From 69e41f7703bff03dc88e7181961a717ae41330c4 Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Wed, 2 Nov 2011 09:54:07 +0100 Subject: [PATCH] oauth: authorize view, wrong verifier. --- include/oauth.php | 24 +++++++++++++++++++----- mod/api.php | 11 ++++------- mod/settings.php | 1 - view/oauth_authorize.tpl | 11 +++++++++++ view/oauth_authorize_done.tpl | 4 ++++ view/settings_oauth.tpl | 10 ++++++++++ 6 files changed, 48 insertions(+), 13 deletions(-) create mode 100644 view/oauth_authorize.tpl create mode 100644 view/oauth_authorize_done.tpl create mode 100644 view/settings_oauth.tpl diff --git a/include/oauth.php b/include/oauth.php index 5061724915..b843092076 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -5,7 +5,8 @@ * */ -define('TOKEN_DURATION', 300); +define('REQUEST_TOKEN_DURATION', 300); +define('ACCESS_TOKEN_DURATION', 31536000); require_once("library/OAuth1.php"); require_once("library/oauth2-php/lib/OAuth2.inc"); @@ -62,7 +63,7 @@ class FKOAuthDataStore extends OAuthDataStore { dbesc($sec), dbesc($consumer->key), 'request', - intval(TOKEN_DURATION)); + intval(REQUEST_TOKEN_DURATION)); if (!$r) return null; return new OAuthToken($key,$sec); } @@ -75,7 +76,11 @@ class FKOAuthDataStore extends OAuthDataStore { $ret=Null; - if (!is_null($token) && $token->expires > time()){ + // get verifier for this user + $uverifier = get_pconfig(local_user(), "oauth", "verifier"); + + + if (is_null($verifier) || ($verifier==$uverifier)){ $key = $this->gen_token(); $sec = $this->gen_token(); @@ -84,13 +89,22 @@ class FKOAuthDataStore extends OAuthDataStore { dbesc($sec), dbesc($consumer->$key), 'access', - intval(TOKEN_DURATION)); + intval(ACCESS_TOKEN_DURATION)); if ($r) $ret = new OAuthToken($key,$sec); } - q("DELETE FROM tokens WHERE id='%s'", $token->key); + //q("DELETE FROM tokens WHERE id='%s'", $token->key); + + + if (!is_null($ret)){ + //del_pconfig(local_user(), "oauth", "verifier"); + $apps = get_pconfig(local_user(), "oauth", "apps"); + if ($apps===false) $apps=array(); + $apps[] = $consumer->key; + //set_pconfig(local_user(), "oauth", "apps", $apps); + } return $ret; diff --git a/mod/api.php b/mod/api.php index bc5de03401..5903caee60 100644 --- a/mod/api.php +++ b/mod/api.php @@ -52,18 +52,15 @@ function api_content(&$a) { $app = oauth_get_client(); if (is_null($app)) return "Invalid request. Unknown token."; $consumer = new OAuthConsumer($app['key'], $app['secret']); - - // Rev A change - $request = OAuthRequest::from_request(); - $callback = $request->get_parameter('oauth_callback'); - $datastore = new FKOAuthDataStore(); - $new_token = $datastore->new_request_token($consumer, $callback); + + $verifier = md5($app['secret'].local_user()); + set_pconfig(local_user(), "oauth", "verifier", $verifier); $tpl = get_markup_template("oauth_authorize_done.tpl"); $o = replace_macros($tpl, array( '$title' => t('Authorize application connection'), '$info' => t('Return to your app and insert this Securty Code:'), - '$code' => $new_token->key, + '$code' => $verifier, )); return $o; diff --git a/mod/settings.php b/mod/settings.php index da2b57cd57..ca9b4bd542 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -362,7 +362,6 @@ function settings_content(&$a) { $o .= replace_macros($tpl, array( '$title' => t('Connected Apps'), '$tabs' => $tabs, - '$settings_addons' => $settings_addons )); return $o; diff --git a/view/oauth_authorize.tpl b/view/oauth_authorize.tpl new file mode 100644 index 0000000000..6bcf9802a5 --- /dev/null +++ b/view/oauth_authorize.tpl @@ -0,0 +1,11 @@ +

$title

+ +
+ +

$app.name

+

$app.client_id

+
+

$authorize

+
+
+
diff --git a/view/oauth_authorize_done.tpl b/view/oauth_authorize_done.tpl new file mode 100644 index 0000000000..51eaea2484 --- /dev/null +++ b/view/oauth_authorize_done.tpl @@ -0,0 +1,4 @@ +

$title

+ +

$info

+$code diff --git a/view/settings_oauth.tpl b/view/settings_oauth.tpl new file mode 100644 index 0000000000..87fd6d1ee8 --- /dev/null +++ b/view/settings_oauth.tpl @@ -0,0 +1,10 @@ +$tabs + +

$title

+ + +
+ +$settings_addons + +