diogo/indieauth
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added auth request parameter validation, tests. Started work on exchange methods

Browse Source
This commit is contained in:
Barnaby Walters
2021-06-10 17:49:27 +02:00
parent 3ae570809e
commit e3c3d124bb
5 changed files with 319 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Callback/SingleUserPasswordAuthenticationCallback.php
View File

@@ -26,7 +26,7 @@ class SingleUserPasswordAuthenticationCallback {
$this->csrfKey = $csrfKey ?? \Taproot\IndieAuth\Server::DEFAULT_CSRF_KEY;
}
public function __invoke(ServerRequestInterface $request, string $formAction) {
public function __invoke(ServerRequestInterface $request, string $formAction, ?string $normalizedMeUrl) {
// If the request is a form submission with a matching password, return the corresponding
// user data.
if ($request->getMethod() == 'POST' && password_verify($request->getParsedBody()[self::PASSWORD_FORM_PARAMETER] ?? '', $this->hashedPassword)) {