Merge remote-tracking branch 'upstream/master'

[quix0rs-gnu-social.git] / actions / apioauthrequesttoken.php

diff --git a/actions/apioauthrequesttoken.php b/actions/apioauthrequesttoken.php
index 4f4c2c8fb272bb5fa02410c0fe864b20ae5fff8b..4f5a469caa9dbb1a5bb3db1ad83bb01052578577 100644 (file)
--- a/actions/apioauthrequesttoken.php
+++ b/actions/apioauthrequesttoken.php
@@ -31,8 +31,6 @@ if (!defined('STATUSNET')) {
     exit(1);
 }
 
-require_once INSTALLDIR . '/lib/apioauth.php';
-
 /**
  * Issue temporary OAuth credentials (a request token)
  *
@@ -42,8 +40,7 @@ require_once INSTALLDIR . '/lib/apioauth.php';
  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link     http://status.net/
  */
-
-class ApiOauthRequestTokenAction extends ApiOauthAction
+class ApiOAuthRequestTokenAction extends ApiOAuthAction
 {
     /**
      * Take arguments for running
@@ -51,10 +48,8 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
      * @param array $args $_REQUEST args
      *
      * @return boolean success flag
-     *
      */
-
-    function prepare($args)
+    function prepare(array $args=array())
     {
         parent::prepare($args);
 
@@ -74,12 +69,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
      *
      * @return void
      */
-
-    function handle($args)
+    function handle(array $args=array())
     {
         parent::handle($args);
 
-        $datastore   = new ApiStatusNetOAuthDataStore();
+        $datastore   = new ApiGNUsocialOAuthDataStore();
         $server      = new OAuthServer($datastore);
         $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
 
@@ -87,7 +81,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
 
         try {
 
-            $req   = OAuthRequest::from_request();
+            $req = OAuthRequest::from_request();
 
             // verify callback
             if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) {
@@ -100,6 +94,16 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
             // check signature and issue a new request token
             $token = $server->fetch_request_token($req);
 
+            common_log(
+                LOG_INFO,
+                sprintf(
+                    "API OAuth - Issued request token %s for consumer %s with oauth_callback %s",
+                    $token->key,
+                    $req->get_parameter('oauth_consumer_key'),
+                    "'" . $req->get_parameter('oauth_callback') ."'"
+                )
+            );
+
             // return token to the client
             $this->showRequestToken($token);
 
@@ -117,7 +121,6 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
     /*
      * Display temporary OAuth credentials
      */
-
     function showRequestToken($token)
     {
         header('Content-Type: application/x-www-form-urlencoded');
@@ -132,18 +135,18 @@ class ApiOauthRequestTokenAction extends ApiOauthAction
      *
      * @return boolean true or false
      */
-
     function verifyCallback($callback)
     {
         if ($callback == "oob") {
-            common_debug("OAuth request token requested for out of bounds client.");
+            common_debug("OAuth request token requested for out of band client.");
+
+            // XXX: Should we throw an error if a client is registered as a
+            // web application but requests the pin based workflow? For now I'm
+            // allowing the workflow to proceed and issuing a pin. --Zach
+
             return true;
         } else {
-            return Validate::uri(
-                $callback,
-                array('allowed_schemes' => array('http', 'https'))
-            );
+            return filter_var($callback, FILTER_VALIDATE_URL);
         }
     }
-
 }