summaryrefslogtreecommitdiff
path: root/actions/userauthorization.php
diff options
context:
space:
mode:
Diffstat (limited to 'actions/userauthorization.php')
-rw-r--r--actions/userauthorization.php117
1 files changed, 85 insertions, 32 deletions
diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index 76fde6d87..94d92ea77 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -30,39 +30,34 @@ class UserauthorizationAction extends Action {
# We've shown the form, now post user's choice
$this->send_authorization();
} else {
+ if (!common_logged_in()) {
+ # Go log in, and then come back
+ common_debug('userauthorization.php - saving URL for returnto');
+ common_set_returnto(common_local_url('userauthorization'),
+ $this->args);
+ common_debug('userauthorization.php - redirecting to login');
+ common_redirect(common_local_url('login'));
+ return;
+ }
try {
- common_debug('userauthorization.php - fetching request');
- # We get called after login if we have a stored request
- $req = $this->get_stored_request();
+ # this must be a new request
+ common_debug('userauthorization.php - getting new request');
+ $req = $this->get_new_request();
if (!$req) {
- # this must be a new request
- common_debug('userauthorization.php - getting new request');
- $req = $this->get_new_request();
- if (!$req) {
- common_server_error(_t('No request found!'));
- }
- common_debug('userauthorization.php - validating request');
- # XXX: only validate new requests, since nonce is one-time use
- $this->validate_request($req);
+ common_server_error(_t('No request found!'));
}
+ common_debug('userauthorization.php - validating request');
+ # XXX: only validate new requests, since nonce is one-time use
+ $this->validate_request($req);
+ common_debug('userauthorization.php - showing form');
+ $this->store_request($req);
+ $this->show_form($req);
} catch (OAuthException $e) {
$this->clear_request();
common_server_error($e->getMessage());
return;
}
- if (common_logged_in()) {
- common_debug('userauthorization.php - showing form');
- $this->show_form($req);
- } else {
- common_debug('userauthorization.php - storing request in session');
- # Go log in, and then come back
- $this->store_request($req);
- common_debug('userauthorization.php - saving URL for returnto');
- common_set_returnto(common_local_url('userauthorization'));
- common_debug('userauthorization.php - redirecting to login');
- common_redirect(common_local_url('login'));
- }
}
}
@@ -206,7 +201,8 @@ class UserauthorizationAction extends Action {
# FIXME: we should really do this when the consumer comes
# back for an access token. If they never do, we've got stuff in a
# weird state.
-
+
+ $nickname = $req->get_parameter('omb_listenee_nickname');
$fullname = $req->get_parameter('omb_listenee_fullname');
$profile_url = $req->get_parameter('omb_listenee_profile');
$homepage = $req->get_parameter('omb_listenee_homepage');
@@ -225,7 +221,7 @@ class UserauthorizationAction extends Action {
} else {
$exists = false;
$remote = new Remote_profile();
- $remote->uri = $omb['listener'];
+ $remote->uri = $listenee;
$profile = new Profile();
}
@@ -253,10 +249,6 @@ class UserauthorizationAction extends Action {
$remote->id = $id;
}
- if ($avatar_url) {
- $this->add_avatar($avatar_url);
- }
-
if ($exists) {
$remote->update($orig_remote);
} else {
@@ -264,6 +256,10 @@ class UserauthorizationAction extends Action {
$remote->insert();
}
+ if ($avatar_url) {
+ $this->add_avatar($profile->id, $avatar_url);
+ }
+
$user = common_current_user();
$datastore = omb_oauth_datastore();
$consumer = $this->get_consumer($datastore, $req);
@@ -280,6 +276,50 @@ class UserauthorizationAction extends Action {
return;
}
}
+
+ function add_avatar($profile, $url) {
+ $temp_filename = tempnam(sys_get_temp_dir(), 'ombavatar');
+ copy($url, $temp_filename);
+ $info = @getimagesize($temp_filename);
+ $filename = common_avatar_filename($profile, image_type_to_extension($info[2]), NULL, common_timestamp());
+ $filepath = common_avatar_path($filename);
+ copy($temp_filename, $filename);
+
+ $avatar = DB_DataObject::factory('avatar');
+
+ $avatar->profile_id = $profile->id;
+ $avatar->width = $info[0];
+ $avatar->height = $info[1];
+ $avatar->mediatype = image_type_to_mime_type($info[2]);
+ $avatar->filename = $filename;
+ $avatar->original = true;
+ $avatar->url = common_avatar_url($filename);
+ $avatar->created = DB_DataObject_Cast::dateTime(); # current time
+
+ foreach (array(AVATAR_STREAM_SIZE, AVATAR_MINI_SIZE) as $size) {
+ $scaled[] = $this->scale_avatar($user, $avatar, $size);
+ }
+
+ # XXX: start a transaction here
+
+ if (!$this->delete_old_avatars($user)) {
+ @unlink($filepath);
+ common_server_error(_t('Error deleting old avatars.'));
+ return;
+ }
+ if (!$avatar->insert()) {
+ @unlink($filepath);
+ common_server_error(_t('Error inserting avatar.'));
+ return;
+ }
+
+ foreach ($scaled as $s) {
+ if (!$s->insert()) {
+ common_server_error(_t('Error inserting scaled avatar.'));
+ return;
+ }
+ }
+ }
function show_accept_message($tok) {
common_show_header(_t('Subscription authorized'));
@@ -404,8 +444,21 @@ class UserauthorizationAction extends Action {
throw new OAuthException("Location too long '$location'");
}
$avatar = $req->get_parameter('omb_listenee_avatar');
- if ($avatar && (!common_valid_http_url($avatar) || strlen($avatar) > 255)) {
- throw new OAuthException("Invalid avatar '$avatar'");
+ if ($avatar) {
+ if (!common_valid_http_url($avatar) || strlen($avatar) > 255) {
+ throw new OAuthException("Invalid avatar URL '$avatar'");
+ }
+ $size = @getimagesize($avatar);
+ if (!$size) {
+ throw new OAuthException("Can't read avatar URL '$avatar'");
+ }
+ if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) {
+ throw new OAuthException("Wrong size image at '$avatar'");
+ }
+ if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG,
+ IMAGETYPE_PNG))) {
+ throw new OAuthException("Wrong image type for '$avatar'");
+ }
}
$callback = $req->get_parameter('oauth_callback');
if ($callback && !common_valid_http_url($callback)) {