X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fremotesubscribe.php;h=b676484cd8fde58626d38fe968b098567b894482;hb=d0559fdf4dafcaf8446b437f4af089c944a23d09;hp=3dea07f16d9909b99645752f97c8e776247f3ab6;hpb=7b24d101c07ba40b5c8b648bdca0cd6d16ad15f1;p=quix0rs-gnu-social.git diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php index 3dea07f16d..b676484cd8 100644 --- a/actions/remotesubscribe.php +++ b/actions/remotesubscribe.php @@ -20,7 +20,6 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/lib/omb.php'); -require_once('Auth/Yadis/Yadis.php'); class RemotesubscribeAction extends Action { @@ -42,14 +41,17 @@ class RemotesubscribeAction extends Action { function show_form($err=NULL) { $nickname = $this->trimmed('nickname'); + $profile = $this->trimmed('profile_url'); common_show_header(_t('Remote subscribe')); if ($err) { common_element('div', 'error', $err); } common_element_start('form', array('id' => 'remotesubscribe', 'method' => 'POST', 'action' => common_local_url('remotesubscribe'))); - common_input('nickname', _t('User nickname'), $nickname); - common_input('profile', _t('Profile URL')); + common_input('nickname', _t('User nickname'), $nickname, + _t('Nickname of the user you want to follow')); + common_input('profile_url', _t('Profile URL'), $profile, + _t('URL of your profile on another compatible microblogging service')); common_submit('submit', _t('Subscribe')); common_element_end('form'); common_show_footer(); @@ -63,7 +65,7 @@ class RemotesubscribeAction extends Action { return; } - $profile = $this->trimmed('profile'); + $profile = $this->trimmed('profile_url'); if (!$profile) { $this->show_form(_t('No such user!')); @@ -78,8 +80,6 @@ class RemotesubscribeAction extends Action { $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); $yadis = Auth_Yadis_Yadis::discover($profile, $fetcher); - common_debug('remotesubscribe.php: XRDS discovery failure? "'.$yadis->failed.'"'); - if (!$yadis || $yadis->failed) { $this->show_form(_t('Not a valid profile URL (no YADIS document).')); return; @@ -92,8 +92,6 @@ class RemotesubscribeAction extends Action { return; } - common_debug('remotesubscribe.php: XRDS is "'.print_r($xrds,TRUE).'"'); - $omb = $this->getOmb($xrds); if (!$omb) { @@ -129,57 +127,39 @@ class RemotesubscribeAction extends Action { # XXX: the following code could probably be refactored to eliminate dupes - common_debug('remotesubscribe.php - looking for oauth discovery service'); - - $oauth_services = $xrds->services(omb_service_filter(OAUTH_DISCOVERY)); + $oauth_services = omb_get_services($xrds, OAUTH_DISCOVERY); if (!$oauth_services) { - common_debug('remotesubscribe.php - failed to find oauth discovery service'); return NULL; } $oauth_service = $oauth_services[0]; - common_debug('remotesubscribe.php - looking for oauth discovery XRD'); - - $xrd = $this->getXRD($oauth_service, $xrds); + $oauth_xrd = $this->getXRD($oauth_service, $xrds); - if (!$xrd) { - common_debug('remotesubscribe.php - failed to find oauth discovery XRD'); + if (!$oauth_xrd) { return NULL; } - common_debug('remotesubscribe.php - adding OAuth services from XRD'); - - if (!$this->addServices($xrd, $oauth_endpoints, $omb)) { - common_debug('remotesubscribe.php - failed to add OAuth services'); + if (!$this->addServices($oauth_xrd, $oauth_endpoints, $omb)) { return NULL; } - common_debug('remotesubscribe.php - looking for OMB discovery service'); - - $omb_services = $xrds->services(omb_service_filter(OMB_NAMESPACE)); + $omb_services = omb_get_services($xrds, OMB_NAMESPACE); if (!$omb_services) { - common_debug('remotesubscribe.php - failed to find OMB discovery service'); return NULL; } $omb_service = $omb_services[0]; - common_debug('remotesubscribe.php - looking for OMB discovery XRD'); + $omb_xrd = $this->getXRD($omb_service, $xrds); - $xrd = $this->getXRD($omb_service, $xrds); - - if (!