* @category API
* @package StatusNet
* @author Zach Copley <zach@status.net>
- * @copyright 2010 StatusNet, Inc.
+ * @copyright 2010-2011 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
exit(1);
}
-require_once INSTALLDIR . '/lib/apioauth.php';
-require_once INSTALLDIR . '/lib/info.php';
-
/**
- * Authorize an Oputh request token
+ * Authorize an OAuth request token
*
* @category API
* @package StatusNet
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
-class ApiOauthAuthorizeAction extends Action
+class ApiOAuthAuthorizeAction extends ApiOAuthAction
{
var $oauthTokenParam;
var $reqToken;
*
* @return boolean false
*/
-
function isReadOnly($args)
{
return false;
$this->password = $this->arg('password');
$this->oauthTokenParam = $this->arg('oauth_token');
$this->mode = $this->arg('mode');
- $this->store = new ApiStatusNetOAuthDataStore();
+ $this->store = new ApiGNUsocialOAuthDataStore();
try {
$this->app = $this->store->getAppByRequestToken($this->oauthTokenParam);
if (!$token || $token != common_session_token()) {
$this->showForm(
+ // TRANS: Form validation error in API OAuth authorisation because of an invalid session token.
_('There was a problem with your session token. Try again, please.'));
return;
}
assert(!empty($this->reqToken));
if ($this->arg('allow')) {
-
// mark the req token as authorized
try {
$this->store->authorize_token($this->oauthTokenParam);
)
);
- // XXX: Make sure we have a oauth_token_association table. The table
- // is now in the main schema, but because it is being added with
- // a point release, it's unlikely to be there. This code can be
- // removed as of 1.0.
- $this->ensureOauthTokenAssociationTable();
-
$tokenAssoc = new Oauth_token_association();
$tokenAssoc->profile_id = $user->id;
// Otherwise, inform the user that the rt was authorized
$this->showAuthorized();
-
} else if ($this->arg('cancel')) {
-
common_log(
LOG_INFO,
sprintf(
}
}
- // XXX Remove this function when we hit 1.0
- function ensureOauthTokenAssociationTable()
- {
- $schema = Schema::get();
-
- $reqTokenCols = array(
- new ColumnDef('profile_id', 'integer', null, true, 'PRI'),
- new ColumnDef('application_id', 'integer', null, true, 'PRI'),
- new ColumnDef('token', 'varchar', 255, true, 'PRI'),
- new ColumnDef('created', 'datetime', null, false),
- new ColumnDef(
- 'modified',
- 'timestamp',
- null,
- false,
- null,
- 'CURRENT_TIMESTAMP',
- 'on update CURRENT_TIMESTAMP'
- )
- );
-
- $schema->ensureTable('oauth_token_association', $reqTokenCols);
- }
-
/**
* Show body - override to add a special CSS class for the authorize
* page's "desktop mode" (minimal display)
$this->elementStart('form', array('method' => 'post',
'id' => 'form_apioauthauthorize',
'class' => 'form_settings',
- 'action' => common_local_url('ApiOauthAuthorize')));
+ 'action' => common_local_url('ApiOAuthAuthorize')));
$this->elementStart('fieldset');
$this->element('legend', array('id' => 'apioauthauthorize_allowdeny'),
// TRANS: Fieldset legend.
$access = ($this->app->access_type & Oauth_application::$writeAccess) ?
'access and update' : 'access';
- // TRANS: User notification of external application requesting account access.
- // TRANS: %1$s is the application name requesting access, %2$s is the organisation behind the application,
- // TRANS: %3$s is the access type requested, %4$s is the StatusNet sitename.
if ($this->app->name == 'anonymous') {
- // Special message for the anonymous app and consumer
+ // Special message for the anonymous app and consumer.
+ // TRANS: User notification of external application requesting account access.
+ // TRANS: %3$s is the access type requested (read-write or read-only), %4$s is the StatusNet sitename.
$msg = _('An application would like the ability ' .
'to <strong>%3$s</strong> your %4$s account data. ' .
'You should only give access to your %4$s account ' .
'to third parties you trust.');
} else {
+ // TRANS: User notification of external application requesting account access.
+ // TRANS: %1$s is the application name requesting access, %2$s is the organisation behind the application,
+ // TRANS: %3$s is the access type requested, %4$s is the StatusNet sitename.
$msg = _('The application <strong>%1$s</strong> by ' .
'<strong>%2$s</strong> would like the ability ' .
'to <strong>%3$s</strong> your %4$s account data. ' .
*/
function showAuthorized()
{
- $title = sprintf(
- // TRANS: Header of user notification after authorising an application access to a profile.
- // TRANS: %s is the authorised application name.
- _('You have successfully authorized %s.'),
- ($this->app->name == 'anonymous') ? 'the application' : $this->app->name
- );
+ $title = null;
+ $msg = null;
- $msg = sprintf(
- // TRANS: Uer notification after authorising an application access to a profile.
- // TRANS: %s is the authorised application name.
- _('Please return to %s and enter the following security code to complete the process.'),
- ($this->app->name == 'anonymous') ? 'the application' : $this->app->name
- );
+ if ($this->app->name == 'anonymous') {
+
+ $title =
+ // TRANS: Title of the page notifying the user that an anonymous client application was successfully authorized to access the user's account with OAuth.
+ _('You have successfully authorized the application');
+
+ $msg =
+ // TRANS: Message notifying the user that an anonymous client application was successfully authorized to access the user's account with OAuth.
+ _('Please return to the application and enter the following security code to complete the process.');
+
+ } else {
+
+ $title = sprintf(
+ // TRANS: Title of the page notifying the user that the client application was successfully authorized to access the user's account with OAuth.
+ // TRANS: %s is the authorised application name.
+ _('You have successfully authorized %s'),
+ $this->app->name
+ );
+
+ $msg = sprintf(
+ // TRANS: Message notifying the user that the client application was successfully authorized to access the user's account with OAuth.
+ // TRANS: %s is the authorised application name.
+ _('Please return to %s and enter the following security code to complete the process.'),
+ $this->app->name
+ );
+
+ }
if ($this->reqToken->verified_callback == 'oob') {
- $pin = new ApiOauthPinAction(
+ $pin = new ApiOAuthPinAction(
$title,
$msg,
$this->reqToken->verifier,
);
$pin->showPage();
} else {
-
// NOTE: This would only happen if an application registered as
// a web application but sent in 'oob' for the oauth_callback
// parameter. Usually web apps will send in a callback and
$callback = $this->app->callback_url;
}
-
}
return $callback;