Workflow for request tokens and authorizing request tokens

This commit is contained in:
Zach Copley 2010-01-10 21:35:46 -08:00
parent fa81a580bb
commit e9e448bcee
4 changed files with 338 additions and 18 deletions

View File

@ -31,7 +31,7 @@ if (!defined('STATUSNET')) {
exit(1); exit(1);
} }
require_once INSTALLDIR . '/lib/api.php'; require_once INSTALLDIR . '/lib/apioauthstore.php';
/** /**
* Authorize an OAuth request token * Authorize an OAuth request token
@ -45,5 +45,329 @@ require_once INSTALLDIR . '/lib/api.php';
class ApiOauthAuthorizeAction extends Action class ApiOauthAuthorizeAction extends Action
{ {
var $oauth_token;
var $callback;
var $app;
var $nickname;
var $password;
var $store;
/**
* Is this a read-only action?
*
* @return boolean false
*/
function isReadOnly($args)
{
return false;
}
function prepare($args)
{
parent::prepare($args);
common_debug(var_export($_REQUEST, true));
$this->nickname = $this->trimmed('nickname');
$this->password = $this->arg('password');
$this->oauth_token = $this->arg('oauth_token');
$this->callback = $this->arg('oauth_callback');
$this->store = new ApiStatusNetOAuthDataStore();
return true;
}
function getApp()
{
// Look up the full req token
$req_token = $this->store->lookup_token(null,
'request',
$this->oauth_token);
if (empty($req_token)) {
common_debug("Couldn't find request token!");
$this->clientError(_('Bad request.'));
return;
}
// Look up the app
$app = new Oauth_application();
$app->consumer_key = $req_token->consumer_key;
$result = $app->find(true);
if (!empty($result)) {
$this->app = $app;
return true;
} else {
common_debug("couldn't find the app!");
return false;
}
}
/**
* Handle input, produce output
*
* Switches on request method; either shows the form or handles its input.
*
* @param array $args $_REQUEST data
*
* @return void
*/
function handle($args)
{
parent::handle($args);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
/* Use a session token for CSRF protection. */
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. '.
'Try again, please.'));
return;
}
$this->handlePost();
} else {
common_debug('ApiOauthAuthorize::handle()');
if (empty($this->oauth_token)) {
common_debug("No request token found.");
$this->clientError(_('Bad request.'));
return;
}
if (!$this->getApp()) {
$this->clientError(_('Bad request.'));
return;
}
common_debug("Requesting auth for app: $app->name.");
$this->showForm();
}
}
function handlePost()
{
/* Use a session token for CSRF protection. */
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. '.
'Try again, please.'));
return;
}
if (!$this->getApp()) {
$this->clientError(_('Bad request.'));
return;
}
// is the user already logged in?
// check creds
if (!common_logged_in()) {
$user = common_check_user($this->nickname, $this->password);
if (empty($user)) {
$this->showForm(_("Invalid nickname / password!"));
return;
}
}
if ($this->arg('allow')) {
$this->store->authorize_token($this->oauth_token);
// if we have a callback redirect and provide the token
if (!empty($this->callback)) {
$target_url = $this->callback . '?oauth_token=' . $this->oauth_token;
common_redirect($target_url, 303);
}
// otherwise inform the user that the rt was authorized
$this->elementStart('p');
// XXX: Do verifier code?
$this->raw(sprintf(_("The request token %s has been authorized. " .
'Please exchange it for an access token.'),
$this->oauth_token));
$this->elementEnd('p');
} else if ($this->arg('deny')) {
$this->elementStart('p');
$this->raw(sprintf(_("The request token %s has been denied."),
$this->oauth_token));
$this->elementEnd('p');
} else {
$this->clientError(_('Unexpected form submission.'));
return;
}
}
function showForm($error=null)
{
$this->error = $error;
$this->showPage();
}
function showScripts()
{
parent::showScripts();
// $this->autofocus('nickname');
}
/**
* Title of the page
*
* @return string title of the page
*/
function title()
{
return _('An application would like to connect to your account');
}
/**
* Show page notice
*
* Display a notice for how to use the page, or the
* error if it exists.
*
* @return void
*/
function showPageNotice()
{
if ($this->error) {
$this->element('p', 'error', $this->error);
} else {
$instr = $this->getInstructions();
$output = common_markup_to_html($instr);
$this->raw($output);
}
}
/**
* Shows the authorization form.
*
* @return void
*/
function showContent()
{
$this->elementStart('form', array('method' => 'post',
'id' => 'form_login',
'class' => 'form_settings',
'action' => common_local_url('apioauthauthorize')));
$this->hidden('token', common_session_token());
$this->hidden('oauth_token', $this->oauth_token);
$this->hidden('oauth_callback', $this->callback);
$this->elementStart('fieldset');
$this->elementStart('ul');
$this->elementStart('li');
if (!empty($this->app->icon)) {
$this->element('img', array('src' => $this->app->icon));
}
$this->elementEnd('li');
$this->elementStart('li');
$access = ($this->app->access_type & Oauth_application::$writeAccess) ?
'access and update' : 'access';
$msg = _("The application <b>%s</b> by <b>%s</b> would like " .
"the ability to <b>%s</b> your account data.");
$this->raw(sprintf($msg,
$this->app->name,
$this->app->organization,
$access));
$this->elementEnd('li');
$this->elementEnd('ul');
$this->elementEnd('fieldset');
if (!common_logged_in()) {
$this->elementStart('fieldset');
$this->element('legend', null, _('Login'));
$this->elementStart('ul', 'form_data');
$this->elementStart('li');
$this->input('nickname', _('Nickname'));
$this->elementEnd('li');
$this->elementStart('li');
$this->password('password', _('Password'));
$this->elementEnd('li');
$this->elementEnd('ul');
$this->elementEnd('fieldset');
}
$this->element('input', array('id' => 'deny_submit',
'class' => 'submit',
'name' => 'deny',
'type' => 'submit',
'value' => _('Deny')));
$this->element('input', array('id' => 'allow_submit',
'class' => 'submit',
'name' => 'allow',
'type' => 'submit',
'value' => _('Allow')));
$this->elementEnd('form');
}
/**
* Instructions for using the form
*
* For "remembered" logins, we make the user re-login when they
* try to change settings. Different instructions for this case.
*
* @return void
*/
function getInstructions()
{
return _('Allow or deny access to your account information.');
}
/**
* A local menu
*
* Shows different login/register actions.
*
* @return void
*/
function showLocalNav()
{
}
} }

