require_once INSTALLDIR . '/lib/connectsettingsaction.php';
require_once INSTALLDIR . '/lib/applicationlist.php';
+require_once INSTALLDIR . '/lib/apioauthstore.php';
/**
* Show connected OAuth applications
{
var $page = null;
+ var $id = null;
function prepare($args)
{
parent::prepare($args);
+ $this->id = (int)$this->arg('id');
$this->page = ($this->arg('page')) ? ($this->arg('page') + 0) : 1;
return true;
}
function title()
{
- return _('Connected Applications');
- }
-
- function isReadOnly($args)
- {
- return true;
+ return _('Connected applications');
}
/**
$application = $profile->getApplications($offset, $limit);
- $cnt == 0;
+ $cnt = 0;
- if (!empty($application)) {
- $al = new ApplicationList($application, $user, $this, true);
- $cnt = $al->show();
- }
+ if (!empty($application)) {
+ $al = new ApplicationList($application, $user, $this, true);
+ $cnt = $al->show();
+ }
- if ($cnt == 0) {
- $this->showEmptyListMessage();
- }
+ if ($cnt == 0) {
+ $this->showEmptyListMessage();
+ }
$this->pagination($this->page > 1, $cnt > APPS_PER_PAGE,
$this->page, 'connectionssettings',
- array('nickname' => $this->user->nickname));
+ array('nickname' => $user->nickname));
}
/**
return;
}
+ if ($this->arg('revoke')) {
+ $this->revokeAccess($this->id);
+
+ // XXX: Show some indicator to the user of what's been done.
+
+ $this->showPage();
+ } else {
+ $this->clientError(_('Unexpected form submission.'), 401);
+ return false;
+ }
+ }
+
+ /**
+ * Revoke access to an authorized OAuth application
+ *
+ * @param int $appId the ID of the application
+ *
+ */
+
+ function revokeAccess($appId)
+ {
+ $cur = common_current_user();
+
+ $app = Oauth_application::staticGet('id', $appId);
+
+ if (empty($app)) {
+ $this->clientError(_('No such application.'), 404);
+ return false;
+ }
+
+ // XXX: Transaction here?
+
+ $appUser = Oauth_application_user::getByKeys($cur, $app);
+
+ if (empty($appUser)) {
+ $this->clientError(_('You are not a user of that application.'), 401);
+ return false;
+ }
+
+ $datastore = new ApiStatusNetOAuthDataStore();
+ $datastore->revoke_token($appUser->token, 1);
+
+ $result = $appUser->delete();
+
+ if (!$result) {
+ common_log_db_error($orig, 'DELETE', __FILE__);
+ $this->clientError(sprintf(_('Unable to revoke access for app: %s.'), $app->id));
+ return false;
+ }
+
+ $msg = 'User %s (id: %d) revoked access to app %s (id: %d)';
+ common_log(LOG_INFO, sprintf($msg, $cur->nickname,
+ $cur->id, $app->name, $app->id));
+
}
function showEmptyListMessage()
{
- $message = sprintf(_('You have not authorized any applications to use your account.'));
+ $message = _('You have not authorized any applications to use your account.');
$this->elementStart('div', 'guide');
$this->raw(common_markup_to_html($message));