OAuth - inform consumer when user refused to authorize a request token

http://status.net/open-source/issues/2848
This commit is contained in:
Zach Copley 2010-10-21 17:11:59 -07:00
parent 94f7bfa50a
commit ce0d81c190

View File

@ -172,11 +172,11 @@ class ApiOauthAuthorizeAction extends Action
$user = common_current_user(); $user = common_current_user();
} }
if ($this->arg('allow')) { // fetch the token
$this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam);
assert(!empty($this->reqToken));
common_debug("allow"); if ($this->arg('allow')) {
// fetch the token
$this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam);
// mark the req token as authorized // mark the req token as authorized
try { try {
@ -188,8 +188,10 @@ class ApiOauthAuthorizeAction extends Action
common_log( common_log(
LOG_INFO, LOG_INFO,
sprintf( sprintf(
"The request token '%s' for OAuth application %s (%s) has been authorized.", "API OAuth - User %d (%s) has authorized request token %s for OAuth application %d (%s).",
$this->oauthTokenParam, $user->id,
$user->nickname,
$this->reqToken->tok,
$this->app->id, $this->app->id,
$this->app->name $this->app->name
) )
@ -227,10 +229,7 @@ class ApiOauthAuthorizeAction extends Action
) )
); );
common_log( common_log(LOG_INFO, "Redirecting to callback: $targetUrl");
LOG_INFO,
"API OAuth - Request token authorized; doing callback to $targetUrl"
);
// Redirect the user to the provided OAuth callback // Redirect the user to the provided OAuth callback
common_redirect($targetUrl, 303); common_redirect($targetUrl, 303);
@ -254,13 +253,45 @@ class ApiOauthAuthorizeAction extends Action
} else if ($this->arg('cancel')) { } else if ($this->arg('cancel')) {
common_log(
LOG_INFO,
sprintf(
"API OAuth - User %d (%s) refused to authorize request token %s for OAuth application %d (%s).",
$user->id,
$user->nickname,
$this->reqToken->tok,
$this->app->id,
$this->app->name
)
);
try { try {
$this->store->revoke_token($this->oauthTokenParam, 0); $this->store->revoke_token($this->oauthTokenParam, 0);
$this->showCanceled();
} catch (Exception $e) { } catch (Exception $e) {
$this->ServerError($e->getMessage()); $this->ServerError($e->getMessage());
} }
$callback = $this->getCallback();
// If there's a callback available, inform the consumer the user
// has refused authorization
if (!empty($callback) && $this->reqToken->verified_callback != 'oob') {
$targetUrl = $this->buildCallbackUrl(
$callback,
array(
'oauth_problem' => 'user_refused',
)
);
common_log(LOG_INFO, "Redirecting to callback: $targetUrl");
// Redirect the user to the provided OAuth callback
common_redirect($targetUrl, 303);
}
// otherwise inform the user that authorization for the rt was declined
$this->showCanceled();
} else { } else {
// TRANS: Client error given on when invalid data was passed through a form in the OAuth API. // TRANS: Client error given on when invalid data was passed through a form in the OAuth API.
$this->clientError(_('Unexpected form submission.')); $this->clientError(_('Unexpected form submission.'));
@ -291,7 +322,6 @@ class ApiOauthAuthorizeAction extends Action
$schema->ensureTable('oauth_token_association', $reqTokenCols); $schema->ensureTable('oauth_token_association', $reqTokenCols);
} }
/** /**
* Override to add some special (more compact) styling when the page is * Override to add some special (more compact) styling when the page is
* being displayed in desktop mode. * being displayed in desktop mode.