Add more error handling to AuthorizeController.

Author: Potherca

src/Controller/AuthorizeController.php

@@ -10,62 +10,99 @@ class AuthorizeController extends ServerController
     final public function __invoke(ServerRequestInterface $request, array $args): ResponseInterface
     {
         if (!isset($_SESSION['userid'])) {
-			$response = $this->getResponse();
-			$response = $response->withStatus(302, "Approval required");
-			
 			// FIXME: Generate a proper url for this;
-			$baseUrl = $this->baseUrl;
-			$loginUrl = $baseUrl . "/login/?returnUrl=" . urlencode($_SERVER['REQUEST_URI']);
-			$response = $response->withHeader("Location", $loginUrl);
-			return $response;
+			$loginUrl = $this->baseUrl . "/login/?returnUrl=" . urlencode($_SERVER['REQUEST_URI']);
+
+            return $this->getResponse()
+                ->withHeader("Location", $loginUrl)
+                ->withStatus(302, "Approval required")
+            ;
 		}
+
+        $queryParams = $request->getQueryParams();
+
+        if (! isset($queryParams['request'])) {
+            return $this->getResponse()
+                ->withStatus(400, "Bad request, missing request")
+            ;
+        }
+
 		$parser = new \Lcobucci\JWT\Parser();
 
+        try {
+            $token = $parser->parse($queryParams['request']);
+        } catch (\Exception $exception) {
+            return $this->getResponse()
+                ->withStatus(400, $exception->getMessage())
+            ;
+        }
+
 		try {
-			$token = $parser->parse($request->getQueryParams()['request']);
 			$_SESSION["nonce"] = $token->getClaim('nonce');
-		} catch(\Exception $e) {
-			$_SESSION["nonce"] = $request->getQueryParams()['nonce'];
+		} catch(\OutOfBoundsException $e) {
+            if (! isset($queryParams['nonce'])) {
+                return $this->getResponse()
+                    ->withStatus(400, "Bad request, missing nonce")
+                    ;
+            }
+
+			$_SESSION["nonce"] = $queryParams['nonce'];
 		}
 
-		$getVars = $request->getQueryParams();
+        /*/ Prepare GET parameters for OAUTH server request /*/
+		$getVars = $queryParams;
+
+		$getVars['response_type'] = $this->getResponseType($queryParams);
+		$getVars['scope'] = "openid" ;
+
 		if (!isset($getVars['grant_type'])) {
 			$getVars['grant_type'] = 'implicit';
 		}
-		$getVars['response_type'] = $this->getResponseType();
-		$getVars['scope'] = "openid" ;
 
 		if (!isset($getVars['redirect_uri'])) {
 			try {
 				$getVars['redirect_uri'] = $token->getClaim("redirect_uri");
 			} catch(\Exception $e) {
-				$response = $this->getResponse();
-				$response->withStatus(400, "Bad request, missing redirect uri");
-				return $response;
+				return $this->getResponse()
+                    ->withStatus(400, "Bad request, missing redirect uri")
+                ;
 			}
 		}
-		$clientId = $getVars['client_id'];
-		$approval = $this->checkApproval($clientId);	
+
+        if (! isset($queryParams['client_id'])) {
+            return $this->getResponse()
+                ->withStatus(400, "Bad request, missing client_id")
+            ;
+        }
+
+        $clientId = $getVars['client_id'];
+		$approval = $this->checkApproval($clientId);
 		if (!$approval) {
-			$response = $this->getResponse();
-			$response = $response->withStatus(302, "Approval required");
-			
 			// FIXME: Generate a proper url for this;
-			$baseUrl = $this->baseUrl;
-			$approvalUrl = $baseUrl . "/sharing/$clientId/?returnUrl=" . urlencode($_SERVER['REQUEST_URI']);
-			$response = $response->withHeader("Location", $approvalUrl);
-			return $response;
+			$approvalUrl = $this->baseUrl . "/sharing/$clientId/?returnUrl=" . urlencode($_SERVER['REQUEST_URI']);
+
+            return $this->getResponse()
+                ->withHeader("Location", $approvalUrl)
+                ->withStatus(302, "Approval required")
+            ;
 		}
 
+        // replace the request getVars with the morphed version
+		$request = $request->withQueryParams($getVars);
+
 		$user = new \Pdsinterop\Solid\Auth\Entity\User();
 		$user->setIdentifier($this->getProfilePage());
 
-		$request = $request->withQueryParams($getVars); // replace the request getVars with the morphed version;
 		$response = new \Laminas\Diactoros\Response();
 		$server	= new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response);
 
 		$response = $server->respondToAuthorizationRequest($request, $user, $approval);
-		$response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $this->getProfilePage(), $_SESSION['nonce'], $this->config->getPrivateKey());
-		return $response;
+
+        return $this->tokenGenerator->addIdTokenToResponse($response,
+            $clientId,
+            $this->getProfilePage(),
+            $_SESSION['nonce'],
+            $this->config->getPrivateKey()
+        );
 	}
 }

src/Controller/ServerController.php

@@ -126,9 +126,10 @@ public function getProfilePage() : string
         return $this->baseUrl . "/profile/card#me"; // FIXME: would be better to base this on the available routes if possible.
     }
 
-    public function getResponseType() : string
+    public function getResponseType($params) : string
     {
-        $responseTypes = explode(" ", $_GET['response_type'] ?? '');
+        $responseTypes = explode(" ", $params['response_type'] ?? '');
+
         foreach ($responseTypes as $responseType) {
             switch ($responseType) {
                 case "token":