Commit Graph

46 Commits

Author SHA1 Message Date
Barnaby Walters
ca1819776e Tested SingleUserPasswordAuthCallback, improved ServerTest 2021-06-13 15:24:17 +02:00
Barnaby Walters
74a5797c30 Added pseudocode example 2021-06-13 14:40:53 +02:00
Barnaby Walters
61aa7f55f9 Refactored TokenStorageInterface for an improved flow
* Now passing an auth code data validation callback to the exchange method
* Removed Token, it’s no longer necessary
* Simplified interface where possible
* All tests passing
* Updated docblocks
2021-06-13 14:34:37 +02:00
Barnaby Walters
645ab833c5 Fixed reference: 2021-06-13 12:49:23 +02:00
Barnaby Walters
b53d5fc1da Syntax-highlighted doc examples 2021-06-13 00:30:44 +02:00
Barnaby Walters
d0fa39472a ditto in README 2021-06-13 00:19:41 +02:00
Barnaby Walters
7f1cb9e8b2 Improved naming of authentication callback config key 2021-06-13 00:19:16 +02:00
Barnaby Walters
62d02dacc0 Added a bunch of extra documentation 2021-06-13 00:01:32 +02:00
Barnaby Walters
9234ad64bd parens 2021-06-12 23:27:46 +02:00
Barnaby Walters
efaa4b0cdf Added link to handleauthendpointrequest 2021-06-12 23:27:20 +02:00
Barnaby Walters
842d83af8e Made docs link more specific, added helpful links 2021-06-12 23:23:48 +02:00
Barnaby Walters
96e30c8dd1 Linked to GH pages documentation 2021-06-12 23:17:02 +02:00
Barnaby Walters
1a33705de5 Regenerated docs 2021-06-12 23:11:33 +02:00
Barnaby Walters
be44ce6330 Clarified implied provenance of example secret 2021-06-12 23:11:17 +02:00
Barnaby Walters
2f47415332 Clarified implied provenance of example secret 2021-06-12 23:11:05 +02:00
Barnaby Walters
f28471df25 Cleaned up usage examples 2021-06-12 23:10:20 +02:00
Barnaby Walters
128da7f53e Stubbed README with usage example from Server docblock 2021-06-12 23:06:55 +02:00
Barnaby Walters
02a2773c60 Added phpdoc config, generated documentation 2021-06-12 23:04:51 +02:00
Barnaby Walters
3881139b95 Refactored Server to validate params in the correct order
* Authorization requests start by validating the client_id and redirect_id, and
  if valid, any further errors are reported by redirecting to the redirect_uri
* Exchange requests attempt to exchange an auth code immediately, ensuring that
  auth codes are revoked if the exchange request results in an error (not in the
  spec explicitly, but advised by aaronpk)
2021-06-12 22:54:08 +02:00
Barnaby Walters
a0fe1b5f80 Required cache-control headers on more responses 2021-06-12 20:08:16 +02:00
Barnaby Walters
f66473cc53 Started documenting the DSC-CSRF middleware 2021-06-11 01:52:09 +02:00
Barnaby Walters
c0abe846cd Doc clarifications 2021-06-11 01:33:36 +02:00
Barnaby Walters
196d8a887f Documented Server, both important Interfaces 2021-06-11 01:21:39 +02:00
Barnaby Walters
db39fff517 Server at 100% test coverage 2021-06-10 20:46:01 +02:00
Barnaby Walters
4743922954 Implemented and tested both code exchange routes 2021-06-10 20:05:26 +02:00
Barnaby Walters
9c6ef316e1 Started implementing token exchange, tests 2021-06-10 18:25:54 +02:00
Barnaby Walters
c3b4e5ec5b Started implementing token exchange, tests 2021-06-10 18:23:21 +02:00
Barnaby Walters
9fc7299232 Added auth request parameter validation, tests. Started work on exchange methods 2021-06-10 18:18:49 +02:00
Barnaby Walters
e3c3d124bb Added auth request parameter validation, tests. Started work on exchange methods 2021-06-10 17:49:27 +02:00
Barnaby Walters
3ae570809e Added some validation and utility functions, with tests 2021-06-10 15:37:07 +02:00
Barnaby Walters
bfadaf2fb2 Updated Server and tests to work with new TokenStorageInterface 2021-06-10 14:11:58 +02:00
Barnaby Walters
ec27c48946 Reworked TokenStorageInterface, changed JsonStorage
* TokenStorageInterface is now responsible for accessing both auth codes
  and access tokens
* TokenStorageInterface now only defines the methods strictly required
  for IndieAuth to work
* TokenStorageInterface now responsible for generating the auth code,
  making self-encoded codes possible.
* TokenStorageInterface now responsible for token lifetimes, expiry,
  and exchange
* JsonStorage implements new methods, all disk access is wrapped with
  lock acquisition

Tests not yet updated!
2021-06-09 23:46:33 +02:00
Barnaby Walters
ed5f43a5e4 Started reworking TokenStorage 2021-06-09 21:56:16 +02:00
Barnaby Walters
c106e1568c Removed some unused use statements, un-required psr/http-client 2021-06-09 01:14:23 +02:00
Barnaby Walters
c8979a4857 Excluded templates from test coverage, now up to 89% 2021-06-09 00:26:27 +02:00
Barnaby Walters
c4b1409f13 Cleaned up some unused use statements, added code coverage script. 79% covered already 2021-06-09 00:21:33 +02:00
Barnaby Walters
6d5e93b07c Refactored Exception Handling, mostly tested authorization request handler
* Internal error conditions now raise IndieAuthException
* Bubbled unknown exceptions converted to generic IndieAuthException
* Exceptions passed to overridable handler, turned into response
* Wrote many more tests, fixed a variety of problems
2021-06-09 00:06:35 +02:00
Barnaby Walters
61bc3d7418 Wrote some more Server tests 2021-06-08 00:58:19 +02:00
Barnaby Walters
b2c4f8eee5 Created default authorization and authentication callbacks
* Created corresponding templates
* Changed how Server configuration works
* Ensured that rauthorization approval requests verify their indieauth parameters
* Wrote first passing test for Server, fixed a variety of small errors along the way
2021-06-07 20:32:02 +02:00
Barnaby Walters
4d3a025296 Expanded default authorization view callback, default form template 2021-06-07 01:39:33 +02:00
Barnaby Walters
7442da1ae9 Started putting default templates together 2021-06-06 17:47:06 +02:00
Barnaby Walters
825ec1c0e5 Tested FilesystemJsonStorage 2021-06-06 17:21:33 +02:00
Barnaby Walters
ddcaf4b64d Started writing tests
* Tested the more important functions
* Tested the Double-Submit CSRF Middleware
2021-06-06 17:03:13 +02:00
Barnaby Walters
b111c619d4 Restructured src to use PSR-4 autoloading, moved many functions to functions.php 2021-06-06 15:13:13 +02:00
Barnaby Walters
1b2bd1f513 Finished first draft of the authorization endpoint implementation
Made some minor tweaks and improvements to the utility classes
Required some new dependencies
Server::__construct now takes a single config array as the list of
parameters was getting rather long.
2021-06-06 14:47:05 +02:00
Barnaby Walters
8ab57bee25 Initial commit
Sketched out first draft of how the library should work, stubbed
a lot of the smaller utility classes required, and outlined the
main handler functions for the IA Server.
2021-06-06 01:18:44 +02:00