Fix nonce usage in OAuth store

The OAuth store was failing on getting a request token, because the
token value was forced to be non-null in the DB. Let this value be
null, and use the correct primary key (consumer, timestamp, nonce).
Drop the reference to token table, and don't ever use it.

diff --git a/classes/Nonce.php b/classes/Nonce.php
index 2c0edfa14d70561bb4c6341310a93ddd3c837ef0..486a65a3c7e2aa6d78bc8478f579b27e8d80ab93 100644 (file)
--- a/classes/Nonce.php
+++ b/classes/Nonce.php
@@ -4,22 +4,21 @@
  */
 require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
 
-class Nonce extends Memcached_DataObject 
+class Nonce extends Memcached_DataObject
 {
     ###START_AUTOCODE
     /* the code below is auto generated do not remove the above tag */
 
     public $__table = 'nonce';                           // table name
     public $consumer_key;                    // varchar(255)  primary_key not_null
-    public $tok;                             // char(32)  primary_key not_null
+    public $tok;                             // char(32)
     public $nonce;                           // char(32)  primary_key not_null
-    public $ts;                              // datetime()   not_null
+    public $ts;                              // datetime()  primary_key not_null
     public $created;                         // datetime()   not_null
     public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
 
     /* Static get */
-    function staticGet($k,$v=null)
-    { return Memcached_DataObject::staticGet('Nonce',$k,$v); }
+    function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('Nonce',$k,$v); }
 
     /* the code above is auto generated do not remove the tag below */
     ###END_AUTOCODE

diff --git a/classes/laconica.ini b/classes/laconica.ini
index 5fd2cd1f86661e182414198509d29032d8693d06..529454d99bf8ef4bae0406523bcdb55c541f428a 100755 (executable)
--- a/classes/laconica.ini
+++ b/classes/laconica.ini
@@ -145,7 +145,7 @@ id = N
 
 [nonce]
 consumer_key = 130
-tok = 130
+tok = 2
 nonce = 130
 ts = 142
 created = 142
@@ -153,8 +153,8 @@ modified = 384
 
 [nonce__keys]
 consumer_key = K
-tok = K
 nonce = K
+ts = K
 
 [notice]
 id = 129

diff --git a/db/laconica.sql b/db/laconica.sql
index c2cd887deecae2363a87f15f4130e3f3528c632a..098fa4fd1aa7f09b5cd109e6f0e33ff9c7c86c83 100644 (file)
--- a/db/laconica.sql
+++ b/db/laconica.sql
@@ -181,15 +181,14 @@ create table token (
 
 create table nonce (
     consumer_key varchar(255) not null comment 'unique identifier, root URL',
-    tok char(32) not null comment 'identifying value',
+    tok char(32) null comment 'buggy old value, ignored',
     nonce char(32) not null comment 'nonce',
     ts datetime not null comment 'timestamp sent',
 
     created datetime not null comment 'date this record was created',
     modified timestamp comment 'date this record was modified',
 
-    constraint primary key (consumer_key, tok, nonce),
-    constraint foreign key (consumer_key, tok) references token (consumer_key, tok)
+    constraint primary key (consumer_key, ts, nonce)
 ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin;
 
 /* One-to-many relationship of user to openid_url */

diff --git a/lib/oauthstore.php b/lib/oauthstore.php
index 9af05ea2de82f663e2689ceae7bcf724e3e3ad24..7d2e1f27b60a3ed765db745fff6fb057baf84a1c 100644 (file)
--- a/lib/oauthstore.php
+++ b/lib/oauthstore.php
@@ -58,12 +58,11 @@ class LaconicaOAuthDataStore extends OAuthDataStore
     {
         $n = new Nonce();
         $n->consumer_key = $consumer->key;
-        $n->tok = $token->key;
+        $n->ts = $timestamp;
         $n->nonce = $nonce;
         if ($n->find(true)) {
             return true;
         } else {
-            $n->ts = $timestamp;
             $n->created = DB_DataObject_Cast::dateTime();
             $n->insert();
             return false;