X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapioauthauthorize.php;h=d0dcf9c9c7a48f065258eb4b27dc112b74d140db;hb=df46f123dd656545c80821931f0a384f7dc5d608;hp=82269e440c61ef98a75677a316276878d89850aa;hpb=648f79be10c1f62eb649563aa4f1cd5c51ddb19f;p=quix0rs-gnu-social.git diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index 82269e440c..d0dcf9c9c7 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -22,7 +22,7 @@ * @category API * @package StatusNet * @author Zach Copley - * @copyright 2010 StatusNet, Inc. + * @copyright 2010-2011 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -31,11 +31,8 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apioauth.php'; -require_once INSTALLDIR . '/lib/info.php'; - /** - * Authorize an Oputh request token + * Authorize an OAuth request token * * @category API * @package StatusNet @@ -43,7 +40,7 @@ require_once INSTALLDIR . '/lib/info.php'; * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ -class ApioauthauthorizeAction extends Action +class ApiOAuthAuthorizeAction extends ApiOAuthAction { var $oauthTokenParam; var $reqToken; @@ -58,7 +55,6 @@ class ApioauthauthorizeAction extends Action * * @return boolean false */ - function isReadOnly($args) { return false; @@ -71,9 +67,8 @@ class ApioauthauthorizeAction extends Action $this->nickname = $this->trimmed('nickname'); $this->password = $this->arg('password'); $this->oauthTokenParam = $this->arg('oauth_token'); - $this->callback = $this->arg('oauth_callback'); $this->mode = $this->arg('mode'); - $this->store = new ApiStatusNetOAuthDataStore(); + $this->store = new ApiGNUsocialOAuthDataStore(); try { $this->app = $this->store->getAppByRequestToken($this->oauthTokenParam); @@ -145,6 +140,7 @@ class ApioauthauthorizeAction extends Action if (!$token || $token != common_session_token()) { $this->showForm( + // TRANS: Form validation error in API OAuth authorisation because of an invalid session token. _('There was a problem with your session token. Try again, please.')); return; } @@ -173,11 +169,11 @@ class ApioauthauthorizeAction extends Action $user = common_current_user(); } - if ($this->arg('allow')) { - - // fetch the token - $this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam); + // fetch the token + $this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam); + assert(!empty($this->reqToken)); + if ($this->arg('allow')) { // mark the req token as authorized try { $this->store->authorize_token($this->oauthTokenParam); @@ -185,11 +181,17 @@ class ApioauthauthorizeAction extends Action $this->serverError($e->getMessage()); } - // XXX: Make sure we have a oauth_token_association table. The table - // is now in the main schema, but because it is being added with - // a point release, it's unlikely to be there. This code can be - // removed as of 1.0. - $this->ensureOauthTokenAssociationTable(); + common_log( + LOG_INFO, + sprintf( + "API OAuth - User %d (%s) has authorized request token %s for OAuth application %d (%s).", + $user->id, + $user->nickname, + $this->reqToken->tok, + $this->app->id, + $this->app->name + ) + ); $tokenAssoc = new Oauth_token_association(); @@ -206,26 +208,22 @@ class ApioauthauthorizeAction extends Action $this->serverError(_('Database error inserting oauth_token_association.')); } - // If we have a callback redirect and provide the token - - // Note: A callback specified in the app setup overrides whatever - // is passed in with the request. + $callback = $this->getCallback(); - if (!empty($this->app->callback_url)) { - $this->callback = $this->app->callback_url; - } - - if (!empty($this->callback)) { - $targetUrl = $this->getCallback( - $this->callback, + if (!empty($callback) && $this->reqToken->verified_callback != 'oob') { + $targetUrl = $this->buildCallbackUrl( + $callback, array( 'oauth_token' => $this->oauthTokenParam, 'oauth_verifier' => $this->reqToken->verifier // 1.0a ) ); + common_log(LOG_INFO, "Redirecting to callback: $targetUrl"); + // Redirect the user to the provided OAuth callback common_redirect($targetUrl, 303); + } elseif ($this->app->type == 2) { // Strangely, a web application seems to want to do the OOB // workflow. Because no callback was specified anywhere. @@ -240,53 +238,95 @@ class ApioauthauthorizeAction extends Action ); } + // Otherwise, inform the user that the rt was authorized + $this->showAuthorized(); + } else if ($this->arg('cancel')) { common_log( LOG_INFO, sprintf( - "The request token '%s' for OAuth application %s (%s) has been authorized.", - $this->oauthTokenParam, + "API OAuth - User %d (%s) refused to authorize request token %s for OAuth application %d (%s).", + $user->id, + $user->nickname, + $this->reqToken->tok, $this->app->id, $this->app->name ) ); - // Otherwise, inform the user that the rt was authorized - $this->showAuthorized(); - } else if ($this->arg('cancel')) { try { $this->store->revoke_token($this->oauthTokenParam, 0); - $this->showCanceled(); } catch (Exception $e) { $this->ServerError($e->getMessage()); } + + $callback = $this->getCallback(); + + // If there's a callback available, inform the consumer the user + // has refused authorization + if (!empty($callback) && $this->reqToken->verified_callback != 'oob') { + $targetUrl = $this->buildCallbackUrl( + $callback, + array( + 'oauth_problem' => 'user_refused', + ) + ); + + common_log(LOG_INFO, "Redirecting to callback: $targetUrl"); + + // Redirect the user to the provided OAuth callback + common_redirect($targetUrl, 303); + } + + // otherwise inform the user that authorization for the rt was declined + $this->showCanceled(); + } else { // TRANS: Client error given on when invalid data was passed through a form in the OAuth API. $this->clientError(_('Unexpected form submission.')); } } - // XXX Remove this function when we hit 1.0 - function ensureOauthTokenAssociationTable() + /** + * Show body - override to add a special CSS class for the authorize + * page's "desktop mode" (minimal display) + * + * Calls template methods + * + * @return nothing + */ + function showBody() { - $schema = Schema::get(); - - $reqTokenCols = array( - new ColumnDef('profile_id', 'integer', null, true, 'PRI'), - new ColumnDef('application_id', 'integer', null, true, 'PRI'), - new ColumnDef('token', 'varchar', 255, true, 'PRI'), - new ColumnDef('created', 'datetime', null, false), - new ColumnDef( - 'modified', - 'timestamp', - null, - false, - null, - 'CURRENT_TIMESTAMP', - 'on update CURRENT_TIMESTAMP' - ) - ); + $bodyClasses = array(); - $schema->ensureTable('oauth_token_association', $reqTokenCols); + if ($this->desktopMode()) { + $bodyClasses[] = 'oauth-desktop-mode'; + } + + if (common_current_user()) { + $bodyClasses[] = 'user_in'; + } + + $attrs = array('id' => strtolower($this->trimmed('action'))); + + if (!empty($bodyClasses)) { + $attrs['class'] = implode(' ', $bodyClasses); + } + + $this->elementStart('body', $attrs); + + $this->elementStart('div', array('id' => 'wrap')); + if (Event::handle('StartShowHeader', array($this))) { + $this->showHeader(); + Event::handle('EndShowHeader', array($this)); + } + $this->showCore(); + if (Event::handle('StartShowFooter', array($this))) { + $this->showFooter(); + Event::handle('EndShowFooter', array($this)); + } + $this->elementEnd('div'); + $this->showScripts(); + $this->elementEnd('body'); } function showForm($error=null) @@ -324,34 +364,45 @@ class ApioauthauthorizeAction extends Action $this->elementStart('form', array('method' => 'post', 'id' => 'form_apioauthauthorize', 'class' => 'form_settings', - 'action' => common_local_url('ApiOauthAuthorize'))); + 'action' => common_local_url('ApiOAuthAuthorize'))); $this->elementStart('fieldset'); $this->element('legend', array('id' => 'apioauthauthorize_allowdeny'), // TRANS: Fieldset legend. _('Allow or deny access')); $this->hidden('token', common_session_token()); + $this->hidden('mode', $this->mode); $this->hidden('oauth_token', $this->oauthTokenParam); $this->hidden('oauth_callback', $this->callback); $this->elementStart('ul', 'form_data'); $this->elementStart('li'); $this->elementStart('p'); - if (!empty($this->app->icon)) { + if (!empty($this->app->icon) && $this->app->name != 'anonymous') { $this->element('img', array('src' => $this->app->icon)); } $access = ($this->app->access_type & Oauth_application::$writeAccess) ? 'access and update' : 'access'; - // TRANS: User notification of external application requesting account access. - // TRANS: %1$s is the application name requesting access, %2$s is the organisation behind the application, - // TRANS: %3$s is the access type requested, %4$s is the StatusNet sitename. - $msg = _('The application %1$s by ' . - '%2$s would like the ability ' . + if ($this->app->name == 'anonymous') { + // Special message for the anonymous app and consumer. + // TRANS: User notification of external application requesting account access. + // TRANS: %3$s is the access type requested (read-write or read-only), %4$s is the StatusNet sitename. + $msg = _('An application would like the ability ' . 