From baee7ade4f5622fae7023cda64c0842c03e9611e Mon Sep 17 00:00:00 2001 From: Jonny Barnes Date: Sat, 13 Jul 2024 14:52:57 +0100 Subject: [PATCH 1/2] Improve scope checking Whether the scopes are defined as a space separated string, or an array, we should now be checking them without any errors. --- app/Http/Controllers/MicropubController.php | 20 ++++++++++++++++--- .../Controllers/MicropubMediaController.php | 12 +++++++++-- tests/TestToken.php | 4 ++-- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/app/Http/Controllers/MicropubController.php b/app/Http/Controllers/MicropubController.php index 629cb4e6..837c0953 100644 --- a/app/Http/Controllers/MicropubController.php +++ b/app/Http/Controllers/MicropubController.php @@ -13,6 +13,7 @@ use App\Services\Micropub\UpdateService; use App\Services\TokenService; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; +use illuminate\Support\Arr; use Lcobucci\JWT\Encoding\CannotDecodeContent; use Lcobucci\JWT\Token\InvalidTokenStructure; use Lcobucci\JWT\Validation\RequiredConstraintsViolated; @@ -67,7 +68,12 @@ class MicropubController extends Controller $this->logMicropubRequest($request->all()); if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) { - if (stripos($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + + if (!in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -81,7 +87,11 @@ class MicropubController extends Controller } if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') { - if (stripos($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (!in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -95,7 +105,11 @@ class MicropubController extends Controller } if ($request->input('action') === 'update') { - if (stripos($tokenData->claims()->get('scope'), 'update') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (!in_array('update', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); diff --git a/app/Http/Controllers/MicropubMediaController.php b/app/Http/Controllers/MicropubMediaController.php index b3cdd3e2..4f66398f 100644 --- a/app/Http/Controllers/MicropubMediaController.php +++ b/app/Http/Controllers/MicropubMediaController.php @@ -51,7 +51,11 @@ class MicropubMediaController extends Controller return $micropubResponses->tokenHasNoScopeResponse(); } - if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (!in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -119,7 +123,11 @@ class MicropubMediaController extends Controller return $micropubResponses->tokenHasNoScopeResponse(); } - if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (!in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); diff --git a/tests/TestToken.php b/tests/TestToken.php index 5b54d497..397967dc 100644 --- a/tests/TestToken.php +++ b/tests/TestToken.php @@ -14,8 +14,8 @@ trait TestToken return $config->builder() ->issuedAt(new DateTimeImmutable()) ->withClaim('client_id', 'https://quill.p3k.io') - ->withClaim('me', 'https://jonnybarnes.localhost') - ->withClaim('scope', 'create update') + ->withClaim('me', 'http://jonnybarnes.localhost') + ->withClaim('scope', ['create', 'update']) ->getToken($config->signer(), $config->signingKey()) ->toString(); } From bcf61bb6a0b5fab63860bf0f736ae97aa7b900bb Mon Sep 17 00:00:00 2001 From: Jonny Barnes Date: Sat, 13 Jul 2024 14:58:11 +0100 Subject: [PATCH 2/2] Fis Laravel Pint issues --- app/Http/Controllers/MicropubController.php | 7 +++---- app/Http/Controllers/MicropubMediaController.php | 5 ++--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/app/Http/Controllers/MicropubController.php b/app/Http/Controllers/MicropubController.php index 837c0953..8a395ee0 100644 --- a/app/Http/Controllers/MicropubController.php +++ b/app/Http/Controllers/MicropubController.php @@ -13,7 +13,6 @@ use App\Services\Micropub\UpdateService; use App\Services\TokenService; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; -use illuminate\Support\Arr; use Lcobucci\JWT\Encoding\CannotDecodeContent; use Lcobucci\JWT\Token\InvalidTokenStructure; use Lcobucci\JWT\Validation\RequiredConstraintsViolated; @@ -73,7 +72,7 @@ class MicropubController extends Controller $scopes = explode(' ', $scopes); } - if (!in_array('create', $scopes)) { + if (! in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -91,7 +90,7 @@ class MicropubController extends Controller if (is_string($scopes)) { $scopes = explode(' ', $scopes); } - if (!in_array('create', $scopes)) { + if (! in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -109,7 +108,7 @@ class MicropubController extends Controller if (is_string($scopes)) { $scopes = explode(' ', $scopes); } - if (!in_array('update', $scopes)) { + if (! in_array('update', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); diff --git a/app/Http/Controllers/MicropubMediaController.php b/app/Http/Controllers/MicropubMediaController.php index 4f66398f..e07e979f 100644 --- a/app/Http/Controllers/MicropubMediaController.php +++ b/app/Http/Controllers/MicropubMediaController.php @@ -17,7 +17,6 @@ use Illuminate\Http\Response; use Illuminate\Http\UploadedFile; use Illuminate\Support\Carbon; use Illuminate\Support\Facades\Storage; -use Illuminate\Support\Str; use Intervention\Image\ImageManager; use Lcobucci\JWT\Token\InvalidTokenStructure; use Lcobucci\JWT\Validation\RequiredConstraintsViolated; @@ -55,7 +54,7 @@ class MicropubMediaController extends Controller if (is_string($scopes)) { $scopes = explode(' ', $scopes); } - if (!in_array('create', $scopes)) { + if (! in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -127,7 +126,7 @@ class MicropubMediaController extends Controller if (is_string($scopes)) { $scopes = explode(' ', $scopes); } - if (!in_array('create', $scopes)) { + if (! in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse();