diff options
| -rw-r--r-- | Zotlabs/Module/Settings/Oauth2.php | 30 | ||||
| -rwxr-xr-x | view/tpl/settings_oauth2.tpl | 7 |
2 files changed, 30 insertions, 7 deletions
diff --git a/Zotlabs/Module/Settings/Oauth2.php b/Zotlabs/Module/Settings/Oauth2.php index 52da20598..91abd1de3 100644 --- a/Zotlabs/Module/Settings/Oauth2.php +++ b/Zotlabs/Module/Settings/Oauth2.php @@ -10,10 +10,19 @@ class Oauth2 { if(x($_POST,'remove')){ check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2'); - + $name = ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : ''); + logger("REMOVE! ".$name." uid: ".local_channel()); $key = $_POST['remove']; - q("DELETE FROM tokens WHERE id='%s' AND uid=%d", - dbesc($key), + q("DELETE FROM oauth_authorization_codes WHERE client_id='%s' AND user_id=%d", + dbesc($name), + intval(local_channel()) + ); + q("DELETE FROM oauth_access_tokens WHERE client_id='%s' AND user_id=%d", + dbesc($name), + intval(local_channel()) + ); + q("DELETE FROM oauth_refresh_tokens WHERE client_id='%s' AND user_id=%d", + dbesc($name), intval(local_channel()) ); goaway(z_root()."/settings/oauth2/"); @@ -129,6 +138,18 @@ class Oauth2 { dbesc(argv(3)), intval(local_channel()) ); + $r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(3)), + intval(local_channel()) + ); + $r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(3)), + intval(local_channel()) + ); + $r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d", + dbesc(argv(3)), + intval(local_channel()) + ); goaway(z_root()."/settings/oauth2/"); return; } @@ -136,7 +157,8 @@ class Oauth2 { $r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my FROM oauth_clients - LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id + LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND + oauth_clients.user_id=oauth_access_tokens.user_id WHERE oauth_clients.user_id IN (%d,0)", intval(local_channel()), intval(local_channel()) diff --git a/view/tpl/settings_oauth2.tpl b/view/tpl/settings_oauth2.tpl index 882d34ea9..f3bf59a12 100755 --- a/view/tpl/settings_oauth2.tpl +++ b/view/tpl/settings_oauth2.tpl @@ -4,8 +4,6 @@ </div> <div class="section-content-tools-wrapper"> -<form action="settings/oauth2" method="post" autocomplete="off"> -<input type='hidden' name='form_security_token' value='{{$form_security_token}}'> <div id="profile-edit-links"> <ul> @@ -16,6 +14,9 @@ </div> {{foreach $apps as $app}} +<form action="settings/oauth2" method="post" autocomplete="off"> +<input type='hidden' name='form_security_token' value='{{$form_security_token}}'> +<input type='hidden' name='name' value='{{$app.client_id}}'> <div class='oauthapp'> {{if $app.client_id}}<h4>{{$app.client_id}}</h4>{{else}}<h4>{{$noname}}</h4>{{/if}} {{if $app.my}} @@ -28,8 +29,8 @@ <a href="{{$baseurl}}/settings/oauth2/delete/{{$app.client_id}}?t={{$form_security_token}}" title="{{$delete}}"><i class="fa fa-trash-o btn btn-outline-secondary"></i></a> {{/if}} </div> +</form> {{/foreach}} -</form> </div> </div> |