$xrd) { - common_debug('remotesubscribe.php - failed to find OMB discovery XRD'); + if (!$omb_xrd) { return NULL; } - common_debug('remotesubscribe.php - adding OMB services from XRD'); - - if (!$this->addServices($xrd, $omb_endpoints, $omb)) { - common_debug('remotesubscribe.php - failed to add OMB services'); + if (!$this->addServices($omb_xrd, $omb_endpoints, $omb)) { return NULL; } @@ -187,13 +167,11 @@ class RemotesubscribeAction extends Action { foreach (array_merge($omb_endpoints, $oauth_endpoints) as $type) { if (!array_key_exists($type, $omb) || !$omb[$type]) { - common_debug('remotesubscribe.php - could not find type "'.$type.'"'); return NULL; } } if (!omb_local_id($omb[OAUTH_ENDPOINT_REQUEST])) { - common_debug('remotesubscribe.php - request token service has no LocalID.'); return NULL; } @@ -223,7 +201,7 @@ class RemotesubscribeAction extends Action { function addServices($xrd, $types, &$omb) { foreach ($types as $type) { - $matches = $xrd->services(omb_service_filter($type)); + $matches = omb_get_services($xrd, $type); if ($matches) { $omb[$type] = $matches[0]; } else { @@ -246,8 +224,6 @@ class RemotesubscribeAction extends Action { $params = array(); parse_str($parsed['query'], $params); - common_debug('remotesubscribe.php - building a POST message for request token call'); - $req = OAuthRequest::from_consumer_and_token($con, NULL, "POST", $url, $params); $listener = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); @@ -256,8 +232,6 @@ class RemotesubscribeAction extends Action { return NULL; } - common_debug('remotesubscribe.php - request token listener = "' . $listener . '"'); - $req->set_parameter('omb_listener', $listener); $req->set_parameter('omb_version', OMB_VERSION_01); @@ -269,25 +243,15 @@ class RemotesubscribeAction extends Action { $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); - common_debug('remotesubscribe.php - request token URL = "'.$req->get_normalized_http_url().'"'); - common_debug('remotesubscribe.php - request token data = "'.$req->to_postdata().'"'); - $result = $fetcher->post($req->get_normalized_http_url(), $req->to_postdata()); if ($result->status != 200) { - common_debug('remotesubscribe.php - request token status = "' . $result->status . '"'); - common_debug('remotesubscribe.php - request token body = "' . $result->body . '"'); return NULL; } - common_debug('remotesubscribe.php - request token body = "' . $result->body . '"'); - parse_str($result->body, $return); - common_debug('remotesubscribe.php - request token token = "' . $return['oauth_token'] . '"'); - common_debug('remotesubscribe.php - request token secret = "' . $return['oauth_token_secret'] . '"'); - return array($return['oauth_token'], $return['oauth_token_secret']); } @@ -336,10 +300,9 @@ class RemotesubscribeAction extends Action { $req->set_parameter('omb_listenee_avatar', $avatar->url); } - $nonce = $this->make_nonce(); - - $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe', - array('nonce' => $nonce))); + # XXX: add a nonce to prevent replay attacks + + $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe')); # XXX: test to see if endpoint accepts this signature method @@ -348,10 +311,15 @@ class RemotesubscribeAction extends Action { # store all our info here $omb['listenee'] = $user->nickname; + $omb['listener'] = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); $omb['token'] = $token; $omb['secret'] = $secret; + # call doesn't work after bounce back so we cache; maybe serialization issue...? + $omb['access_token_url'] = omb_service_uri($omb[OAUTH_ENDPOINT_ACCESS]); + $omb['post_notice_url'] = omb_service_uri($omb[OMB_ENDPOINT_POSTNOTICE]); + $omb['update_profile_url'] = omb_service_uri($omb[OMB_ENDPOINT_UPDATEPROFILE]); - $_SESSION[$nonce] = $omb; + $_SESSION['oauth_authorization_request'] = $omb; # Redirect to authorization service