'to %3$s your %4$s account data. ' . 'You should only give access to your %4$s account ' . 'to third parties you trust.'); + } else { + // TRANS: User notification of external application requesting account access. + // TRANS: %1$s is the application name requesting access, %2$s is the organisation behind the application, + // TRANS: %3$s is the access type requested, %4$s is the StatusNet sitename. + $msg = _('The application %1$s by ' . + '%2$s would like the ability ' . + 'to %3$s your %4$s account data. ' . + 'You should only give access to your %4$s account ' . + 'to third parties you trust.'); + } $this->raw(sprintf($msg, $this->app->name, @@ -512,7 +563,7 @@ class ApioauthauthorizeAction extends Action // TRANS: User notification after revoking OAuth access to an application. // TRANS: %s is an OAuth token. _('The request token %s has been revoked.'), - $this->oauthTokenParm + $this->oauthTokenParam ) ); @@ -527,25 +578,46 @@ class ApioauthauthorizeAction extends Action */ function showAuthorized() { - $title = sprintf( - // TRANS: Header of user notification after authorising an application access to a profile. - // TRANS: %s is the authorised application name. - _("You have successfully authorized %s."), - $this->app->name - ); + $title = null; + $msg = null; - $msg = sprintf( - // TRANS: Uer notification after authorising an application access to a profile. - // TRANS: %s is the authorised application name. - _('Please return to %s and enter the following security code to complete the process.'), - $this->app->name - ); + if ($this->app->name == 'anonymous') { + + $title = + // TRANS: Title of the page notifying the user that an anonymous client application was successfully authorized to access the user's account with OAuth. + _('You have successfully authorized the application'); + + $msg = + // TRANS: Message notifying the user that an anonymous client application was successfully authorized to access the user's account with OAuth. + _('Please return to the application and enter the following security code to complete the process.'); + + } else { + + $title = sprintf( + // TRANS: Title of the page notifying the user that the client application was successfully authorized to access the user's account with OAuth. + // TRANS: %s is the authorised application name. + _('You have successfully authorized %s'), + $this->app->name + ); + + $msg = sprintf( + // TRANS: Message notifying the user that the client application was successfully authorized to access the user's account with OAuth. + // TRANS: %s is the authorised application name. + _('Please return to %s and enter the following security code to complete the process.'), + $this->app->name + ); + + } if ($this->reqToken->verified_callback == 'oob') { - $pin = new ApiOauthPinAction($title, $msg, $this->reqToken->verifier); + $pin = new ApiOAuthPinAction( + $title, + $msg, + $this->reqToken->verifier, + $this->desktopMode() + ); $pin->showPage(); } else { - // NOTE: This would only happen if an application registered as // a web application but sent in 'oob' for the oauth_callback // parameter. Usually web apps will send in a callback and @@ -562,6 +634,35 @@ class ApioauthauthorizeAction extends Action } } + /* + * Figure out what the callback should be + */ + function getCallback() + { + $callback = null; + + // Return the verified callback if we have one + if ($this->reqToken->verified_callback != 'oob') { + + $callback = $this->reqToken->verified_callback; + + // Otherwise return the callback that was provided when + // registering the app + if (empty($callback)) { + + common_debug( + "No verified callback found for request token, using application callback: " + . $this->app->callback_url, + __FILE__ + ); + + $callback = $this->app->callback_url; + } + } + + return $callback; + } + /* * Properly format the callback URL and parameters so it's * suitable for a redirect in the OAuth dance @@ -571,7 +672,7 @@ class ApioauthauthorizeAction extends Action * * @return string $url a URL to use for redirecting to */ - function getCallback($url, $params) + function buildCallbackUrl($url, $params) { foreach ($params as $k => $v) { $url = $this->appendQueryVar(