]> git.mxchange.org Git - quix0rs-gnu-social.git/blob - actions/editapplication.php
projects / quix0rs-gnu-social.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Rework application registration workflow to be more private
[quix0rs-gnu-social.git] / actions / editapplication.php
1 <?php
2 /**
3  * StatusNet, the distributed open-source microblogging tool
4  *
5  * Edit an OAuth Application
6  *
7  * PHP version 5
8  *
9  * LICENCE: This program is free software: you can redistribute it and/or modify
10  * it under the terms of the GNU Affero General Public License as published by
11  * the Free Software Foundation, either version 3 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU Affero General Public License for more details.
18  *
19  * You should have received a copy of the GNU Affero General Public License
20  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
21  *
22  * @category  Applications
23  * @package   StatusNet
24  * @author    Zach Copley <zach@status.net>
25  * @copyright 2008-2009 StatusNet, Inc.
26  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
27  * @link      http://status.net/
28  */
29
30 if (!defined('STATUSNET') && !defined('LACONICA')) {
31     exit(1);
32 }
33
34 /**
35  * Edit the details of an OAuth application
36  *
37  * This is the form for editing an application
38  *
39  * @category Application
40  * @package  StatusNet
41  * @author   Zach Copley <zach@status.net>
42  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
43  * @link     http://status.net/
44  */
45
46 class EditApplicationAction extends OwnerDesignAction
47 {
48     var $msg = null;
49
50     var $app = null;
51
52     function title()
53     {
54         return _('Edit Application');
55     }
56
57     /**
58      * Prepare to run
59      */
60
61     function prepare($args)
62     {
63         parent::prepare($args);
64
65         if (!common_logged_in()) {
66             $this->clientError(_('You must be logged in to edit an application.'));
67             return false;
68         }
69
70         $id = (int)$this->arg('id');
71         $this->app = Oauth_application::staticGet($id);
72
73         if (!$this->app) {
74             $this->clientError(_('No such application.'));
75             return false;
76         }
77
78         return true;
79     }
80
81     /**
82      * Handle the request
83      *
84      * On GET, show the form. On POST, try to save the app.
85      *
86      * @param array $args unused
87      *
88      * @return void
89      */
90
91     function handle($args)
92     {
93         parent::handle($args);
94
95         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
96             $this->handlePost($args);
97         } else {
98             $this->showForm();
99         }
100     }
101
102     function handlePost($args)
103     {
104         // Workaround for PHP returning empty $_POST and $_FILES when POST
105         // length > post_max_size in php.ini
106
107         if (empty($_FILES)
108             && empty($_POST)
109             && ($_SERVER['CONTENT_LENGTH'] > 0)
110             ) {
111             $msg = _('The server was unable to handle that much POST ' .
112                      'data (%s bytes) due to its current configuration.');
113             $this->clientException(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
114             return;
115         }
116
117         // CSRF protection
118         $token = $this->trimmed('token');
119         if (!$token || $token != common_session_token()) {
120             $this->clientError(_('There was a problem with your session token.'));
121             return;
122         }
123
124         $cur = common_current_user();
125
126         if ($this->arg('cancel')) {
127             common_redirect(common_local_url('showapplication',
128                                              array('id' => $this->app->id)), 303);
129         } elseif ($this->arg('save')) {
130             $this->trySave();
131         } else {
132             $this->clientError(_('Unexpected form submission.'));
133         }
134     }
135
136     function showForm($msg=null)
137     {
138         $this->msg = $msg;
139         $this->showPage();
140     }
141
142     function showContent()
143     {
144         $form = new ApplicationEditForm($this, $this->app);
145         $form->show();
146     }
147
148     function showPageNotice()
149     {
150         if (!empty($this->msg)) {
151             $this->element('p', 'error', $this->msg);
152         } else {
153             $this->element('p', 'instructions',
154                            _('Use this form to edit your application.'));
155         }
156     }
157
158     function trySave()
159     {
160         $name         = $this->trimmed('name');
161         $description  = $this->trimmed('description');
162         $source_url   = $this->trimmed('source_url');
163         $organization = $this->trimmed('organization');
164         $homepage     = $this->trimmed('homepage');
165         $callback_url = $this->trimmed('callback_url');
166         $type         = $this->arg('app_type');
167         $access_type  = $this->arg('default_access_type');
168
169         if (empty($name)) {
170             $this->showForm(_('Name is required.'));
171             return;
172         } elseif (mb_strlen($name) > 255) {
173             $this->showForm(_('Name is too long (max 255 chars).'));
174             return;
175         } elseif (empty($description)) {
176             $this->showForm(_('Description is required.'));
177             return;
178         } elseif (Oauth_application::descriptionTooLong($description)) {
179             $this->showForm(sprintf(
180                 _('Description is too long (max %d chars).'),
181                                     Oauth_application::maxDescription()));
182             return;
183         } elseif (mb_strlen($source_url) > 255) {
184             $this->showForm(_('Source URL is too long.'));
185             return;
186         } elseif ((mb_strlen($source_url) > 0)
187                   && !Validate::uri($source_url,
188                                     array('allowed_schemes' => array('http', 'https'))))
189             {
190                 $this->showForm(_('Source URL is not valid.'));
191                 return;
192         } elseif (empty($organization)) {
193             $this->showForm(_('Organization is required.'));
194             return;
195         } elseif (mb_strlen($organization) > 255) {
196             $this->showForm(_('Organization is too long (max 255 chars).'));
197             return;
198         } elseif (empty($homepage)) {
199             $this->showForm(_('Organization homepage is required.'));
200             return;
201         } elseif ((mb_strlen($homepage) > 0)
202                   && !Validate::uri($homepage,
203                                     array('allowed_schemes' => array('http', 'https'))))
204             {
205                 $this->showForm(_('Homepage is not a valid URL.'));
206                 return;
207             } elseif (mb_strlen($callback_url) > 255) {
208                 $this->showForm(_('Callback is too long.'));
209                 return;
210             } elseif (mb_strlen($callback_url) > 0
211                       && !Validate::uri($source_url,
212                                         array('allowed_schemes' => array('http', 'https'))
213                                         ))
214                 {
215                     $this->showForm(_('Callback URL is not valid.'));
216                     return;
217                 }
218
219         $cur = common_current_user();
220
221         // Checked in prepare() above
222
223         assert(!is_null($cur));
224         assert(!is_null($this->app));
225
226         $orig = clone($this->app);
227
228         $this->app->name         = $name;
229         $this->app->description  = $description;
230         $this->app->source_url   = $source_url;
231         $this->app->organization = $organization;
232         $this->app->homepage     = $homepage;
233         $this->app->callback_url = $callback_url;
234         $this->app->type         = $type;
235
236         common_debug("access_type = $access_type");
237
238         if ($access_type == 'r') {
239             $this->app->access_type = 1;
240         } else {
241             $this->app->access_type = 3;
242         }
243
244         $result = $this->app->update($orig);
245
246         if (!$result) {
247             common_log_db_error($this->app, 'UPDATE', __FILE__);
248             $this->serverError(_('Could not update application.'));
249         }
250
251         $this->app->uploadLogo();
252
253         common_redirect(common_local_url('oauthappssettings'), 303);
254     }
255
256 }
257
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)