GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Make sure applications are really looked up by consumer key

Browse Source
This commit is contained in:
Zach Copley 2010-01-13 11:31:15 +00:00
parent 7c34ac8cc2
commit 6c8bf36fe1
2 changed files with 42 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
actions/apioauthauthorize.php
View File

@ -74,42 +74,11 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
$this->oauth_token = $this->arg('oauth_token'); $this->oauth_token = $this->arg('oauth_token');
$this->callback = $this->arg('oauth_callback'); $this->callback = $this->arg('oauth_callback');
$this->store = new ApiStatusNetOAuthDataStore(); $this->store = new ApiStatusNetOAuthDataStore();
$this->app = $this->store->getAppByRequestToken($this->oauth_token);
return true; return true;
} }
function getApp()
{
// Look up the full req token
$req_token = $this->store->lookup_token(null,
'request',
$this->oauth_token);
if (empty($req_token)) {
common_debug("Couldn't find request token!");
$this->clientError(_('Bad request.'));
return;
}
// Look up the app
$app = new Oauth_application();
$app->consumer_key = $req_token->consumer_key;
$result = $app->find(true);
if (!empty($result)) {
$this->app = $app;
return true;
} else {
common_debug("couldn't find the app!");
return false;
}
}
/** /**
* Handle input, produce output * Handle input, produce output
* *
@ -140,7 +109,8 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
return; return;
} }
if (!$this->getApp()) { if (empty($this->app)) {
common_debug('No app for that token.');
$this->clientError(_('Bad request.')); $this->clientError(_('Bad request.'));
return; return;
} }
@ -166,11 +136,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
return; return;
} }
if (!$this->getApp()) {
$this->clientError(_('Bad request.'));
return;
}
// check creds // check creds
$user = null; $user = null;
@ -416,7 +381,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
function getInstructions() function getInstructions()
{ {
return _('Allow or deny access to your account information.'); return _('Allow or deny access to your account information.');
} }
/** /**

40
lib/apioauthstore.php
View File

@ -36,6 +36,44 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
$con->consumer_secret); $con->consumer_secret);
} }
function getAppByRequestToken($token_key)
{
// Look up the full req tokenx
$req_token = $this->lookup_token(null,
'request',
$token_key);
if (empty($req_token)) {
common_debug("couldn't get request token from oauth datastore");
return null;
}
// Look up the full Token
$token = new Token();
$token->tok = $req_token->key;
$result = $token->find(true);
if (empty($result)) {
common_debug('Couldn\'t find req token in the token table.');
return null;
}
// Look up the app
$app = new Oauth_application();
$app->consumer_key = $token->consumer_key;
$result = $app->find(true);
if (!empty($result)) {
return $app;
} else {
common_debug("Couldn't find the app!");
return null;
}
}
function new_access_token($token, $consumer) function new_access_token($token, $consumer)
{ {
common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__); common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__);
@ -64,7 +102,7 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
if (!empty($result)) { if (!empty($result)) {
common_debug("Oath app user found."); common_debug("Oath app user found.");
} else { } else {
common_debug("Oauth app user not found."); common_debug("Oauth app user not found. app id $app->id token $rt->tok");
return null; return null;
} }