diogo/indieauth
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
indieauth/src/Callback/SingleUserPasswordAuthenticationCallback.php
Barnaby Walters a0fe1b5f80 Required cache-control headers on more responses
2021-06-12 20:08:16 +02:00

48 lines
1.8 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php declare(strict_types=1);
namespace Taproot\IndieAuth\Callback;
use Exception;
use Nyholm\Psr7\Response;
use Psr\Http\Message\ServerRequestInterface;
use function Taproot\IndieAuth\renderTemplate;
/**
* Single User Password Authentication Callback
*
*
*/
class SingleUserPasswordAuthenticationCallback {
const PASSWORD_FORM_PARAMETER = 'taproot_indieauth_server_password';
public string $csrfKey;
public string $formTemplate;
protected array $user;
protected string $hashedPassword;
public function __construct(array $user, string $hashedPassword, ?string $csrfKey=null, ?string $formTemplate=null) {
if (!array_key_exists('me', $user) || !is_string($user['me'])) {
throw new Exception('The $user array MUST contain a “me” key, the value which must be the users canonical URL as a string.');
}
$this->user = $user;
$this->hashedPassword = $hashedPassword;
$this->formTemplate = $formTemplate ?? __DIR__ . '/../../templates/single_user_password_authentication_form.html.php';
$this->csrfKey = $csrfKey ?? \Taproot\IndieAuth\Server::DEFAULT_CSRF_KEY;
}
public function __invoke(ServerRequestInterface $request, string $formAction, ?string $normalizedMeUrl) {
// If the request is a form submission with a matching password, return the corresponding
// user data.
if ($request->getMethod() == 'POST' && password_verify($request->getParsedBody()[self::PASSWORD_FORM_PARAMETER] ?? '', $this->hashedPassword)) {
return $this->user;
}
// Otherwise, return a response containing the password form.
return new Response(200, ['content-type' => 'text/html'], renderTemplate($this->formTemplate, [
'formAction' => $formAction,
'request' => $request,
'csrfFormElement' => '<input type="hidden" name="' . htmlentities($this->csrfKey) . '" value="' . htmlentities($request->getAttribute($this->csrfKey)) . '" />'
]));
}
}
Reference in New Issue View Git Blame Copy Permalink