* Throws exceptions on failures. Returns an OMB_Profile object representing
* the remote user.
*
+ * The OMB_Profile passed to the constructor of OMB_Service_Provider should
+ * not represent the user specified in the authorization request, but the one
+ * currently logged in to the service. This condition being satisfied,
+ * handleUserAuth will check whether the listener specified in the request is
+ * identical to the logged in user.
+ *
* @access public
*
* @return OMB_Profile The profile of the soon-to-be subscribed, i. e. remote
/* Store given callback for later use. */
if (isset($_GET['oauth_callback']) && $_GET['oauth_callback'] !== '') {
$this->callback = $_GET['oauth_callback'];
+ if (!OMB_Helper::validateURL($this->callback)) {
+ throw OMB_RemoteServiceException::forRequest(OAUTH_ENDPOINT_AUTHORIZE,
+ 'Invalid callback URL specified');
+ }
}
$this->remote_user = OMB_Profile::fromParameters($_GET, 'omb_listenee');
/**
* Echo an access token
*
- * Outputs an access token for the query found in $_GET or $_POST.
+ * Outputs an access token for the query found in $_POST. OMB 0.1 specifies
+ * that the access token request has to be a POST even if OAuth allows GET as
+ * well.
*
* @access public
**/
public function writeAccessToken() {
OMB_Helper::removeMagicQuotesFromRequest();
- echo $this->getOAuthServer()->fetch_access_token(OAuthRequest::from_request());
+ echo $this->getOAuthServer()->fetch_access_token(
+ OAuthRequest::from_request('POST'));
}
/**
/**
* Handle a postnotice request
*
- * Handles a postnotice request posted to this service.
+ * Handles a postnotice request posted to this service. Saves the notice
+ * through the OMB_Datastore.
*
* @access public
*
protected function handleOMBRequest($uri) {
OMB_Helper::removeMagicQuotesFromRequest();
- $req = OAuthRequest::from_request();
+ $req = OAuthRequest::from_request('POST');
$listenee = $req->get_parameter('omb_listenee');
try {
list($consumer, $token) = $this->getOAuthServer()->verify_request($req);
} catch (OAuthException $e) {
header('HTTP/1.1 403 Forbidden');
+ // @debug hack
+ throw OMB_RemoteServiceException::forRequest($uri,
+ 'Revoked accesstoken for ' . $listenee . ': ' . $e->getMessage());
+ // @end debug
throw OMB_RemoteServiceException::forRequest($uri,
'Revoked accesstoken for ' . $listenee);
}