/verify')]
|
||||
public function postDeviceVerify() {
|
||||
return [
|
||||
'TODO' => 'make this endpoint',
|
||||
];
|
||||
}
|
||||
|
||||
#[HttpPost('/oauth2/device/authorise')]
|
||||
public function postDeviceAuthorise($response, $request) {
|
||||
$response->setHeader('Cache-Control', 'no-store');
|
||||
|
||||
if(!$request->isFormContent()) {
|
||||
|
|
@ -396,9 +408,8 @@ final class OAuth2Routes extends RouteHandler {
|
|||
$clientSecret = $authzHeader[1] ?? '';
|
||||
} elseif($authzHeader[0] !== '') {
|
||||
$response->setStatusCode(401);
|
||||
$message = 'You must use the Basic method for Authorization parameters.';
|
||||
$response->setHeader('WWW-Authenticate', "Basic realm=\"{$message}\"");
|
||||
return self::error('invalid_client', $message);
|
||||
$response->setHeader('WWW-Authenticate', 'Basic');
|
||||
return self::error('invalid_client', 'You must use the Basic method for Authorization parameters.');
|
||||
} else {
|
||||
$clientId = (string)$content->getParam('client_id');
|
||||
$clientSecret = '';
|
||||
|
|
@ -408,15 +419,22 @@ final class OAuth2Routes extends RouteHandler {
|
|||
try {
|
||||
$appInfo = $appsData->getAppInfo(clientId: $clientId, deleted: false);
|
||||
} catch(RuntimeException $ex) {
|
||||
$response->setStatusCode(400);
|
||||
return self::error('invalid_client', 'No application has been registered with this client id.');
|
||||
if($authzHeader[0] === '') {
|
||||
$response->setStatusCode(400);
|
||||
} else {
|
||||
$response->setStatusCode(401);
|
||||
$response->setHeader('WWW-Authenticate', 'Basic');
|
||||
}
|
||||
|
||||
return self::error('invalid_client', 'No application has been registered with this client ID.');
|
||||
}
|
||||
|
||||
$appAuthenticated = false;
|
||||
if($clientSecret !== '') {
|
||||
// TODO: rate limiting
|
||||
if(!$appInfo->verifyClientSecret($clientSecret)) {
|
||||
$response->setStatusCode(400);
|
||||
$response->setStatusCode(401);
|
||||
$response->setHeader('WWW-Authenticate', 'Basic');
|
||||
return self::error('invalid_client', 'Provided client secret is not correct for this application.');
|
||||
}
|
||||
}
|
||||
|
|
@ -492,9 +510,8 @@ final class OAuth2Routes extends RouteHandler {
|
|||
$clientSecret = $authzHeader[1] ?? '';
|
||||
} elseif($authzHeader[0] !== '') {
|
||||
$response->setStatusCode(401);
|
||||
$message = 'You must either use the Basic method for Authorization or use the client_id and client_secret parameters.';
|
||||
$response->setHeader('WWW-Authenticate', "Basic realm=\"{$message}\"");
|
||||
return self::error('invalid_client', $message);
|
||||
$response->setHeader('WWW-Authenticate', 'Basic');
|
||||
return self::error('invalid_client', 'You must either use the Basic method for Authorization or use the client_id and client_secret parameters.');
|
||||
} else {
|
||||
$clientId = (string)$content->getParam('client_id');
|
||||
$clientSecret = (string)$content->getParam('client_secret');
|
||||
|
|
@ -504,7 +521,13 @@ final class OAuth2Routes extends RouteHandler {
|
|||
try {
|
||||
$appInfo = $appsData->getAppInfo(clientId: $clientId, deleted: false);
|
||||
} catch(RuntimeException $ex) {
|
||||
$response->setStatusCode(400);
|
||||
if($authzHeader[0] === '') {
|
||||
$response->setStatusCode(400);
|
||||
} else {
|
||||
$response->setStatusCode(401);
|
||||
$response->setHeader('WWW-Authenticate', 'Basic');
|
||||
}
|
||||
|
||||
return self::error('invalid_client', 'No application has been registered with this client id.');
|
||||
}
|
||||
|
||||
|
|
@ -513,7 +536,13 @@ final class OAuth2Routes extends RouteHandler {
|
|||
// TODO: rate limiting
|
||||
$appAuthenticated = $appInfo->verifyClientSecret($clientSecret);
|
||||
if(!$appAuthenticated) {
|
||||
$response->setStatusCode(400);
|
||||
if($authzHeader[0] === '') {
|
||||
$response->setStatusCode(400);
|
||||
} else {
|
||||
$response->setStatusCode(401);
|
||||
$response->setHeader('WWW-Authenticate', 'Basic');
|
||||
}
|
||||
|
||||
return self::error('invalid_client', 'Provided client secret is not correct for this application.');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue