* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
-
class ApiOauthRequestTokenAction extends ApiOauthAction
{
/**
* @param array $args $_REQUEST args
*
* @return boolean success flag
- *
*/
-
function prepare($args)
{
parent::prepare($args);
*
* @return void
*/
-
function handle($args)
{
parent::handle($args);
try {
- $req = OAuthRequest::from_request();
+ $req = OAuthRequest::from_request();
// verify callback
if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) {
// check signature and issue a new request token
$token = $server->fetch_request_token($req);
+ common_log(
+ LOG_INFO,
+ sprintf(
+ "API OAuth - Issued request token %s for consumer %s with oauth_callback %s",
+ $token->key,
+ $req->get_parameter('oauth_consumer_key'),
+ "'" . $req->get_parameter('oauth_callback') ."'"
+ )
+ );
+
// return token to the client
$this->showRequestToken($token);
/*
* Display temporary OAuth credentials
*/
-
function showRequestToken($token)
{
header('Content-Type: application/x-www-form-urlencoded');
*
* @return boolean true or false
*/
-
function verifyCallback($callback)
{
if ($callback == "oob") {
- common_debug("OAuth request token requested for out of bounds client.");
+ common_debug("OAuth request token requested for out of band client.");
+
+ // XXX: Should we throw an error if a client is registered as a
+ // web application but requests the pin based workflow? For now I'm
+ // allowing the workflow to proceed and issuing a pin. --Zach
+
return true;
} else {
- return Validate::uri(
- $callback,
- array('allowed_schemes' => array('http', 'https'))
- );
+ return Validate::uri($callback);
}
}
-
}