jonny/jonnybarnes.uk
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases 5 Packages Wiki Activity Actions

Merge pull request #1473 from jonnybarnes/1455-scope-verification-is-failing-for-micropub-requests

Browse source 
Improve scope checking
This commit is contained in:
Jonny Barnes 2024-07-13 15:01:54 +01:00 committed by GitHub
commit d6a0b1dcf6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 28 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
app/Http/Controllers/MicropubController.php
View file

@ -67,7 +67,12 @@ class MicropubController extends Controller
$this->logMicropubRequest($request->all()); $this->logMicropubRequest($request->all());
if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) { if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) {
if (stripos($tokenData->claims()->get('scope'), 'create') === false) { $scopes = $tokenData->claims()->get('scope');
if (is_string($scopes)) {
$scopes = explode(' ', $scopes);
}
if (! in_array('create', $scopes)) {
$micropubResponses = new MicropubResponses(); $micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse(); return $micropubResponses->insufficientScopeResponse();
@ -81,7 +86,11 @@ class MicropubController extends Controller
} }
if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') { if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') {
if (stripos($tokenData->claims()->get('scope'), 'create') === false) { $scopes = $tokenData->claims()->get('scope');
if (is_string($scopes)) {
$scopes = explode(' ', $scopes);
}
if (! in_array('create', $scopes)) {
$micropubResponses = new MicropubResponses(); $micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse(); return $micropubResponses->insufficientScopeResponse();
@ -95,7 +104,11 @@ class MicropubController extends Controller
} }
if ($request->input('action') === 'update') { if ($request->input('action') === 'update') {
if (stripos($tokenData->claims()->get('scope'), 'update') === false) { $scopes = $tokenData->claims()->get('scope');
if (is_string($scopes)) {
$scopes = explode(' ', $scopes);
}
if (! in_array('update', $scopes)) {
$micropubResponses = new MicropubResponses(); $micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse(); return $micropubResponses->insufficientScopeResponse();

13
app/Http/Controllers/MicropubMediaController.php
View file

@ -17,7 +17,6 @@ use Illuminate\Http\Response;
use Illuminate\Http\UploadedFile; use Illuminate\Http\UploadedFile;
use Illuminate\Support\Carbon; use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Storage; use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Str;
use Intervention\Image\ImageManager; use Intervention\Image\ImageManager;
use Lcobucci\JWT\Token\InvalidTokenStructure; use Lcobucci\JWT\Token\InvalidTokenStructure;
use Lcobucci\JWT\Validation\RequiredConstraintsViolated; use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
@ -51,7 +50,11 @@ class MicropubMediaController extends Controller
return $micropubResponses->tokenHasNoScopeResponse(); return $micropubResponses->tokenHasNoScopeResponse();
} }
if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) { $scopes = $tokenData->claims()->get('scope');
if (is_string($scopes)) {
$scopes = explode(' ', $scopes);
}
if (! in_array('create', $scopes)) {
$micropubResponses = new MicropubResponses(); $micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse(); return $micropubResponses->insufficientScopeResponse();
@ -119,7 +122,11 @@ class MicropubMediaController extends Controller
return $micropubResponses->tokenHasNoScopeResponse(); return $micropubResponses->tokenHasNoScopeResponse();
} }
if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) { $scopes = $tokenData->claims()->get('scope');
if (is_string($scopes)) {
$scopes = explode(' ', $scopes);
}
if (! in_array('create', $scopes)) {
$micropubResponses = new MicropubResponses(); $micropubResponses = new MicropubResponses();
return $micropubResponses->insufficientScopeResponse(); return $micropubResponses->insufficientScopeResponse();

4
tests/TestToken.php
View file

@ -14,8 +14,8 @@ trait TestToken
return $config->builder() return $config->builder()
->issuedAt(new DateTimeImmutable()) ->issuedAt(new DateTimeImmutable())
->withClaim('client_id', 'https://quill.p3k.io') ->withClaim('client_id', 'https://quill.p3k.io')
->withClaim('me', 'https://jonnybarnes.localhost') ->withClaim('me', 'http://jonnybarnes.localhost')
->withClaim('scope', 'create update') ->withClaim('scope', ['create', 'update'])
->getToken($config->signer(), $config->signingKey()) ->getToken($config->signer(), $config->signingKey())
->toString(); ->toString();
} }