X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapioauthauthorize.php;h=d0dcf9c9c7a48f065258eb4b27dc112b74d140db;hb=c950f1854623f0df2a50c193f624f0a0bf1fcbb3;hp=c0b64aba232b7eb9f756018442607b561bda28ed;hpb=a548861dbfec3bd606e8dc565e3cf57876fad9eb;p=quix0rs-gnu-social.git diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index c0b64aba23..d0dcf9c9c7 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -22,7 +22,7 @@ * @category API * @package StatusNet * @author Zach Copley - * @copyright 2010 StatusNet, Inc. + * @copyright 2010-2011 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -31,11 +31,8 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apioauth.php'; -require_once INSTALLDIR . '/lib/info.php'; - /** - * Authorize an Oputh request token + * Authorize an OAuth request token * * @category API * @package StatusNet @@ -43,7 +40,7 @@ require_once INSTALLDIR . '/lib/info.php'; * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ -class ApiOauthAuthorizeAction extends Action +class ApiOAuthAuthorizeAction extends ApiOAuthAction { var $oauthTokenParam; var $reqToken; @@ -58,7 +55,6 @@ class ApiOauthAuthorizeAction extends Action * * @return boolean false */ - function isReadOnly($args) { return false; @@ -72,7 +68,7 @@ class ApiOauthAuthorizeAction extends Action $this->password = $this->arg('password'); $this->oauthTokenParam = $this->arg('oauth_token'); $this->mode = $this->arg('mode'); - $this->store = new ApiStatusNetOAuthDataStore(); + $this->store = new ApiGNUsocialOAuthDataStore(); try { $this->app = $this->store->getAppByRequestToken($this->oauthTokenParam); @@ -144,6 +140,7 @@ class ApiOauthAuthorizeAction extends Action if (!$token || $token != common_session_token()) { $this->showForm( + // TRANS: Form validation error in API OAuth authorisation because of an invalid session token. _('There was a problem with your session token. Try again, please.')); return; } @@ -172,12 +169,11 @@ class ApiOauthAuthorizeAction extends Action $user = common_current_user(); } - if ($this->arg('allow')) { - - common_debug("allow"); - // fetch the token - $this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam); + // fetch the token + $this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam); + assert(!empty($this->reqToken)); + if ($this->arg('allow')) { // mark the req token as authorized try { $this->store->authorize_token($this->oauthTokenParam); @@ -188,19 +184,15 @@ class ApiOauthAuthorizeAction extends Action common_log( LOG_INFO, sprintf( - "The request token '%s' for OAuth application %s (%s) has been authorized.", - $this->oauthTokenParam, + "API OAuth - User %d (%s) has authorized request token %s for OAuth application %d (%s).", + $user->id, + $user->nickname, + $this->reqToken->tok, $this->app->id, $this->app->name ) ); - // XXX: Make sure we have a oauth_token_association table. The table - // is now in the main schema, but because it is being added with - // a point release, it's unlikely to be there. This code can be - // removed as of 1.0. - $this->ensureOauthTokenAssociationTable(); - $tokenAssoc = new Oauth_token_association(); $tokenAssoc->profile_id = $user->id; @@ -220,17 +212,14 @@ class ApiOauthAuthorizeAction extends Action if (!empty($callback) && $this->reqToken->verified_callback != 'oob') { $targetUrl = $this->buildCallbackUrl( - $this->callback, + $callback, array( 'oauth_token' => $this->oauthTokenParam, 'oauth_verifier' => $this->reqToken->verifier // 1.0a ) ); - common_log( - LOG_INFO, - "API OAuth - Request token authorized; doing callback to $targetUrl" - ); + common_log(LOG_INFO, "Redirecting to callback: $targetUrl"); // Redirect the user to the provided OAuth callback common_redirect($targetUrl, 303); @@ -251,60 +240,93 @@ class ApiOauthAuthorizeAction extends Action // Otherwise, inform the user that the rt was authorized $this->showAuthorized(); - } else if ($this->arg('cancel')) { + common_log( + LOG_INFO, + sprintf( + "API OAuth - User %d (%s) refused to authorize request token %s for OAuth application %d (%s).", + $user->id, + $user->nickname, + $this->reqToken->tok, + $this->app->id, + $this->app->name + ) + ); try { $this->store->revoke_token($this->oauthTokenParam, 0); - $this->showCanceled(); } catch (Exception $e) { $this->ServerError($e->getMessage()); } + $callback = $this->getCallback(); + + // If there's a callback available, inform the consumer the user + // has refused authorization + if (!empty($callback) && $this->reqToken->verified_callback != 'oob') { + $targetUrl = $this->buildCallbackUrl( + $callback, + array( + 'oauth_problem' => 'user_refused', + ) + ); + + common_log(LOG_INFO, "Redirecting to callback: $targetUrl"); + + // Redirect the user to the provided OAuth callback + common_redirect($targetUrl, 303); + } + + // otherwise inform the user that authorization for the rt was declined + $this->showCanceled(); + } else { // TRANS: Client error given on when invalid data was passed through a form in the OAuth API. $this->clientError(_('Unexpected form submission.')); } } - // XXX Remove this function when we hit 1.0 - function ensureOauthTokenAssociationTable() - { - $schema = Schema::get(); - - $reqTokenCols = array( - new ColumnDef('profile_id', 'integer', null, true, 'PRI'), - new ColumnDef('application_id', 'integer', null, true, 'PRI'), - new ColumnDef('token', 'varchar', 255, true, 'PRI'), - new ColumnDef('created', 'datetime', null, false), - new ColumnDef( - 'modified', - 'timestamp', - null, - false, - null, - 'CURRENT_TIMESTAMP', - 'on update CURRENT_TIMESTAMP' - ) - ); - - $schema->ensureTable('oauth_token_association', $reqTokenCols); - } - - /** - * Override to add some special (more compact) styling when the page is - * being displayed in desktop mode. + * Show body - override to add a special CSS class for the authorize + * page's "desktop mode" (minimal display) + * + * Calls template methods * * @return nothing */ - function showStylesheets() + function showBody() { - parent::showStyleSheets(); + $bodyClasses = array(); if ($this->desktopMode()) { - $this->style('#wrap {min-width: 500px; } #content {width: 480px; padding: 10px;} fieldset {margin-bottom: 10px !important;}'); + $bodyClasses[] = 'oauth-desktop-mode'; } + + if (common_current_user()) { + $bodyClasses[] = 'user_in'; + } + + $attrs = array('id' => strtolower($this->trimmed('action'))); + + if (!empty($bodyClasses)) { + $attrs['class'] = implode(' ', $bodyClasses); + } + + $this->elementStart('body', $attrs); + + $this->elementStart('div', array('id' => 'wrap')); + if (Event::handle('StartShowHeader', array($this))) { + $this->showHeader(); + Event::handle('EndShowHeader', array($this)); + } + $this->showCore(); + if (Event::handle('StartShowFooter', array($this))) { + $this->showFooter(); + Event::handle('EndShowFooter', array($this)); + } + $this->elementEnd('div'); + $this->showScripts(); + $this->elementEnd('body'); } function showForm($error=null) @@ -342,34 +364,45 @@ class ApiOauthAuthorizeAction extends Action $this->elementStart('form', array('method' => 'post', 'id' => 'form_apioauthauthorize', 'class' => 'form_settings', - 'action' => common_local_url('apioauthauthorize'))); + 'action' => common_local_url('ApiOAuthAuthorize'))); $this->elementStart('fieldset'); $this->element('legend', array('id' => 'apioauthauthorize_allowdeny'), // TRANS: Fieldset legend. _('Allow or deny access')); $this->hidden('token', common_session_token()); + $this->hidden('mode', $this->mode); $this->hidden('oauth_token', $this->oauthTokenParam); $this->hidden('oauth_callback', $this->callback); $this->elementStart('ul', 'form_data'); $this->elementStart('li'); $this->elementStart('p'); - if (!empty($this->app->icon)) { + if (!empty($this->app->icon) && $this->app->name != 'anonymous') { $this->element('img', array('src' => $this->app->icon)); } $access = ($this->app->access_type & Oauth_application::$writeAccess) ? 