summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-01-10 21:35:46 -0800
committerZach Copley <zach@status.net>2010-01-24 16:36:02 -0800
commite9e448bcee69b0c39badf353faedb4c29af3f502 (patch)
treea484d76bbc25380e497319d92b69b599aa7c3de4
parentfa81a580bb9eea76e7739f37010b35e4b919f410 (diff)
Workflow for request tokens and authorizing request tokens
-rw-r--r--actions/apioauthauthorize.php326
-rw-r--r--actions/apioauthrequesttoken.php5
-rw-r--r--actions/showapplication.php6
-rw-r--r--lib/router.php19
4 files changed, 338 insertions, 18 deletions
diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php
index 8839d9571..895a0c6e5 100644
--- a/actions/apioauthauthorize.php
+++ b/actions/apioauthauthorize.php
@@ -31,7 +31,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apioauthstore.php';
/**
* Authorize an OAuth request token
@@ -45,5 +45,329 @@ require_once INSTALLDIR . '/lib/api.php';
class ApiOauthAuthorizeAction extends Action
{
+ var $oauth_token;
+ var $callback;
+ var $app;
+ var $nickname;
+ var $password;
+ var $store;
+
+ /**
+ * Is this a read-only action?
+ *
+ * @return boolean false
+ */
+
+ function isReadOnly($args)
+ {
+ return false;
+ }
+
+ function prepare($args)
+ {
+ parent::prepare($args);
+
+ common_debug(var_export($_REQUEST, true));
+
+ $this->nickname = $this->trimmed('nickname');
+ $this->password = $this->arg('password');
+ $this->oauth_token = $this->arg('oauth_token');
+ $this->callback = $this->arg('oauth_callback');
+ $this->store = new ApiStatusNetOAuthDataStore();
+
+ return true;
+ }
+
+ function getApp()
+ {
+ // Look up the full req token
+
+ $req_token = $this->store->lookup_token(null,
+ 'request',
+ $this->oauth_token);
+
+ if (empty($req_token)) {
+
+ common_debug("Couldn't find request token!");
+
+ $this->clientError(_('Bad request.'));
+ return;
+ }
+
+ // Look up the app
+
+ $app = new Oauth_application();
+ $app->consumer_key = $req_token->consumer_key;
+ $result = $app->find(true);
+
+ if (!empty($result)) {
+ $this->app = $app;
+ return true;
+
+ } else {
+ common_debug("couldn't find the app!");
+ return false;
+ }
+ }
+
+ /**
+ * Handle input, produce output
+ *
+ * Switches on request method; either shows the form or handles its input.
+ *
+ * @param array $args $_REQUEST data
+ *
+ * @return void
+ */
+
+ function handle($args)
+ {
+ parent::handle($args);
+
+ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ /* Use a session token for CSRF protection. */
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->showForm(_('There was a problem with your session token. '.
+ 'Try again, please.'));
+ return;
+ }
+
+ $this->handlePost();
+
+ } else {
+
+ common_debug('ApiOauthAuthorize::handle()');
+
+ if (empty($this->oauth_token)) {
+
+ common_debug("No request token found.");
+
+ $this->clientError(_('Bad request.'));
+ return;
+ }
+
+ if (!$this->getApp()) {
+ $this->clientError(_('Bad request.'));
+ return;
+ }
+
+ common_debug("Requesting auth for app: $app->name.");
+
+ $this->showForm();
+ }
+ }
+
+ function handlePost()
+ {
+ /* Use a session token for CSRF protection. */
+
+ $token = $this->trimmed('token');
+
+ if (!$token || $token != common_session_token()) {
+ $this->showForm(_('There was a problem with your session token. '.
+ 'Try again, please.'));
+ return;
+ }
+
+ if (!$this->getApp()) {
+ $this->clientError(_('Bad request.'));
+ return;
+ }
+
+ // is the user already logged in?
+
+ // check creds
+
+ if (!common_logged_in()) {
+ $user = common_check_user($this->nickname, $this->password);
+ if (empty($user)) {
+ $this->showForm(_("Invalid nickname / password!"));
+ return;
+ }
+ }
+
+ if ($this->arg('allow')) {
+
+ $this->store->authorize_token($this->oauth_token);
+
+ // if we have a callback redirect and provide the token
+
+ if (!empty($this->callback)) {
+ $target_url = $this->callback . '?oauth_token=' . $this->oauth_token;
+ common_redirect($target_url, 303);
+ }
+
+ // otherwise inform the user that the rt was authorized
+
+ $this->elementStart('p');
+
+ // XXX: Do verifier code?
