X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=inline;f=actions%2Fapioauthrequesttoken.php;h=e961f4f46464cf8463af219ba41a45f5a0cfb460;hb=d4be5349b30f49fa049dbfc854bb2a95eeb1d5c1;hp=4f4c2c8fb272bb5fa02410c0fe864b20ae5fff8b;hpb=f97b863fd709135fb9f7bf7c756a1c6721e3e988;p=quix0rs-gnu-social.git diff --git a/actions/apioauthrequesttoken.php b/actions/apioauthrequesttoken.php index 4f4c2c8fb2..e961f4f464 100644 --- a/actions/apioauthrequesttoken.php +++ b/actions/apioauthrequesttoken.php @@ -31,8 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apioauth.php'; - /** * Issue temporary OAuth credentials (a request token) * @@ -42,8 +40,7 @@ require_once INSTALLDIR . '/lib/apioauth.php'; * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ - -class ApiOauthRequestTokenAction extends ApiOauthAction +class ApiOAuthRequestTokenAction extends ApiOAuthAction { /** * Take arguments for running @@ -51,9 +48,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction * @param array $args $_REQUEST args * * @return boolean success flag - * */ - function prepare($args) { parent::prepare($args); @@ -74,12 +69,11 @@ class ApiOauthRequestTokenAction extends ApiOauthAction * * @return void */ - function handle($args) { parent::handle($args); - $datastore = new ApiStatusNetOAuthDataStore(); + $datastore = new ApiGNUsocialOAuthDataStore(); $server = new OAuthServer($datastore); $hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); @@ -87,7 +81,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction try { - $req = OAuthRequest::from_request(); + $req = OAuthRequest::from_request(); // verify callback if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) { @@ -100,6 +94,16 @@ class ApiOauthRequestTokenAction extends ApiOauthAction // check signature and issue a new request token $token = $server->fetch_request_token($req); + common_log( + LOG_INFO, + sprintf( + "API OAuth - Issued request token %s for consumer %s with oauth_callback %s", + $token->key, + $req->get_parameter('oauth_consumer_key'), + "'" . $req->get_parameter('oauth_callback') ."'" + ) + ); + // return token to the client $this->showRequestToken($token); @@ -117,7 +121,6 @@ class ApiOauthRequestTokenAction extends ApiOauthAction /* * Display temporary OAuth credentials */ - function showRequestToken($token) { header('Content-Type: application/x-www-form-urlencoded'); @@ -132,18 +135,18 @@ class ApiOauthRequestTokenAction extends ApiOauthAction * * @return boolean true or false */ - function verifyCallback($callback) { if ($callback == "oob") { - common_debug("OAuth request token requested for out of bounds client."); + common_debug("OAuth request token requested for out of band client."); + + // XXX: Should we throw an error if a client is registered as a + // web application but requests the pin based workflow? For now I'm + // allowing the workflow to proceed and issuing a pin. --Zach + return true; } else { - return Validate::uri( - $callback, - array('allowed_schemes' => array('http', 'https')) - ); + return filter_var($callback, FILTER_VALIDATE_URL); } } - }