Make sure applications are really looked up by consumer key

diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php
index cdf9cb7df37c243e12617be4743fd162d5126b18..0966ba1d71fc00bc3db9077ebd53e843c596073f 100644 (file)
--- a/actions/apioauthauthorize.php
+++ b/actions/apioauthauthorize.php
@@ -74,42 +74,11 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
         $this->oauth_token = $this->arg('oauth_token');
         $this->callback    = $this->arg('oauth_callback');
         $this->store       = new ApiStatusNetOAuthDataStore();
+        $this->app         = $this->store->getAppByRequestToken($this->oauth_token);
 
         return true;
     }
 
-    function getApp()
-    {
-        // Look up the full req token
-
-        $req_token = $this->store->lookup_token(null,
-                                                'request',
-                                                $this->oauth_token);
-
-        if (empty($req_token)) {
-
-            common_debug("Couldn't find request token!");
-
-            $this->clientError(_('Bad request.'));
-            return;
-        }
-
-        // Look up the app
-
-        $app = new Oauth_application();
-        $app->consumer_key = $req_token->consumer_key;
-        $result = $app->find(true);
-
-        if (!empty($result)) {
-            $this->app = $app;
-            return true;
-
-        } else {
-            common_debug("couldn't find the app!");
-            return false;
-        }
-    }
-
     /**
      * Handle input, produce output
      *
@@ -140,7 +109,8 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
                 return;
             }
 
-            if (!$this->getApp()) {
+            if (empty($this->app)) {
+                common_debug('No app for that token.');
                 $this->clientError(_('Bad request.'));
                 return;
             }
@@ -166,11 +136,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
             return;
         }
 
-        if (!$this->getApp()) {
-            $this->clientError(_('Bad request.'));
-            return;
-        }
-
         // check creds
 
         $user = null;
@@ -416,7 +381,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
     function getInstructions()
     {
         return _('Allow or deny access to your account information.');
-
     }
 
     /**

diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php
index c39ddbb0f377d10864e0f1a119e0d433c3da7aa6..32110d057572923ff183868a6b89cb057815f65b 100644 (file)
--- a/lib/apioauthstore.php
+++ b/lib/apioauthstore.php
@@ -36,6 +36,44 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
                                  $con->consumer_secret);
     }
 
+    function getAppByRequestToken($token_key)
+    {
+        // Look up the full req tokenx
+
+        $req_token = $this->lookup_token(null,
+                                         'request',
+                                         $token_key);
+
+        if (empty($req_token)) {
+            common_debug("couldn't get request token from oauth datastore");
+            return null;
+        }
+
+        // Look up the full Token
+
+        $token = new Token();
+        $token->tok = $req_token->key;
+        $result = $token->find(true);
+
+        if (empty($result)) {
+            common_debug('Couldn\'t find req token in the token table.');
+            return null;
+        }
+
+        // Look up the app
+
+        $app = new Oauth_application();
+        $app->consumer_key = $token->consumer_key;
+        $result = $app->find(true);
+
+        if (!empty($result)) {
+            return $app;
+        } else {
+            common_debug("Couldn't find the app!");
+            return null;
+        }
+    }
+
     function new_access_token($token, $consumer)
     {
         common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__);
@@ -64,7 +102,7 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
             if (!empty($result)) {
                 common_debug("Oath app user found.");
             } else {
-                common_debug("Oauth app user not found.");
+                common_debug("Oauth app user not found. app id $app->id token $rt->tok");
                 return null;
             }