+
+ $this->raw(sprintf(_("The request token %s has been authorized. " .
+ 'Please exchange it for an access token.'),
+ $this->oauth_token));
+
+ $this->elementEnd('p');
+
+ } else if ($this->arg('deny')) {
+
+ $this->elementStart('p');
+
+ $this->raw(sprintf(_("The request token %s has been denied."),
+ $this->oauth_token));
+
+ $this->elementEnd('p');
+ } else {
+ $this->clientError(_('Unexpected form submission.'));
+ return;
+ }
+ }
+
+ function showForm($error=null)
+ {
+ $this->error = $error;
+ $this->showPage();
+ }
+
+ function showScripts()
+ {
+ parent::showScripts();
+ // $this->autofocus('nickname');
+ }
+
+ /**
+ * Title of the page
+ *
+ * @return string title of the page
+ */
+
+ function title()
+ {
+ return _('An application would like to connect to your account');
+ }
+
+ /**
+ * Show page notice
+ *
+ * Display a notice for how to use the page, or the
+ * error if it exists.
+ *
+ * @return void
+ */
+
+ function showPageNotice()
+ {
+ if ($this->error) {
+ $this->element('p', 'error', $this->error);
+ } else {
+ $instr = $this->getInstructions();
+ $output = common_markup_to_html($instr);
+
+ $this->raw($output);
+ }
+ }
+
+ /**
+ * Shows the authorization form.
+ *
+ * @return void
+ */
+
+ function showContent()
+ {
+ $this->elementStart('form', array('method' => 'post',
+ 'id' => 'form_login',
+ 'class' => 'form_settings',
+ 'action' => common_local_url('apioauthauthorize')));
+
+ $this->hidden('token', common_session_token());
+ $this->hidden('oauth_token', $this->oauth_token);
+ $this->hidden('oauth_callback', $this->callback);
+
+ $this->elementStart('fieldset');
+
+ $this->elementStart('ul');
+ $this->elementStart('li');
+ if (!empty($this->app->icon)) {
+ $this->element('img', array('src' => $this->app->icon));
+ }
+ $this->elementEnd('li');
+ $this->elementStart('li');
+
+ $access = ($this->app->access_type & Oauth_application::$writeAccess) ?
+ 'access and update' : 'access';
+
+ $msg = _("The application <b>%s</b> by <b>%s</b> would like " .
+ "the ability to <b>%s</b> your account data.");
+
+ $this->raw(sprintf($msg,
+ $this->app->name,
+ $this->app->organization,
+ $access));
+
+ $this->elementEnd('li');
+ $this->elementEnd('ul');
+
+ $this->elementEnd('fieldset');
+
+ if (!common_logged_in()) {
+
+ $this->elementStart('fieldset');
+ $this->element('legend', null, _('Login'));
+ $this->elementStart('ul', 'form_data');
+ $this->elementStart('li');
+ $this->input('nickname', _('Nickname'));
+ $this->elementEnd('li');
+ $this->elementStart('li');
+ $this->password('password', _('Password'));
+ $this->elementEnd('li');
+ $this->elementEnd('ul');
+
+ $this->elementEnd('fieldset');
+
+ }
+
+ $this->element('input', array('id' => 'deny_submit',
+ 'class' => 'submit',
+ 'name' => 'deny',
+ 'type' => 'submit',
+ 'value' => _('Deny')));
+
+ $this->element('input', array('id' => 'allow_submit',
+ 'class' => 'submit',
+ 'name' => 'allow',
+ 'type' => 'submit',
+ 'value' => _('Allow')));
+
+ $this->elementEnd('form');
+ }
+
+ /**
+ * Instructions for using the form
+ *
+ * For "remembered" logins, we make the user re-login when they
+ * try to change settings. Different instructions for this case.
+ *
+ * @return void
+ */
+
+ function getInstructions()
+ {
+ return _('Allow or deny access to your account information.');
+
+ }
+
+ /**
+ * A local menu
+ *
+ * Shows different login/register actions.
