Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Present authorized scopes to user, post-auth #63

Merged
merged 1 commit into from
Mar 1, 2021
Merged

Present authorized scopes to user, post-auth #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions lib/micropublish/auth.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,17 +28,17 @@ def callback
# check we've found all the endpoints we want
endpoints_finder.validate!

# find out if we're allowed a token to post and what "me" to use
token, me = get_token_and_me(endpoints[:token_endpoint])
# find out if we're allowed a token to post, the scopes for that token and what "me" to use
token, scope, me = get_token_and_scopes_and_me(endpoints[:token_endpoint])

# if me does not match original me, check authorization endpoints match
confirm_auth_server(me, endpoints[:authorization_endpoint])

# return hash of endpoints and the token with the "me"
endpoints.merge(token: token, me: me)
endpoints.merge(token: token, scope: scope, me: me)
end

def get_token_and_me(token_endpoint)
def get_token_and_scopes_and_me(token_endpoint)
response = HTTParty.post(token_endpoint, body: {
code: @code,
redirect_uri: @redirect_uri,
Expand All @@ -54,21 +54,26 @@ def get_token_and_me(token_endpoint)
response_hash = JSON.parse(response.body)
access_token = response_hash.key?('access_token') ?
response_hash['access_token'] : nil
scope = response_hash.key?('scope') ? response_hash['scope'] : nil
me = response_hash.key?('me') ? response_hash['me'] : nil
rescue JSON::ParserError => e
# assume form-encoded
response_hash = CGI.parse(response.parsed_response)
access_token = response_hash.key?('access_token') ?
response_hash['access_token'].first : nil
scope = response_hash.key?('scope') ? response_hash['scope'].first : nil
me = response_hash.key?('me') ? response_hash['me'].first : nil
end
unless access_token
raise AuthError.new("No 'access_token' returned from token endpoint.")
end
unless scope
raise AuthError.new("No 'scope' param returned from token endpoint.")
end
unless me
raise AuthError.new("No 'me' param returned from token endpoint.")
end
[access_token, me]
[access_token, scope, me]
end

# https://indieauth.spec.indieweb.org/#authorization-server-confirmation
Expand Down
8 changes: 4 additions & 4 deletions lib/micropublish/server.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,11 +102,11 @@ class Server < Sinatra::Application
request.base_url,
session[:code_verifier]
)
endpoints_and_token_and_me = auth.callback
# login and token grant was successful so store in session with me
session.merge!(endpoints_and_token_and_me)
endpoints_and_token_and_scope_and_me = auth.callback
# login and token grant was successful so store in session with the scope for the token and the me
session.merge!(endpoints_and_token_and_scope_and_me)
redirect_flash('/', 'success', %Q{You are now signed in successfully
as "#{endpoints_and_token_and_me[:me]}".
as "#{endpoints_and_token_and_scope_and_me[:me]}".
Submit content to your site via Micropub using the links
below. Please
<a href="/about" class="alert-link">read&nbsp;the&nbsp;docs</a> for
Expand Down