aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorM.Dent <dentm42@dm42.net>2018-08-10 13:51:45 -0400
committerDM42.Net (Matt Dent) <dentm42@dm42.net>2018-08-10 13:54:26 -0400
commitaf042ccf07b00af70b5e7844747dde9a263c697c (patch)
tree1f392b7a3ea4e245a72090ff8f08d3d2912a1e4f
parente587fe5ce84ed5c248287eb55c6ae193ebd3222b (diff)
downloadvolse-hubzilla-af042ccf07b00af70b5e7844747dde9a263c697c.tar.gz
volse-hubzilla-af042ccf07b00af70b5e7844747dde9a263c697c.tar.bz2
volse-hubzilla-af042ccf07b00af70b5e7844747dde9a263c697c.zip
OAuth2 UI and settings updates
-rw-r--r--Zotlabs/Module/Settings/Oauth2.php30
-rwxr-xr-xview/tpl/settings_oauth2.tpl7
2 files changed, 30 insertions, 7 deletions
diff --git a/Zotlabs/Module/Settings/Oauth2.php b/Zotlabs/Module/Settings/Oauth2.php
index 52da20598..91abd1de3 100644
--- a/Zotlabs/Module/Settings/Oauth2.php
+++ b/Zotlabs/Module/Settings/Oauth2.php
@@ -10,10 +10,19 @@ class Oauth2 {
if(x($_POST,'remove')){
check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
-
+ $name = ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
+ logger("REMOVE! ".$name." uid: ".local_channel());
$key = $_POST['remove'];
- q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
- dbesc($key),
+ q("DELETE FROM oauth_authorization_codes WHERE client_id='%s' AND user_id=%d",
+ dbesc($name),
+ intval(local_channel())
+ );
+ q("DELETE FROM oauth_access_tokens WHERE client_id='%s' AND user_id=%d",
+ dbesc($name),
+ intval(local_channel())
+ );
+ q("DELETE FROM oauth_refresh_tokens WHERE client_id='%s' AND user_id=%d",
+ dbesc($name),
intval(local_channel())
);
goaway(z_root()."/settings/oauth2/");
@@ -129,6 +138,18 @@ class Oauth2 {
dbesc(argv(3)),
intval(local_channel())
);
+ $r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d",
+ dbesc(argv(3)),
+ intval(local_channel())
+ );
+ $r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d",
+ dbesc(argv(3)),
+ intval(local_channel())
+ );
+ $r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d",
+ dbesc(argv(3)),
+ intval(local_channel())
+ );
goaway(z_root()."/settings/oauth2/");
return;
}
@@ -136,7 +157,8 @@ class Oauth2 {
$r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my
FROM oauth_clients
- LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id
+ LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND
+ oauth_clients.user_id=oauth_access_tokens.user_id
WHERE oauth_clients.user_id IN (%d,0)",
intval(local_channel()),
intval(local_channel())
diff --git a/view/tpl/settings_oauth2.tpl b/view/tpl/settings_oauth2.tpl
index 882d34ea9..f3bf59a12 100755
--- a/view/tpl/settings_oauth2.tpl
+++ b/view/tpl/settings_oauth2.tpl
@@ -4,8 +4,6 @@
</div>
<div class="section-content-tools-wrapper">
-<form action="settings/oauth2" method="post" autocomplete="off">
-<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
<div id="profile-edit-links">
<ul>
@@ -16,6 +14,9 @@
</div>
{{foreach $apps as $app}}
+<form action="settings/oauth2" method="post" autocomplete="off">
+<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+<input type='hidden' name='name' value='{{$app.client_id}}'>
<div class='oauthapp'>
{{if $app.client_id}}<h4>{{$app.client_id}}</h4>{{else}}<h4>{{$noname}}</h4>{{/if}}
{{if $app.my}}
@@ -28,8 +29,8 @@
<a href="{{$baseurl}}/settings/oauth2/delete/{{$app.client_id}}?t={{$form_security_token}}" title="{{$delete}}"><i class="fa fa-trash-o btn btn-outline-secondary"></i></a>
{{/if}}
</div>
+</form>
{{/foreach}}
-</form>
</div>
</div>