flashii/hanyuu
1
0
Fork 0
Code Pull requests Releases Activity

Adjustments to WWW-Authenticate header and altered device routes.

Browse source
This commit is contained in:
flash 2024-07-21 01:10:40 +00:00
parent f6346e3f25
commit 1149341cc9
1 changed files with 42 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
src/OAuth2/OAuth2Routes.php
View file

@ -378,8 +378,20 @@ final class OAuth2Routes extends RouteHandler {
return $info; return $info;
} }
#[HttpPost('/oauth2/authorise-device')] #[HttpGet('/oauth2/device/verify')]
public function postAuthoriseDevice($response, $request) { public function getDeviceVerify() {
return 'TODO: make this page';
}
#[HttpPost('/oauth2/device/verify')]
public function postDeviceVerify() {
return [
'TODO' => 'make this endpoint',
];
}
#[HttpPost('/oauth2/device/authorise')]
public function postDeviceAuthorise($response, $request) {
$response->setHeader('Cache-Control', 'no-store'); $response->setHeader('Cache-Control', 'no-store');
if(!$request->isFormContent()) { if(!$request->isFormContent()) {
@ -396,9 +408,8 @@ final class OAuth2Routes extends RouteHandler {
$clientSecret = $authzHeader[1] ?? ''; $clientSecret = $authzHeader[1] ?? '';
} elseif($authzHeader[0] !== '') { } elseif($authzHeader[0] !== '') {
$response->setStatusCode(401); $response->setStatusCode(401);
$message = 'You must use the Basic method for Authorization parameters.'; $response->setHeader('WWW-Authenticate', 'Basic');
$response->setHeader('WWW-Authenticate', "Basic realm=\"{$message}\""); return self::error('invalid_client', 'You must use the Basic method for Authorization parameters.');
return self::error('invalid_client', $message);
} else { } else {
$clientId = (string)$content->getParam('client_id'); $clientId = (string)$content->getParam('client_id');
$clientSecret = ''; $clientSecret = '';
@ -408,15 +419,22 @@ final class OAuth2Routes extends RouteHandler {
try { try {
$appInfo = $appsData->getAppInfo(clientId: $clientId, deleted: false); $appInfo = $appsData->getAppInfo(clientId: $clientId, deleted: false);
} catch(RuntimeException $ex) { } catch(RuntimeException $ex) {
if($authzHeader[0] === '') {
$response->setStatusCode(400); $response->setStatusCode(400);
return self::error('invalid_client', 'No application has been registered with this client id.'); } else {
$response->setStatusCode(401);
$response->setHeader('WWW-Authenticate', 'Basic');
}
return self::error('invalid_client', 'No application has been registered with this client ID.');
} }
$appAuthenticated = false; $appAuthenticated = false;
if($clientSecret !== '') { if($clientSecret !== '') {
// TODO: rate limiting // TODO: rate limiting
if(!$appInfo->verifyClientSecret($clientSecret)) { if(!$appInfo->verifyClientSecret($clientSecret)) {
$response->setStatusCode(400); $response->setStatusCode(401);
$response->setHeader('WWW-Authenticate', 'Basic');
return self::error('invalid_client', 'Provided client secret is not correct for this application.'); return self::error('invalid_client', 'Provided client secret is not correct for this application.');
} }
} }
@ -492,9 +510,8 @@ final class OAuth2Routes extends RouteHandler {
$clientSecret = $authzHeader[1] ?? ''; $clientSecret = $authzHeader[1] ?? '';
} elseif($authzHeader[0] !== '') { } elseif($authzHeader[0] !== '') {
$response->setStatusCode(401); $response->setStatusCode(401);
$message = 'You must either use the Basic method for Authorization or use the client_id and client_secret parameters.'; $response->setHeader('WWW-Authenticate', 'Basic');
$response->setHeader('WWW-Authenticate', "Basic realm=\"{$message}\""); return self::error('invalid_client', 'You must either use the Basic method for Authorization or use the client_id and client_secret parameters.');
return self::error('invalid_client', $message);
} else { } else {
$clientId = (string)$content->getParam('client_id'); $clientId = (string)$content->getParam('client_id');
$clientSecret = (string)$content->getParam('client_secret'); $clientSecret = (string)$content->getParam('client_secret');
@ -504,7 +521,13 @@ final class OAuth2Routes extends RouteHandler {
try { try {
$appInfo = $appsData->getAppInfo(clientId: $clientId, deleted: false); $appInfo = $appsData->getAppInfo(clientId: $clientId, deleted: false);
} catch(RuntimeException $ex) { } catch(RuntimeException $ex) {
if($authzHeader[0] === '') {
$response->setStatusCode(400); $response->setStatusCode(400);
} else {
$response->setStatusCode(401);
$response->setHeader('WWW-Authenticate', 'Basic');
}
return self::error('invalid_client', 'No application has been registered with this client id.'); return self::error('invalid_client', 'No application has been registered with this client id.');
} }
@ -513,7 +536,13 @@ final class OAuth2Routes extends RouteHandler {
// TODO: rate limiting // TODO: rate limiting
$appAuthenticated = $appInfo->verifyClientSecret($clientSecret); $appAuthenticated = $appInfo->verifyClientSecret($clientSecret);
if(!$appAuthenticated) { if(!$appAuthenticated) {
if($authzHeader[0] === '') {
$response->setStatusCode(400); $response->setStatusCode(400);
} else {
$response->setStatusCode(401);
$response->setHeader('WWW-Authenticate', 'Basic');
}
return self::error('invalid_client', 'Provided client secret is not correct for this application.'); return self::error('invalid_client', 'Provided client secret is not correct for this application.');
} }
} }