Browse Source

Make redirect_uri verification optional because many IndieAuth clients don't implement it - show a stylish icon to convey whether the client was verified

pull/1/head
Danielle McLean 4 years ago
parent
commit
e5d3af1b51
Signed by: 00dani GPG Key ID: 5A5D2D1AFF12EEC5
  1. 11
      lemonauth/static/lemonauth/css/indie.styl
  2. 19
      lemonauth/templates/lemonauth/indie.html
  3. 14
      lemonauth/views/indie.py
  4. 9
      lemoncurry/static/lemoncurry/css/theme.js
  5. 1
      lemoncurry/static/tippy.js
  6. 5
      lemoncurry/templates/lemoncurry/layout.html
  7. 3
      package.json
  8. 10
      yarn.lock

11
lemonauth/static/lemonauth/css/indie.styl

@ -2,3 +2,14 @@
img
height 2em
margin-right .5em
.tippy-tooltip
&.success-theme
color $base0B
background-color $base03
&.warning-theme
color $base0A
background-color $base03
.verified-success
color $base0B
.verified-warning
color $base0A

19
lemonauth/templates/lemonauth/indie.html

@ -1,5 +1,5 @@
{% extends 'lemoncurry/layout.html' %}
{% load static %}
{% load markdown static %}
{% block styles %}
<link rel="stylesheet" type="text/stylus" href="{% static 'lemonauth/css/indie.styl' %}" />
@ -13,6 +13,11 @@
sign in to
{% if app %}{{ app.name | first }}{% endif %}
{% if app %}({% endif %}<a class="u-url code{% if not app %} p-name{% endif %}" href="{{ params.client_id }}">{{ params.client_id }}</a>{% if app %}){% endif %}?
{% if verified %}
<i class="fa fa-check-circle verified-success" data-tooltip data-theme="success" data-html="#verified-success"></i>
{% else %}
<i class="fa fa-question-circle verified-warning" data-tooltip data-theme="warning" data-html="#verified-warning"></i>
{% endif %}
</h4>
<div class="card-body">
@ -35,4 +40,16 @@
<input name="response_type" type="hidden" value="{{ params.response_type }}" />
</form>
</div>
<div id="verified-success" hidden>
this client has been <strong>verified</strong> using <code>{{ '<link rel="redirect_uri">' | force_escape }}</code> - they are who they claim to be!
</div>
<div id="verified-warning" hidden>
this client could <strong>not</strong> be verified using <code>{{ '<link rel="redirect_uri">' | force_escape }}</code> - check the redirect uri carefully yourself!
</div>
{% endblock %}
{% block foot %}
<script type="text/javascript">
tippy('[data-tooltip]', {arrow: true});
</script>
{% endblock %}

14
lemonauth/views/indie.py

@ -58,18 +58,20 @@ class IndieView(TemplateView):
rels = (client.to_dict()['rel-urls']
.get(params['redirect_uri'], {})
.get('rels', ()))
if 'redirect_uri' not in rels:
return HttpResponseBadRequest(
'your redirect_uri is not published on your client_id page',
content_type='text/plain'
)
verified = 'redirect_uri' in rels
try:
app = client.to_dict(filter_by_type='h-x-app')[0]['properties']
except IndexError:
app = None
return {'app': app, 'me': me, 'params': params, 'title': 'indieauth'}
return {
'app': app,
'me': me,
'verified': verified,
'params': params,
'title': 'indieauth',
}
def post(self, request):
post = request.POST.dict()

9
lemoncurry/static/lemoncurry/css/theme.js

@ -11,8 +11,15 @@ module.exports = function() {
return function(style) {
for (let i = 0; i < 16; i++) {
const key = 'base0' + i.toString(16).toUpperCase();
const hex = theme[key];
const colour = new stylus.nodes.RGBA(
parseInt(hex.substr(0, 2), 16),
parseInt(hex.substr(2, 2), 16),
parseInt(hex.substr(4, 2), 16),
1
);
style.define('$' + key, new stylus.nodes.Literal('#' + theme[key]));
style.define('$' + key, colour);
}
};
};

1
lemoncurry/static/tippy.js

@ -0,0 +1 @@
../../node_modules/tippy.js/dist

5
lemoncurry/templates/lemoncurry/layout.html

@ -24,6 +24,7 @@
integrity="sha384-PsH8R72JQ3SOdhVi3uxftmaW6Vc51MKb0q5P2rRUpPvrszuE4W1povHYgTpBfshb" crossorigin="anonymous" />
{% compress css %}
<link rel="stylesheet" type="text/css" href={% static 'openwebicons/css/openwebicons.css' %} />
<link rel="stylesheet" type="text/css" href={% static 'tippy.js/tippy.css' %} />
<link rel="stylesheet" type="text/stylus" href="{% static 'lemoncurry/css/layout.styl' %}" />
{% block styles %}{% endblock %}
{% endcompress %}
@ -64,5 +65,9 @@
integrity="sha384-vFJXuSJphROIrBnz7yo7oB41mKfc8JzQZiCq4NCceLEaO4IHwicKwpJf9c9IpFgh"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/js/bootstrap.min.js" crossorigin="anonymous"
integrity="sha384-alpBpkh1PFOepccYVYDB4do5UnbKysX5WZXm3XxPqe5iKTfUKjNkCk9SaVuEZflJ"></script>
{% compress js %}
<script src="{% static 'tippy.js/tippy.standalone.js' %}"></script>
{% block foot %}{% endblock %}
{% endcompress %}
</body>
</html>

3
package.json

@ -8,6 +8,7 @@
"stylus": "^0.54.5"
},
"dependencies": {
"openwebicons": "^1.4.3"
"openwebicons": "^1.4.3",
"tippy.js": "^1.4.1"
}
}

10
yarn.lock

@ -108,6 +108,10 @@ path-is-absolute@^1.0.0:
version "1.0.1"
resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"
popper.js@^1.12.4:
version "1.12.6"
resolved "https://registry.yarnpkg.com/popper.js/-/popper.js-1.12.6.tgz#91e12a97b07815258b76915d64044e8ac053d426"
sax@0.5.x:
version "0.5.8"
resolved "https://registry.yarnpkg.com/sax/-/sax-0.5.8.tgz#d472db228eb331c2506b0e8c15524adb939d12c1"
@ -133,6 +137,12 @@ stylus@^0.54.5:
sax "0.5.x"
source-map "0.1.x"
tippy.js@^1.4.1:
version "1.4.1"
resolved "https://registry.yarnpkg.com/tippy.js/-/tippy.js-1.4.1.tgz#a20831a53e40566825c0b3c6ad72afc30e97c6f5"
dependencies:
popper.js "^1.12.4"
wrappy@1:
version "1.0.2"
resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"

Loading…
Cancel
Save