Logout process now revokes Mastodon auth token associated to session
This commit is contained in:
parent
4590975b96
commit
f83f86554c
|
|
@ -2,11 +2,36 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
if ($valid_cookie) {
|
if ($valid_cookie) {
|
||||||
|
$sm = $db->prepare('SELECT access_token, auth_more FROM oauth_tokens WHERE cookie = ?');
|
||||||
|
$sm->execute([$cookie]);
|
||||||
|
if (($row = $sm->fetchObject()) !== false) {
|
||||||
|
switch ($user->account_type)
|
||||||
|
{
|
||||||
|
case 'mastodon':
|
||||||
|
$row->auth_more = @json_decode($row->auth_more);
|
||||||
|
if (isset($row->auth_more->result->client_id)) {
|
||||||
|
$ch = curl_init($row->auth_more->instance.'/oauth/revoke');
|
||||||
|
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
|
||||||
|
curl_setopt($ch, CURLOPT_POSTFIELDS, [
|
||||||
|
'client_id' => $row->auth_more->result->client_id,
|
||||||
|
'client_secret' => $row->auth_more->result->client_secret,
|
||||||
|
'token' => $row->access_token
|
||||||
|
]);
|
||||||
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||||
|
curl_exec($ch);
|
||||||
|
curl_close($ch);
|
||||||
|
# we don't care about the output
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
# delete token from database (YES, actually delete)
|
||||||
$sm = $db->prepare('DELETE FROM oauth_tokens WHERE cookie = ?');
|
$sm = $db->prepare('DELETE FROM oauth_tokens WHERE cookie = ?');
|
||||||
$sm->execute([$cookie]);
|
$sm->execute([$cookie]);
|
||||||
if ($sm->rowCount() === 1) {
|
if ($sm->rowCount() === 1) {
|
||||||
setcookie('rf_sess', null);
|
setcookie('rf_sess', null);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
header('Location: /');
|
header('Location: /');
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue