oauth apps/authorization management in settings page

diff --git a/mod/settings.php b/mod/settings.php
index ca9b4bd5421be098ac0d7239b5bebd1a03cf09bb..2b9cde735343b99194b5f962b30e443d92bb814a 100644 (file)
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -47,6 +47,58 @@ function settings_post(&$a) {
                return;
        }
 
+       if(($a->argc > 1) && ($a->argv[1] === 'oauth') && x($_POST,'remove')){
+               $key = $_POST['remove'];
+               q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
+                       dbesc($key),
+                       local_user());
+               goaway($a->get_baseurl()."/settings/oauth/");
+               return;                 
+       }
+
+       if(($a->argc > 2) && ($a->argv[1] === 'oauth')  && ($a->argv[2] === 'edit') && x($_POST,'submit')) {
+               
+               $name           = ((x($_POST,'name')) ? $_POST['name'] : '');
+               $key            = ((x($_POST,'key')) ? $_POST['key'] : '');
+               $secret         = ((x($_POST,'secret')) ? $_POST['secret'] : '');
+               $redirect       = ((x($_POST,'redirect')) ? $_POST['redirect'] : '');
+               $icon           = ((x($_POST,'icon')) ? $_POST['icon'] : '');
+               if ($name=="" || $key=="" || $secret==""){
+                       notice(t("Missing some important data!"));
+                       
+               } else {
+                       if ($_POST['submit']==t("Update")){
+                               $r = q("UPDATE clients SET
+                                                       client_id='%s',
+                                                       pw='%s',
+                                                       name='%s',
+                                                       redirect_uri='%s',
+                                                       icon='%s',
+                                                       uid=%d
+                                               WHERE client_id='%s'",
+                                               dbesc($key),
+                                               dbesc($secret),
+                                               dbesc($name),
+                                               dbesc($redirect),
+                                               dbesc($icon),
+                                               local_user(),
+                                               dbesc($key));
+                       } else {
+                               $r = q("INSERT INTO clients
+                                                       (client_id, pw, name, redirect_uri, icon, uid)
+                                               VALUES ('%s','%s','%s','%s','%s',%d)",
+                                               dbesc($key),
+                                               dbesc($secret),
+                                               dbesc($name),
+                                               dbesc($redirect),
+                                               dbesc($icon),
+                                               local_user());
+                       }
+               }
+               goaway($a->get_baseurl()."/settings/oauth/");
+               return;
+       }
+
        if(($a->argc > 1) && ($a->argv[1] == 'addon')) {
                call_hooks('plugin_settings_post', $_POST);
                return;
@@ -358,10 +410,77 @@ function settings_content(&$a) {
                
        if(($a->argc > 1) && ($a->argv[1] === 'oauth')) {
                
+               if(($a->argc > 2) && ($a->argv[2] === 'add')) {
+                       $tpl = get_markup_template("settings_oauth_edit.tpl");
+                       $o .= replace_macros($tpl, array(
+                               '$tabs'         => $tabs,
+                               '$title'        => t('Add application'),
+                               '$submit'       => t('Submit'),
+                               '$cancel'       => t('Cancel'),
+                               '$name'         => array('name', t('Name'), '', ''),
+                               '$key'          => array('key', t('Consumer Key'), '', ''),
+                               '$secret'       => array('secret', t('Consumer Secret'), '', ''),
+                               '$redirect'     => array('redirect', t('Redirect'), '', ''),
+                               '$icon'         => array('icon', t('Icon url'), '', ''),
+                       ));
+                       return $o;
+               }
+               
+               if(($a->argc > 3) && ($a->argv[2] === 'edit')) {
+                       $r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
+                                       dbesc($a->argv[3]),
+                                       local_user());
+                       
+                       if (!count($r)){
+                               notice(t("You can't edit this application."));
+                               return;
+                       }
+                       $app = $r[0];
+                       
+                       $tpl = get_markup_template("settings_oauth_edit.tpl");
+                       $o .= replace_macros($tpl, array(
+                               '$tabs'         => $tabs,
+                               '$title'        => t('Add application'),
+                               '$submit'       => t('Update'),
+                               '$cancel'       => t('Cancel'),
+                               '$name'         => array('name', t('Name'), $app['name'] , ''),
+                               '$key'          => array('key', t('Consumer Key'), $app['client_id'], ''),
+                               '$secret'       => array('secret', t('Consumer Secret'), $app['pw'], ''),
+                               '$redirect'     => array('redirect', t('Redirect'), $app['redirect_uri'], ''),
+                               '$icon'         => array('icon', t('Icon url'), $app['icon'], ''),
+                       ));
+                       return $o;
+               }
+               
+               if(($a->argc > 3) && ($a->argv[2] === 'delete')) {
+                       $r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
+                                       dbesc($a->argv[3]),
+                                       local_user());
+                       goaway($a->get_baseurl()."/settings/oauth/");
+                       return;                 
+               }
+               
+               
+               $r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my 
+                               FROM clients
+                               LEFT JOIN tokens ON clients.client_id=tokens.client_id
+                               WHERE clients.uid IN (%d,0)",
+                               local_user(),
+                               local_user());
+               
+               
                $tpl = get_markup_template("settings_oauth.tpl");
                $o .= replace_macros($tpl, array(
+                       '$baseurl'      => $a->get_baseurl(),
                        '$title'        => t('Connected Apps'),
+                       '$add'          => t('Add application'),
+                       '$edit'         => t('Edit'),
+                       '$delete'               => t('Delete'),
+                       '$consumerkey' => t('Client key starts with'),
+                       '$noname'       => t('No name'),
+                       '$remove'       => t('Remove authorization'),
                        '$tabs'         => $tabs,
+                       '$apps'         => $r,
                ));
                return $o;
                

diff --git a/view/settings_oauth.tpl b/view/settings_oauth.tpl
index 87fd6d1ee821bb835dc4b09a967cde87d80b3b7a..bc5866bec99ae7fc592bebb2d5c2b044afd6cca7 100644 (file)
--- a/view/settings_oauth.tpl
+++ b/view/settings_oauth.tpl
@@ -3,8 +3,30 @@ $tabs
 <h1>$title</h1>
 
 
-<form action="settings/addon" method="post" autocomplete="off">
+<form action="settings/oauth" method="post" autocomplete="off">
+       
+       <div id="profile-edit-links">
+               <ul>
+                       <li>
+                               <a id="profile-edit-view-link" href="$baseurl/settings/oauth/add">$add</a>
+                       </li>
+               </ul>
+       </div>
 
-$settings_addons
+       {{ for $apps as $app }}
+       <div class='oauthapp'>
+               <img src='$app.icon' class="{{ if $app.icon }} {{ else }}noicon{{ endif }}">
+               {{ if $app.name }}<h4>$app.name</h4>{{ else }}<h4>$noname</h4>{{ endif }}
+               {{ if $app.my }}
+                       {{ if $app.oauth_token }}
+                       <div class="settings-submit-wrapper" ><button class="settings-submit"  type="submit" name="remove" value="$app.oauth_token">$remove</button></div>
+                       {{ endif }}
+               {{ endif }}
+               {{ if $app.my }}
+               <a href="$baseurl/settings/oauth/edit/$app.client_id" class="icon edit" title="$edit">&nbsp;</a>
+               <a href="$baseurl/settings/oauth/delete/$app.client_id" class="icon drop" title="$delete">&nbsp;</a>
+               {{ endif }}             
+       </div>
+       {{ endfor }}
 
 </form>

diff --git a/view/settings_oauth_edit.tpl b/view/settings_oauth_edit.tpl
new file mode 100644 (file)
index 0000000..98b7457
--- /dev/null
+++ b/view/settings_oauth_edit.tpl
@@ -0,0 +1,17 @@
+$tabs
+
+<h1>$title</h1>
+
+<form method="POST">
+{{ inc field_input.tpl with $field=$name }}{{ endinc }}
+{{ inc field_input.tpl with $field=$key }}{{ endinc }}
+{{ inc field_input.tpl with $field=$secret }}{{ endinc }}
+{{ inc field_input.tpl with $field=$redirect }}{{ endinc }}
+{{ inc field_input.tpl with $field=$icon }}{{ endinc }}
+
+<div class="settings-submit-wrapper" >
+<input type="submit" name="submit" class="settings-submit" value="$submit" />
+<input type="submit" name="cancel" class="settings-submit" value="$cancel" />
+</div>
+
+</form>