Make sure applications are really looked up by consumer key

This commit is contained in:
Zach Copley 2010-01-13 11:31:15 +00:00
parent 7c34ac8cc2
commit 6c8bf36fe1
2 changed files with 42 additions and 40 deletions

View File

@ -74,42 +74,11 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
$this->oauth_token = $this->arg('oauth_token');
$this->callback = $this->arg('oauth_callback');
$this->store = new ApiStatusNetOAuthDataStore();
$this->app = $this->store->getAppByRequestToken($this->oauth_token);
return true;
}
function getApp()
{
// Look up the full req token
$req_token = $this->store->lookup_token(null,
'request',
$this->oauth_token);
if (empty($req_token)) {
common_debug("Couldn't find request token!");
$this->clientError(_('Bad request.'));
return;
}
// Look up the app
$app = new Oauth_application();
$app->consumer_key = $req_token->consumer_key;
$result = $app->find(true);
if (!empty($result)) {
$this->app = $app;
return true;
} else {
common_debug("couldn't find the app!");
return false;
}
}
/**
* Handle input, produce output
*
@ -140,7 +109,8 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
return;
}
if (!$this->getApp()) {
if (empty($this->app)) {
common_debug('No app for that token.');
$this->clientError(_('Bad request.'));
return;
}
@ -166,11 +136,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
return;
}
if (!$this->getApp()) {
$this->clientError(_('Bad request.'));
return;
}
// check creds
$user = null;
@ -416,7 +381,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
function getInstructions()
{
return _('Allow or deny access to your account information.');
}
/**

View File

@ -36,6 +36,44 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
$con->consumer_secret);
}
function getAppByRequestToken($token_key)
{
// Look up the full req tokenx
$req_token = $this->lookup_token(null,
'request',
$token_key);
if (empty($req_token)) {
common_debug("couldn't get request token from oauth datastore");
return null;
}
// Look up the full Token
$token = new Token();
$token->tok = $req_token->key;
$result = $token->find(true);
if (empty($result)) {
common_debug('Couldn\'t find req token in the token table.');
return null;
}
// Look up the app
$app = new Oauth_application();
$app->consumer_key = $token->consumer_key;
$result = $app->find(true);
if (!empty($result)) {
return $app;
} else {
common_debug("Couldn't find the app!");
return null;
}
}
function new_access_token($token, $consumer)
{
common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__);
@ -64,7 +102,7 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
if (!empty($result)) {
common_debug("Oath app user found.");
} else {
common_debug("Oauth app user not found.");
common_debug("Oauth app user not found. app id $app->id token $rt->tok");
return null;
}