Improve scope checking
Whether the scopes are defined as a space separated string, or an array, we should now be checking them without any errors.
This commit is contained in:
parent
55afa8f01d
commit
baee7ade4f
SSH key fingerprint:
SHA256:CTuSlns5U7qlD9jqHvtnVmfYV3Zwl2Z7WnJ4/dqOaL8
3 changed files with 29 additions and 7 deletions
|
|
@ -13,6 +13,7 @@ use App\Services\Micropub\UpdateService;
|
||||||
use App\Services\TokenService;
|
use App\Services\TokenService;
|
||||||
use Illuminate\Http\JsonResponse;
|
use Illuminate\Http\JsonResponse;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
use illuminate\Support\Arr;
|
||||||
use Lcobucci\JWT\Encoding\CannotDecodeContent;
|
use Lcobucci\JWT\Encoding\CannotDecodeContent;
|
||||||
use Lcobucci\JWT\Token\InvalidTokenStructure;
|
use Lcobucci\JWT\Token\InvalidTokenStructure;
|
||||||
use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
|
use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
|
||||||
|
|
@ -67,7 +68,12 @@ class MicropubController extends Controller
|
||||||
$this->logMicropubRequest($request->all());
|
$this->logMicropubRequest($request->all());
|
||||||
|
|
||||||
if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) {
|
if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) {
|
||||||
if (stripos($tokenData->claims()->get('scope'), 'create') === false) {
|
$scopes = $tokenData->claims()->get('scope');
|
||||||
|
if (is_string($scopes)) {
|
||||||
|
$scopes = explode(' ', $scopes);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!in_array('create', $scopes)) {
|
||||||
$micropubResponses = new MicropubResponses();
|
$micropubResponses = new MicropubResponses();
|
||||||
|
|
||||||
return $micropubResponses->insufficientScopeResponse();
|
return $micropubResponses->insufficientScopeResponse();
|
||||||
|
|
@ -81,7 +87,11 @@ class MicropubController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') {
|
if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') {
|
||||||
if (stripos($tokenData->claims()->get('scope'), 'create') === false) {
|
$scopes = $tokenData->claims()->get('scope');
|
||||||
|
if (is_string($scopes)) {
|
||||||
|
$scopes = explode(' ', $scopes);
|
||||||
|
}
|
||||||
|
if (!in_array('create', $scopes)) {
|
||||||
$micropubResponses = new MicropubResponses();
|
$micropubResponses = new MicropubResponses();
|
||||||
|
|
||||||
return $micropubResponses->insufficientScopeResponse();
|
return $micropubResponses->insufficientScopeResponse();
|
||||||
|
|
@ -95,7 +105,11 @@ class MicropubController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($request->input('action') === 'update') {
|
if ($request->input('action') === 'update') {
|
||||||
if (stripos($tokenData->claims()->get('scope'), 'update') === false) {
|
$scopes = $tokenData->claims()->get('scope');
|
||||||
|
if (is_string($scopes)) {
|
||||||
|
$scopes = explode(' ', $scopes);
|
||||||
|
}
|
||||||
|
if (!in_array('update', $scopes)) {
|
||||||
$micropubResponses = new MicropubResponses();
|
$micropubResponses = new MicropubResponses();
|
||||||
|
|
||||||
return $micropubResponses->insufficientScopeResponse();
|
return $micropubResponses->insufficientScopeResponse();
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,11 @@ class MicropubMediaController extends Controller
|
||||||
return $micropubResponses->tokenHasNoScopeResponse();
|
return $micropubResponses->tokenHasNoScopeResponse();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
|
$scopes = $tokenData->claims()->get('scope');
|
||||||
|
if (is_string($scopes)) {
|
||||||
|
$scopes = explode(' ', $scopes);
|
||||||
|
}
|
||||||
|
if (!in_array('create', $scopes)) {
|
||||||
$micropubResponses = new MicropubResponses();
|
$micropubResponses = new MicropubResponses();
|
||||||
|
|
||||||
return $micropubResponses->insufficientScopeResponse();
|
return $micropubResponses->insufficientScopeResponse();
|
||||||
|
|
@ -119,7 +123,11 @@ class MicropubMediaController extends Controller
|
||||||
return $micropubResponses->tokenHasNoScopeResponse();
|
return $micropubResponses->tokenHasNoScopeResponse();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
|
$scopes = $tokenData->claims()->get('scope');
|
||||||
|
if (is_string($scopes)) {
|
||||||
|
$scopes = explode(' ', $scopes);
|
||||||
|
}
|
||||||
|
if (!in_array('create', $scopes)) {
|
||||||
$micropubResponses = new MicropubResponses();
|
$micropubResponses = new MicropubResponses();
|
||||||
|
|
||||||
return $micropubResponses->insufficientScopeResponse();
|
return $micropubResponses->insufficientScopeResponse();
|
||||||
|
|
|
||||||
|
|
@ -14,8 +14,8 @@ trait TestToken
|
||||||
return $config->builder()
|
return $config->builder()
|
||||||
->issuedAt(new DateTimeImmutable())
|
->issuedAt(new DateTimeImmutable())
|
||||||
->withClaim('client_id', 'https://quill.p3k.io')
|
->withClaim('client_id', 'https://quill.p3k.io')
|
||||||
->withClaim('me', 'https://jonnybarnes.localhost')
|
->withClaim('me', 'http://jonnybarnes.localhost')
|
||||||
->withClaim('scope', 'create update')
|
->withClaim('scope', ['create', 'update'])
|
||||||
->getToken($config->signer(), $config->signingKey())
|
->getToken($config->signer(), $config->signingKey())
|
||||||
->toString();
|
->toString();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue