diogo/indieauth
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Made SingleUserAuth callback set a cookie

Browse Source 
So that auth data is preserved across multiple requests.
This commit is contained in:
Barnaby Walters 2021-06-18 16:11:49 +02:00
parent a2d8223650
commit 01a15f0b46
24 changed files with 892 additions and 780 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/coverage/Callback/AuthorizationFormInterface.php.html
View File

@ -163,7 +163,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

2
docs/coverage/Callback/DefaultAuthorizationForm.php.html
View File

@ -305,7 +305,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

221
docs/coverage/Callback/SingleUserPasswordAuthenticationCallback.php.html
View File

File diff suppressed because one or more lines are too long

6
docs/coverage/Callback/dashboard.html
View File

@ -136,7 +136,7 @@
<footer>
<hr/>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
</footer>
</div>
@ -223,7 +223,7 @@ $(document).ready(function() {
chart.yAxis.axisLabel('Cyclomatic Complexity');
d3.select('#classComplexity svg')
.datum(getComplexityData([[100,6,"<a href=\"DefaultAuthorizationForm.php.html#35\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm<\/a>"],[100,6,"<a href=\"SingleUserPasswordAuthenticationCallback.php.html#45\">Taproot\\IndieAuth\\Callback\\SingleUserPasswordAuthenticationCallback<\/a>"]], 'Class Complexity'))
.datum(getComplexityData([[100,6,"<a href=\"DefaultAuthorizationForm.php.html#35\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm<\/a>"],[100,9,"<a href=\"SingleUserPasswordAuthenticationCallback.php.html#46\">Taproot\\IndieAuth\\Callback\\SingleUserPasswordAuthenticationCallback<\/a>"]], 'Class Complexity'))
.transition()
.duration(500)
.call(chart);
@ -247,7 +247,7 @@ $(document).ready(function() {
chart.yAxis.axisLabel('Method Complexity');
d3.select('#methodComplexity svg')
.datum(getComplexityData([[100,1,"<a href=\"DefaultAuthorizationForm.php.html#49\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm::__construct<\/a>"],[100,3,"<a href=\"DefaultAuthorizationForm.php.html#55\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm::showForm<\/a>"],[100,1,"<a href=\"DefaultAuthorizationForm.php.html#88\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm::transformAuthorizationCode<\/a>"],[100,1,"<a href=\"DefaultAuthorizationForm.php.html#102\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm::setLogger<\/a>"],[100,3,"<a href=\"SingleUserPasswordAuthenticationCallback.php.html#61\">Taproot\\IndieAuth\\Callback\\SingleUserPasswordAuthenticationCallback::__construct<\/a>"],[100,3,"<a href=\"SingleUserPasswordAuthenticationCallback.php.html#75\">Taproot\\IndieAuth\\Callback\\SingleUserPasswordAuthenticationCallback::__invoke<\/a>"]], 'Method Complexity'))
.datum(getComplexityData([[100,1,"<a href=\"DefaultAuthorizationForm.php.html#49\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm::__construct<\/a>"],[100,3,"<a href=\"DefaultAuthorizationForm.php.html#55\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm::showForm<\/a>"],[100,1,"<a href=\"DefaultAuthorizationForm.php.html#88\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm::transformAuthorizationCode<\/a>"],[100,1,"<a href=\"DefaultAuthorizationForm.php.html#102\">Taproot\\IndieAuth\\Callback\\DefaultAuthorizationForm::setLogger<\/a>"],[100,4,"<a href=\"SingleUserPasswordAuthenticationCallback.php.html#68\">Taproot\\IndieAuth\\Callback\\SingleUserPasswordAuthenticationCallback::__construct<\/a>"],[100,5,"<a href=\"SingleUserPasswordAuthenticationCallback.php.html#89\">Taproot\\IndieAuth\\Callback\\SingleUserPasswordAuthenticationCallback::__invoke<\/a>"]], 'Method Complexity'))
.transition()
.duration(500)
.call(chart);

6
docs/coverage/Callback/index.html
View File

@ -51,7 +51,7 @@
</div>
</td>
<td class="success small"><div align="right">100.00%</div></td>
<td class="success small"><div align="right">41&nbsp;/&nbsp;41</div></td>
<td class="success small"><div align="right">55&nbsp;/&nbsp;55</div></td>
<td class="success big"> <div class="progress">
<div class="progress-bar bg-success" role="progressbar" aria-valuenow="100.00" aria-valuemin="0" aria-valuemax="100" style="width: 100.00%">
<span class="sr-only">100.00% covered (success)</span>
@ -120,7 +120,7 @@
</div>
</td>
<td class="success small"><div align="right">100.00%</div></td>
<td class="success small"><div align="right">15&nbsp;/&nbsp;15</div></td>
<td class="success small"><div align="right">29&nbsp;/&nbsp;29</div></td>
<td class="success big"> <div class="progress">
<div class="progress-bar bg-success" role="progressbar" aria-valuenow="100.00" aria-valuemin="0" aria-valuemax="100" style="width: 100.00%">
<span class="sr-only">100.00% covered (success)</span>
@ -152,7 +152,7 @@
<span class="success"><strong>High</strong>: 90% to 100%</span>
</p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
</footer>
</div>

2
docs/coverage/IndieAuthException.php.html
View File

@ -326,7 +326,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

2
docs/coverage/Middleware/ClosureRequestHandler.php.html
View File

@ -180,7 +180,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

2
docs/coverage/Middleware/DoubleSubmitCookieCsrfMiddleware.php.html
View File

@ -324,7 +324,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

2
docs/coverage/Middleware/NoOpMiddleware.php.html
View File

@ -157,7 +157,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

2
docs/coverage/Middleware/ResponseRequestHandler.php.html
View File

@ -177,7 +177,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

2
docs/coverage/Middleware/dashboard.html
View File

@ -138,7 +138,7 @@
<footer>
<hr/>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
</footer>
</div>

2
docs/coverage/Middleware/index.html
View File

@ -195,7 +195,7 @@
<span class="success"><strong>High</strong>: 90% to 100%</span>
</p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
</footer>
</div>

1300
docs/coverage/Server.php.html
View File

File diff suppressed because one or more lines are too long

2
docs/coverage/Storage/FilesystemJsonStorage.php.html
View File

@ -663,7 +663,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

2
docs/coverage/Storage/Sqlite3Storage.php.html
View File

@ -79,7 +79,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

2
docs/coverage/Storage/TokenStorageInterface.php.html
View File

@ -235,7 +235,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

2
docs/coverage/Storage/dashboard.html
View File

@ -142,7 +142,7 @@
<footer>
<hr/>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
</footer>
</div>

2
docs/coverage/Storage/index.html
View File

@ -137,7 +137,7 @@
<span class="success"><strong>High</strong>: 90% to 100%</span>
</p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
</footer>
</div>

6
docs/coverage/dashboard.html
View File

File diff suppressed because one or more lines are too long

2
docs/coverage/functions.php.html
View File

@ -687,7 +687,7 @@
<h4>Legend</h4>
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
<a title="Back to the top" id="toplink" href="#">
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>

12
docs/coverage/index.html
View File

@ -44,13 +44,13 @@
<tr>
<td class="success">Total</td>
<td class="success big"> <div class="progress">
<div class="progress-bar bg-success" role="progressbar" aria-valuenow="95.48" aria-valuemin="0" aria-valuemax="100" style="width: 95.48%">
<span class="sr-only">95.48% covered (success)</span>
<div class="progress-bar bg-success" role="progressbar" aria-valuenow="95.59" aria-valuemin="0" aria-valuemax="100" style="width: 95.59%">
<span class="sr-only">95.59% covered (success)</span>
</div>
</div>
</td>
<td class="success small"><div align="right">95.48%</div></td>
<td class="success small"><div align="right">528&nbsp;/&nbsp;553</div></td>
<td class="success small"><div align="right">95.59%</div></td>
<td class="success small"><div align="right">542&nbsp;/&nbsp;567</div></td>
<td class="warning big"> <div class="progress">
<div class="progress-bar bg-warning" role="progressbar" aria-valuenow="75.44" aria-valuemin="0" aria-valuemax="100" style="width: 75.44%">
<span class="sr-only">75.44% covered (warning)</span>
@ -78,7 +78,7 @@
</div>
</td>
<td class="success small"><div align="right">100.00%</div></td>
<td class="success small"><div align="right">41&nbsp;/&nbsp;41</div></td>
<td class="success small"><div align="right">55&nbsp;/&nbsp;55</div></td>
<td class="success big"> <div class="progress">
<div class="progress-bar bg-success" role="progressbar" aria-valuenow="100.00" aria-valuemin="0" aria-valuemax="100" style="width: 100.00%">
<span class="sr-only">100.00% covered (success)</span>
@ -245,7 +245,7 @@
<span class="success"><strong>High</strong>: 90% to 100%</span>
</p>
<p>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Thu Jun 17 22:38:11 UTC 2021.</small>
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Fri Jun 18 14:09:49 UTC 2021.</small>
</p>
</footer>
</div>

42
src/Callback/SingleUserPasswordAuthenticationCallback.php
View File

@ -3,6 +3,7 @@
namespace Taproot\IndieAuth\Callback;
use BadMethodCallException;
use Dflydev\FigCookies;
use Nyholm\Psr7\Response;
use Psr\Http\Message\ServerRequestInterface;
@ -33,6 +34,7 @@ use function Taproot\IndieAuth\renderTemplate;
* $server = new IndieAuth\Server([
*
* 'authenticationHandler' => new IndieAuth\Callback\SingleUserPasswordAuthenticationCallback(
* YOUR_SECRET,
* ['me' => 'https://me.example.com/'],
* YOUR_HASHED_PASSWORD
* )
@ -44,21 +46,34 @@ use function Taproot\IndieAuth\renderTemplate;
*/
class SingleUserPasswordAuthenticationCallback {
const PASSWORD_FORM_PARAMETER = 'taproot_indieauth_server_password';
const LOGIN_HASH_COOKIE = 'taproot_indieauth_server_supauth_hash';
const DEFAULT_COOKIE_TTL = 60 * 5;
public string $csrfKey;
public string $formTemplate;
protected array $user;
protected string $hashedPassword;
protected string $secret;
protected int $ttl;
/**
* Constructor
*
* @param string $secret A secret key used to encrypt cookies. Can be the same as the secret passed to IndieAuth\Server.
* @param array $user An array representing the user, which will be returned on a successful authentication. MUST include a 'me' key, may also contain a 'profile' key, or other keys at your discretion.
* @param string $hashedPassword The password used to authenticate as $user, hashed by `password_hash($pass, PASSWORD_DEFAULT)`
* @param string|null $formTemplate The path to a template used to render the sign-in form. Uses default if null.
* @param string|null $csrfKey The key under which to fetch a CSRF token from `$request` attributes, and as the CSRF token name in submitted form data. Defaults to the Server default, only change if youre using a custom CSRF middleware.
* @param int|null $ttl The lifetime of the authentication cookie, in seconds. Defaults to five minutes.
*/
public function __construct(array $user, string $hashedPassword, ?string $formTemplate=null, ?string $csrfKey=null) {
public function __construct(string $secret, array $user, string $hashedPassword, ?string $formTemplate=null, ?string $csrfKey=null, ?int $ttl=null) {
if (strlen($secret) < 64) {
throw new BadMethodCallException("\$secret must be a string with a minimum length of 64 characters.");
}
$this->secret = $secret;
$this->ttl = $ttl ?? self::DEFAULT_COOKIE_TTL;
if (!isset($user['me'])) {
throw new BadMethodCallException('The $user array MUST contain a “me” key, the value which must be the users canonical URL as a string.');
}
@ -73,12 +88,31 @@ class SingleUserPasswordAuthenticationCallback {
}
public function __invoke(ServerRequestInterface $request, string $formAction, ?string $normalizedMeUrl=null) {
// If the request is a form submission with a matching password, return the corresponding
// user data.
if ($request->getMethod() == 'POST' && password_verify($request->getParsedBody()[self::PASSWORD_FORM_PARAMETER] ?? '', $this->hashedPassword)) {
// If the request is logged in, return authentication data.
$cookies = $request->getCookieParams();
if (
isset($cookies[self::LOGIN_HASH_COOKIE])
&& hash_equals(hash_hmac('SHA256', json_encode($this->user), $this->secret), $cookies[self::LOGIN_HASH_COOKIE])
) {
return $this->user;
}
// If the request is a form submission with a matching password, return a redirect to the indieauth
// flow, setting a cookie.
if ($request->getMethod() == 'POST' && password_verify($request->getParsedBody()[self::PASSWORD_FORM_PARAMETER] ?? '', $this->hashedPassword)) {
$response = new Response(302, ['Location' => $formAction]);
// Set the user data hash cookie.
$response = FigCookies\FigResponseCookies::set($response, FigCookies\SetCookie::create(self::LOGIN_HASH_COOKIE)
->withValue(hash_hmac('SHA256', json_encode($this->user), $this->secret))
->withMaxAge($this->ttl)
->withSecure($request->getUri()->getScheme() == 'https')
->withDomain($request->getUri()->getHost())
);
return $response;
}
// Otherwise, return a response containing the password form.
return new Response(200, ['content-type' => 'text/html'], renderTemplate($this->formTemplate, [
'formAction' => $formAction,

2
tests/ServerTest.php
View File

@ -44,7 +44,7 @@ class ServerTest extends TestCase {
// With this template, IndieAuthException response bodies will contain only their IndieAuthException error code, for ease of comparison.
'exceptionTemplatePath' => CODE_EXCEPTION_TEMPLATE_PATH,
// Default to a simple single-user password authentication handler.
Server::HANDLE_AUTHENTICATION_REQUEST => new SingleUserPasswordAuthenticationCallback(['me' => 'https://example.com/'], password_hash('password', PASSWORD_DEFAULT), Server::DEFAULT_CSRF_KEY),
Server::HANDLE_AUTHENTICATION_REQUEST => new SingleUserPasswordAuthenticationCallback(SERVER_SECRET, ['me' => 'https://example.com/'], password_hash('password', PASSWORD_DEFAULT), Server::DEFAULT_CSRF_KEY),
'authorizationForm' => new DefaultAuthorizationForm(AUTHORIZATION_FORM_JSON_RESPONSE_TEMPLATE_PATH),
], $config));
}

