Commit Graph

22 Commits

Author SHA1 Message Date
Barnaby Walters
d933a42591 Minor changes to make tests compatible with PHP 8.0 2021-06-24 13:32:24 +02:00
Barnaby Walters
d6594beebe Fixed issue preventing auth form scopes from being stored
I forgot that PHP’s POST body parsing strips the required trailing [] from
names.
2021-06-18 16:44:10 +02:00
Barnaby Walters
01a15f0b46 Made SingleUserAuth callback set a cookie
So that auth data is preserved across multiple requests.
2021-06-18 16:11:49 +02:00
Barnaby Walters
1af270b42f Implemented, tested non-PKCE flow. Fixes #1 2021-06-18 00:39:21 +02:00
Barnaby Walters
ce541c3607 Added test for missing parameters, now also validating code_challenge_method 2021-06-16 23:41:51 +02:00
Barnaby Walters
bf16d0eb55 Improved some tests, got to 95% coverage 2021-06-13 15:30:58 +02:00
Barnaby Walters
ca1819776e Tested SingleUserPasswordAuthCallback, improved ServerTest 2021-06-13 15:24:17 +02:00
Barnaby Walters
61aa7f55f9 Refactored TokenStorageInterface for an improved flow
* Now passing an auth code data validation callback to the exchange method
* Removed Token, it’s no longer necessary
* Simplified interface where possible
* All tests passing
* Updated docblocks
2021-06-13 14:34:37 +02:00
Barnaby Walters
3881139b95 Refactored Server to validate params in the correct order
* Authorization requests start by validating the client_id and redirect_id, and
  if valid, any further errors are reported by redirecting to the redirect_uri
* Exchange requests attempt to exchange an auth code immediately, ensuring that
  auth codes are revoked if the exchange request results in an error (not in the
  spec explicitly, but advised by aaronpk)
2021-06-12 22:54:08 +02:00
Barnaby Walters
a0fe1b5f80 Required cache-control headers on more responses 2021-06-12 20:08:16 +02:00
Barnaby Walters
db39fff517 Server at 100% test coverage 2021-06-10 20:46:01 +02:00
Barnaby Walters
4743922954 Implemented and tested both code exchange routes 2021-06-10 20:05:26 +02:00
Barnaby Walters
9c6ef316e1 Started implementing token exchange, tests 2021-06-10 18:25:54 +02:00
Barnaby Walters
c3b4e5ec5b Started implementing token exchange, tests 2021-06-10 18:23:21 +02:00
Barnaby Walters
9fc7299232 Added auth request parameter validation, tests. Started work on exchange methods 2021-06-10 18:18:49 +02:00
Barnaby Walters
e3c3d124bb Added auth request parameter validation, tests. Started work on exchange methods 2021-06-10 17:49:27 +02:00
Barnaby Walters
bfadaf2fb2 Updated Server and tests to work with new TokenStorageInterface 2021-06-10 14:11:58 +02:00
Barnaby Walters
c4b1409f13 Cleaned up some unused use statements, added code coverage script. 79% covered already 2021-06-09 00:21:33 +02:00
Barnaby Walters
6d5e93b07c Refactored Exception Handling, mostly tested authorization request handler
* Internal error conditions now raise IndieAuthException
* Bubbled unknown exceptions converted to generic IndieAuthException
* Exceptions passed to overridable handler, turned into response
* Wrote many more tests, fixed a variety of problems
2021-06-09 00:06:35 +02:00
Barnaby Walters
61bc3d7418 Wrote some more Server tests 2021-06-08 00:58:19 +02:00
Barnaby Walters
b2c4f8eee5 Created default authorization and authentication callbacks
* Created corresponding templates
* Changed how Server configuration works
* Ensured that rauthorization approval requests verify their indieauth parameters
* Wrote first passing test for Server, fixed a variety of small errors along the way
2021-06-07 20:32:02 +02:00
Barnaby Walters
ddcaf4b64d Started writing tests
* Tested the more important functions
* Tested the Double-Submit CSRF Middleware
2021-06-06 17:03:13 +02:00