diff --git a/assets/oauth2.js/main.js b/assets/oauth2.js/main.js index 457b19c..182ba17 100644 --- a/assets/oauth2.js/main.js +++ b/assets/oauth2.js/main.js @@ -1,4 +1,4 @@ -#include device/verify.js +#include verify.js (() => { const authoriseButtons = document.querySelectorAll('.js-authorise-action'); @@ -32,6 +32,6 @@ }; } - if(location.pathname === '/oauth2/device/verify') - HanyuuOAuth2DeviceVerify(); + if(location.pathname === '/oauth2/verify') + HanyuuOAuth2Verify(); })(); diff --git a/assets/oauth2.js/device/verify.js b/assets/oauth2.js/verify.js similarity index 74% rename from assets/oauth2.js/device/verify.js rename to assets/oauth2.js/verify.js index eb29ac1..32bd210 100644 --- a/assets/oauth2.js/device/verify.js +++ b/assets/oauth2.js/verify.js @@ -4,7 +4,7 @@ #include header/header.js #include header/user.jsx -const HanyuuOAuth2DeviceVerify = () => { +const HanyuuOAuth2Verify = () => { const queryParams = new URLSearchParams(window.location.search); const loading = new HanyuuOAuth2Loading('.js-loading'); const header = new HanyuuOAuth2Header; @@ -18,27 +18,34 @@ const HanyuuOAuth2DeviceVerify = () => { let userCode = ''; let userHeader; - const verifyDeviceRequest = async approve => { - return await $x.post('/oauth2/device/verify', { type: 'json' }, { + const verifyAuthsRequest = async approve => { + return await $x.post('/oauth2/verify', { type: 'json' }, { _csrfp: HanyuuCSRFP.getToken(), code: userCode, approve: approve === true ? 'yes' : 'no', }); }; - const handleVerifyDeviceResponse = result => { + const handleVerifyAuthsResponse = result => { const response = result.body(); - if(!response || typeof response.error === 'string') { + if(!response) { + alert('Request to verify endpoint failed. Please try again.'); + loading.visible = false; + fAuths.classList.remove('hidden'); + return; + } + + if(typeof response.error === 'string') { // TODO: nicer errors if(response.error === 'auth') alert('You are not logged in.'); else if(response.error === 'csrf') alert('Request verification failed, please refresh and try again.'); else if(response.error === 'code') - alert('This code is not associated with any device authorisation request.'); + alert('This code is not associated with any authorisation request.'); else if(response.error === 'approval') - alert('The device authorisation request associated with this code is not pending approval.'); + alert('The authorisation request associated with this code is not pending approval.'); else if(response.error === 'invalid') alert('Invalid approval state specified.'); else @@ -65,8 +72,8 @@ const HanyuuOAuth2DeviceVerify = () => { if(userHeader) userHeader.guiseVisible = false; - verifyDeviceRequest(ev.submitter.value === 'yes') - .then(handleVerifyDeviceResponse); + verifyAuthsRequest(ev.submitter.value === 'yes') + .then(handleVerifyAuthsResponse); }; const fCode = document.querySelector('.js-verify-code'); @@ -78,20 +85,27 @@ const HanyuuOAuth2DeviceVerify = () => { loading.visible = true; fCode.classList.add('hidden'); - $x.get(`/oauth2/device/resolve?csrfp=${encodeURIComponent(HanyuuCSRFP.getToken())}&code=${encodeURIComponent(eUserCode.value)}`, { type: 'json' }) + $x.get(`/oauth2/resolve-request?csrfp=${encodeURIComponent(HanyuuCSRFP.getToken())}&code=${encodeURIComponent(eUserCode.value)}`, { type: 'json' }) .then(result => { const response = result.body(); - if(!response || typeof response.error === 'string') { + if(!response) { + alert('Request to resolve endpoint failed. Please try again.'); + loading.visible = false; + fCode.classList.remove('hidden'); + return; + } + + if(typeof response.error === 'string') { // TODO: nicer errors if(response.error === 'auth') alert('You are not logged in.'); else if(response.error === 'csrf') alert('Request verification failed, please refresh and try again.'); else if(response.error === 'code') - alert('This code is not associated with any device authorisation request.'); + alert('This code is not associated with any authorisation request.'); else if(response.error === 'approval') - alert('The device authorisation request associated with this code is not pending approval.'); + alert('The authorisation request associated with this code