summaryrefslogtreecommitdiff
path: root/actions/oauthconnectionssettings.php
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-02-02 07:35:54 +0000
committerZach Copley <zach@status.net>2010-02-02 08:50:33 +0000
commit819127307896c3aee43f0f009f6ff636eb227b4c (patch)
tree0835a48f7bd59380c3b6441766b139c6e40566a2 /actions/oauthconnectionssettings.php
parentf0875ceea1bd6940bb30deab0f6a0f38a752a2c6 (diff)
Better token revocation
Diffstat (limited to 'actions/oauthconnectionssettings.php')
-rw-r--r--actions/oauthconnectionssettings.php24
1 files changed, 15 insertions, 9 deletions
diff --git a/actions/oauthconnectionssettings.php b/actions/oauthconnectionssettings.php
index c2e8d441b..b1467f0d0 100644
--- a/actions/oauthconnectionssettings.php
+++ b/actions/oauthconnectionssettings.php
@@ -33,6 +33,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
require_once INSTALLDIR . '/lib/connectsettingsaction.php';
require_once INSTALLDIR . '/lib/applicationlist.php';
+require_once INSTALLDIR . '/lib/apioauthstore.php';
/**
* Show connected OAuth applications
@@ -71,11 +72,6 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction
return _('Connected applications');
}
- function isReadOnly($args)
- {
- return true;
- }
-
/**
* Instructions for use
*
@@ -153,6 +149,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction
}
}
+ /**
+ * Revoke access to an authorized OAuth application
+ *
+ * @param int $appId the ID of the application
+ *
+ */
+
function revokeAccess($appId)
{
$cur = common_current_user();
@@ -164,6 +167,8 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction
return false;
}
+ // XXX: Transaction here?
+
$appUser = Oauth_application_user::getByKeys($cur, $app);
if (empty($appUser)) {
@@ -171,12 +176,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction
return false;
}
- $orig = clone($appUser);
- $appUser->access_type = 0; // No access
- $result = $appUser->update();
+ $datastore = new ApiStatusNetOAuthDataStore();
+ $datastore->revoke_token($appUser->token, 1);
+
+ $result = $appUser->delete();
if (!$result) {
- common_log_db_error($orig, 'UPDATE', __FILE__);
+ common_log_db_error($orig, 'DELETE', __FILE__);
$this->clientError(_('Unable to revoke access for app: ' . $app->id));
return false;
}