From ff7fc68382bf1359adc31bd65bb6786b7f63e31a Mon Sep 17 00:00:00 2001
From: Fabio Comuni <fabrix.xm@gmail.com>
Date: Wed, 26 Oct 2011 17:15:36 +0200
Subject: oauthapi: authorize app

---
 mod/api.php | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)

(limited to 'mod/api.php')

diff --git a/mod/api.php b/mod/api.php
index fa5e43de9..bc5de0340 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -2,7 +2,101 @@
 
 require_once('include/api.php');
 
+function oauth_get_client(){
+	// get consumer/client from request token
+	try {
+		$request = OAuthRequest::from_request();
+	} catch(Exception $e) {
+		echo "<pre>"; var_dump($e); killme();
+	}
+	
+	$params = $request->get_parameters();
+	$token = $params['oauth_token'];
+	
+	$r = q("SELECT `clients`.* 
+			FROM `clients`, `tokens` 
+			WHERE `clients`.`client_id`=`tokens`.`client_id` 
+			AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'",
+			dbesc($token));
+
+	if (!count($r))
+		return null;
+	
+	return $r[0];
+}
+
+function api_post(&$a) {
+
+	if(! local_user()) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+	if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != local_user()) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+}
+
 function api_content(&$a) {
+	if ($a->cmd=='api/oauth/authorize'){
+		/* 
+		 * api/oauth/authorize interact with the user. return a standard page
+		 */
+		
+		
+		if (x($_POST,'oauth_yes')){
+		
+		
+			$app = oauth_get_client();
+			if (is_null($app)) return "Invalid request. Unknown token.";
+			$consumer = new OAuthConsumer($app['key'], $app['secret']);
+			
+			// Rev A change
+			$request = OAuthRequest::from_request();
+			$callback = $request->get_parameter('oauth_callback');
+			$datastore = new FKOAuthDataStore();
+			$new_token = $datastore->new_request_token($consumer, $callback);
+			
+			$tpl = get_markup_template("oauth_authorize_done.tpl");
+			$o = replace_macros($tpl, array(
+				'$title' => t('Authorize application connection'),
+				'$info' => t('Return to your app and insert this Securty Code:'),
+				'$code' => $new_token->key,
+			));
+		
+			return $o;
+		
+		
+		}
+	
+		
+		
+		if(! local_user()) {
+			//TODO: we need login form to redirect to this page
+			notice( t('Please login to continue.') . EOL );
+			return login(false);
+		}
+		
+		$app = oauth_get_client();
+		if (is_null($app)) return "Invalid request. Unknown token.";
+		
+		
+		$tpl = get_markup_template('oauth_authorize.tpl');
+		$o = replace_macros($tpl, array(
+			'$title' => t('Authorize application connection'),
+			'$app' => $app,
+			'$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
+			'$yes'	=> t('Yes'),
+			'$no'	=> t('No'),
+		));
+		
+		//echo "<pre>"; var_dump($app); killme();
+		
+		return $o;
+	}
+	
 	echo api_call($a);
 	killme();
 }
-- 
cgit v1.2.3


From 69e41f7703bff03dc88e7181961a717ae41330c4 Mon Sep 17 00:00:00 2001
From: Fabio Comuni <fabrix.xm@gmail.com>
Date: Wed, 2 Nov 2011 09:54:07 +0100
Subject: oauth: authorize view, wrong verifier.

---
 mod/api.php | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'mod/api.php')

diff --git a/mod/api.php b/mod/api.php
index bc5de0340..5903caee6 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -52,18 +52,15 @@ function api_content(&$a) {
 			$app = oauth_get_client();
 			if (is_null($app)) return "Invalid request. Unknown token.";
 			$consumer = new OAuthConsumer($app['key'], $app['secret']);
-			
-			// Rev A change
-			$request = OAuthRequest::from_request();
-			$callback = $request->get_parameter('oauth_callback');
-			$datastore = new FKOAuthDataStore();
-			$new_token = $datastore->new_request_token($consumer, $callback);
+
+			$verifier = md5($app['secret'].local_user());
+			set_pconfig(local_user(), "oauth", "verifier", $verifier);
 			
 			$tpl = get_markup_template("oauth_authorize_done.tpl");
 			$o = replace_macros($tpl, array(
 				'$title' => t('Authorize application connection'),
 				'$info' => t('Return to your app and insert this Securty Code:'),
-				'$code' => $new_token->key,
+				'$code' => $verifier,
 			));
 		
 			return $o;
-- 
cgit v1.2.3


From 10e5754e247e9adf7c576547c69d12ca09973c7a Mon Sep 17 00:00:00 2001
From: Fabio Comuni <fabrix.xm@gmail.com>
Date: Mon, 7 Nov 2011 17:36:41 +0100
Subject: oauth: authorize

---
 mod/api.php | 45 +++++++++++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 14 deletions(-)

(limited to 'mod/api.php')

diff --git a/mod/api.php b/mod/api.php
index 5903caee6..ad75e6620 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -2,13 +2,8 @@
 
 require_once('include/api.php');
 
-function oauth_get_client(){
-	// get consumer/client from request token
-	try {
-		$request = OAuthRequest::from_request();
-	} catch(Exception $e) {
-		echo "<pre>"; var_dump($e); killme();
-	}
+function oauth_get_client($request){
+
 	
 	$params = $request->get_parameters();
 	$token = $params['oauth_token'];
@@ -45,16 +40,36 @@ function api_content(&$a) {
 		 * api/oauth/authorize interact with the user. return a standard page
 		 */
 		
+		$a->page['template'] = "minimal";
 		
-		if (x($_POST,'oauth_yes')){
 		
+		// get consumer/client from request token
+		try {
+			$request = OAuthRequest::from_request();
+		} catch(Exception $e) {
+			echo "<pre>"; var_dump($e); killme();
+		}
+		
+		
+		if (x($_POST,'oauth_yes')){
 		
-			$app = oauth_get_client();
+			$app = oauth_get_client($request);
 			if (is_null($app)) return "Invalid request. Unknown token.";
-			$consumer = new OAuthConsumer($app['key'], $app['secret']);
+			$consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
 
 			$verifier = md5($app['secret'].local_user());
-			set_pconfig(local_user(), "oauth", "verifier", $verifier);
+			set_config("oauth", $verifier, local_user());
+			
+			
+			if ($consumer->callback_url!=null) {
+				$params = $request->get_parameters();
+				$glue="?";
+				if (strstr($consumer->callback_url,$glue)) $glue="?";
+				goaway($consumer->callback_url.$glue."oauth_token=".OAuthUtil::urlencode_rfc3986($params['oauth_token'])."&oauth_verifier=".OAuthUtil::urlencode_rfc3986($verifier));
+				killme();
+			}
+			
+			
 			
 			$tpl = get_markup_template("oauth_authorize_done.tpl");
 			$o = replace_macros($tpl, array(
@@ -67,19 +82,21 @@ function api_content(&$a) {
 		
 		
 		}
-	
 		
 		
 		if(! local_user()) {
 			//TODO: we need login form to redirect to this page
 			notice( t('Please login to continue.') . EOL );
-			return login(false);
+			return login(false,$request->get_parameters());
 		}
+		//FKOAuth1::loginUser(4);
 		
-		$app = oauth_get_client();
+		$app = oauth_get_client($request);
 		if (is_null($app)) return "Invalid request. Unknown token.";
 		
 		
+
+		
 		$tpl = get_markup_template('oauth_authorize.tpl');
 		$o = replace_macros($tpl, array(
 			'$title' => t('Authorize application connection'),
-- 
cgit v1.2.3