'access and update' : 'access'; - // TRANS: User notification of external application requesting account access. - // TRANS: %1$s is the application name requesting access, %2$s is the organisation behind the application, - // TRANS: %3$s is the access type requested, %4$s is the StatusNet sitename. - $msg = _('The application %1$s by ' . - '%2$s would like the ability ' . + if ($this->app->name == 'anonymous') { + // Special message for the anonymous app and consumer. + // TRANS: User notification of external application requesting account access. + // TRANS: %3$s is the access type requested (read-write or read-only), %4$s is the StatusNet sitename. + $msg = _('An application would like the ability ' . 'to %3$s your %4$s account data. ' . 'You should only give access to your %4$s account ' . 'to third parties you trust.'); + } else { + // TRANS: User notification of external application requesting account access. + // TRANS: %1$s is the application name requesting access, %2$s is the organisation behind the application, + // TRANS: %3$s is the access type requested, %4$s is the StatusNet sitename. + $msg = _('The application %1$s by ' . + '%2$s would like the ability ' . + 'to %3$s your %4$s account data. ' . + 'You should only give access to your %4$s account ' . + 'to third parties you trust.'); + } $this->raw(sprintf($msg, $this->app->name, @@ -530,7 +563,7 @@ class ApiOauthAuthorizeAction extends Action // TRANS: User notification after revoking OAuth access to an application. // TRANS: %s is an OAuth token. _('The request token %s has been revoked.'), - $this->oauthTokenParm + $this->oauthTokenParam ) ); @@ -545,25 +578,46 @@ class ApiOauthAuthorizeAction extends Action */ function showAuthorized() { - $title = sprintf( - // TRANS: Header of user notification after authorising an application access to a profile. - // TRANS: %s is the authorised application name. - _("You have successfully authorized %s."), - $this->app->name - ); + $title = null; + $msg = null; - $msg = sprintf( - // TRANS: Uer notification after authorising an application access to a profile. - // TRANS: %s is the authorised application name. - _('Please return to %s and enter the following security code to complete the process.'), - $this->app->name - ); + if ($this->app->name == 'anonymous') { + + $title = + // TRANS: Title of the page notifying the user that an anonymous client application was successfully authorized to access the user's account with OAuth. + _('You have successfully authorized the application'); + + $msg = + // TRANS: Message notifying the user that an anonymous client application was successfully authorized to access the user's account with OAuth. + _('Please return to the application and enter the following security code to complete the process.'); + + } else { + + $title = sprintf( + // TRANS: Title of the page notifying the user that the client application was successfully authorized to access the user's account with OAuth. + // TRANS: %s is the authorised application name. + _('You have successfully authorized %s'), + $this->app->name + ); + + $msg = sprintf( + // TRANS: Message notifying the user that the client application was successfully authorized to access the user's account with OAuth. + // TRANS: %s is the authorised application name. + _('Please return to %s and enter the following security code to complete the process.'), + $this->app->name + ); + + } if ($this->reqToken->verified_callback == 'oob') { - $pin = new ApiOauthPinAction($title, $msg, $this->reqToken->verifier); + $pin = new ApiOAuthPinAction( + $title, + $msg, + $this->reqToken->verifier, + $this->desktopMode() + ); $pin->showPage(); } else { - // NOTE: This would only happen if an application registered as // a web application but sent in 'oob' for the oauth_callback // parameter. Usually web apps will send in a callback and @@ -588,7 +642,7 @@ class ApiOauthAuthorizeAction extends Action $callback = null; // Return the verified callback if we have one - if ($this->app->type == 2) { + if ($this->reqToken->verified_callback != 'oob') { $callback = $this->reqToken->verified_callback; @@ -604,7 +658,6 @@ class ApiOauthAuthorizeAction extends Action $callback = $this->app->callback_url; } - } return $callback;