]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
Workflow for request tokens and authorizing request tokens
authorZach Copley <zach@status.net>
Mon, 11 Jan 2010 05:35:46 +0000 (21:35 -0800)
committerZach Copley <zach@status.net>
Mon, 25 Jan 2010 00:36:02 +0000 (16:36 -0800)
actions/apioauthauthorize.php
actions/apioauthrequesttoken.php
actions/showapplication.php
lib/router.php

index 8839d9571c02c952afa923dee2b2ade7f8dbe8c0..895a0c6e53de1ff1f1f7844a3d21ac21913f4904 100644 (file)
@@ -31,7 +31,7 @@ if (!defined('STATUSNET')) {
     exit(1);
 }
 
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apioauthstore.php';
 
 /**
  * Authorize an OAuth request token
@@ -45,5 +45,329 @@ require_once INSTALLDIR . '/lib/api.php';
 
 class ApiOauthAuthorizeAction extends Action
 {
+    var $oauth_token;
+    var $callback;
+    var $app;
+    var $nickname;
+    var $password;
+    var $store;
+
+    /**
+     * Is this a read-only action?
+     *
+     * @return boolean false
+     */
+
+    function isReadOnly($args)
+    {
+        return false;
+    }
+
+    function prepare($args)
+    {
+        parent::prepare($args);
+
+        common_debug(var_export($_REQUEST, true));
+
+        $this->nickname    = $this->trimmed('nickname');
+        $this->password    = $this->arg('password');
+        $this->oauth_token = $this->arg('oauth_token');
+        $this->callback    = $this->arg('oauth_callback');
+        $this->store       = new ApiStatusNetOAuthDataStore();
+
+        return true;
+    }
+
+    function getApp()
+    {
+        // Look up the full req token
+
+        $req_token = $this->store->lookup_token(null,
+                                                'request',
+                                                $this->oauth_token);
+
+        if (empty($req_token)) {
+
+            common_debug("Couldn't find request token!");
+
+            $this->clientError(_('Bad request.'));
+            return;
+        }
+
+        // Look up the app
+
+        $app = new Oauth_application();
+        $app->consumer_key = $req_token->consumer_key;
+        $result = $app->find(true);
+
+        if (!empty($result)) {
+            $this->app = $app;
+            return true;
+
+        } else {
+            common_debug("couldn't find the app!");
+            return false;
+        }
+    }
+
+    /**
+     * Handle input, produce output
+     *
+     * Switches on request method; either shows the form or handles its input.
+     *
+     * @param array $args $_REQUEST data
+     *
+     * @return void
+     */
+
+    function handle($args)
+    {
+        parent::handle($args);
+
+        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+            /* Use a session token for CSRF protection. */
+            $token = $this->trimmed('token');
+            if (!$token || $token != common_session_token()) {
+                $this->showForm(_('There was a problem with your session token. '.
+                                  'Try again, please.'));
+                return;
+            }
+
+            $this->handlePost();
+
+        } else {
+
+            common_debug('ApiOauthAuthorize::handle()');
+
+            if (empty($this->oauth_token)) {
+
+                common_debug("No request token found.");
+
+                $this->clientError(_('Bad request.'));
+                return;
+            }
+
+            if (!$this->getApp()) {
+                $this->clientError(_('Bad request.'));
+                return;
+            }
+
+            common_debug("Requesting auth for app: $app->name.");
+
+            $this->showForm();
+        }
+    }
+
+    function handlePost()
+    {
+        /* Use a session token for CSRF protection. */
+
+        $token = $this->trimmed('token');
+
+        if (!$token || $token != common_session_token()) {
+            $this->showForm(_('There was a problem with your session token. '.
+                              'Try again, please.'));
+            return;
+        }
+
+        if (!$this->getApp()) {
+            $this->clientError(_('Bad request.'));
+            return;
+        }
+
+        // is the user already logged in?
+
+        // check creds
+
+        if (!common_logged_in()) {
+            $user = common_check_user($this->nickname, $this->password);
+            if (empty($user)) {
+                $this->showForm(_("Invalid nickname / password!"));
+                return;
+            }
+        }
+
+        if ($this->arg('allow')) {
+
+            $this->store->authorize_token($this->oauth_token);
+
+            // if we have a callback redirect and provide the token
+
+            if (!empty($this->callback)) {
+                $target_url = $this->callback . '?oauth_token=' . $this->oauth_token;
+                common_redirect($target_url, 303);
+            }
+
+            // otherwise inform the user that the rt was authorized
+
+            $this->elementStart('p');
+
+            // XXX: Do verifier code?
+