is not pending approval.'); else alert(`An unknown error occurred: ${response.error}`); @@ -100,7 +114,7 @@ const HanyuuOAuth2DeviceVerify = () => { return; } - userCode = response.device.code; + userCode = response.req.code; userHeader = new HanyuuOAuth2UserHeader(response.user); header.setElement(userHeader); @@ -109,7 +123,7 @@ const HanyuuOAuth2DeviceVerify = () => { if(userHeader) userHeader.guiseVisible = false; - verifyDeviceRequest(true).then(handleVerifyDeviceResponse); + verifyAuthsRequest(true).then(handleVerifyAuthsResponse); return; } diff --git a/hanyuu.cfg.example b/hanyuu.cfg.example index 6730e75..09a87e2 100644 --- a/hanyuu.cfg.example +++ b/hanyuu.cfg.example @@ -7,7 +7,7 @@ site:name Hanyuu misuzu:endpoint http://msz.local misuzu:secret beans -oauth2:device:verification_uri https://hau.local/oauth2/device -oauth2:device:verification_uri_complete https://hau.local/oauth2/device?code=%s +oauth2:device:verification_uri https://hau.local/oauth2/verify +oauth2:device:verification_uri_complete https://hau.local/oauth2/verify?code=%s csrfp:secret change this please diff --git a/src/OAuth2/OAuth2Routes.php b/src/OAuth2/OAuth2Routes.php index 1a8cf46..2c723f1 100644 --- a/src/OAuth2/OAuth2Routes.php +++ b/src/OAuth2/OAuth2Routes.php @@ -378,8 +378,8 @@ final class OAuth2Routes extends RouteHandler { ]; } - #[HttpGet('/oauth2/device/verify')] - public function getDeviceVerify($response, $request) { + #[HttpGet('/oauth2/verify')] + public function getVerify($response, $request) { $authInfo = ($this->getAuthInfo)(); if(!isset($authInfo->user)) return $this->templating->render('oauth2/login', [ @@ -388,13 +388,13 @@ final class OAuth2Routes extends RouteHandler { $csrfp = new CSRFP(($this->getCSRFPSecret)(), $authInfo->session->token); - return $this->templating->render('oauth2/device/verify', [ + return $this->templating->render('oauth2/verify', [ 'csrfp_token' => $csrfp->createToken(), ]); } - #[HttpPost('/oauth2/device/verify')] - public function postDeviceVerify($response, $request) { + #[HttpPost('/oauth2/verify')] + public function postVerify($response, $request) { if(!$request->isFormContent()) return 400; @@ -432,8 +432,8 @@ final class OAuth2Routes extends RouteHandler { ]; } - #[HttpGet('/oauth2/device/resolve')] - public function getDeviceResolve($response, $request) { + #[HttpGet('/oauth2/resolve-request')] + public function getResolveRequest($response, $request) { // TODO: RATE LIMITING $authInfo = ($this->getAuthInfo)(); @@ -462,7 +462,7 @@ final class OAuth2Routes extends RouteHandler { } $result = [ - 'device' => [ + 'req' => [ 'code' => $deviceInfo->getUserCode(), ], 'app' => [ @@ -493,8 +493,8 @@ final class OAuth2Routes extends RouteHandler { return $result; } - #[HttpPost('/oauth2/device/authorise')] - public function postDeviceAuthorise($response, $request) { + #[HttpPost('/oauth2/request-authorise')] + public function postRequestAuthorise($response, $request) { $response->setHeader('Cache-Control', 'no-store'); if(!$request->isFormContent()) { diff --git a/templates/oauth2/device/verify.twig b/templates/oauth2/verify.twig similarity index 83% rename from templates/oauth2/device/verify.twig rename to templates/oauth2/verify.twig index e4f3f87..fe5bbb1 100644 --- a/templates/oauth2/device/verify.twig +++ b/templates/oauth2/verify.twig @@ -1,8 +1,8 @@ {% extends 'oauth2/master.twig' %} {% set body_header_class = 'devicehead' %} -{% set body_header_text = 'Device authorisation' %} -{% set body_title = 'Device Authorisation Request' %} +{% set body_header_text = 'Code authorisation' %} +{% set body_title = 'Authorisation Request' %} {% block body_content %}
@@ -41,7 +41,7 @@
Approved!
-

You have approved the device authorisation request. You should now be signed in on the target device or application.

+

You have approved the authorisation request. You should now be signed in on the target device or application.

@@ -51,7 +51,7 @@
Denied!
-

You have denied the device authorisation request. Please return to the target device or application and follow displayed instructions.

+

You have denied the authorisation request. Please return to the target device or application and follow displayed instructions.