X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Foauthstore.php;h=f224c6c2213ed3324ad49d3f87567abc4ef988fd;hb=7dc271723110cd2e9b179a3ae8dc8eee2c7c2534;hp=13187211a67579a19eac721b8f5ebf56694c26f8;hpb=7692378a9d86a02c16f519b0f3a139365e0464a4;p=quix0rs-gnu-social.git diff --git a/lib/oauthstore.php b/lib/oauthstore.php index 13187211a6..f224c6c221 100644 --- a/lib/oauthstore.php +++ b/lib/oauthstore.php @@ -1,7 +1,7 @@ consumer_key = $consumer_key; - $con->seed = common_good_rand(16); - $con->created = DB_DataObject_Cast::dateTime(); - if (!$con->insert()) { - return NULL; - } - } - return new OAuthConsumer($con->consumer_key, ''); - } - - function lookup_token($consumer, $token_type, $token_key) { - $t = new Token(); - $t->consumer_key = $consumer->key; - $t->tok = $token_key; - $t->type = ($token_type == 'access') ? 1 : 0; - if ($t->find(true)) { - return new OAuthToken($t->tok, $t->secret); - } else { - return NULL; - } - } - - function lookup_nonce($consumer, $token, $nonce, $timestamp) { - $n = new Nonce(); - $n->consumer_key = $consumer->key; - $n->tok = $token->key; - $n->nonce = $nonce; - if ($n->find(TRUE)) { - return TRUE; - } else { - $n->timestamp = $timestamp; - $n->created = DB_DataObject_Cast::dateTime(); - $n->insert(); - return FALSE; - } - } - - function new_request_token($consumer) { - $t = new Token(); - $t->consumer_key = $consumer->key; - $t->tok = common_good_rand(16); - $t->secret = common_good_rand(16); - $t->type = 0; # request - $t->state = 0; # unauthorized - $t->created = DB_DataObject_Cast::dateTime(); - if (!$t->insert()) { - return NULL; - } else { - return new OAuthToken($t->tok, $t->secret); - } - } + // We keep a record of who's contacted us - # defined in OAuthDataStore, but not implemented anywhere - - function fetch_request_token($consumer) { - return $this->new_request_token($consumer); - } - - function new_access_token($token, $consumer) { - common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__); - $rt = new Token(); - $rt->consumer_key = $consumer->key; - $rt->tok = $token->key; - $rt->type = 0; # request - if ($rt->find(TRUE) && $rt->state == 1) { # authorized - common_debug('request token found.', __FILE__); - $at = new Token(); - $at->consumer_key = $consumer->key; - $at->tok = common_good_rand(16); - $at->secret = common_good_rand(16); - $at->type = 1; # access - $at->created = DB_DataObject_Cast::dateTime(); - if (!$at->insert()) { - $e = $at->_lastError; - common_debug('access token "'.$at->tok.'" not inserted: "'.$e->message.'"', __FILE__); - return NULL; - } else { - common_debug('access token "'.$at->tok.'" inserted', __FILE__); - # burn the old one - $orig_rt = clone($rt); - $rt->state = 2; # used - if (!$rt->update($orig_rt)) { - return NULL; - } - common_debug('request token "'.$rt->tok.'" updated', __FILE__); - # Update subscription - # XXX: mixing levels here - $sub = Subscription::staticGet('token', $rt->tok); - if (!$sub) { - return NULL; - } - common_debug('subscription for request token found', __FILE__); - $orig_sub = clone($sub); - $sub->token = $at->tok; - $sub->secret = $at->secret; - if (!$sub->update($orig_sub)) { - return NULL; - } else { - common_debug('subscription updated to use access token', __FILE__); - return new OAuthToken($at->tok, $at->secret); - } - } - } else { - return NULL; - } - } - - # defined in OAuthDataStore, but not implemented anywhere - - function fetch_access_token($consumer) { - return $this->new_access_token($consumer); - } + function lookup_consumer($consumer_key) + { + $con = Consumer::staticGet('consumer_key', $consumer_key); + if (!$con) { + $con = new Consumer(); + $con->consumer_key = $consumer_key; + $con->seed = common_good_rand(16); + $con->created = DB_DataObject_Cast::dateTime(); + if (!$con->insert()) { + return null; + } + } + return new OAuthConsumer($con->consumer_key, ''); + } + + function lookup_token($consumer, $token_type, $token_key) + { + $t = new Token(); + $t->consumer_key = $consumer->key; + $t->tok = $token_key; + $t->type = ($token_type == 'access') ? 1 : 0; + if ($t->find(true)) { + return new OAuthToken($t->tok, $t->secret); + } else { + return null; + } + } + + // http://oauth.net/core/1.0/#nonce + // "The Consumer SHALL then generate a Nonce value that is unique for + // all requests with that timestamp." + + // XXX: It's not clear why the token is here + + function lookup_nonce($consumer, $token, $nonce, $timestamp) + { + $n = new Nonce(); + $n->consumer_key = $consumer->key; + $n->ts = $timestamp; + $n->nonce = $nonce; + if ($n->find(true)) { + return true; + } else { + $n->created = DB_DataObject_Cast::dateTime(); + $n->insert(); + return false; + } + } + + function new_request_token($consumer) + { + $t = new Token(); + $t->consumer_key = $consumer->key; + $t->tok = common_good_rand(16); + $t->secret = common_good_rand(16); + $t->type = 0; // request + $t->state = 0; // unauthorized + $t->created = DB_DataObject_Cast::dateTime(); + if (!$t->insert()) { + return null; + } else { + return new OAuthToken($t->tok, $t->secret); + } + } + + // defined in OAuthDataStore, but not implemented anywhere + + function fetch_request_token($consumer) + { + return $this->new_request_token($consumer); + } + + function new_access_token($token, $consumer) + { + common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__); + $rt = new Token(); + $rt->consumer_key = $consumer->key; + $rt->tok = $token->key; + $rt->type = 0; // request + if ($rt->find(true) && $rt->state == 1) { // authorized + common_debug('request token found.', __FILE__); + $at = new Token(); + $at->consumer_key = $consumer->key; + $at->tok = common_good_rand(16); + $at->secret = common_good_rand(16); + $at->type = 1; // access + $at->created = DB_DataObject_Cast::dateTime(); + if (!$at->insert()) { + $e = $at->_lastError; + common_debug('access token "'.$at->tok.'" not inserted: "'.$e->message.'"', __FILE__); + return null; + } else { + common_debug('access token "'.$at->tok.'" inserted', __FILE__); + // burn the old one + $orig_rt = clone($rt); + $rt->state = 2; // used + if (!$rt->update($orig_rt)) { + return null; + } + common_debug('request token "'.$rt->tok.'" updated', __FILE__); + // Update subscription + // XXX: mixing levels here + $sub = Subscription::staticGet('token', $rt->tok); + if (!$sub) { + return null; + } + common_debug('subscription for request token found', __FILE__); + $orig_sub = clone($sub); + $sub->token = $at->tok; + $sub->secret = $at->secret; + if (!$sub->update($orig_sub)) { + return null; + } else { + common_debug('subscription updated to use access token', __FILE__); + return new OAuthToken($at->tok, $at->secret); + } + } + } else { + return null; + } + } + + // defined in OAuthDataStore, but not implemented anywhere + + function fetch_access_token($consumer) + { + return $this->new_access_token($consumer); + } }