47
tests/SingleUserPasswordAuthenticationCallbackTest.php
View File

@ -3,6 +3,7 @@
namespace Taproot\IndieAuth\Test;
use BadMethodCallException;
use Dflydev\FigCookies;
use Exception;
use Nyholm\Psr7;
use Nyholm\Psr7\ServerRequest;
@ -13,7 +14,7 @@ use Taproot\IndieAuth\Server;
class SingleUserPasswordAuthenticationCallbackTest extends TestCase {
public function testThrowsExceptionIfUserDataHasNoMeKey() {
try {
$c = new SingleUserPasswordAuthenticationCallback([
$c = new SingleUserPasswordAuthenticationCallback(SERVER_SECRET, [
'not_me' => 'blah'
], password_hash('password', PASSWORD_DEFAULT));
$this->fail();
@ -22,9 +23,20 @@ class SingleUserPasswordAuthenticationCallbackTest extends TestCase {
}
}
public function testThrowsExceptionIfSecretIsTooShort() {
try {
$c = new SingleUserPasswordAuthenticationCallback('not long enough', [
'me' => 'blah'
], password_hash('password', PASSWORD_DEFAULT));
$this->fail();
} catch (BadMethodCallException $e) {
$this->assertEquals('$secret must be a string with a minimum length of 64 characters.', $e->getMessage());
}
}
public function testThrowsExceptionIfHashedPasswordIsInvalid() {
try {
$c = new SingleUserPasswordAuthenticationCallback([
$c = new SingleUserPasswordAuthenticationCallback(SERVER_SECRET, [
'me' => 'https://me.example.com/'
], 'definitely not a hashed password');
$this->fail();
@ -34,7 +46,7 @@ class SingleUserPasswordAuthenticationCallbackTest extends TestCase {
}
public function testShowsAuthenticationFormOnUnauthenticatedRequest() {
$callback = new SingleUserPasswordAuthenticationCallback([
$callback = new SingleUserPasswordAuthenticationCallback(SERVER_SECRET, [
'me' => 'https://me.example.com/'
], password_hash('password', PASSWORD_DEFAULT));
@ -48,7 +60,7 @@ class SingleUserPasswordAuthenticationCallbackTest extends TestCase {
$this->assertStringContainsString($formAction, (string) $res->getBody());
}
public function testReturnsUserDataOnAuthenticatedRequest() {
public function testReturnsCookieRedirectOnAuthenticatedRequest() {
$userData = [
'me' => 'https://me.example.com',
'profile' => ['name' => 'Me']
@ -56,7 +68,7 @@ class SingleUserPasswordAuthenticationCallbackTest extends TestCase {
$password = 'my very secure password';
$callback = new SingleUserPasswordAuthenticationCallback($userData, password_hash($password, PASSWORD_DEFAULT));
$callback = new SingleUserPasswordAuthenticationCallback(SERVER_SECRET, $userData, password_hash($password, PASSWORD_DEFAULT));
$req = (new ServerRequest('POST', 'https://example.com/login'))
->withAttribute(Server::DEFAULT_CSRF_KEY, 'csrf token')
@ -66,6 +78,31 @@ class SingleUserPasswordAuthenticationCallbackTest extends TestCase {
$res = $callback($req, 'form_action');
$this->assertEquals(302, $res->getStatusCode());
$this->assertEquals('form_action', $res->getHeaderLine('location'));
$resCookies = FigCookies\SetCookies::fromResponse($res);
$hashCookie = $resCookies->get(SingleUserPasswordAuthenticationCallback::LOGIN_HASH_COOKIE);
$this->assertEquals(hash_hmac('SHA256', json_encode($userData), SERVER_SECRET), $hashCookie->getValue());
}
public function testReturnsUserDataOnResponseWithValidHashCookie() {
$userData = [
'me' => 'https://me.example.com',
'profile' => ['name' => 'Me']
];
$password = 'my very secure password';
$callback = new SingleUserPasswordAuthenticationCallback(SERVER_SECRET, $userData, password_hash($password, PASSWORD_DEFAULT));
$req = (new ServerRequest('POST', 'https://example.com/login'))
->withAttribute(Server::DEFAULT_CSRF_KEY, 'csrf token')
->withCookieParams([
SingleUserPasswordAuthenticationCallback::LOGIN_HASH_COOKIE => hash_hmac('SHA256', json_encode($userData), SERVER_SECRET)
]);
$res = $callback($req, 'form_action');
$this->assertEquals($userData, $res);
}
}