Update ApiOauthAccessTokenAction to OAuth 1.0a

2010-10-07 18:32:27 -07:00 · 2010-10-07 18:32:27 -07:00 · 459727bd61
commit 459727bd61
parent f8808b0761
2 changed files with 65 additions and 25 deletions
--- a/actions/apioauthaccesstoken.php
+++ b/actions/apioauthaccesstoken.php
@ -2,7 +2,8 @@
 /**
 * StatusNet, the distributed open-source microblogging tool
 *
- * Exchange an authorized OAuth request token for an access token
+ * Action for getting OAuth token credentials (exchange an authorized
+ * request token for an access token)
 *
 * PHP version 5
 *
@ -34,7 +35,8 @@ if (!defined('STATUSNET')) {
 require_once INSTALLDIR . '/lib/apioauth.php';

 /**
- * Exchange an authorized OAuth request token for an access token
+ * Action for getting OAuth token credentials (exchange an authorized
+ * request token for an access token)
 *
 * @category API
 * @package  StatusNet
@ -45,6 +47,8 @@ require_once INSTALLDIR . '/lib/apioauth.php';

 class ApiOauthAccessTokenAction extends ApiOauthAction
 {
+    protected $reqToken = null;
+    protected $verifier = null;

    /**
     * Class handler.
@ -65,30 +69,58 @@ class ApiOauthAccessTokenAction extends ApiOauthAction

        $atok = null;

+        // XXX: Insist that oauth_token and oauth_verifier be populated?
+        // Spec doesn't say they MUST be.
+
        try {
+
            $req  = OAuthRequest::from_request();
+
+            $this->reqToken = $req->get_parameter('oauth_token');
+            $this->verifier = $req->get_parameter('oauth_verifier');
+
            $atok = $server->fetch_access_token($req);

        } catch (OAuthException $e) {
            common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage());
            common_debug(var_export($req, true));
-            $this->outputError($e->getMessage());
-            return;
+            $code = $e->getCode();
+            $this->clientError($e->getMessage(), empty($code) ? 401 : $code, 'text');
        }

        if (empty($atok)) {
-            common_debug('couldn\'t get access token.');
-            print "Token exchange failed. Has the request token been authorized?\n";
+
+            // Token exchange failed -- log it
+
+            list($proxy, $ip) = common_client_ip();
+
+            $msg = sprintf(
+                'API OAuth - Failure exchanging request token for access token, '
+                    . 'request token = %s, verifier = %s, IP = %s, proxy = %s',
+                $this->reqToken,
+                $this->verifier,
+                $ip,
+                $proxy
+            );
+
+            common_log(LOG_WARNING, $msg);
+
+            print "Invalid request token or verifier.";
+
        } else {
-            print $atok;
+            $this->showAccessToken($atok);
        }
    }

-    function outputError($msg)
+    /*
+     * Display OAuth token credentials
+     *
+     * @param OAuthToken token the access token
+     */
+
+    function showAccessToken($token)
    {
-        header('HTTP/1.1 401 Unauthorized');
-        header('Content-Type: text/html; charset=utf-8');
-        print $msg . "\n";
+        header('Content-Type: application/x-www-form-urlencoded');
+        print $token;
    }
 }
-
--- a/lib/apioauthstore.php
+++ b/lib/apioauthstore.php
@ -71,29 +71,33 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
        }
    }

-    function new_access_token($token, $consumer)
+    function new_access_token($token, $consumer, $verifier)
    {
-        common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__);
+        common_debug(
+            'new_access_token("' . $token->key . '","' . $consumer->key. '","' . $verifier . '")',
+             __FILE__
+        );

        $rt = new Token();
+
        $rt->consumer_key = $consumer->key;
-        $rt->tok = $token->key;
-        $rt->type = 0; // request
+        $rt->tok          = $token->key;
+        $rt->type         = 0; // request

        $app = Oauth_application::getByConsumerKey($consumer->key);
+        assert(!empty($app));

-        if (empty($app)) {
-            common_debug("empty app!");
-        }
+        if ($rt->find(true) && $rt->state == 1 && $rt->verifier == $verifier) { // authorized

-        if ($rt->find(true) && $rt->state == 1) { // authorized
            common_debug('request token found.', __FILE__);

            // find the associated user of the app

            $appUser = new Oauth_application_user();
+
            $appUser->application_id = $app->id;
-            $appUser->token = $rt->tok;
+            $appUser->token          = $rt->tok;
+
            $result = $appUser->find(true);

            if (!empty($result)) {
@ -106,10 +110,12 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
            // go ahead and make the access token

            $at = new Token();
-            $at->consumer_key = $consumer->key;
-            $at->tok = common_good_rand(16);
-            $at->secret = common_good_rand(16);
-            $at->type = 1; // access
+            $at->consumer_key      = $consumer->key;
+            $at->tok               = common_good_rand(16);
+            $at->secret            = common_good_rand(16);
+            $at->type              = 1; // access
+            $at->verifier          = $verifier;
+            $at->verified_callback = $rt->verified_callback; // 1.0a
            $at->created = DB_DataObject_Cast::dateTime();

            if (!$at->insert()) {
@ -217,4 +223,6 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
            return new OAuthToken($t->tok, $t->secret);
        }
    }
+
+
 }