Merge branch 'oauthapi'

author: Fabio Comuni <fabrix.xm@gmail.com> 2011-11-07 17:41:23 +0100
committer: Fabio Comuni <fabrix.xm@gmail.com> 2011-11-07 17:41:23 +0100
commit: 00c342e13d833fd215e5dc03a508e1abe660fe21 (patch)
tree: d276554274475d8a0e2d8e1e9ae34035dd64085a /mod
parent: 355026ab7a53838c8e7a7b5717626ee057e5cd4c (diff)
parent: b070666120fc6cbc0d90a0ad160274f8ecf7a027 (diff)
download: volse-hubzilla-00c342e13d833fd215e5dc03a508e1abe660fe21.tar.gz
volse-hubzilla-00c342e13d833fd215e5dc03a508e1abe660fe21.tar.bz2
volse-hubzilla-00c342e13d833fd215e5dc03a508e1abe660fe21.zip
3 files changed, 262 insertions, 2 deletions
diff --git a/mod/api.php b/mod/api.php
index fa5e43de9..ad75e6620 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -2,7 +2,115 @@
 
 require_once('include/api.php');
 
+function oauth_get_client($request){
+
+	
+	$params = $request->get_parameters();
+	$token = $params['oauth_token'];
+	
+	$r = q("SELECT `clients`.* 
+			FROM `clients`, `tokens` 
+			WHERE `clients`.`client_id`=`tokens`.`client_id` 
+			AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'",
+			dbesc($token));
+
+	if (!count($r))
+		return null;
+	
+	return $r[0];
+}
+
+function api_post(&$a) {
+
+	if(! local_user()) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+	if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != local_user()) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+}
+
 function api_content(&$a) {
+	if ($a->cmd=='api/oauth/authorize'){
+		/* 
+		 * api/oauth/authorize interact with the user. return a standard page
+		 */
+		
+		$a->page['template'] = "minimal";
+		
+		
+		// get consumer/client from request token
+		try {
+			$request = OAuthRequest::from_request();
+		} catch(Exception $e) {
+			echo "<pre>"; var_dump($e); killme();
+		}
+		
+		
+		if (x($_POST,'oauth_yes')){
+		
+			$app = oauth_get_client($request);
+			if (is_null($app)) return "Invalid request. Unknown token.";
+			$consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
+
+			$verifier = md5($app['secret'].local_user());
+			set_config("oauth", $verifier, local_user());
+			
+			
+			if ($consumer->callback_url!=null) {
+				$params = $request->get_parameters();
+				$glue="?";
+				if (strstr($consumer->callback_url,$glue)) $glue="?";
+				goaway($consumer->callback_url.$glue."oauth_token=".OAuthUtil::urlencode_rfc3986($params['oauth_token'])."&oauth_verifier=".OAuthUtil::urlencode_rfc3986($verifier));
+				killme();
+			}
+			
+			
+			
+			$tpl = get_markup_template("oauth_authorize_done.tpl");
+			$o = replace_macros($tpl, array(
+				'$title' => t('Authorize application connection'),
+				'$info' => t('Return to your app and insert this Securty Code:'),
+				'$code' => $verifier,
+			));
+		
+			return $o;
+		
+		
+		}
+		
+		
+		if(! local_user()) {
+			//TODO: we need login form to redirect to this page
+			notice( t('Please login to continue.') . EOL );
+			return login(false,$request->get_parameters());
+		}
+		//FKOAuth1::loginUser(4);
+		
+		$app = oauth_get_client($request);
+		if (is_null($app)) return "Invalid request. Unknown token.";
+		
+		
+
+		
+		$tpl = get_markup_template('oauth_authorize.tpl');
+		$o = replace_macros($tpl, array(
+			'$title' => t('Authorize application connection'),
+			'$app' => $app,
+			'$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
+			'$yes'	=> t('Yes'),
+			'$no'	=> t('No'),
+		));
+		
+		//echo "<pre>"; var_dump($app); killme();
+		
+		return $o;
+	}
+	
 	echo api_call($a);
 	killme();
 }
diff --git a/mod/notice.php b/mod/notice.php
new file mode 100644
index 000000000..9d8aeed70
--- /dev/null
+++ b/mod/notice.php
@@ -0,0 +1,20 @@
+<?php
+	/* identi.ca -> friendika items permanent-url compatibility */
+	
+	function notice_init(&$a){
+		$id = $a->argv[1];
+		$r = q("SELECT user.nickname FROM user LEFT JOIN item ON item.uid=user.uid WHERE item.id=%d",
+				intval($id)
+				);
+		if (count($r)){
+			$nick = $r[0]['nickname'];
+			$url = $a->get_baseurl()."/display/$nick/$id";
+			goaway($url);
+		} else {
+			$a->error = 404;
+			notice( t('Item not found.') . EOL);
+
+		}
+		return;
+
+	}
diff --git a/mod/settings.php b/mod/settings.php
index 522ae52de..938f6a0d5 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -47,6 +47,58 @@ function settings_post(&$a) {
 		return;
 	}
 
