phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: phil:ebca9064c503aa0fbe89b8c680057d5bc1be7f59
Branches Tags
phil:main phil:feature/phase-4-web-interface
phil:v0.9.4 phil:v0.9.3 phil:v0.9.2 phil:v0.9.1 phil:v0.9.0 phil:v0.8.0 phil:v0.7.1 phil:v0.7.0 phil:v0.6.1 phil:v0.6.0 phil:v0.5.2 phil:v0.4.0
...
compare: phil:v0.9.1
Branches Tags
phil:main phil:feature/phase-4-web-interface
phil:v0.9.4 phil:v0.9.3 phil:v0.9.2 phil:v0.9.1 phil:v0.9.0 phil:v0.8.0 phil:v0.7.1 phil:v0.7.0 phil:v0.6.1 phil:v0.6.0 phil:v0.5.2 phil:v0.4.0

1 Commits
ebca9064c5 ... v0.9.1

Author SHA1 Message Date
Phil Skentelbery
ba0f409a2a fix: Add trailing slash to SITE_URL and enhance debug logging (v0.9.1) 
Fix 1: SITE_URL trailing slash normalization
- IndieLogin.com requires client_id URLs to have trailing slash for root domains
- Added automatic normalization in load_config() after env loading
- Added secondary normalization after config overrides (for test compatibility)
- Fixes "client_id is not registered" authentication errors
- Updated redirect_uri construction to avoid double slashes

Fix 2: Enhanced httpx debug logging
- Added detailed request logging before token exchange POST
- Added detailed response logging after token exchange POST
- Shows exact HTTP method, URL, headers, and body for troubleshooting
- All sensitive data (tokens, verifiers) automatically redacted
- Supplements existing _log_http_request/_log_http_response helpers

Version: 0.9.1 (PATCH - bug fixes)
- Updated __version__ in starpunk/__init__.py
- Added CHANGELOG entry for v0.9.1

Tests: 486/514 passing (28 pre-existing failures from v0.8.0)
- No new test failures introduced
- Trailing slash normalization verified in config
- Debug logging outputs verified

Related: IndieLogin.com authentication flow
Following: docs/standards/git-branching-strategy.md

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-19 16:27:13 -07:00
4 changed files with 57 additions and 8 deletions
Expand all files Collapse all files

15
CHANGELOG.md
View File

@@ -7,6 +7,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
## [0.9.1] - 2025-11-19
### Fixed
- **IndieAuth client_id trailing slash**: Added automatic trailing slash normalization to SITE_URL
- IndieLogin.com spec requires client_id URLs to have trailing slash for root domains
- Fixes "client_id is not registered" authentication errors
- Normalizes https://example.com to https://example.com/
- **Enhanced debug logging**: Added detailed httpx request/response logging for token exchange
- Shows exact HTTP method, URL, headers, and body being sent to IndieLogin.com
- Helps troubleshoot authentication issues with full visibility
- All sensitive data (tokens, verifiers) automatically redacted
### Changed
- SITE_URL configuration now automatically adds trailing slash if missing
## [0.9.0] - 2025-11-19 ## [0.9.0] - 2025-11-19
### Added ### Added

4
starpunk/__init__.py
View File

@@ -153,5 +153,5 @@ def create_app(config=None):
# Package version (Semantic Versioning 2.0.0) # Package version (Semantic Versioning 2.0.0)
# See docs/standards/versioning-strategy.md for details # See docs/standards/versioning-strategy.md for details
__version__ = "0.9.0" __version__ = "0.9.1"
__version_info__ = (0, 9, 0) __version_info__ = (0, 9, 1)

