Merge pull request #444 from jonnybarnes/294-indieauth-still-broken

Rework indieauth checking in token endpoint
2022-09-24 19:18:52 +01:00 · 2022-09-24 19:18:52 +01:00 · ba6d74b401
commit ba6d74b401
parent b8608a3f57 c3c395c659
4 changed files with 19 additions and 64 deletions
--- a/app/Http/Controllers/TokenEndpointController.php
+++ b/app/Http/Controllers/TokenEndpointController.php
@ -53,24 +53,9 @@ class TokenEndpointController extends Controller
     */
    public function create(Request $request): JsonResponse
    {
-        if (empty($request->input('me'))) {
-            return response()->json([
-                'error' => 'Missing {me} param from input',
-            ], 400);
-        }
-
-        $authorizationEndpoint = $this->client::discoverAuthorizationEndpoint(normalize_url($request->input('me')));
-
-        if (empty($authorizationEndpoint)) {
-            return response()->json([
-                'error' => sprintf('Could not discover the authorization endpoint for %s', $request->input('me')),
-            ], 400);
-        }
-
        $auth = $this->verifyIndieAuthCode(
-            $authorizationEndpoint,
+            config('app.authorization_endpoint'),
            $request->input('code'),
-            $request->input('me'),
            $request->input('redirect_uri'),
            $request->input('client_id'),
        );
@ -100,7 +85,6 @@ class TokenEndpointController extends Controller
    protected function verifyIndieAuthCode(
        string $authorizationEndpoint,
        string $code,
-        string $me,
        string $redirectUri,
        string $clientId
    ): ?array {
@ -111,7 +95,7 @@ class TokenEndpointController extends Controller
                ],
                'form_params' => [
                    'code' => $code,
-                    'me' => $me,
+                    'me' => config('app.url'),
                    'redirect_uri' => $redirectUri,
                    'client_id' => $clientId,
                ],
--- a/config/app.php
+++ b/config/app.php
@ -78,6 +78,17 @@ return [

    'shorturl' => env('APP_SHORTURL', 'shorturl.local'),

+    /*
+    |--------------------------------------------------------------------------
+    | Authorization endpoint
+    |--------------------------------------------------------------------------
+    |
+    | The authorization endpoint for the application, used primarily for Micropub
+    |
+    */
+
+    'authorization_endpoint' => env('AUTHORIZATION_ENDPOINT', 'https://indieauth.com/auth'),
+
    /*
    |--------------------------------------------------------------------------
    | Application Display Name
--- a/resources/views/master.blade.php
+++ b/resources/views/master.blade.php
@ -18,7 +18,7 @@
        <link rel="alternate" type="application/jf2feed+json" title="Notes JF2 Feed" href="/blog/feed.jf2">
        <link rel="openid.server" href="https://indieauth.com/openid">
        <link rel="openid.delegate" href="{{ config('app.url') }}">
-        <link rel="authorization_endpoint" href="https://indieauth.com/auth">
+        <link rel="authorization_endpoint" href="{{ config('app.authorization_endpoint') }}">
        <link rel="token_endpoint" href="{{ config('app.url') }}/api/token">
        <link rel="micropub" href="{{ config('app.url') }}/api/post">
        <link rel="webmention" href="{{ config('app.url') }}/webmention">
--- a/tests/Feature/TokenEndpointTest.php
+++ b/tests/Feature/TokenEndpointTest.php
@ -5,12 +5,10 @@ declare(strict_types=1);
 namespace Tests\Feature;

 use Exception;
-use GuzzleHttp\Client as GuzzleClient;
+use GuzzleHttp\Client;
 use GuzzleHttp\Handler\MockHandler;
 use GuzzleHttp\HandlerStack;
-use IndieAuth\Client as IndieAuthClient;
 use JsonException;
-use Mockery;
 use Tests\TestCase;

 class TokenEndpointTest extends TestCase
@ -23,11 +21,6 @@ class TokenEndpointTest extends TestCase
     */
    public function tokenEndpointIssuesToken(): void
    {
-        $mockIndieAuthClient = Mockery::mock(IndieAuthClient::class);
-        $mockIndieAuthClient->shouldReceive('discoverAuthorizationEndpoint')
-            ->with(normalize_url(config('app.url')))
-            ->once()
-            ->andReturn('https://indieauth.com/auth');
        $mockHandler = new MockHandler([
            new \GuzzleHttp\Psr7\Response(200, [], json_encode([
                'me' => config('app.url'),
@ -35,9 +28,8 @@ class TokenEndpointTest extends TestCase
            ], JSON_THROW_ON_ERROR)),
        ]);
        $handlerStack = HandlerStack::create($mockHandler);
-        $mockGuzzleClient = new GuzzleClient(['handler' => $handlerStack]);
-        $this->app->instance(IndieAuthClient::class, $mockIndieAuthClient);
-        $this->app->instance(GuzzleClient::class, $mockGuzzleClient);
+        $mockGuzzleClient = new Client(['handler' => $handlerStack]);
+        $this->app->instance(Client::class, $mockGuzzleClient);
        $response = $this->post('/api/token', [
            'me' => config('app.url'),
            'code' => 'abc123',
@ -59,20 +51,14 @@ class TokenEndpointTest extends TestCase
     */
    public function tokenEndpointReturnsErrorWhenAuthEndpointLacksMeData(): void
    {
-        $mockIndieAuthClient = Mockery::mock(IndieAuthClient::class);
-        $mockIndieAuthClient->shouldReceive('discoverAuthorizationEndpoint')
-            ->with(normalize_url(config('app.url')))
-            ->once()
-            ->andReturn('https://indieauth.com/auth');
        $mockHandler = new MockHandler([
            new \GuzzleHttp\Psr7\Response(400, [], json_encode([
                'error' => 'error_message',
            ], JSON_THROW_ON_ERROR)),
        ]);
        $handlerStack = HandlerStack::create($mockHandler);
-        $mockGuzzleClient = new GuzzleClient(['handler' => $handlerStack]);
-        $this->app->instance(IndieAuthClient::class, $mockIndieAuthClient);
-        $this->app->instance(GuzzleClient::class, $mockGuzzleClient);
+        $mockGuzzleClient = new Client(['handler' => $handlerStack]);
+        $this->app->instance(Client::class, $mockGuzzleClient);
        $response = $this->post('/api/token', [
            'me' => config('app.url'),
            'code' => 'abc123',
@ -85,30 +71,4 @@ class TokenEndpointTest extends TestCase
            'error' => 'There was an error verifying the IndieAuth code',
        ]);
    }
-
-    /**
-     * @test
-     *
-     * @throws Exception
-     */
-    public function tokenEndpointReturnsErrorWhenNoAuthEndpointFound(): void
-    {
-        $mockIndieAuthClient = Mockery::mock(IndieAuthClient::class);
-        $mockIndieAuthClient->shouldReceive('discoverAuthorizationEndpoint')
-            ->with(normalize_url(config('app.url')))
-            ->once()
-            ->andReturn(null);
-        $this->app->instance(IndieAuthClient::class, $mockIndieAuthClient);
-        $response = $this->post('/api/token', [
-            'me' => config('app.url'),
-            'code' => 'abc123',
-            'redirect_uri' => config('app.url') . '/indieauth-callback',
-            'client_id' => config('app.url') . '/micropub-client',
-            'state' => random_int(1000, 10000),
-        ]);
-        $response->assertStatus(400);
-        $response->assertJson([
-            'error' => 'Could not discover the authorization endpoint for ' . config('app.url'),
-        ]);
-    }
 }