oauth: authorize view, wrong verifier.

This commit is contained in:
Fabio Comuni 2011-11-02 09:54:07 +01:00
parent ff7fc68382
commit 69e41f7703
6 changed files with 48 additions and 13 deletions

View file

@ -5,7 +5,8 @@
*
*/
define('TOKEN_DURATION', 300);
define('REQUEST_TOKEN_DURATION', 300);
define('ACCESS_TOKEN_DURATION', 31536000);
require_once("library/OAuth1.php");
require_once("library/oauth2-php/lib/OAuth2.inc");
@ -62,7 +63,7 @@ class FKOAuthDataStore extends OAuthDataStore {
dbesc($sec),
dbesc($consumer->key),
'request',
intval(TOKEN_DURATION));
intval(REQUEST_TOKEN_DURATION));
if (!$r) return null;
return new OAuthToken($key,$sec);
}
@ -75,7 +76,11 @@ class FKOAuthDataStore extends OAuthDataStore {
$ret=Null;
if (!is_null($token) && $token->expires > time()){
// get verifier for this user
$uverifier = get_pconfig(local_user(), "oauth", "verifier");
if (is_null($verifier) || ($verifier==$uverifier)){
$key = $this->gen_token();
$sec = $this->gen_token();
@ -84,13 +89,22 @@ class FKOAuthDataStore extends OAuthDataStore {
dbesc($sec),
dbesc($consumer->$key),
'access',
intval(TOKEN_DURATION));
intval(ACCESS_TOKEN_DURATION));
if ($r)
$ret = new OAuthToken($key,$sec);
}
q("DELETE FROM tokens WHERE id='%s'", $token->key);
//q("DELETE FROM tokens WHERE id='%s'", $token->key);
if (!is_null($ret)){
//del_pconfig(local_user(), "oauth", "verifier");
$apps = get_pconfig(local_user(), "oauth", "apps");
if ($apps===false) $apps=array();
$apps[] = $consumer->key;
//set_pconfig(local_user(), "oauth", "apps", $apps);
}
return $ret;

View file

@ -53,17 +53,14 @@ function api_content(&$a) {
if (is_null($app)) return "Invalid request. Unknown token.";
$consumer = new OAuthConsumer($app['key'], $app['secret']);
// Rev A change
$request = OAuthRequest::from_request();
$callback = $request->get_parameter('oauth_callback');
$datastore = new FKOAuthDataStore();
$new_token = $datastore->new_request_token($consumer, $callback);
$verifier = md5($app['secret'].local_user());
set_pconfig(local_user(), "oauth", "verifier", $verifier);
$tpl = get_markup_template("oauth_authorize_done.tpl");
$o = replace_macros($tpl, array(
'$title' => t('Authorize application connection'),
'$info' => t('Return to your app and insert this Securty Code:'),
'$code' => $new_token->key,
'$code' => $verifier,
));
return $o;

View file

@ -362,7 +362,6 @@ function settings_content(&$a) {
$o .= replace_macros($tpl, array(
'$title' => t('Connected Apps'),
'$tabs' => $tabs,
'$settings_addons' => $settings_addons
));
return $o;

11
view/oauth_authorize.tpl Normal file
View file

@ -0,0 +1,11 @@
<h1>$title</h1>
<div class='oauthapp'>
<img src='$app.icon'>
<h4>$app.name</h4>
<p>$app.client_id</p>
</div>
<h3>$authorize</h3>
<form method="POST">
<div class="submit"><input type="submit" name="oauth_yes" value="$yes" /></div>
</form>

View file

@ -0,0 +1,4 @@
<h1>$title</h1>
<p>$info</p>
<code>$code</code>

10
view/settings_oauth.tpl Normal file
View file

@ -0,0 +1,10 @@
$tabs
<h1>$title</h1>
<form action="settings/addon" method="post" autocomplete="off">
$settings_addons
</form>