From df7565ddcca1e75476f4ad9318e83751d79884ba Mon Sep 17 00:00:00 2001 From: Adrian Lang Date: Sat, 7 Mar 2009 13:04:36 +0100 Subject: [PATCH] Remove second OAuth request validation. --- actions/userauthorization.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/actions/userauthorization.php b/actions/userauthorization.php index d0041ca5ae..28243deccc 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -56,7 +56,6 @@ class UserauthorizationAction extends Action if (!$req) { $this->clientError(_('No request found!')); } - # XXX: only validate new requests, since nonce is one-time use $this->validateRequest($req); $this->storeRequest($req); $this->showForm($req); @@ -307,14 +306,11 @@ class UserauthorizationAction extends Action } $user = common_current_user(); - $datastore = omb_oauth_datastore(); - $consumer = $this->getConsumer($datastore, $req); - $token = $this->getToken($datastore, $req, $consumer); $sub = new Subscription(); $sub->subscriber = $user->id; $sub->subscribed = $remote->id; - $sub->token = $token->key; # NOTE: request token, not valid for use! + $sub->token = $req->get_parameter('oauth_token'); # NOTE: request token, not valid for use! $sub->created = DB_DataObject_Cast::dateTime(); # current time if (!$sub->insert()) { @@ -388,7 +384,9 @@ class UserauthorizationAction extends Action function validateRequest(&$req) { - /* Find token. */ + /* Find token. + TODO: If no token is passed the user should get a prompt to enter it + according to OAuth Core 1.0 */ $t = new Token(); $t->tok = $req->get_parameter('oauth_token'); $t->type = 0; -- 2.39.5