jonny/jonnybarnes.uk
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases 5 Packages Wiki Activity Actions

Initial php8 work

Browse source 
- switch to GD for image work
 - fix issues around jwt
This commit is contained in:
Jonny Barnes 2020-11-28 18:21:29 +00:00
parent 303b0e66ca
commit 6942fc1d32
9 changed files with 370 additions and 337 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
app/Http/Controllers/MicropubController.php
View file

@ -10,6 +10,8 @@ use App\Models\Place;
use App\Services\Micropub\{HCardService, HEntryService, UpdateService};
use App\Services\TokenService;
use Illuminate\Http\JsonResponse;
use Lcobucci\JWT\Token\InvalidTokenStructure;
use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
use Monolog\Handler\StreamHandler;
use Monolog\Logger;
@ -43,13 +45,13 @@ class MicropubController extends Controller
{
try {
$tokenData = $this->tokenService->validateToken(request()->input('access_token'));
} catch (InvalidTokenException $e) {
} catch (RequiredConstraintsViolated | InvalidTokenStructure) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->invalidTokenResponse();
}
if ($tokenData->hasClaim('scope') === false) {
if ($tokenData->claims()->has('scope') === false) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->tokenHasNoScopeResponse();
@ -58,7 +60,7 @@ class MicropubController extends Controller
$this->logMicropubRequest(request()->all());
if ((request()->input('h') == 'entry') || (request()->input('type.0') == 'h-entry')) {
if (stristr($tokenData->getClaim('scope'), 'create') === false) {
if (stristr($tokenData->claims()->get('scope'), 'create') === false) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse();
@ -72,7 +74,7 @@ class MicropubController extends Controller
}
if (request()->input('h') == 'card' || request()->input('type.0') == 'h-card') {
if (stristr($tokenData->getClaim('scope'), 'create') === false) {
if (stristr($tokenData->claims()->get('scope'), 'create') === false) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse();
@ -86,7 +88,7 @@ class MicropubController extends Controller
}
if (request()->input('action') == 'update') {
if (stristr($tokenData->getClaim('scope'), 'update') === false) {
if (stristr($tokenData->claims()->get('scope'), 'update') === false) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse();
@ -115,7 +117,7 @@ class MicropubController extends Controller
{
try {
$tokenData = $this->tokenService->validateToken(request()->input('access_token'));
} catch (InvalidTokenException $e) {
} catch (RequiredConstraintsViolated | InvalidTokenStructure) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->invalidTokenResponse();
@ -156,9 +158,9 @@ class MicropubController extends Controller
return response()->json([
'response' => 'token',
'token' => [
'me' => $tokenData->getClaim('me'),
'scope' => $tokenData->getClaim('scope'),
'client_id' => $tokenData->getClaim('client_id'),
'me' => $tokenData->claims()->get('me'),
'scope' => $tokenData->claims()->get('scope'),
'client_id' => $tokenData->claims()->get('client_id'),
],
]);
}
@ -167,13 +169,13 @@ class MicropubController extends Controller
* Determine the client id from the access token sent with the request.
*
* @return string
* @throws InvalidTokenException
* @throws RequiredConstraintsViolated
*/
private function getClientId(): string
{
return resolve(TokenService::class)
->validateToken(request()->input('access_token'))
->getClaim('client_id');
->claims()->get('client_id');
}
/**

14
app/Http/Controllers/MicropubMediaController.php
View file

@ -21,6 +21,8 @@ use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Str;
use Intervention\Image\Exception\NotReadableException;
use Intervention\Image\ImageManager;
use Lcobucci\JWT\Token\InvalidTokenStructure;
use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
use Ramsey\Uuid\Uuid;
class MicropubMediaController extends Controller
@ -36,19 +38,19 @@ class MicropubMediaController extends Controller
{
try {
$tokenData = $this->tokenService->validateToken(request()->input('access_token'));
} catch (InvalidTokenException $e) {
} catch (RequiredConstraintsViolated | InvalidTokenStructure) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->invalidTokenResponse();
}
if ($tokenData->hasClaim('scope') === false) {
if ($tokenData->claims()->has('scope') === false) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->tokenHasNoScopeResponse();
}
if (Str::contains($tokenData->getClaim('scope'), 'create') === false) {
if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse();
@ -103,19 +105,19 @@ class MicropubMediaController extends Controller
{
try {
$tokenData = $this->tokenService->validateToken(request()->input('access_token'));
} catch (InvalidTokenException $e) {
} catch (RequiredConstraintsViolated | InvalidTokenStructure) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->invalidTokenResponse();
}
if ($tokenData->hasClaim('scope') === false) {
if ($tokenData->claims()->has('scope') === false) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->tokenHasNoScopeResponse();
}
if (Str::contains($tokenData->getClaim('scope'), 'create') === false) {
if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
$micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse();

15
app/Providers/AppServiceProvider.php
View file

@ -11,6 +11,10 @@ use Illuminate\Support\Collection;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Str;
use Laravel\Dusk\DuskServiceProvider;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Hmac\Sha256;
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Validation\Constraint\SignedWith;
class AppServiceProvider extends ServiceProvider
{
@ -73,6 +77,17 @@ class AppServiceProvider extends ServiceProvider
]
);
});
// Configure JWT builder
$this->app->bind('Lcobucci\JWT\Configuration', function () {
$key = InMemory::plainText('testing');
$config = Configuration::forSymmetricSigner(new Sha256(), $key);
$config->setValidationConstraints(new SignedWith(new Sha256(), $key));
return $config;
});
}
/**

