diff --git a/lib/Server.php b/lib/Server.php index 204f5ab..048e5fc 100644 --- a/lib/Server.php +++ b/lib/Server.php @@ -71,14 +71,16 @@ public static function getConfigClient() $clientId = $_GET['client_id'] ?? $_POST['client_id'] ?? null; if ($clientId) { $registeredClient = ClientRegistration::getRegistration($clientId); - } - if (isset($registeredClient)) { - return new ConfigClient( - $clientId, - $registeredClient['client_secret'] ?? '', - $registeredClient['redirect_uris'], - $registeredClient['client_name'] - ); + if (isset($registeredClient) && isset($registeredClient['redirect_uris'])) { + return new ConfigClient( + $clientId, + $registeredClient['client_secret'] ?? '', + $registeredClient['redirect_uris'], + $registeredClient['client_name'] + ); + } else { + throw new \Exception("Invalid client ID"); + } } else { return new ConfigClient( '', diff --git a/www/idp/index.php b/www/idp/index.php index b094054..f4318d3 100644 --- a/www/idp/index.php +++ b/www/idp/index.php @@ -20,118 +20,123 @@ Middleware::cors(); -switch ($method) { - case "GET": - switch ($request) { - case "/jwks": - case "/jwks/": - SolidIdp::respondToJwks(); - break; - case "/.well-known/openid-configuration": - SolidIdp::respondToWellKnownOpenIdConfiguration(); - break; - case "/authorize": - case "/authorize/": - Account::requireLoggedInUser(); - SolidIdp::respondToAuthorize(); - break; - case "/dashboard": - case "/dashboard/": - Account::requireLoggedInUser(); - Account::respondToDashboard(); - break; - case "/logout": - case "/logout/": - Account::respondToLogout(); - break; - case "/login/password": - case "/login/password/": - header("Location: /dashboard/"); - break; - case "/": - case "/login": - case "/login/": - case "/register": - case "/register/": - case "/reset-password": - case "/reset-password/": - case "/change-password": - case "/change-password/": - case "/account/delete": - case "/account/delete/": - case "/account/delete/confirm": - case "/account/delete/confirm/": - include_once(FRONTENDDIR . "generated.html"); - break; - case "/sharing": - case "/sharing/": - Account::requireLoggedInUser(); - include_once(FRONTENDDIR . "generated.html"); - break; - case '/session': - case '/session/': - case '/userinfo': - case '/userinfo/': - header("HTTP/1.1 501 Not implemented"); - break; - default: - header($_SERVER['SERVER_PROTOCOL'] . " 404 Not found"); - break; - } - break; - case "POST": - switch ($request) { - case "/api/accounts/verify": - case "/api/accounts/verify/": - Account::respondToAccountVerify(); - break; - case "/api/accounts/new": - case "/api/accounts/new/": - Account::respondToAccountNew(); - break; - case "/api/accounts/reset-password": - case "/api/accounts/reset-password/": - Account::respondToAccountResetPassword(); - break; - case "/api/accounts/change-password": - case "/api/accounts/change-password/": - Account::respondToAccountChangePassword(); - break; - case "/api/accounts/delete": - case "/api/accounts/delete/": - Account::respondToAccountDelete(); - break; - case "/api/accounts/delete/confirm": - case "/api/accounts/delete/confirm/": - Account::respondToAccountDeleteConfirm(); - break; - case "/login/password": - case "/login/password/": - Account::respondToLogin(); - break; - case "/register": - case "/register/": - SolidIdp::respondToRegister(); - break; - case "/api/sharing": - case "/api/sharing/": - SolidIdp::respondToSharing(); - break; - case "/token": - case "/token/": - SolidIdp::respondToToken(); - break; - default: - header($_SERVER['SERVER_PROTOCOL'] . " 404 Not found"); - break; - } - break; - case "OPTIONS": - break; - case "PUT": - default: - header($_SERVER['SERVER_PROTOCOL'] . " 405 Method not allowed"); - break; +try { + switch ($method) { + case "GET": + switch ($request) { + case "/jwks": + case "/jwks/": + SolidIdp::respondToJwks(); + break; + case "/.well-known/openid-configuration": + SolidIdp::respondToWellKnownOpenIdConfiguration(); + break; + case "/authorize": + case "/authorize/": + Account::requireLoggedInUser(); + SolidIdp::respondToAuthorize(); + break; + case "/dashboard": + case "/dashboard/": + Account::requireLoggedInUser(); + Account::respondToDashboard(); + break; + case "/logout": + case "/logout/": + Account::respondToLogout(); + break; + case "/login/password": + case "/login/password/": + header("Location: /dashboard/"); + break; + case "/": + case "/login": + case "/login/": + case "/register": + case "/register/": + case "/reset-password": + case "/reset-password/": + case "/change-password": + case "/change-password/": + case "/account/delete": + case "/account/delete/": + case "/account/delete/confirm": + case "/account/delete/confirm/": + include_once(FRONTENDDIR . "generated.html"); + break; + case "/sharing": + case "/sharing/": + Account::requireLoggedInUser(); + include_once(FRONTENDDIR . "generated.html"); + break; + case '/session': + case '/session/': + case '/userinfo': + case '/userinfo/': + header("HTTP/1.1 501 Not