X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapioauthaccesstoken.php;h=a1a70a9b9e2be36aa949c163b1a142cca48863a9;hb=bdd15cfe6340df9fd387e817352bea5f16655d0a;hp=887df4c20d7170ce6d564f4abe9135ba7f043bae;hpb=0794ecf372ffff2e0cc93509ae3462ca0cbbc99c;p=quix0rs-gnu-social.git diff --git a/actions/apioauthaccesstoken.php b/actions/apioauthaccesstoken.php index 887df4c20d..a1a70a9b9e 100644 --- a/actions/apioauthaccesstoken.php +++ b/actions/apioauthaccesstoken.php @@ -2,7 +2,8 @@ /** * StatusNet, the distributed open-source microblogging tool * - * Exchange an authorized OAuth request token for an access token + * Action for getting OAuth token credentials (exchange an authorized + * request token for an access token) * * PHP version 5 * @@ -27,14 +28,11 @@ * @link http://status.net/ */ -if (!defined('STATUSNET')) { - exit(1); -} - -require_once INSTALLDIR . '/lib/apioauth.php'; +if (!defined('GNUSOCIAL')) { exit(1); } /** - * Exchange an authorized OAuth request token for an access token + * Action for getting OAuth token credentials (exchange an authorized + * request token for an access token) * * @category API * @package StatusNet @@ -42,9 +40,10 @@ require_once INSTALLDIR . '/lib/apioauth.php'; * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ - -class ApiOauthAccessTokenAction extends ApiOauthAction +class ApiOAuthAccessTokenAction extends ApiOAuthAction { + protected $reqToken = null; + protected $verifier = null; /** * Class handler. @@ -57,38 +56,67 @@ class ApiOauthAccessTokenAction extends ApiOauthAction { parent::handle($args); - $datastore = new ApiStatusNetOAuthDataStore(); + $datastore = new ApiGNUsocialOAuthDataStore(); $server = new OAuthServer($datastore); $hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); $server->add_signature_method($hmac_method); - $atok = null; + $atok = $app = null; + + // XXX: Insist that oauth_token and oauth_verifier be populated? + // Spec doesn't say they MUST be. try { $req = OAuthRequest::from_request(); - $atok = $server->fetch_access_token($req); - } catch (OAuthException $e) { + $this->reqToken = $req->get_parameter('oauth_token'); + $this->verifier = $req->get_parameter('oauth_verifier'); + + $app = $datastore->getAppByRequestToken($this->reqToken); + $atok = $server->fetch_access_token($req); + } catch (Exception $e) { common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage()); common_debug(var_export($req, true)); - $this->outputError($e->getMessage()); - return; + $code = $e->getCode(); + $this->clientError($e->getMessage(), empty($code) ? 401 : $code, 'text'); } if (empty($atok)) { - common_debug('couldn\'t get access token.'); - print "Token exchange failed. Has the request token been authorized?\n"; + // Token exchange failed -- log it + + $msg = sprintf( + 'API OAuth - Failure exchanging OAuth request token for access token, ' + . 'request token = %s, verifier = %s', + $this->reqToken, + $this->verifier + ); + + common_log(LOG_WARNING, $msg); + // TRANS: Client error given from the OAuth API when the request token or verifier is invalid. + $this->clientError(_('Invalid request token or verifier.'), 400, 'text'); } else { - print $atok; + common_log( + LOG_INFO, + sprintf( + "Issued access token '%s' for application %d (%s).", + $atok->key, + $app->id, + $app->name + ) + ); + $this->showAccessToken($atok); } } - function outputError($msg) + /* + * Display OAuth token credentials + * + * @param OAuthToken token the access token + */ + function showAccessToken($token) { - header('HTTP/1.1 401 Unauthorized'); - header('Content-Type: text/html; charset=utf-8'); - print $msg . "\n"; + header('Content-Type: application/x-www-form-urlencoded'); + print $token; } } -