oauth: authorize view, wrong verifier.
This commit is contained in:
parent
ff7fc68382
commit
69e41f7703
|
@ -5,7 +5,8 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
define('TOKEN_DURATION', 300);
|
define('REQUEST_TOKEN_DURATION', 300);
|
||||||
|
define('ACCESS_TOKEN_DURATION', 31536000);
|
||||||
|
|
||||||
require_once("library/OAuth1.php");
|
require_once("library/OAuth1.php");
|
||||||
require_once("library/oauth2-php/lib/OAuth2.inc");
|
require_once("library/oauth2-php/lib/OAuth2.inc");
|
||||||
|
@ -62,7 +63,7 @@ class FKOAuthDataStore extends OAuthDataStore {
|
||||||
dbesc($sec),
|
dbesc($sec),
|
||||||
dbesc($consumer->key),
|
dbesc($consumer->key),
|
||||||
'request',
|
'request',
|
||||||
intval(TOKEN_DURATION));
|
intval(REQUEST_TOKEN_DURATION));
|
||||||
if (!$r) return null;
|
if (!$r) return null;
|
||||||
return new OAuthToken($key,$sec);
|
return new OAuthToken($key,$sec);
|
||||||
}
|
}
|
||||||
|
@ -75,7 +76,11 @@ class FKOAuthDataStore extends OAuthDataStore {
|
||||||
|
|
||||||
$ret=Null;
|
$ret=Null;
|
||||||
|
|
||||||
if (!is_null($token) && $token->expires > time()){
|
// get verifier for this user
|
||||||
|
$uverifier = get_pconfig(local_user(), "oauth", "verifier");
|
||||||
|
|
||||||
|
|
||||||
|
if (is_null($verifier) || ($verifier==$uverifier)){
|
||||||
|
|
||||||
$key = $this->gen_token();
|
$key = $this->gen_token();
|
||||||
$sec = $this->gen_token();
|
$sec = $this->gen_token();
|
||||||
|
@ -84,13 +89,22 @@ class FKOAuthDataStore extends OAuthDataStore {
|
||||||
dbesc($sec),
|
dbesc($sec),
|
||||||
dbesc($consumer->$key),
|
dbesc($consumer->$key),
|
||||||
'access',
|
'access',
|
||||||
intval(TOKEN_DURATION));
|
intval(ACCESS_TOKEN_DURATION));
|
||||||
if ($r)
|
if ($r)
|
||||||
$ret = new OAuthToken($key,$sec);
|
$ret = new OAuthToken($key,$sec);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
q("DELETE FROM tokens WHERE id='%s'", $token->key);
|
//q("DELETE FROM tokens WHERE id='%s'", $token->key);
|
||||||
|
|
||||||
|
|
||||||
|
if (!is_null($ret)){
|
||||||
|
//del_pconfig(local_user(), "oauth", "verifier");
|
||||||
|
$apps = get_pconfig(local_user(), "oauth", "apps");
|
||||||
|
if ($apps===false) $apps=array();
|
||||||
|
$apps[] = $consumer->key;
|
||||||
|
//set_pconfig(local_user(), "oauth", "apps", $apps);
|
||||||
|
}
|
||||||
|
|
||||||
return $ret;
|
return $ret;
|
||||||
|
|
||||||
|
|
|
@ -53,17 +53,14 @@ function api_content(&$a) {
|
||||||
if (is_null($app)) return "Invalid request. Unknown token.";
|
if (is_null($app)) return "Invalid request. Unknown token.";
|
||||||
$consumer = new OAuthConsumer($app['key'], $app['secret']);
|
$consumer = new OAuthConsumer($app['key'], $app['secret']);
|
||||||
|
|
||||||
// Rev A change
|
$verifier = md5($app['secret'].local_user());
|
||||||
$request = OAuthRequest::from_request();
|
set_pconfig(local_user(), "oauth", "verifier", $verifier);
|
||||||
$callback = $request->get_parameter('oauth_callback');
|
|
||||||
$datastore = new FKOAuthDataStore();
|
|
||||||
$new_token = $datastore->new_request_token($consumer, $callback);
|
|
||||||
|
|
||||||
$tpl = get_markup_template("oauth_authorize_done.tpl");
|
$tpl = get_markup_template("oauth_authorize_done.tpl");
|
||||||
$o = replace_macros($tpl, array(
|
$o = replace_macros($tpl, array(
|
||||||
'$title' => t('Authorize application connection'),
|
'$title' => t('Authorize application connection'),
|
||||||
'$info' => t('Return to your app and insert this Securty Code:'),
|
'$info' => t('Return to your app and insert this Securty Code:'),
|
||||||
'$code' => $new_token->key,
|
'$code' => $verifier,
|
||||||
));
|
));
|
||||||
|
|
||||||
return $o;
|
return $o;
|
||||||
|
|
|
@ -362,7 +362,6 @@ function settings_content(&$a) {
|
||||||
$o .= replace_macros($tpl, array(
|
$o .= replace_macros($tpl, array(
|
||||||
'$title' => t('Connected Apps'),
|
'$title' => t('Connected Apps'),
|
||||||
'$tabs' => $tabs,
|
'$tabs' => $tabs,
|
||||||
'$settings_addons' => $settings_addons
|
|
||||||
));
|
));
|
||||||
return $o;
|
return $o;
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
<h1>$title</h1>
|
||||||
|
|
||||||
|
<div class='oauthapp'>
|
||||||
|
<img src='$app.icon'>
|
||||||
|
<h4>$app.name</h4>
|
||||||
|
<p>$app.client_id</p>
|
||||||
|
</div>
|
||||||
|
<h3>$authorize</h3>
|
||||||
|
<form method="POST">
|
||||||
|
<div class="submit"><input type="submit" name="oauth_yes" value="$yes" /></div>
|
||||||
|
</form>
|
|
@ -0,0 +1,4 @@
|
||||||
|
<h1>$title</h1>
|
||||||
|
|
||||||
|
<p>$info</p>
|
||||||
|
<code>$code</code>
|
|
@ -0,0 +1,10 @@
|
||||||
|
$tabs
|
||||||
|
|
||||||
|
<h1>$title</h1>
|
||||||
|
|
||||||
|
|
||||||
|
<form action="settings/addon" method="post" autocomplete="off">
|
||||||
|
|
||||||
|
$settings_addons
|
||||||
|
|
||||||
|
</form>
|
Loading…
Reference in New Issue
Block a user