+            $this->raw(sprintf(_("The request token %s has been authorized. " .
+                                 'Please exchange it for an access token.'),
+                               $this->oauth_token));
+
+            $this->elementEnd('p');
+
+        } else if ($this->arg('deny')) {
+
+            $this->elementStart('p');
+
+            $this->raw(sprintf(_("The request token %s has been denied."),
+                               $this->oauth_token));
+
+            $this->elementEnd('p');
+        } else {
+            $this->clientError(_('Unexpected form submission.'));
+            return;
+        }
+    }
+
+    function showForm($error=null)
+    {
+        $this->error = $error;
+        $this->showPage();
+    }
+
+    function showScripts()
+    {
+        parent::showScripts();
+      //  $this->autofocus('nickname');
+    }
+
+    /**
+     * Title of the page
+     *
+     * @return string title of the page
+     */
+
+    function title()
+    {
+        return _('An application would like to connect to your account');
+    }
+
+    /**
+     * Show page notice
+     *
+     * Display a notice for how to use the page, or the
+     * error if it exists.
+     *
+     * @return void
+     */
+
+    function showPageNotice()
+    {
+        if ($this->error) {
+            $this->element('p', 'error', $this->error);
+        } else {
+            $instr  = $this->getInstructions();
+            $output = common_markup_to_html($instr);
+
+            $this->raw($output);
+        }
+    }
+
+    /**
+     * Shows the authorization form.
+     *
+     * @return void
+     */
+
+    function showContent()
+    {
+        $this->elementStart('form', array('method' => 'post',
+                                           'id' => 'form_login',
+                                           'class' => 'form_settings',
+                                           'action' => common_local_url('apioauthauthorize')));
+
+        $this->hidden('token', common_session_token());
+        $this->hidden('oauth_token', $this->oauth_token);
+        $this->hidden('oauth_callback', $this->callback);
+
+        $this->elementStart('fieldset');
+
+        $this->elementStart('ul');
+        $this->elementStart('li');
+        if (!empty($this->app->icon)) {
+            $this->element('img', array('src' => $this->app->icon));
+        }
+        $this->elementEnd('li');
+        $this->elementStart('li');
+
+        $access = ($this->app->access_type & Oauth_application::$writeAccess) ?
+          'access and update' : 'access';
+
+        $msg = _("The application <b>%s</b> by <b>%s</b> would like " .
+                 "the ability to <b>%s</b> your account data.");
+
+        $this->raw(sprintf($msg,
+                           $this->app->name,
+                           $this->app->organization,
+                           $access));
+
+        $this->elementEnd('li');
+        $this->elementEnd('ul');
+
+        $this->elementEnd('fieldset');
+
+        if (!common_logged_in()) {
+
+            $this->elementStart('fieldset');
+            $this->element('legend', null, _('Login'));
+            $this->elementStart('ul', 'form_data');
+            $this->elementStart('li');
+            $this->input('nickname', _('Nickname'));
+            $this->elementEnd('li');
+            $this->elementStart('li');
+            $this->password('password', _('Password'));
+            $this->elementEnd('li');
+            $this->elementEnd('ul');
+
+            $this->elementEnd('fieldset');
+
+        }
+
+        $this->element('input', array('id' => 'deny_submit',
+                                      'class' => 'submit',
+                                      'name' => 'deny',
+                                      'type' => 'submit',
+                                      'value' => _('Deny')));
+
+        $this->element('input', array('id' => 'allow_submit',
+                                      'class' => 'submit',
+                                      'name' => 'allow',
+                                      'type' => 'submit',
+                                      'value' => _('Allow')));
+
+        $this->elementEnd('form');
+    }
+
+    /**
+     * Instructions for using the form
+     *
+     * For "remembered" logins, we make the user re-login when they
+     * try to change settings. Different instructions for this case.
+     *
+     * @return void
+     */
+
+    function getInstructions()
+    {
+        return _('Allow or deny access to your account information.');
+
+    }
+
+    /**
+     * A local menu
+     *
+     * Shows different login/register actions.
+     *
+     * @return void
+     */
+
+    function showLocalNav()
+    {
+    }
 
 }
index 1bbd7d295b31751fe25a2f614a7940572e9d1ac8..53aca6b96bad20a398849b6ed25f8da84097319a 100644 (file)
@@ -31,7 +31,6 @@ if (!defined('STATUSNET')) {
     exit(1);
 }
 
-require_once INSTALLDIR . '/lib/api.php';
 require_once INSTALLDIR . '/lib/apioauthstore.php';
 