40
app/Services/TokenService.php
View file

@ -6,8 +6,8 @@ namespace App\Services;
use App\Exceptions\InvalidTokenException;
use App\Jobs\AddClientToDatabase;
use Lcobucci\JWT\Signer\Hmac\Sha256;
use Lcobucci\JWT\{Builder, Parser, Token};
use DateTimeImmutable;
use Lcobucci\JWT\{Configuration, Token};
class TokenService
{
@ -19,17 +19,19 @@ class TokenService
*/
public function getNewToken(array $data): string
{
$signer = new Sha256();
$token = (new Builder())->set('me', $data['me'])
->set('client_id', $data['client_id'])
->set('scope', $data['scope'])
->set('date_issued', time())
->set('nonce', bin2hex(random_bytes(8)))
->sign($signer, config('app.key'))
->getToken();
$config = resolve(Configuration::class);
$token = $config->builder()
->issuedAt(new DateTimeImmutable())
->withClaim('client_id', $data['client_id'])
->withClaim('me', $data['me'])
->withClaim('scope', $data['scope'])
->withClaim('nonce', bin2hex(random_bytes(8)))
->getToken($config->signer(), $config->signingKey());
dispatch(new AddClientToDatabase($data['client_id']));
return (string) $token;
return $token->toString();
}
/**
@ -40,15 +42,13 @@ class TokenService
*/
public function validateToken(string $bearerToken): Token
{
$signer = new Sha256();
try {
$token = (new Parser())->parse((string) $bearerToken);
} catch (\InvalidArgumentException $e) {
throw new InvalidTokenException('Token could not be parsed');
}
if (! $token->verify($signer, config('app.key'))) {
throw new InvalidTokenException('Token failed validation');
}
$config = resolve('Lcobucci\JWT\Configuration');
$token = $config->parser()->parse($bearerToken);
$constraints = $config->validationConstraints();
$config->validator()->assert($token, ...$constraints);
return $token;
}

2
composer.json
View file

@ -9,7 +9,7 @@
],
"license": "CC0-1.0",
"require": {
"php": "^7.4",
"php": "^8.0",
"ext-intl": "*",
"ext-json": "*",
"ext-dom": "*",

550
composer.lock generated
View file

File diff suppressed because it is too large Load diff

2
config/image.php
View file

@ -15,6 +15,6 @@ return [
|
*/
'driver' => 'imagick',
'driver' => 'gd',
];

7
tests/Feature/MicropubControllerTest.php
View file

@ -5,19 +5,16 @@ namespace Tests\Feature;
use Carbon\Carbon;
use Tests\TestCase;
use Tests\TestToken;
use App\Jobs\ProcessMedia;
use App\Jobs\SendWebMentions;
use App\Models\{Media, Place};
use Illuminate\Http\UploadedFile;
use App\Jobs\SyndicateNoteToTwitter;
use Illuminate\Support\Facades\Queue;
use Illuminate\Support\Facades\Storage;
use MStaack\LaravelPostgis\Geometries\Point;
use Illuminate\Foundation\Testing\DatabaseTransactions;
class MicropubControllerTest extends TestCase
{
use DatabaseTransactions, TestToken;
use DatabaseTransactions;
use TestToken;
/**
* Test a GET request for the micropub endpoint without a token gives a

53
tests/TestToken.php
View file

@ -2,50 +2,47 @@
namespace Tests;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Hmac\Sha256;
use DateTimeImmutable;
use Lcobucci\JWT\Configuration;
trait TestToken
{
public function getToken()
{
$signer = new Sha256();
$token = (new Builder())
->set('client_id', 'https://quill.p3k.io')
->set('me', 'https://jonnybarnes.localhost')
->set('scope', 'create update')
->set('issued_at', time())
->sign($signer, env('APP_KEY'))
->getToken();
$config = $this->app->make(Configuration::class);
return $token;
return $config->builder()
->issuedAt(new DateTimeImmutable())
->withClaim('client_id', 'https://quill.p3k.io')
->withClaim('me', 'https://jonnybarnes.localhost')
->withClaim('scope', 'create update')
->getToken($config->signer(), $config->signingKey())
->toString();
}
public function getTokenWithIncorrectScope()
{
$signer = new Sha256();
$token = (new Builder())
->set('client_id', 'https://quill.p3k.io')
->set('me', 'https://jonnybarnes.localhost')
->set('scope', 'view') //error here
->set('issued_at', time())
->sign($signer, env('APP_KEY'))
->getToken();
$config = $this->app->make(Configuration::class);
return $token;
return $config->builder()
->issuedAt(new DateTimeImmutable())
->withClaim('client_id', 'https://quill.p3k.io')
->withClaim('me', 'https://jonnybarnes.localhost')
->withClaim('scope', 'view')
->getToken($config->signer(), $config->signingKey())
->toString();
}
public function getTokenWithNoScope()
{
$signer = new Sha256();
$token = (new Builder())
->set('client_id', 'https://quill.p3k.io')
->set('me', 'https://jonnybarnes.localhost')
->set('issued_at', time())
->sign($signer, env('APP_KEY'))
->getToken();
$config = $this->app->make(Configuration::class);
return $token;
return $config->builder()
->issuedAt(new DateTimeImmutable())
->withClaim('client_id', 'https://quill.p3k.io')
->withClaim('me', 'https://jonnybarnes.localhost')
->getToken($config->signer(), $config->signingKey())
->toString();
}
public function getInvalidToken()