summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-01-13 11:31:15 +0000
committerZach Copley <zach@status.net>2010-01-14 02:41:09 +0000
commit6c8bf36fe15317dc418791947dc652f61f5645b9 (patch)
treed5dfd9e33b4fb309c8715deb45004964c9838190
parent7c34ac8cc2c3813f05deb8ac80e511648b441914 (diff)
Make sure applications are really looked up by consumer key
-rw-r--r--actions/apioauthauthorize.php42
-rw-r--r--lib/apioauthstore.php40
2 files changed, 42 insertions, 40 deletions
diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php
index cdf9cb7df..0966ba1d7 100644
--- a/actions/apioauthauthorize.php
+++ b/actions/apioauthauthorize.php
@@ -74,42 +74,11 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
$this->oauth_token = $this->arg('oauth_token');
$this->callback = $this->arg('oauth_callback');
$this->store = new ApiStatusNetOAuthDataStore();
+ $this->app = $this->store->getAppByRequestToken($this->oauth_token);
return true;
}
- function getApp()
- {
- // Look up the full req token
-
- $req_token = $this->store->lookup_token(null,
- 'request',
- $this->oauth_token);
-
- if (empty($req_token)) {
-
- common_debug("Couldn't find request token!");
-
- $this->clientError(_('Bad request.'));
- return;
- }
-
- // Look up the app
-
- $app = new Oauth_application();
- $app->consumer_key = $req_token->consumer_key;
- $result = $app->find(true);
-
- if (!empty($result)) {
- $this->app = $app;
- return true;
-
- } else {
- common_debug("couldn't find the app!");
- return false;
- }
- }
-
/**
* Handle input, produce output
*
@@ -140,7 +109,8 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
return;
}
- if (!$this->getApp()) {
+ if (empty($this->app)) {
+ common_debug('No app for that token.');
$this->clientError(_('Bad request.'));
return;
}
@@ -166,11 +136,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
return;
}
- if (!$this->getApp()) {
- $this->clientError(_('Bad request.'));
- return;
- }
-
// check creds
$user = null;
@@ -416,7 +381,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
function getInstructions()
{
return _('Allow or deny access to your account information.');
-
}
/**
diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php
index c39ddbb0f..32110d057 100644
--- a/lib/apioauthstore.php
+++ b/lib/apioauthstore.php
@@ -36,6 +36,44 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
$con->consumer_secret);
}
+ function getAppByRequestToken($token_key)
+ {
+ // Look up the full req tokenx
+
+ $req_token = $this->lookup_token(null,
+ 'request',
+ $token_key);
+
+ if (empty($req_token)) {
+ common_debug("couldn't get request token from oauth datastore");
+ return null;
+ }
+
+ // Look up the full Token
+
+ $token = new Token();
+ $token->tok = $req_token->key;
+ $result = $token->find(true);
+
+ if (empty($result)) {
+ common_debug('Couldn\'t find req token in the token table.');
+ return null;
+ }
+
+ // Look up the app
+
+ $app = new Oauth_application();
+ $app->consumer_key = $token->consumer_key;
+ $result = $app->find(true);
+
+ if (!empty($result)) {
+ return $app;
+ } else {
+ common_debug("Couldn't find the app!");
+ return null;
+ }
+ }
+
function new_access_token($token, $consumer)
{
common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__);
@@ -64,7 +102,7 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
if (!empty($result)) {
common_debug("Oath app user found.");
} else {
- common_debug("Oauth app user not found.");
+ common_debug("Oauth app user not found. app id $app->id token $rt->tok");
return null;
}