View File

@ -31,7 +31,6 @@ if (!defined('STATUSNET')) {
exit(1); exit(1);
} }
require_once INSTALLDIR . '/lib/api.php';
require_once INSTALLDIR . '/lib/apioauthstore.php'; require_once INSTALLDIR . '/lib/apioauthstore.php';
/** /**
@ -70,6 +69,7 @@ class ApiOauthRequestTokenAction extends Action
$datastore = new ApiStatusNetOAuthDataStore(); $datastore = new ApiStatusNetOAuthDataStore();
$server = new OAuthServer($datastore); $server = new OAuthServer($datastore);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($hmac_method); $server->add_signature_method($hmac_method);
try { try {
@ -77,8 +77,7 @@ class ApiOauthRequestTokenAction extends Action
$token = $server->fetch_request_token($req); $token = $server->fetch_request_token($req);
print $token; print $token;
} catch (OAuthException $e) { } catch (OAuthException $e) {
common_log(LOG_WARN, $e->getMessage()); common_log(LOG_WARN, 'API OAuthException - ' . $e->getMessage());
common_debug(var_export($req, true));
header('HTTP/1.1 401 Unauthorized'); header('HTTP/1.1 401 Unauthorized');
header('Content-Type: text/html; charset=utf-8'); header('Content-Type: text/html; charset=utf-8');
print $e->getMessage() . "\n"; print $e->getMessage() . "\n";