+ *
+ * @return void
+ */
+
+ function showLocalNav()
+ {
+ }
}
diff --git a/actions/apioauthrequesttoken.php b/actions/apioauthrequesttoken.php
index 1bbd7d295..53aca6b96 100644
--- a/actions/apioauthrequesttoken.php
+++ b/actions/apioauthrequesttoken.php
@@ -31,7 +31,6 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
require_once INSTALLDIR . '/lib/apioauthstore.php';
/**
@@ -70,6 +69,7 @@ class ApiOauthRequestTokenAction extends Action
$datastore = new ApiStatusNetOAuthDataStore();
$server = new OAuthServer($datastore);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
+
$server->add_signature_method($hmac_method);
try {
@@ -77,8 +77,7 @@ class ApiOauthRequestTokenAction extends Action
$token = $server->fetch_request_token($req);
print $token;
} catch (OAuthException $e) {
- common_log(LOG_WARN, $e->getMessage());
- common_debug(var_export($req, true));
+ common_log(LOG_WARN, 'API OAuthException - ' . $e->getMessage());
header('HTTP/1.1 401 Unauthorized');
header('Content-Type: text/html; charset=utf-8');
print $e->getMessage() . "\n";
diff --git a/actions/showapplication.php b/actions/showapplication.php
index 6d19b9561..5156fa6f0 100644
--- a/actions/showapplication.php
+++ b/actions/showapplication.php
@@ -231,17 +231,17 @@ class ShowApplicationAction extends OwnerDesignAction
$this->elementStart('dl', 'entity_request_token_url');
$this->element('dt', null, _('Request token URL'));
- $this->element('dd', 'label', common_local_url('oauthrequesttoken'));
+ $this->element('dd', 'label', common_local_url('apioauthrequesttoken'));
$this->elementEnd('dl');
$this->elementStart('dl', 'entity_access_token_url');
$this->element('dt', null, _('Access token URL'));
- $this->element('dd', 'label', common_local_url('oauthaccesstoken'));
+ $this->element('dd', 'label', common_local_url('apioauthaccesstoken'));
$this->elementEnd('dl');
$this->elementStart('dl', 'entity_authorize_url');
$this->element('dt', null, _('Authorize URL'));
- $this->element('dd', 'label', common_local_url('oauthauthorize'));
+ $this->element('dd', 'label', common_local_url('apioauthauthorize'));
$this->elementEnd('dl');
$this->element('p', 'oauth-signature-note',
diff --git a/lib/router.php b/lib/router.php
index 0703d7597..420f5a0a1 100644
--- a/lib/router.php
+++ b/lib/router.php
@@ -50,7 +50,8 @@ class Router
var $m = null;
static $inst = null;
static $bare = array('requesttoken', 'accesstoken', 'userauthorization',
- 'postnotice', 'updateprofile', 'finishremotesubscribe');
+ 'postnotice', 'updateprofile', 'finishremotesubscribe',
+ 'apioauthrequesttoken', 'apioauthaccesstoken');
static function get()
{
@@ -144,7 +145,7 @@ class Router
'email', 'sms', 'userdesign', 'other') as $s) {
$m->connect('settings/'.$s, array('action' => $s.'settings'));
}
-
+
// search
foreach (array('group', 'people', 'notice') as $s) {
@@ -640,11 +641,11 @@ class Router
array('action' => $a),
array('nickname' => '[a-zA-Z0-9]{1,64}'));
}
-
- $m->connect(':nickname/apps',
+
+ $m->connect(':nickname/apps',
array('action' => 'apps'),
array('nickname' => '['.NICKNAME_FMT.']{1,64}'));
- $m->connect(':nickname/apps/show/:id',
+ $m->connect(':nickname/apps/show/:id',
array('action' => 'showapplication'),
array('nickname' => '['.NICKNAME_FMT.']{1,64}',
'id' => '[0-9]+')
@@ -652,18 +653,14 @@ class Router
$m->connect(':nickname/apps/new',
array('action' => 'newapplication'),
array('nickname' => '['.NICKNAME_FMT.']{1,64}'));
- $m->connect(':nickname/apps/edit/:id',
+ $m->connect(':nickname/apps/edit/:id',
array('action' => 'editapplication'),
array('nickname' => '['.NICKNAME_FMT.']{1,64}',
'id' => '[0-9]+')
);
- $m->connect('oauth/request_token',
- array('action' => 'apioauthrequesttoken'));
- $m->connect('oauth/access_token',
- array('action' => 'apioauthaccesstoken'));
$m->connect('oauth/authorize',
- array('action' => 'apioauthauthorize'));
+ array('action' => 'apioauthauthorize'));
foreach (array('subscriptions', 'subscribers') as $a) {
$m->connect(':nickname/'.$a.'/:tag',