Fix nonce usage in OAuth store

The OAuth store was failing on getting a request token, because the
token value was forced to be non-null in the DB. Let this value be
null, and use the correct primary key (consumer, timestamp, nonce).
Drop the reference to token table, and don't ever use it.
This commit is contained in:
Evan Prodromou 2009-03-07 12:55:09 -08:00
parent 22742c3b72
commit 1179ecd13d
4 changed files with 9 additions and 12 deletions

View File

@ -4,22 +4,21 @@
*/ */
require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
class Nonce extends Memcached_DataObject class Nonce extends Memcached_DataObject
{ {
###START_AUTOCODE ###START_AUTOCODE
/* the code below is auto generated do not remove the above tag */ /* the code below is auto generated do not remove the above tag */
public $__table = 'nonce'; // table name public $__table = 'nonce'; // table name
public $consumer_key; // varchar(255) primary_key not_null public $consumer_key; // varchar(255) primary_key not_null
public $tok; // char(32) primary_key not_null public $tok; // char(32)
public $nonce; // char(32) primary_key not_null public $nonce; // char(32) primary_key not_null
public $ts; // datetime() not_null public $ts; // datetime() primary_key not_null
public $created; // datetime() not_null public $created; // datetime() not_null
public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
/* Static get */ /* Static get */
function staticGet($k,$v=null) function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('Nonce',$k,$v); }
{ return Memcached_DataObject::staticGet('Nonce',$k,$v); }
/* the code above is auto generated do not remove the tag below */ /* the code above is auto generated do not remove the tag below */
###END_AUTOCODE ###END_AUTOCODE

View File

@ -145,7 +145,7 @@ id = N
[nonce] [nonce]
consumer_key = 130 consumer_key = 130
tok = 130 tok = 2
nonce = 130 nonce = 130
ts = 142 ts = 142
created = 142 created = 142
@ -153,8 +153,8 @@ modified = 384
[nonce__keys] [nonce__keys]
consumer_key = K consumer_key = K
tok = K
nonce = K nonce = K
ts = K
[notice] [notice]
id = 129 id = 129

View File

@ -181,15 +181,14 @@ create table token (
create table nonce ( create table nonce (
consumer_key varchar(255) not null comment 'unique identifier, root URL', consumer_key varchar(255) not null comment 'unique identifier, root URL',
tok char(32) not null comment 'identifying value', tok char(32) null comment 'buggy old value, ignored',
nonce char(32) not null comment 'nonce', nonce char(32) not null comment 'nonce',
ts datetime not null comment 'timestamp sent', ts datetime not null comment 'timestamp sent',
created datetime not null comment 'date this record was created', created datetime not null comment 'date this record was created',
modified timestamp comment 'date this record was modified', modified timestamp comment 'date this record was modified',
constraint primary key (consumer_key, tok, nonce), constraint primary key (consumer_key, ts, nonce)
constraint foreign key (consumer_key, tok) references token (consumer_key, tok)
) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin;
/* One-to-many relationship of user to openid_url */ /* One-to-many relationship of user to openid_url */

View File

@ -58,12 +58,11 @@ class LaconicaOAuthDataStore extends OAuthDataStore
{ {
$n = new Nonce(); $n = new Nonce();
$n->consumer_key = $consumer->key; $n->consumer_key = $consumer->key;
$n->tok = $token->key; $n->ts = $timestamp;
$n->nonce = $nonce; $n->nonce = $nonce;
if ($n->find(true)) { if ($n->find(true)) {
return true; return true;
} else { } else {
$n->ts = $timestamp;
$n->created = DB_DataObject_Cast::dateTime(); $n->created = DB_DataObject_Cast::dateTime();
$n->insert(); $n->insert();
return false; return false;