Fix nonce usage in OAuth store

The OAuth store was failing on getting a request token, because the
token value was forced to be non-null in the DB. Let this value be
null, and use the correct primary key (consumer, timestamp, nonce).
Drop the reference to token table, and don't ever use it.

4 files changed, 9 insertions, 12 deletions

diff --git a/classes/Nonce.php b/classes/Nonce.php
index 2c0edfa14..486a65a3c 100644
--- a/classes/Nonce.php
+++ b/classes/Nonce.php
@@ -4,22 +4,21 @@
  */
 require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
 
-class Nonce extends Memcached_DataObject 
+class Nonce extends Memcached_DataObject
 {
     ###START_AUTOCODE
     /* the code below is auto generated do not remove the above tag */
 
     public $__table = 'nonce';                           // table name
     public $consumer_key;                    // varchar(255)  primary_key not_null
-    public $tok;                             // char(32)  primary_key not_null
+    public $tok;                             // char(32)
     public $nonce;                           // char(32)  primary_key not_null
-    public $ts;                              // datetime()   not_null
+    public $ts;                              // datetime()  primary_key not_null
     public $created;                         // datetime()   not_null
     public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
 
     /* Static get */
-    function staticGet($k,$v=null)
-    { return Memcached_DataObject::staticGet('Nonce',$k,$v); }
+    function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('Nonce',$k,$v); }
 
     /* the code above is auto generated do not remove the tag below */
     ###END_AUTOCODE
diff --git a/classes/laconica.ini b/classes/laconica.ini
index 5fd2cd1f8..529454d99 100755
--- a/classes/laconica.ini
+++ b/classes/laconica.ini
@@ -145,7 +145,7 @@ id = N
 
 [nonce]
 consumer_key = 130
-tok = 130
+tok = 2
 nonce = 130
 ts = 142
 created = 142
@@ -153,8 +153,8 @@ modified = 384
 
 [nonce__keys]
 consumer_key = K
-tok = K
 nonce = K
+ts = K
 
 [notice]
 id = 129
diff --git a/db/laconica.sql b/db/laconica.sql
index c2cd887de..098fa4fd1 100644
--- a/db/laconica.sql
+++ b/db/laconica.sql
@@ -181,15 +181,14 @@ create table token (
 
 create table nonce (
     consumer_key varchar(255) not null comment 'unique identifier, root URL',
-    tok char(32) not null comment 'identifying value',
+    tok char(32) null comment 'buggy old value, ignored',
     nonce char(32) not null comment 'nonce',
     ts datetime not null comment 'timestamp sent',
 
     created datetime not null comment 'date this record was created',
     modified timestamp comment 'date this record was modified',
 
-    constraint primary key (consumer_key, tok, nonce),
-    constraint foreign key (consumer_key, tok) references token (consumer_key, tok)
+    constraint primary key (consumer_key, ts, nonce)
 ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin;
 
 /* One-to-many relationship of user to openid_url */
diff --git a/lib/oauthstore.php b/lib/oauthstore.php
index 9af05ea2d..7d2e1f27b 100644
--- a/lib/oauthstore.php
+++ b/lib/oauthstore.php
@@ -58,12 +58,11 @@ class LaconicaOAuthDataStore extends OAuthDataStore
     {
         $n = new Nonce();
         $n->consumer_key = $consumer->key;
-        $n->tok = $token->key;
+        $n->ts = $timestamp;
         $n->nonce = $nonce;
         if ($n->find(true)) {
             return true;
         } else {
-            $n->ts = $timestamp;
             $n->created = DB_DataObject_Cast::dateTime();
             $n->insert();
             return false;