- $callback = $req->get_parameter('oauth_callback');
-
- if ($this->arg('accept')) {
- if (!$this->authorizeToken($req)) {
- $this->clientError(_('Error authorizing token'));
- }
- if (!$this->saveRemoteProfile($req)) {
- $this->clientError(_('Error saving remote profile'));
- }
- if (!$callback) {
- $this->showAcceptMessage($req->get_parameter('oauth_token'));
- } else {
- $params = array();
- $params['oauth_token'] = $req->get_parameter('oauth_token');
- $params['omb_version'] = OMB_VERSION_01;
- $user = User::staticGet('uri', $req->get_parameter('omb_listener'));
- $profile = $user->getProfile();
- if (!$profile) {
- common_log_db_error($user, 'SELECT', __FILE__);
- $this->serverError(_('User without matching profile'));
- return;
- }
- $params['omb_listener_nickname'] = $user->nickname;
- $params['omb_listener_profile'] = common_local_url('showstream',
- array('nickname' => $user->nickname));
- if ($profile->fullname) {
- $params['omb_listener_fullname'] = $profile->fullname;
- }
- if ($profile->homepage) {
- $params['omb_listener_homepage'] = $profile->homepage;
- }
- if ($profile->bio) {
- $params['omb_listener_bio'] = $profile->bio;
- }
- if ($profile->location) {
- $params['omb_listener_location'] = $profile->location;
- }
- $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE);
- if ($avatar) {
- $params['omb_listener_avatar'] = $avatar->url;
- }
- $parts = array();
- foreach ($params as $k => $v) {
- $parts[] = $k . '=' . OAuthUtil::urlencodeRFC3986($v);
- }
- $query_string = implode('&', $parts);
- $parsed = parse_url($callback);
- $url = $callback . (($parsed['query']) ? '&' : '?') . $query_string;
- common_redirect($url, 303);
- }
- } else {
- if (!$callback) {
- $this->showRejectMessage();
- } else {
- # XXX: not 100% sure how to signal failure... just redirect without token?
- common_redirect($callback, 303);
- }
- }
- }
-
- function authorizeToken(&$req)
- {
- $consumer_key = $req->get_parameter('oauth_consumer_key');
- $token_field = $req->get_parameter('oauth_token');
- $rt = new Token();
- $rt->consumer_key = $consumer_key;
- $rt->tok = $token_field;
- $rt->type = 0;
- $rt->state = 0;
- if ($rt->find(true)) {
- $orig_rt = clone($rt);
- $rt->state = 1; # Authorized but not used
- if ($rt->update($orig_rt)) {
- return true;
- }
- }
- return false;
- }
-
- # XXX: refactor with similar code in finishremotesubscribe.php
-
- function saveRemoteProfile(&$req)
- {
- # FIXME: we should really do this when the consumer comes
- # back for an access token. If they never do, we've got stuff in a
- # weird state.
-
- $nickname = $req->get_parameter('omb_listenee_nickname');
- $fullname = $req->get_parameter('omb_listenee_fullname');
- $profile_url = $req->get_parameter('omb_listenee_profile');
- $homepage = $req->get_parameter('omb_listenee_homepage');
- $bio = $req->get_parameter('omb_listenee_bio');
- $location = $req->get_parameter('omb_listenee_location');
- $avatar_url = $req->get_parameter('omb_listenee_avatar');
-
- $listenee = $req->get_parameter('omb_listenee');
- $remote = Remote_profile::staticGet('uri', $listenee);
-
- if ($remote) {
- $exists = true;
- $profile = Profile::staticGet($remote->id);
- $orig_remote = clone($remote);
- $orig_profile = clone($profile);
- } else {
- $exists = false;
- $remote = new Remote_profile();
- $remote->uri = $listenee;
- $profile = new Profile();
- }
-
- $profile->nickname = $nickname;
- $profile->profileurl = $profile_url;
-
- if ($fullname) {
- $profile->fullname = $fullname;
- }
- if ($homepage) {
- $profile->homepage = $homepage;
- }
- if ($bio) {
- $profile->bio = $bio;
- }
- if ($location) {
- $profile->location = $location;