36
starpunk/auth.py
View File

@@ -322,7 +322,7 @@ def initiate_login(me_url: str) -> str:
# Store state and verifier in database (5-minute expiry) # Store state and verifier in database (5-minute expiry)
db = get_db(current_app) db = get_db(current_app)
expires_at = datetime.utcnow() + timedelta(minutes=5) expires_at = datetime.utcnow() + timedelta(minutes=5)
redirect_uri = f"{current_app.config['SITE_URL']}/auth/callback" redirect_uri = f"{current_app.config['SITE_URL']}auth/callback"
db.execute( db.execute(
""" """
@@ -404,26 +404,52 @@ def handle_callback(code: str, state: str, iss: Optional[str] = None) -> Optiona
token_exchange_data = { token_exchange_data = {
"code": code, "code": code,
"client_id": current_app.config["SITE_URL"], "client_id": current_app.config["SITE_URL"],
"redirect_uri": f"{current_app.config['SITE_URL']}/auth/callback", "redirect_uri": f"{current_app.config['SITE_URL']}auth/callback",
"code_verifier": code_verifier, # PKCE verification "code_verifier": code_verifier, # PKCE verification
} }
token_url = f"{current_app.config['INDIELOGIN_URL']}/token"
# Log the request (code_verifier will be redacted) # Log the request (code_verifier will be redacted)
_log_http_request( _log_http_request(
method="POST", method="POST",
url=f"{current_app.config['INDIELOGIN_URL']}/token", url=token_url,
data=token_exchange_data, data=token_exchange_data,
) )
# Log detailed httpx request info for debugging
current_app.logger.debug(
"Auth: Sending token exchange request:\n"
" Method: POST\n"
" URL: %s\n"
" Data: code=%s, client_id=%s, redirect_uri=%s, code_verifier=%s",
token_url,
_redact_token(code),
token_exchange_data["client_id"],
token_exchange_data["redirect_uri"],
_redact_token(code_verifier),
)
# Exchange code for identity (CORRECT ENDPOINT: /token) # Exchange code for identity (CORRECT ENDPOINT: /token)
try: try:
response = httpx.post( response = httpx.post(
f"{current_app.config['INDIELOGIN_URL']}/token", token_url,
data=token_exchange_data, data=token_exchange_data,
timeout=10.0, timeout=10.0,
) )
# Log the response # Log detailed httpx response info for debugging
current_app.logger.debug(
"Auth: Received token exchange response:\n"
" Status: %d\n"
" Headers: %s\n"
" Body: %s",
response.status_code,
{k: v for k, v in dict(response.headers).items() if k.lower() not in ["set-cookie", "authorization"]},
_redact_token(response.text) if response.text else "(empty)",
)
# Log the response (legacy helper)
_log_http_response( _log_http_response(
status_code=response.status_code, status_code=response.status_code,
headers=dict(response.headers), headers=dict(response.headers),

10
starpunk/config.py
View File

@@ -20,7 +20,10 @@ def load_config(app, config_override=None):
load_dotenv() load_dotenv()
# Site configuration # Site configuration
app.config["SITE_URL"] = os.getenv("SITE_URL", "http://localhost:5000") # IndieWeb/OAuth specs require trailing slash for root URLs used as client_id
# See: https://indielogin.com/ OAuth client requirements
site_url = os.getenv("SITE_URL", "http://localhost:5000")
app.config["SITE_URL"] = site_url if site_url.endswith('/') else site_url + '/'
app.config["SITE_NAME"] = os.getenv("SITE_NAME", "StarPunk") app.config["SITE_NAME"] = os.getenv("SITE_NAME", "StarPunk")
app.config["SITE_AUTHOR"] = os.getenv("SITE_AUTHOR", "Unknown") app.config["SITE_AUTHOR"] = os.getenv("SITE_AUTHOR", "Unknown")
app.config["SITE_DESCRIPTION"] = os.getenv( app.config["SITE_DESCRIPTION"] = os.getenv(
@@ -73,6 +76,11 @@ def load_config(app, config_override=None):
if config_override: if config_override:
app.config.update(config_override) app.config.update(config_override)
# Normalize SITE_URL trailing slash (in case override provided URL without slash)
if "SITE_URL" in app.config:
site_url = app.config["SITE_URL"]
app.config["SITE_URL"] = site_url if site_url.endswith('/') else site_url + '/'
# Convert path strings to Path objects (in case overrides provided strings) # Convert path strings to Path objects (in case overrides provided strings)
if isinstance(app.config["DATA_PATH"], str): if isinstance(app.config["DATA_PATH"], str):
app.config["DATA_PATH"] = Path(app.config["DATA_PATH"]) app.config["DATA_PATH"] = Path(app.config["DATA_PATH"])