aboutsummaryrefslogtreecommitdiffstats
path: root/include/oauth.php
diff options
context:
space:
mode:
authorredmatrix <redmatrix@redmatrix.me>2015-05-17 18:14:50 -0700
committerredmatrix <redmatrix@redmatrix.me>2015-05-17 18:14:50 -0700
commit3b859aa9ef01d065b40943f5a5701f35217b89f3 (patch)
tree9984a46308a7e3d1979a34686edbac44540fa24d /include/oauth.php
parenta7071b17c0978bf8a68574a178c67a275277177c (diff)
downloadvolse-hubzilla-3b859aa9ef01d065b40943f5a5701f35217b89f3.tar.gz
volse-hubzilla-3b859aa9ef01d065b40943f5a5701f35217b89f3.tar.bz2
volse-hubzilla-3b859aa9ef01d065b40943f5a5701f35217b89f3.zip
Implement permission checking for OAuth clients using the xperm table. Currently 'all' permissions are applied to OAuth clients which gives them the same rights as the channel owner and full access to API functions as the channel owner. However, individual permissions can now be created. These mirror the permission names from the normal permission table (although it isn't required that they do so). Lack of an xp_perm entry for the specified permission and lack of an 'all' override indicates permission denied.
Diffstat (limited to 'include/oauth.php')
-rw-r--r--include/oauth.php11
1 files changed, 7 insertions, 4 deletions
diff --git a/include/oauth.php b/include/oauth.php
index 8eb8a83d8..ec754db95 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -20,19 +20,21 @@ class FKOAuthDataStore extends OAuthDataStore {
logger(__function__.":".$consumer_key);
// echo "<pre>"; var_dump($consumer_key); killme();
- $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
+ $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id = '%s'",
dbesc($consumer_key)
);
- if (count($r))
+ if($r) {
+ get_app()->set_oauth_key($consumer_key);
return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
+ }
return null;
}
function lookup_token($consumer, $token_type, $token) {
logger(__function__.":".$consumer.", ". $token_type.", ".$token);
- $r = q("SELECT id, secret,scope, expires, uid FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
+ $r = q("SELECT id, secret, scope, expires, uid FROM tokens WHERE client_id = '%s' AND scope = '%s' AND id = '%s'",
dbesc($consumer->key),
dbesc($token_type),
dbesc($token)
@@ -51,7 +53,7 @@ class FKOAuthDataStore extends OAuthDataStore {
function lookup_nonce($consumer, $token, $nonce, $timestamp) {
// echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
- $r = q("SELECT id, secret FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
+ $r = q("SELECT id, secret FROM tokens WHERE client_id = '%s' AND id = '%s' AND expires = %d",
dbesc($consumer->key),
dbesc($nonce),
intval($timestamp)
@@ -132,6 +134,7 @@ class FKOAuthDataStore extends OAuthDataStore {
}
class FKOAuth1 extends OAuthServer {
+
function __construct() {
parent::__construct(new FKOAuthDataStore());
$this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());