Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
Total | |
0.00% |
0 / 1 |
|
50.00% |
3 / 6 |
CRAP | |
66.67% |
8 / 12 |
IndieAuthException | |
0.00% |
0 / 1 |
|
50.00% |
3 / 6 |
10.37 | |
66.67% |
8 / 12 |
create | |
0.00% |
0 / 1 |
2.02 | |
83.33% |
5 / 6 |
|||
getStatusCode | |
100.00% |
1 / 1 |
1 | |
100.00% |
1 / 1 |
|||
getExplanation | |
0.00% |
0 / 1 |
2 | |
0.00% |
0 / 1 |
|||
getInfo | |
100.00% |
1 / 1 |
1 | |
100.00% |
1 / 1 |
|||
trustQueryParams | |
0.00% |
0 / 1 |
6 | |
0.00% |
0 / 2 |
|||
getRequest | |
100.00% |
1 / 1 |
1 | |
100.00% |
1 / 1 |
1 | <?php declare(strict_types=1); |
2 | |
3 | namespace Taproot\IndieAuth; |
4 | |
5 | use Exception; |
6 | use Psr\Http\Message\ServerRequestInterface; |
7 | use Throwable; |
8 | |
9 | class IndieAuthException extends Exception { |
10 | const INTERNAL_ERROR = 0; |
11 | const INTERNAL_ERROR_REDIRECT = 1; |
12 | const AUTHENTICATION_CALLBACK_MISSING_ME_PARAM = 2; |
13 | const AUTHORIZATION_APPROVAL_REQUEST_MISSING_HASH = 3; |
14 | const AUTHORIZATION_APPROVAL_REQUEST_INVALID_HASH = 4; |
15 | const HTTP_EXCEPTION_FETCHING_CLIENT_ID = 5; |
16 | const INTERNAL_EXCEPTION_FETCHING_CLIENT_ID = 6; |
17 | const INVALID_REDIRECT_URI = 7; |
18 | const INVALID_CLIENT_ID = 8; |
19 | const INVALID_STATE = 9; |
20 | const INVALID_CODE_CHALLENGE = 10; |
21 | const INVALID_SCOPE = 11; |
22 | const INVALID_GRANT = 12; |
23 | const INVALID_REQUEST = 13; |
24 | const INVALID_REQUEST_REDIRECT = 14; |
25 | |
26 | const EXC_INFO = [ |
27 | self::INTERNAL_ERROR => ['statusCode' => 500, 'name' => 'Internal Server Error', 'explanation' => 'An internal server error occurred.'], |
28 | self::INTERNAL_ERROR_REDIRECT => ['statusCode' => 302, 'name' => 'Internal Server Error', 'error' => 'internal_error'], |
29 | self::AUTHENTICATION_CALLBACK_MISSING_ME_PARAM => ['statusCode' => 302, 'name' => 'Internal Server Error', 'error' => 'internal_error'], |
30 | self::AUTHORIZATION_APPROVAL_REQUEST_MISSING_HASH => ['statusCode' => 302, 'name' => 'Request Missing Hash', 'error' => 'internal_error'], |
31 | self::AUTHORIZATION_APPROVAL_REQUEST_INVALID_HASH => ['statusCode' => 302, 'name' => 'Request Hash Invalid', 'error' => 'internal_error'], |
32 | // TODO: should this one be a 500 because it’s an internal server error, or a 400 because the client_id was likely invalid? Is anyone ever going to notice, or care? |
33 | self::HTTP_EXCEPTION_FETCHING_CLIENT_ID => ['statusCode' => 500, 'name' => 'Error Fetching Client App URL', 'explanation' => 'Fetching the client app (client_id) failed.'], |
34 | self::INTERNAL_EXCEPTION_FETCHING_CLIENT_ID => ['statusCode' => 500, 'name' => 'Internal Error fetching client app URI', 'explanation' => 'Fetching the client app (client_id) failed due to an internal error.'], |
35 | self::INVALID_REDIRECT_URI => ['statusCode' => 400, 'name' => 'Invalid Client App Redirect URI', 'explanation' => 'The client app redirect URI (redirect_uri) either was not a valid URI, did not sufficiently match client_id, or did not exactly match any redirect URIs parsed from fetching the client_id.'], |
36 | self::INVALID_CLIENT_ID => ['statusCode' => 400, 'name' => 'Invalid Client Identifier URI', 'explanation' => 'The Client Identifier was not valid.'], |
37 | self::INVALID_STATE => ['statusCode' => 302, 'name' => 'Invalid state Parameter', 'error' => 'invalid_request'], |
38 | self::INVALID_CODE_CHALLENGE => ['statusCode' => 302, 'name' => 'Invalid code_challenge Parameter', 'error' => 'invalid_request'], |
39 | self::INVALID_SCOPE => ['statusCode' => 302, 'name' => 'Invalid scope Parameter', 'error' => 'invalid_request'], |
40 | self::INVALID_GRANT => ['statusCode' => 400, 'name' => 'The provided credentials were not valid.', 'error' => 'invalid_grant'], |
41 | self::INVALID_REQUEST => ['statusCode' => 400, 'name' => 'Invalid Request', 'error' => 'invalid_request'], |
42 | self::INVALID_REQUEST_REDIRECT => ['statusCode' => 302, 'name' => 'Invalid Request', 'error' => 'invalid_request'], |
43 | ]; |
44 | |
45 | protected ServerRequestInterface $request; |
46 | |
47 | public static function create(int $code, ServerRequestInterface $request, ?Throwable $previous=null): self { |
48 | // Only accept known codes. Default to 0 (generic internal error) on an unrecognised code. |
49 | if (!in_array($code, array_keys(self::EXC_INFO))) { |
50 | $code = 0; |
51 | } |
52 | $message = self::EXC_INFO[$code]['name']; |
53 | $e = new self($message, $code, $previous); |
54 | $e->request = $request; |
55 | return $e; |
56 | } |
57 | |
58 | public function getStatusCode() { |
59 | return $this->getInfo()['statusCode'] ?? 500; |
60 | } |
61 | |
62 | public function getExplanation() { |
63 | return $this->getInfo()['explanation'] ?? 'An unknown error occured.'; |
64 | } |
65 | |
66 | public function getInfo() { |
67 | return self::EXC_INFO[$this->code] ?? self::EXC_INFO[self::INTERNAL_ERROR]; |
68 | } |
69 | |
70 | /** |
71 | * Trust Query Params |
72 | * |
73 | * Only useful on authorization form submission requests. If this returns false, |
74 | * the client_id and/or request_uri have likely been tampered with, and the error |
75 | * page SHOULD NOT offer the user a link to them. |
76 | */ |
77 | public function trustQueryParams() { |
78 | return $this->code == self::AUTHORIZATION_APPROVAL_REQUEST_INVALID_HASH |
79 | || $this->code == self::AUTHORIZATION_APPROVAL_REQUEST_MISSING_HASH; |
80 | } |
81 | |
82 | public function getRequest() { |
83 | return $this->request; |
84 | } |
85 | } |