 /**
@@ -70,6 +69,7 @@ class ApiOauthRequestTokenAction extends Action
         $datastore   = new ApiStatusNetOAuthDataStore();
         $server      = new OAuthServer($datastore);
         $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
+
         $server->add_signature_method($hmac_method);
 
         try {
@@ -77,8 +77,7 @@ class ApiOauthRequestTokenAction extends Action
             $token = $server->fetch_request_token($req);
             print $token;
         } catch (OAuthException $e) {
-            common_log(LOG_WARN, $e->getMessage());
-            common_debug(var_export($req, true));
+            common_log(LOG_WARN, 'API OAuthException - ' . $e->getMessage());
             header('HTTP/1.1 401 Unauthorized');
             header('Content-Type: text/html; charset=utf-8');
             print $e->getMessage() . "\n";
index 6d19b9561c29ef72d3609f5f113e57e117f50fd8..5156fa6f0ca0890faa384889fd303a9de57d266c 100644 (file)
@@ -231,17 +231,17 @@ class ShowApplicationAction extends OwnerDesignAction
 
         $this->elementStart('dl', 'entity_request_token_url');
         $this->element('dt', null, _('Request token URL'));
-        $this->element('dd', 'label', common_local_url('oauthrequesttoken'));
+        $this->element('dd', 'label', common_local_url('apioauthrequesttoken'));
         $this->elementEnd('dl');
 
         $this->elementStart('dl', 'entity_access_token_url');
         $this->element('dt', null, _('Access token URL'));
-        $this->element('dd', 'label', common_local_url('oauthaccesstoken'));
+        $this->element('dd', 'label', common_local_url('apioauthaccesstoken'));
         $this->elementEnd('dl');
 
         $this->elementStart('dl', 'entity_authorize_url');
         $this->element('dt', null, _('Authorize URL'));
-        $this->element('dd', 'label', common_local_url('oauthauthorize'));
+        $this->element('dd', 'label', common_local_url('apioauthauthorize'));
         $this->elementEnd('dl');
 
         $this->element('p', 'oauth-signature-note',
index 0703d7597095cf3d7b8a5ee9412016fe202400ed..420f5a0a10337a59a4001f1f139abde8331c212a 100644 (file)
@@ -50,7 +50,8 @@ class Router
     var $m = null;
     static $inst = null;
     static $bare = array('requesttoken', 'accesstoken', 'userauthorization',
-                         'postnotice', 'updateprofile', 'finishremotesubscribe');
+                         'postnotice', 'updateprofile', 'finishremotesubscribe',
+                        'apioauthrequesttoken', 'apioauthaccesstoken');
 
     static function get()
     {
@@ -144,7 +145,7 @@ class Router
                            'email', 'sms', 'userdesign', 'other') as $s) {
                 $m->connect('settings/'.$s, array('action' => $s.'settings'));
             }
-        
+
             // search
 
             foreach (array('group', 'people', 'notice') as $s) {
@@ -640,11 +641,11 @@ class Router
                             array('action' => $a),
                             array('nickname' => '[a-zA-Z0-9]{1,64}'));
             }
-            
-            $m->connect(':nickname/apps', 
+
+            $m->connect(':nickname/apps',
                 array('action' => 'apps'),
                 array('nickname' => '['.NICKNAME_FMT.']{1,64}'));
-            $m->connect(':nickname/apps/show/:id', 
+            $m->connect(':nickname/apps/show/:id',
                 array('action' => 'showapplication'),
                 array('nickname' => '['.NICKNAME_FMT.']{1,64}',
                       'id' => '[0-9]+')
@@ -652,18 +653,14 @@ class Router
             $m->connect(':nickname/apps/new',
                 array('action' => 'newapplication'),
                 array('nickname' => '['.NICKNAME_FMT.']{1,64}'));
-            $m->connect(':nickname/apps/edit/:id', 
+            $m->connect(':nickname/apps/edit/:id',
                 array('action' => 'editapplication'),
                 array('nickname' => '['.NICKNAME_FMT.']{1,64}',
                       'id' => '[0-9]+')
             );
 
-            $m->connect('oauth/request_token',
-                array('action' => 'apioauthrequesttoken'));
-            $m->connect('oauth/access_token',
-                array('action' => 'apioauthaccesstoken'));
             $m->connect('oauth/authorize',
-                array('action' => 'apioauthauthorize'));
+                        array('action' => 'apioauthauthorize'));
 
             foreach (array('subscriptions', 'subscribers') as $a) {
                 $m->connect(':nickname/'.$a.'/:tag',