aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFabio Comuni <fabrix.xm@gmail.com>2011-11-02 09:54:07 +0100
committerFabio Comuni <fabrix.xm@gmail.com>2011-11-02 09:54:07 +0100
commit69e41f7703bff03dc88e7181961a717ae41330c4 (patch)
tree57b45681f2fa3608bacd76159ad95b425ef0e07e
parentff7fc68382bf1359adc31bd65bb6786b7f63e31a (diff)
downloadvolse-hubzilla-69e41f7703bff03dc88e7181961a717ae41330c4.tar.gz
volse-hubzilla-69e41f7703bff03dc88e7181961a717ae41330c4.tar.bz2
volse-hubzilla-69e41f7703bff03dc88e7181961a717ae41330c4.zip
oauth: authorize view, wrong verifier.
-rw-r--r--include/oauth.php24
-rw-r--r--mod/api.php11
-rw-r--r--mod/settings.php1
-rw-r--r--view/oauth_authorize.tpl11
-rw-r--r--view/oauth_authorize_done.tpl4
-rw-r--r--view/settings_oauth.tpl10
6 files changed, 48 insertions, 13 deletions
diff --git a/include/oauth.php b/include/oauth.php
index 506172491..b84309207 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -5,7 +5,8 @@
*
*/
-define('TOKEN_DURATION', 300);
+define('REQUEST_TOKEN_DURATION', 300);
+define('ACCESS_TOKEN_DURATION', 31536000);
require_once("library/OAuth1.php");
require_once("library/oauth2-php/lib/OAuth2.inc");
@@ -62,7 +63,7 @@ class FKOAuthDataStore extends OAuthDataStore {
dbesc($sec),
dbesc($consumer->key),
'request',
- intval(TOKEN_DURATION));
+ intval(REQUEST_TOKEN_DURATION));
if (!$r) return null;
return new OAuthToken($key,$sec);
}
@@ -75,7 +76,11 @@ class FKOAuthDataStore extends OAuthDataStore {
$ret=Null;
- if (!is_null($token) && $token->expires > time()){
+ // get verifier for this user
+ $uverifier = get_pconfig(local_user(), "oauth", "verifier");
+
+
+ if (is_null($verifier) || ($verifier==$uverifier)){
$key = $this->gen_token();
$sec = $this->gen_token();
@@ -84,13 +89,22 @@ class FKOAuthDataStore extends OAuthDataStore {
dbesc($sec),
dbesc($consumer->$key),
'access',
- intval(TOKEN_DURATION));
+ intval(ACCESS_TOKEN_DURATION));
if ($r)
$ret = new OAuthToken($key,$sec);
}
- q("DELETE FROM tokens WHERE id='%s'", $token->key);
+ //q("DELETE FROM tokens WHERE id='%s'", $token->key);
+
+
+ if (!is_null($ret)){
+ //del_pconfig(local_user(), "oauth", "verifier");
+ $apps = get_pconfig(local_user(), "oauth", "apps");
+ if ($apps===false) $apps=array();
+ $apps[] = $consumer->key;
+ //set_pconfig(local_user(), "oauth", "apps", $apps);
+ }
return $ret;
diff --git a/mod/api.php b/mod/api.php
index bc5de0340..5903caee6 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -52,18 +52,15 @@ function api_content(&$a) {
$app = oauth_get_client();
if (is_null($app)) return "Invalid request. Unknown token.";
$consumer = new OAuthConsumer($app['key'], $app['secret']);
-
- // Rev A change
- $request = OAuthRequest::from_request();
- $callback = $request->get_parameter('oauth_callback');
- $datastore = new FKOAuthDataStore();
- $new_token = $datastore->new_request_token($consumer, $callback);
+
+ $verifier = md5($app['secret'].local_user());
+ set_pconfig(local_user(), "oauth", "verifier", $verifier);
$tpl = get_markup_template("oauth_authorize_done.tpl");
$o = replace_macros($tpl, array(
'$title' => t('Authorize application connection'),
'$info' => t('Return to your app and insert this Securty Code:'),
- '$code' => $new_token->key,
+ '$code' => $verifier,
));
return $o;
diff --git a/mod/settings.php b/mod/settings.php
index da2b57cd5..ca9b4bd54 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -362,7 +362,6 @@ function settings_content(&$a) {
$o .= replace_macros($tpl, array(
'$title' => t('Connected Apps'),
'$tabs' => $tabs,
- '$settings_addons' => $settings_addons
));
return $o;
diff --git a/view/oauth_authorize.tpl b/view/oauth_authorize.tpl
new file mode 100644
index 000000000..6bcf9802a
--- /dev/null
+++ b/view/oauth_authorize.tpl
@@ -0,0 +1,11 @@
+<h1>$title</h1>
+
+<div class='oauthapp'>
+ <img src='$app.icon'>
+ <h4>$app.name</h4>
+ <p>$app.client_id</p>
+</div>
+<h3>$authorize</h3>
+<form method="POST">
+<div class="submit"><input type="submit" name="oauth_yes" value="$yes" /></div>
+</form>
diff --git a/view/oauth_authorize_done.tpl b/view/oauth_authorize_done.tpl
new file mode 100644
index 000000000..51eaea248
--- /dev/null
+++ b/view/oauth_authorize_done.tpl
@@ -0,0 +1,4 @@
+<h1>$title</h1>
+
+<p>$info</p>
+<code>$code</code>
diff --git a/view/settings_oauth.tpl b/view/settings_oauth.tpl
new file mode 100644
index 000000000..87fd6d1ee
--- /dev/null
+++ b/view/settings_oauth.tpl
@@ -0,0 +1,10 @@
+$tabs
+
+<h1>$title</h1>
+
+
+<form action="settings/addon" method="post" autocomplete="off">
+
+$settings_addons
+
+</form>