From 1179ecd13d68e76d74ad94e2d3ca22d9681eeffe Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 7 Mar 2009 12:55:09 -0800 Subject: [PATCH] Fix nonce usage in OAuth store The OAuth store was failing on getting a request token, because the token value was forced to be non-null in the DB. Let this value be null, and use the correct primary key (consumer, timestamp, nonce). Drop the reference to token table, and don't ever use it. --- classes/Nonce.php | 9 ++++----- classes/laconica.ini | 4 ++-- db/laconica.sql | 5 ++--- lib/oauthstore.php | 3 +-- 4 files changed, 9 insertions(+), 12 deletions(-) diff --git a/classes/Nonce.php b/classes/Nonce.php index 2c0edfa14d..486a65a3c7 100644 --- a/classes/Nonce.php +++ b/classes/Nonce.php @@ -4,22 +4,21 @@ */ require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; -class Nonce extends Memcached_DataObject +class Nonce extends Memcached_DataObject { ###START_AUTOCODE /* the code below is auto generated do not remove the above tag */ public $__table = 'nonce'; // table name public $consumer_key; // varchar(255) primary_key not_null - public $tok; // char(32) primary_key not_null + public $tok; // char(32) public $nonce; // char(32) primary_key not_null - public $ts; // datetime() not_null + public $ts; // datetime() primary_key not_null public $created; // datetime() not_null public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP /* Static get */ - function staticGet($k,$v=null) - { return Memcached_DataObject::staticGet('Nonce',$k,$v); } + function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('Nonce',$k,$v); } /* the code above is auto generated do not remove the tag below */ ###END_AUTOCODE diff --git a/classes/laconica.ini b/classes/laconica.ini index 5fd2cd1f86..529454d99b 100755 --- a/classes/laconica.ini +++ b/classes/laconica.ini @@ -145,7 +145,7 @@ id = N [nonce] consumer_key = 130 -tok = 130 +tok = 2 nonce = 130 ts = 142 created = 142 @@ -153,8 +153,8 @@ modified = 384 [nonce__keys] consumer_key = K -tok = K nonce = K +ts = K [notice] id = 129 diff --git a/db/laconica.sql b/db/laconica.sql index c2cd887dee..098fa4fd1a 100644 --- a/db/laconica.sql +++ b/db/laconica.sql @@ -181,15 +181,14 @@ create table token ( create table nonce ( consumer_key varchar(255) not null comment 'unique identifier, root URL', - tok char(32) not null comment 'identifying value', + tok char(32) null comment 'buggy old value, ignored', nonce char(32) not null comment 'nonce', ts datetime not null comment 'timestamp sent', created datetime not null comment 'date this record was created', modified timestamp comment 'date this record was modified', - constraint primary key (consumer_key, tok, nonce), - constraint foreign key (consumer_key, tok) references token (consumer_key, tok) + constraint primary key (consumer_key, ts, nonce) ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; /* One-to-many relationship of user to openid_url */ diff --git a/lib/oauthstore.php b/lib/oauthstore.php index 9af05ea2de..7d2e1f27b6 100644 --- a/lib/oauthstore.php +++ b/lib/oauthstore.php @@ -58,12 +58,11 @@ class LaconicaOAuthDataStore extends OAuthDataStore { $n = new Nonce(); $n->consumer_key = $consumer->key; - $n->tok = $token->key; + $n->ts = $timestamp; $n->nonce = $nonce; if ($n->find(true)) { return true; } else { - $n->ts = $timestamp; $n->created = DB_DataObject_Cast::dateTime(); $n->insert(); return false;