implemented"); + break; + default: + header($_SERVER['SERVER_PROTOCOL'] . " 404 Not found"); + break; + } + break; + case "POST": + switch ($request) { + case "/api/accounts/verify": + case "/api/accounts/verify/": + Account::respondToAccountVerify(); + break; + case "/api/accounts/new": + case "/api/accounts/new/": + Account::respondToAccountNew(); + break; + case "/api/accounts/reset-password": + case "/api/accounts/reset-password/": + Account::respondToAccountResetPassword(); + break; + case "/api/accounts/change-password": + case "/api/accounts/change-password/": + Account::respondToAccountChangePassword(); + break; + case "/api/accounts/delete": + case "/api/accounts/delete/": + Account::respondToAccountDelete(); + break; + case "/api/accounts/delete/confirm": + case "/api/accounts/delete/confirm/": + Account::respondToAccountDeleteConfirm(); + break; + case "/login/password": + case "/login/password/": + Account::respondToLogin(); + break; + case "/register": + case "/register/": + SolidIdp::respondToRegister(); + break; + case "/api/sharing": + case "/api/sharing/": + SolidIdp::respondToSharing(); + break; + case "/token": + case "/token/": + SolidIdp::respondToToken(); + break; + default: + header($_SERVER['SERVER_PROTOCOL'] . " 404 Not found"); + break; + } + break; + case "OPTIONS": + break; + case "PUT": + default: + header($_SERVER['SERVER_PROTOCOL'] . " 405 Method not allowed"); + break; + } +} catch (\Throwable $e) { + // Catch all so we don't leak information to the client. + header($_SERVER['SERVER_PROTOCOL'] . " 500 Internal server error"); } if (!file_exists(CLEANUP_FILE) || (filemtime(CLEANUP_FILE) < time())) { touch(CLEANUP_FILE, time() + 3600); diff --git a/www/storage/index.php b/www/storage/index.php index da4b201..7fedfae 100644 --- a/www/storage/index.php +++ b/www/storage/index.php @@ -14,30 +14,34 @@ $method = $_SERVER['REQUEST_METHOD']; Middleware::cors(); - -switch ($method) { - case "GET": - switch ($request) { - default: - header($_SERVER['SERVER_PROTOCOL'] . " 404 Not found"); - break; - } - break; - case "POST": - switch ($request) { - case "/api/storage": - case "/api/storage/": - SolidStorageProvider::respondToStorageNew(); - break; - default: - header($_SERVER['SERVER_PROTOCOL'] . " 404 Not found"); - break; - } - break; - case "OPTIONS": - break; - case "PUT": - default: - header($_SERVER['SERVER_PROTOCOL'] . " 405 Method not allowed"); - break; +try { + switch ($method) { + case "GET": + switch ($request) { + default: + header($_SERVER['SERVER_PROTOCOL'] . " 404 Not found"); + break; + } + break; + case "POST": + switch ($request) { + case "/api/storage": + case "/api/storage/": + SolidStorageProvider::respondToStorageNew(); + break; + default: + header($_SERVER['SERVER_PROTOCOL'] . " 404 Not found"); + break; + } + break; + case "OPTIONS": + break; + case "PUT": + default: + header($_SERVER['SERVER_PROTOCOL'] . " 405 Method not allowed"); + break; + } +} catch (\Throwable $e) { + // Catch all so we don't leak information to the client. + header($_SERVER['SERVER_PROTOCOL'] . " 500 Internal server error"); } diff --git a/www/user/profile.php b/www/user/profile.php index 899c431..1c469b8 100644 --- a/www/user/profile.php +++ b/www/user/profile.php @@ -2,20 +2,21 @@ // phpcs:disable Generic.WhiteSpace.ScopeIndent.IncorrectExact - ini_set("log_errors", 1); - ini_set('expose_php', 'off'); +ini_set("log_errors", 1); +ini_set('expose_php', 'off'); - require_once(__DIR__ . "/../../config.php"); - require_once(__DIR__ . "/../../vendor/autoload.php"); +require_once(__DIR__ . "/../../config.php"); +require_once(__DIR__ . "/../../vendor/autoload.php"); - use Pdsinterop\PhpSolid\Middleware; - use Pdsinterop\PhpSolid\Routes\SolidUserProfile; +use Pdsinterop\PhpSolid\Middleware; +use Pdsinterop\PhpSolid\Routes\SolidUserProfile; - $request = explode("?", $_SERVER['REQUEST_URI'], 2)[0]; - $method = $_SERVER['REQUEST_METHOD']; +$request = explode("?", $_SERVER['REQUEST_URI'], 2)[0]; +$method = $_SERVER['REQUEST_METHOD']; - Middleware::cors(); +Middleware::cors(); +try { switch ($method) { case "GET": case "PUT": @@ -31,3 +32,7 @@ header($_SERVER['SERVER_PROTOCOL'] . " 405 Method not allowed"); break; } +} catch (\Throwable $e) { + // Catch all so we don't leak information to the client. + header($_SERVER['SERVER_PROTOCOL'] . " 500 Internal server error"); +} diff --git a/www/user/storage.php b/www/user/storage.php index 9691d93..cf181e4 100644 --- a/www/user/storage.php +++ b/www/user/storage.php @@ -14,12 +14,17 @@ Middleware::cors(); Middleware::pubsub(); -switch ($method) { - case "OPTIONS": - echo "OK"; - return; - break; - default: - SolidStorage::respondToStorage(); - break; +try { + switch ($method) { + case "OPTIONS": + echo "OK"; + return; + break; + default: + SolidStorage::respondToStorage(); + break; + } +} catch (\Throwable $e) { + // Catch all so we don't leak information to the client. + header($_SERVER['SERVER_PROTOCOL'] . " 500 Internal server error"); }