3 * Handler for remote subscription finish callback
9 * @author Evan Prodromou <evan@status.net>
10 * @author Robin Millette <millette@status.net>
11 * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
12 * @link http://status.net/
14 * StatusNet - the distributed open-source microblogging tool
15 * Copyright (C) 2008, 2009, StatusNet, Inc.
17 * This program is free software: you can redistribute it and/or modify
18 * it under the terms of the GNU Affero General Public License as published by
19 * the Free Software Foundation, either version 3 of the License, or
20 * (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU Affero General Public License for more details.
27 * You should have received a copy of the GNU Affero General Public License
28 * along with this program. If not, see <http://www.gnu.org/licenses/>.
31 if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
33 require_once INSTALLDIR.'/extlib/libomb/service_consumer.php';
34 require_once INSTALLDIR.'/lib/omb.php';
37 * Handler for remote subscription finish callback
39 * When a remote user subscribes a local user, a redirect to this action is
40 * issued after the remote user authorized his service to subscribe.
44 * @author Evan Prodromou <evan@controlyourself.ca>
45 * @author Robin Millette <millette@controlyourself.ca>
46 * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
47 * @link http://laconi.ca/
49 class FinishremotesubscribeAction extends Action
55 * @param array $args query arguments
60 function handle($args)
62 parent::handle($args);
64 /* Restore session data. RemotesubscribeAction should have stored
66 $service = unserialize($_SESSION['oauth_authorization_request']);
69 $this->clientError(_('Not expecting this response!'));
73 common_debug('stored request: '. print_r($service, true), __FILE__);
75 /* Create user objects for both users. Do it early for request
77 $user = User::staticGet('uri', $service->getListeneeURI());
80 $this->clientError(_('User being listened to does not exist.'));
84 $other = User::staticGet('uri', $service->getListenerURI());
87 $this->clientError(_('You can use the local subscription!'));
91 $remote = Remote_profile::staticGet('uri', $service->getListenerURI());
93 $profile = Profile::staticGet($remote->id);
95 if ($user->hasBlocked($profile)) {
96 $this->clientError(_('That user has blocked you from subscribing.'));
100 /* Perform the handling itself via libomb. */
102 $service->finishAuthorization();
103 } catch (OAuthException $e) {
104 if ($e->getMessage() == 'The authorized token does not equal the ' .
105 'submitted token.') {
106 $this->clientError(_('You are not authorized.'));
109 $this->clientError(_('Could not convert request token to ' .
113 } catch (OMB_RemoteServiceException $e) {
114 $this->clientError(_('Remote service uses unknown version of ' .
117 } catch (Exception $e) {
118 common_debug('Got exception ' . print_r($e, true), __FILE__);
119 $this->clientError($e->getMessage());
123 /* The service URLs are not accessible from datastore, so setting them
124 after insertion of the profile. */
125 $orig_remote = clone($remote);
127 $remote->postnoticeurl =
128 $service->getServiceURI(OMB_ENDPOINT_POSTNOTICE);
129 $remote->updateprofileurl =
130 $service->getServiceURI(OMB_ENDPOINT_UPDATEPROFILE);
132 if (!$remote->update($orig_remote)) {
133 $this->serverError(_('Error updating remote profile'));
137 /* Clear the session data. */
138 unset($_SESSION['oauth_authorization_request']);
140 /* If we show subscriptions in reverse chronological order, the new one
141 should show up close to the top of the page. */
142 common_redirect(common_local_url('subscribers', array('nickname' =>
147 function add_avatar($profile, $url)
149 $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar');
150 copy($url, $temp_filename);
151 $imagefile = new ImageFile($profile->id, $temp_filename);
152 $filename = Avatar::filename($profile->id,
153 image_type_to_extension($imagefile->type),
156 rename($temp_filename, Avatar::path($filename));
157 return $profile->setOriginal($filename);
160 function access_token($omb)
163 common_debug('starting request for access token', __FILE__);
165 $con = omb_oauth_consumer();
166 $tok = new OAuthToken($omb['token'], $omb['secret']);
168 common_debug('using request token "'.$tok.'"', __FILE__);
170 $url = $omb['access_token_url'];
172 common_debug('using access token url "'.$url.'"', __FILE__);
174 # XXX: Is this the right thing to do? Strip off GET params and make them
175 # POST params? Seems wrong to me.
177 $parsed = parse_url($url);
179 parse_str($parsed['query'], $params);
181 $req = OAuthRequest::from_consumer_and_token($con, $tok, "POST", $url, $params);
183 $req->set_parameter('omb_version', OMB_VERSION_01);
185 # XXX: test to see if endpoint accepts this signature method
187 $req->sign_request(omb_hmac_sha1(), $con, $tok);
189 # We re-use this tool's fetcher, since it's pretty good
191 common_debug('posting to access token url "'.$req->get_normalized_http_url().'"', __FILE__);
192 common_debug('posting request data "'.$req->to_postdata().'"', __FILE__);
194 $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
195 $result = $fetcher->post($req->get_normalized_http_url(),
197 array('User-Agent: StatusNet/' . STATUSNET_VERSION));
199 common_debug('got result: "'.print_r($result,true).'"', __FILE__);
201 if ($result->status != 200) {
205 parse_str($result->body, $return);
207 return array($return['oauth_token'], $return['oauth_token_secret']);