View File

@ -231,17 +231,17 @@ class ShowApplicationAction extends OwnerDesignAction
$this->elementStart('dl', 'entity_request_token_url'); $this->elementStart('dl', 'entity_request_token_url');
$this->element('dt', null, _('Request token URL')); $this->element('dt', null, _('Request token URL'));
$this->element('dd', 'label', common_local_url('oauthrequesttoken')); $this->element('dd', 'label', common_local_url('apioauthrequesttoken'));
$this->elementEnd('dl'); $this->elementEnd('dl');
$this->elementStart('dl', 'entity_access_token_url'); $this->elementStart('dl', 'entity_access_token_url');
$this->element('dt', null, _('Access token URL')); $this->element('dt', null, _('Access token URL'));
$this->element('dd', 'label', common_local_url('oauthaccesstoken')); $this->element('dd', 'label', common_local_url('apioauthaccesstoken'));
$this->elementEnd('dl'); $this->elementEnd('dl');
$this->elementStart('dl', 'entity_authorize_url'); $this->elementStart('dl', 'entity_authorize_url');
$this->element('dt', null, _('Authorize URL')); $this->element('dt', null, _('Authorize URL'));
$this->element('dd', 'label', common_local_url('oauthauthorize')); $this->element('dd', 'label', common_local_url('apioauthauthorize'));
$this->elementEnd('dl'); $this->elementEnd('dl');
$this->element('p', 'oauth-signature-note', $this->element('p', 'oauth-signature-note',

View File

@ -50,7 +50,8 @@ class Router
var $m = null; var $m = null;
static $inst = null; static $inst = null;
static $bare = array('requesttoken', 'accesstoken', 'userauthorization', static $bare = array('requesttoken', 'accesstoken', 'userauthorization',
'postnotice', 'updateprofile', 'finishremotesubscribe'); 'postnotice', 'updateprofile', 'finishremotesubscribe',
'apioauthrequesttoken', 'apioauthaccesstoken');
static function get() static function get()
{ {
@ -144,7 +145,7 @@ class Router
'email', 'sms', 'userdesign', 'other') as $s) { 'email', 'sms', 'userdesign', 'other') as $s) {
$m->connect('settings/'.$s, array('action' => $s.'settings')); $m->connect('settings/'.$s, array('action' => $s.'settings'));
} }
// search // search
foreach (array('group', 'people', 'notice') as $s) { foreach (array('group', 'people', 'notice') as $s) {
@ -640,11 +641,11 @@ class Router
array('action' => $a), array('action' => $a),
array('nickname' => '[a-zA-Z0-9]{1,64}')); array('nickname' => '[a-zA-Z0-9]{1,64}'));
} }
$m->connect(':nickname/apps', $m->connect(':nickname/apps',
array('action' => 'apps'), array('action' => 'apps'),
array('nickname' => '['.NICKNAME_FMT.']{1,64}')); array('nickname' => '['.NICKNAME_FMT.']{1,64}'));
$m->connect(':nickname/apps/show/:id', $m->connect(':nickname/apps/show/:id',
array('action' => 'showapplication'), array('action' => 'showapplication'),
array('nickname' => '['.NICKNAME_FMT.']{1,64}', array('nickname' => '['.NICKNAME_FMT.']{1,64}',
'id' => '[0-9]+') 'id' => '[0-9]+')
@ -652,18 +653,14 @@ class Router
$m->connect(':nickname/apps/new', $m->connect(':nickname/apps/new',
array('action' => 'newapplication'), array('action' => 'newapplication'),
array('nickname' => '['.NICKNAME_FMT.']{1,64}')); array('nickname' => '['.NICKNAME_FMT.']{1,64}'));
$m->connect(':nickname/apps/edit/:id', $m->connect(':nickname/apps/edit/:id',
array('action' => 'editapplication'), array('action' => 'editapplication'),
array('nickname' => '['.NICKNAME_FMT.']{1,64}', array('nickname' => '['.NICKNAME_FMT.']{1,64}',
'id' => '[0-9]+') 'id' => '[0-9]+')
); );
$m->connect('oauth/request_token',
array('action' => 'apioauthrequesttoken'));
$m->connect('oauth/access_token',
array('action' => 'apioauthaccesstoken'));
$m->connect('oauth/authorize', $m->connect('oauth/authorize',
array('action' => 'apioauthauthorize')); array('action' => 'apioauthauthorize'));
foreach (array('subscriptions', 'subscribers') as $a) { foreach (array('subscriptions', 'subscribers') as $a) {
$m->connect(':nickname/'.$a.'/:tag', $m->connect(':nickname/'.$a.'/:tag',