+	if(($a->argc > 1) && ($a->argv[1] === 'oauth') && x($_POST,'remove')){
+		$key = $_POST['remove'];
+		q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
+			dbesc($key),
+			local_user());
+		goaway($a->get_baseurl()."/settings/oauth/");
+		return;			
+	}
+
+	if(($a->argc > 2) && ($a->argv[1] === 'oauth')  && ($a->argv[2] === 'edit') && x($_POST,'submit')) {
+		
+		$name   	= ((x($_POST,'name')) ? $_POST['name'] : '');
+		$key		= ((x($_POST,'key')) ? $_POST['key'] : '');
+		$secret		= ((x($_POST,'secret')) ? $_POST['secret'] : '');
+		$redirect	= ((x($_POST,'redirect')) ? $_POST['redirect'] : '');
+		$icon		= ((x($_POST,'icon')) ? $_POST['icon'] : '');
+		if ($name=="" || $key=="" || $secret==""){
+			notice(t("Missing some important data!"));
+			
+		} else {
+			if ($_POST['submit']==t("Update")){
+				$r = q("UPDATE clients SET
+							client_id='%s',
+							pw='%s',
+							name='%s',
+							redirect_uri='%s',
+							icon='%s',
+							uid=%d
+						WHERE client_id='%s'",
+						dbesc($key),
+						dbesc($secret),
+						dbesc($name),
+						dbesc($redirect),
+						dbesc($icon),
+						local_user(),
+						dbesc($key));
+			} else {
+				$r = q("INSERT INTO clients
+							(client_id, pw, name, redirect_uri, icon, uid)
+						VALUES ('%s','%s','%s','%s','%s',%d)",
+						dbesc($key),
+						dbesc($secret),
+						dbesc($name),
+						dbesc($redirect),
+						dbesc($icon),
+						local_user());
+			}
+		}
+		goaway($a->get_baseurl()."/settings/oauth/");
+		return;
+	}
+
 	if(($a->argc > 1) && ($a->argv[1] == 'addon')) {
 		call_hooks('plugin_settings_post', $_POST);
 		return;
@@ -342,6 +394,11 @@ function settings_content(&$a) {
 			'sel'	=> (($a->argc > 1) && ($a->argv[1] === 'addon')?'active':''),
 		),
 		array(
+			'label' => t('Connections'),
+			'url' => $a->get_baseurl() . '/settings/oauth',
+			'sel' => (($a->argc > 1) && ($a->argv[1] === 'oauth')?'active':''),
+		),
+		array(
 			'label' => t('Export personal data'),
 			'url' => $a->get_baseurl() . '/uexport',
 			'sel' => ''
@@ -353,8 +410,83 @@ function settings_content(&$a) {
 		'$tabs' => $tabs,
 	));
 		
-	
-
+	if(($a->argc > 1) && ($a->argv[1] === 'oauth')) {
+		
+		if(($a->argc > 2) && ($a->argv[2] === 'add')) {
+			$tpl = get_markup_template("settings_oauth_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$tabs'		=> $tabs,
+				'$title'	=> t('Add application'),
+				'$submit'	=> t('Submit'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), '', ''),
+				'$key'		=> array('key', t('Consumer Key'), '', ''),
+				'$secret'	=> array('secret', t('Consumer Secret'), '', ''),
+				'$redirect'	=> array('redirect', t('Redirect'), '', ''),
+				'$icon'		=> array('icon', t('Icon url'), '', ''),
+			));
+			return $o;
+		}
+		
+		if(($a->argc > 3) && ($a->argv[2] === 'edit')) {
+			$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
+					dbesc($a->argv[3]),
+					local_user());
+			
+			if (!count($r)){
+				notice(t("You can't edit this application."));
+				return;
+			}
+			$app = $r[0];
+			
+			$tpl = get_markup_template("settings_oauth_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$tabs'		=> $tabs,
+				'$title'	=> t('Add application'),
+				'$submit'	=> t('Update'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), $app['name'] , ''),
+				'$key'		=> array('key', t('Consumer Key'), $app['client_id'], ''),
+				'$secret'	=> array('secret', t('Consumer Secret'), $app['pw'], ''),
+				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], ''),
+				'$icon'		=> array('icon', t('Icon url'), $app['icon'], ''),
+			));
+			return $o;
+		}
+		
+		if(($a->argc > 3) && ($a->argv[2] === 'delete')) {
+			$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
+					dbesc($a->argv[3]),
+					local_user());
+			goaway($a->get_baseurl()."/settings/oauth/");
+			return;			
+		}
+		
+		
+		$r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my 
+				FROM clients
+				LEFT JOIN tokens ON clients.client_id=tokens.client_id
+				WHERE clients.uid IN (%d,0)",
+				local_user(),
+				local_user());
+		
+		
+		$tpl = get_markup_template("settings_oauth.tpl");
+		$o .= replace_macros($tpl, array(
+			'$baseurl'	=> $a->get_baseurl(),
+			'$title'	=> t('Connected Apps'),
+			'$add'		=> t('Add application'),
+			'$edit'		=> t('Edit'),
+			'$delete'		=> t('Delete'),
+			'$consumerkey' => t('Client key starts with'),
+			'$noname'	=> t('No name'),
+			'$remove'	=> t('Remove authorization'),
+			'$tabs'		=> $tabs,
+			'$apps'		=> $r,
+		));
+		return $o;
+		
+	}
 	if(($a->argc > 1) && ($a->argv[1] === 'addon')) {
 		$settings_addons = "";
author	Fabio Comuni <fabrix.xm@gmail.com>	2011-11-07 17:41:23 +0100
committer	Fabio Comuni <fabrix.xm@gmail.com>	2011-11-07 17:41:23 +0100
commit	00c342e13d833fd215e5dc03a508e1abe660fe21 (patch)
tree	d276554274475d8a0e2d8e1e9ae34035dd64085a /mod
parent	355026ab7a53838c8e7a7b5717626ee057e5cd4c (diff)
parent	b070666120fc6cbc0d90a0ad160274f8ecf7a027 (diff)
download	volse-hubzilla-00c342e13d833fd215e5dc03a508e1abe660fe21.tar.gz volse-hubzilla-00c342e13d833fd215e5dc03a508e1abe660fe21.tar.bz2 volse-hubzilla-00c342e13d833fd215e5dc03a508e1abe660fe21.zip