diff options
author | Fabio Comuni <fabrix.xm@gmail.com> | 2011-11-02 09:54:07 +0100 |
---|---|---|
committer | Fabio Comuni <fabrix.xm@gmail.com> | 2011-11-02 09:54:07 +0100 |
commit | 69e41f7703bff03dc88e7181961a717ae41330c4 (patch) | |
tree | 57b45681f2fa3608bacd76159ad95b425ef0e07e | |
parent | ff7fc68382bf1359adc31bd65bb6786b7f63e31a (diff) | |
download | volse-hubzilla-69e41f7703bff03dc88e7181961a717ae41330c4.tar.gz volse-hubzilla-69e41f7703bff03dc88e7181961a717ae41330c4.tar.bz2 volse-hubzilla-69e41f7703bff03dc88e7181961a717ae41330c4.zip |
oauth: authorize view, wrong verifier.
-rw-r--r-- | include/oauth.php | 24 | ||||
-rw-r--r-- | mod/api.php | 11 | ||||
-rw-r--r-- | mod/settings.php | 1 | ||||
-rw-r--r-- | view/oauth_authorize.tpl | 11 | ||||
-rw-r--r-- | view/oauth_authorize_done.tpl | 4 | ||||
-rw-r--r-- | view/settings_oauth.tpl | 10 |
6 files changed, 48 insertions, 13 deletions
diff --git a/include/oauth.php b/include/oauth.php index 506172491..b84309207 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -5,7 +5,8 @@ * */ -define('TOKEN_DURATION', 300); +define('REQUEST_TOKEN_DURATION', 300); +define('ACCESS_TOKEN_DURATION', 31536000); require_once("library/OAuth1.php"); require_once("library/oauth2-php/lib/OAuth2.inc"); @@ -62,7 +63,7 @@ class FKOAuthDataStore extends OAuthDataStore { dbesc($sec), dbesc($consumer->key), 'request', - intval(TOKEN_DURATION)); + intval(REQUEST_TOKEN_DURATION)); if (!$r) return null; return new OAuthToken($key,$sec); } @@ -75,7 +76,11 @@ class FKOAuthDataStore extends OAuthDataStore { $ret=Null; - if (!is_null($token) && $token->expires > time()){ + // get verifier for this user + $uverifier = get_pconfig(local_user(), "oauth", "verifier"); + + + if (is_null($verifier) || ($verifier==$uverifier)){ $key = $this->gen_token(); $sec = $this->gen_token(); @@ -84,13 +89,22 @@ class FKOAuthDataStore extends OAuthDataStore { dbesc($sec), dbesc($consumer->$key), 'access', - intval(TOKEN_DURATION)); + intval(ACCESS_TOKEN_DURATION)); if ($r) $ret = new OAuthToken($key,$sec); } - q("DELETE FROM tokens WHERE id='%s'", $token->key); + //q("DELETE FROM tokens WHERE id='%s'", $token->key); + + + if (!is_null($ret)){ + //del_pconfig(local_user(), "oauth", "verifier"); + $apps = get_pconfig(local_user(), "oauth", "apps"); + if ($apps===false) $apps=array(); + $apps[] = $consumer->key; + //set_pconfig(local_user(), "oauth", "apps", $apps); + } return $ret; diff --git a/mod/api.php b/mod/api.php index bc5de0340..5903caee6 100644 --- a/mod/api.php +++ b/mod/api.php @@ -52,18 +52,15 @@ function api_content(&$a) { $app = oauth_get_client(); if (is_null($app)) return "Invalid request. Unknown token."; $consumer = new OAuthConsumer($app['key'], $app['secret']); - - // Rev A change - $request = OAuthRequest::from_request(); - $callback = $request->get_parameter('oauth_callback'); - $datastore = new FKOAuthDataStore(); - $new_token = $datastore->new_request_token($consumer, $callback); + + $verifier = md5($app['secret'].local_user()); + set_pconfig(local_user(), "oauth", "verifier", $verifier); $tpl = get_markup_template("oauth_authorize_done.tpl"); $o = replace_macros($tpl, array( '$title' => t('Authorize application connection'), '$info' => t('Return to your app and insert this Securty Code:'), - '$code' => $new_token->key, + '$code' => $verifier, )); return $o; diff --git a/mod/settings.php b/mod/settings.php index da2b57cd5..ca9b4bd54 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -362,7 +362,6 @@ function settings_content(&$a) { $o .= replace_macros($tpl, array( '$title' => t('Connected Apps'), '$tabs' => $tabs, - '$settings_addons' => $settings_addons )); return $o; diff --git a/view/oauth_authorize.tpl b/view/oauth_authorize.tpl new file mode 100644 index 000000000..6bcf9802a --- /dev/null +++ b/view/oauth_authorize.tpl @@ -0,0 +1,11 @@ +<h1>$title</h1> + +<div class='oauthapp'> + <img src='$app.icon'> + <h4>$app.name</h4> + <p>$app.client_id</p> +</div> +<h3>$authorize</h3> +<form method="POST"> +<div class="submit"><input type="submit" name="oauth_yes" value="$yes" /></div> +</form> diff --git a/view/oauth_authorize_done.tpl b/view/oauth_authorize_done.tpl new file mode 100644 index 000000000..51eaea248 --- /dev/null +++ b/view/oauth_authorize_done.tpl @@ -0,0 +1,4 @@ +<h1>$title</h1> + +<p>$info</p> +<code>$code</code> diff --git a/view/settings_oauth.tpl b/view/settings_oauth.tpl new file mode 100644 index 000000000..87fd6d1ee --- /dev/null +++ b/view/settings_oauth.tpl @@ -0,0 +1,10 @@ +$tabs + +<h1>$title</h1> + + +<form action="settings/addon" method="post" autocomplete="off"> + +$settings_addons + +</form> |