forked from GNUsocial/gnu-social
get rid of callback nonce
darcs-hash:20080602201707-84dde-400855b57fcf01e597494143cc78092351043b91.gz
This commit is contained in:
parent
7b24d101c0
commit
e103c8b6ea
@ -33,14 +33,7 @@ class FinishremotesubscribeAction extends Action {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$nonce = $this->trimmed('nonce');
|
$omb = $_SESSION['oauth_authorization_request'];
|
||||||
|
|
||||||
if (!$omb) {
|
|
||||||
common_user_error(_t('No nonce returned!'));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
$omb = $_SESSION[$nonce];
|
|
||||||
|
|
||||||
if (!$omb) {
|
if (!$omb) {
|
||||||
common_user_error(_t('Not expecting this response!'));
|
common_user_error(_t('Not expecting this response!'));
|
||||||
@ -173,7 +166,7 @@ class FinishremotesubscribeAction extends Action {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Clear the data
|
# Clear the data
|
||||||
unset($_SESSION[$nonce]);
|
unset($_SESSION['oauth_authorization_request']);
|
||||||
|
|
||||||
# If we show subscriptions in reverse chron order, this should
|
# If we show subscriptions in reverse chron order, this should
|
||||||
# show up close to the top of the page
|
# show up close to the top of the page
|
||||||
@ -187,7 +180,7 @@ class FinishremotesubscribeAction extends Action {
|
|||||||
$con = omb_oauth_consumer();
|
$con = omb_oauth_consumer();
|
||||||
$tok = new OAuthToken($omb['token'], $omb['secret']);
|
$tok = new OAuthToken($omb['token'], $omb['secret']);
|
||||||
|
|
||||||
$url = $omb[OAUTH_ENDPOINT_ACCESS][0];
|
$url = omb_service_uri($omb[OAUTH_ENDPOINT_ACCESS]);
|
||||||
|
|
||||||
# XXX: Is this the right thing to do? Strip off GET params and make them
|
# XXX: Is this the right thing to do? Strip off GET params and make them
|
||||||
# POST params? Seems wrong to me.
|
# POST params? Seems wrong to me.
|
||||||
|
@ -336,10 +336,9 @@ class RemotesubscribeAction extends Action {
|
|||||||
$req->set_parameter('omb_listenee_avatar', $avatar->url);
|
$req->set_parameter('omb_listenee_avatar', $avatar->url);
|
||||||
}
|
}
|
||||||
|
|
||||||
$nonce = $this->make_nonce();
|
# XXX: add a nonce to prevent replay attacks
|
||||||
|
|
||||||
$req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe',
|
$req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe'));
|
||||||
array('nonce' => $nonce)));
|
|
||||||
|
|
||||||
# XXX: test to see if endpoint accepts this signature method
|
# XXX: test to see if endpoint accepts this signature method
|
||||||
|
|
||||||
@ -351,7 +350,7 @@ class RemotesubscribeAction extends Action {
|
|||||||
$omb['token'] = $token;
|
$omb['token'] = $token;
|
||||||
$omb['secret'] = $secret;
|
$omb['secret'] = $secret;
|
||||||
|
|
||||||
$_SESSION[$nonce] = $omb;
|
$_SESSION['oauth_authorization_request'] = $omb;
|
||||||
|
|
||||||
# Redirect to authorization service
|
# Redirect to authorization service
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user