summaryrefslogtreecommitdiff
path: root/actions/apioauthauthorize.php
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-02-02 07:35:54 +0000
committerZach Copley <zach@status.net>2010-02-05 03:18:43 +0000
commitb31c79cee1565ca9bca5bcaffcbec04ddb312041 (patch)
tree299feb385e90947c8619694122f004e8aa454755 /actions/apioauthauthorize.php
parente495ac356c10a6abc0e10c81892830b5e198ef60 (diff)
Better token revocation
Diffstat (limited to 'actions/apioauthauthorize.php')
-rw-r--r--actions/apioauthauthorize.php22
1 files changed, 6 insertions, 16 deletions
diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php
index 15c3a9dad..05d925d26 100644
--- a/actions/apioauthauthorize.php
+++ b/actions/apioauthauthorize.php
@@ -99,24 +99,17 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
} else {
- // XXX: make better error messages
-
if (empty($this->oauth_token)) {
-
- common_debug("No request token found.");
-
- $this->clientError(_('Bad request.'));
+ $this->clientError(_('No oauth_token parameter provided.'));
return;
}
if (empty($this->app)) {
- common_debug('No app for that token.');
- $this->clientError(_('Bad request.'));
+ $this->clientError(_('Invalid token.'));
return;
}
$name = $this->app->name;
- common_debug("Requesting auth for app: " . $name);
$this->showForm();
}
@@ -124,8 +117,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
function handlePost()
{
- common_debug("handlePost()");
-
// check session token for CSRF protection.
$token = $this->trimmed('token');
@@ -210,13 +201,9 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
if (!empty($this->callback)) {
- // XXX: Need better way to build this redirect url.
-
$target_url = $this->getCallback($this->callback,
array('oauth_token' => $this->oauth_token));
- common_debug("Doing callback to $target_url");
-
common_redirect($target_url, 303);
} else {
common_debug("callback was empty!");
@@ -236,9 +223,12 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
} else if ($this->arg('deny')) {
+ $datastore = new ApiStatusNetOAuthDataStore();
+ $datastore->revoke_token($this->oauth_token, 0);
+
$this->elementStart('p');
- $this->raw(sprintf(_("The request token %s has been denied."),
+ $this->raw(sprintf(_("The request token %s has been denied and revoked."),
$this->oauth_token));
$this->elementEnd('p');