X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fuserauthorization.php;h=e91c41fb3e518f555e4ccd94e22f1ff396120549;hb=1ef5cf964ef65b248dc150660124e95dcd933106;hp=eb93b6fd301d06a77e3beb8b9bac16eb328a5949;hpb=5fb2072bc9158373f079a5e8997d195d0220e038;p=quix0rs-gnu-social.git diff --git a/actions/userauthorization.php b/actions/userauthorization.php index eb93b6fd30..e91c41fb3e 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -132,8 +132,12 @@ class UserauthorizationAction extends Action { $callback = $req->get_parameter('oauth_callback'); if ($this->arg('accept')) { - $this->authorize_token($req); - $this->save_remote_profile($req); + if (!$this->authorize_token($req)) { + common_server_error(_t('Error authorizing token')); + } + if (!$this->save_remote_profile($req)) { + common_server_error(_t('Error saving remote profile')); + } if (!$callback) { $this->show_accept_message($req->get_parameter('oauth_token')); } else { @@ -181,15 +185,22 @@ class UserauthorizationAction extends Action { } function authorize_token(&$req) { - $consumer_key = @$req->get_parameter('oauth_consumer_key'); - $token_field = @$req->get_parameter('oauth_token'); + $consumer_key = $req->get_parameter('oauth_consumer_key'); + $token_field = $req->get_parameter('oauth_token'); + common_debug('consumer key = "'.$consumer_key.'"', __FILE__); + common_debug('token field = "'.$token_field.'"', __FILE__); $rt = new Token(); $rt->consumer_key = $consumer_key; $rt->tok = $token_field; - if ($rt->find(TRUE)) { + $rt->type = 0; + $rt->state = 0; + common_debug('request token to look up: "'.print_r($rt,TRUE).'"'); + if ($rt->find(true)) { + common_debug('found request token to authorize', __FILE__); $orig_rt = clone($rt); $rt->state = 1; # Authorized but not used if ($rt->update($orig_rt)) { + common_debug('updated request token so it is authorized', __FILE__); return true; } } @@ -247,18 +258,27 @@ class UserauthorizationAction extends Action { } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); + if (!$id) { + return FALSE; + } $remote->id = $id; } if ($exists) { - $remote->update($orig_remote); + if (!$remote->update($orig_remote)) { + return FALSE; + } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time - $remote->insert(); + if (!$remote->insert()) { + return FALSE; + } } if ($avatar_url) { - $this->add_avatar($profile, $avatar_url); + if (!$this->add_avatar($profile, $avatar_url)) { + return FALSE; + } } $user = common_current_user(); @@ -273,9 +293,10 @@ class UserauthorizationAction extends Action { $sub->created = DB_DataObject_Cast::dateTime(); # current time if (!$sub->insert()) { - common_user_error(_t('Couldn\'t insert new subscription.')); - return; + return FALSE; } + + return TRUE; } function add_avatar($profile, $url) { @@ -367,6 +388,10 @@ class UserauthorizationAction extends Action { if (!$user) { throw new OAuthException("Listener URI '$listener' not found here"); } + $cur = common_current_user(); + if ($cur->id != $user->id) { + throw new OAuthException("Can't add for another user!"); + } $listenee = $req->get_parameter('omb_listenee'); if (!Validate::uri($listenee) && !common_valid_tag($listenee)) { @@ -375,6 +400,15 @@ class UserauthorizationAction extends Action { if (strlen($listenee) > 255) { throw new OAuthException("Listenee URI '$listenee' too long"); } + $remote = Remote_profile::staticGet('uri', $listenee); + if ($remote) { + $sub = new Subscription(); + $sub->subscriber = $user->id; + $sub->subscribed = $remote->id; + if ($sub->find(TRUE)) { + throw new OAuthException("Already subscribed to user!"); + } + } $nickname = $req->get_parameter('omb_listenee_nickname'); if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64,