aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-09-16 21:35:52 -0700
committerfriendica <info@friendica.com>2013-09-16 21:35:52 -0700
commit9bff739d9624d3a4ba1fb488673ec1a18bc6d395 (patch)
treed294230d4d3d41c96b1d550ab381722d0dc3eb00 /include
parent4b5d91ccb5e42bbd1d379b8963d932bbc8615634 (diff)
downloadvolse-hubzilla-9bff739d9624d3a4ba1fb488673ec1a18bc6d395.tar.gz
volse-hubzilla-9bff739d9624d3a4ba1fb488673ec1a18bc6d395.tar.bz2
volse-hubzilla-9bff739d9624d3a4ba1fb488673ec1a18bc6d395.zip
several oauth fixes - shred doesn't completely work yet, but it also doesn't completely NOT work, so at least there's some improvement
Diffstat (limited to 'include')
-rw-r--r--include/api.php11
-rw-r--r--include/oauth.php67
2 files changed, 46 insertions, 32 deletions
diff --git a/include/api.php b/include/api.php
index a49258d18..d76d82626 100644
--- a/include/api.php
+++ b/include/api.php
@@ -1823,9 +1823,13 @@ require_once('include/photos.php');
function api_oauth_request_token(&$a, $type){
try{
$oauth = new FKOAuth1();
- $r = $oauth->fetch_request_token(OAuthRequest::from_request());
+ $req = OAuthRequest::from_request();
+logger('Req: ' . var_export($req,true));
+ $r = $oauth->fetch_request_token($req);
}catch(Exception $e){
- echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
+ logger('oauth_exception: ' . print_r($e->getMessage(),true));
+ echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage());
+ killme();
}
echo $r;
killme();
@@ -1833,7 +1837,8 @@ require_once('include/photos.php');
function api_oauth_access_token(&$a, $type){
try{
$oauth = new FKOAuth1();
- $r = $oauth->fetch_access_token(OAuthRequest::from_request());
+ $req = OAuthRequest::from_request();
+ $r = $oauth->fetch_access_token($req);
}catch(Exception $e){
echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
}
diff --git a/include/oauth.php b/include/oauth.php
index 6ec5285e4..b10802ecd 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -18,11 +18,12 @@ class FKOAuthDataStore extends OAuthDataStore {
function lookup_consumer($consumer_key) {
logger(__function__.":".$consumer_key);
- //echo "<pre>"; var_dump($consumer_key); killme();
-
+// echo "<pre>"; var_dump($consumer_key); killme();
+
$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
dbesc($consumer_key)
);
+
if (count($r))
return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
return null;
@@ -30,11 +31,13 @@ class FKOAuthDataStore extends OAuthDataStore {
function lookup_token($consumer, $token_type, $token) {
logger(__function__.":".$consumer.", ". $token_type.", ".$token);
+
$r = q("SELECT id, secret,scope, expires, uid FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
dbesc($consumer->key),
dbesc($token_type),
dbesc($token)
);
+
if (count($r)){
$ot=new OAuthToken($r[0]['id'],$r[0]['secret']);
$ot->scope=$r[0]['scope'];
@@ -46,12 +49,14 @@ class FKOAuthDataStore extends OAuthDataStore {
}
function lookup_nonce($consumer, $token, $nonce, $timestamp) {
- //echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
+// echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
+
$r = q("SELECT id, secret FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
dbesc($consumer->key),
dbesc($nonce),
intval($timestamp)
);
+
if (count($r))
return new OAuthToken($r[0]['id'],$r[0]['secret']);
return null;
@@ -67,13 +72,14 @@ class FKOAuthDataStore extends OAuthDataStore {
} else {
$k = $consumer;
}
-
+
$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
dbesc($key),
dbesc($sec),
dbesc($k),
'request',
intval(REQUEST_TOKEN_DURATION));
+
if (!$r) return null;
return new OAuthToken($key,$sec);
}
@@ -95,6 +101,7 @@ class FKOAuthDataStore extends OAuthDataStore {
$key = $this->gen_token();
$sec = $this->gen_token();
+
$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d, %d)",
dbesc($key),
dbesc($sec),
@@ -102,6 +109,7 @@ class FKOAuthDataStore extends OAuthDataStore {
'access',
intval(ACCESS_TOKEN_DURATION),
intval($uverifier));
+
if ($r)
$ret = new OAuthToken($key,$sec);
}
@@ -131,9 +139,9 @@ class FKOAuth1 extends OAuthServer {
}
function loginUser($uid){
- logger("FKOAuth1::loginUser $uid");
+ logger("RedOAuth1::loginUser $uid");
$a = get_app();
- $r = q("SELECT * FROM `user` WHERE uid=%d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
+ $r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1",
intval($uid)
);
if(count($r)){
@@ -143,35 +151,36 @@ class FKOAuth1 extends OAuthServer {
header('HTTP/1.0 401 Unauthorized');
die('This api requires login');
}
- $_SESSION['uid'] = $record['uid'];
- $_SESSION['theme'] = $record['theme'];
- $_SESSION['mobile_theme'] = get_pconfig($record['uid'], 'system', 'mobile_theme');
+ $_SESSION['uid'] = $record['channel_id'];
+ $_SESSION['theme'] = $record['channel_theme'];
+ $_SESSION['account_id'] = $record['channel_account_id'];
+ $_SESSION['mobile_theme'] = get_pconfig($record['channel_id'], 'system', 'mobile_theme');
$_SESSION['authenticated'] = 1;
- $_SESSION['page_flags'] = $record['page-flags'];
- $_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $record['nickname'];
+// $_SESSION['page_flags'] = $record['page-flags'];
+ $_SESSION['my_url'] = $a->get_baseurl() . '/channel/' . $record['channel_address'];
$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
+ $_SESSION['allow_api'] = true;
- //notice( t("Welcome back ") . $record['username'] . EOL);
- $a->user = $record;
+ $a->channel = $record;
- if(strlen($a->user['timezone'])) {
- date_default_timezone_set($a->user['timezone']);
- $a->timezone = $a->user['timezone'];
+ if(strlen($a->channel['channel_timezone'])) {
+ date_default_timezone_set($a->channel['channel_timezone']);
+// $a->timezone = $a->user['timezone'];
}
- $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
- intval($_SESSION['uid']));
- if(count($r)) {
- $a->contact = $r[0];
- $a->cid = $r[0]['id'];
- $_SESSION['cid'] = $a->cid;
- }
- q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
- dbesc(datetime_convert()),
- intval($_SESSION['uid'])
- );
-
- call_hooks('logged_in', $a->user);
+// $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
+// intval($_SESSION['uid']));
+// if(count($r)) {
+// $a->contact = $r[0];
+// $a->cid = $r[0]['id'];
+// $_SESSION['cid'] = $a->cid;
+// }
+// q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
+// dbesc(datetime_convert()),
+// intval($_SESSION['uid'])
+// );
+//
+// call_hooks('logged_in', $a->user);
}
}