From 819127307896c3aee43f0f009f6ff636eb227b4c Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Tue, 2 Feb 2010 07:35:54 +0000
Subject: Better token revocation

---
 actions/apioauthauthorize.php | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

(limited to 'actions/apioauthauthorize.php')

diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php
index 15c3a9dad..05d925d26 100644
--- a/actions/apioauthauthorize.php
+++ b/actions/apioauthauthorize.php
@@ -99,24 +99,17 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
 
         } else {
 
-            // XXX: make better error messages
-
             if (empty($this->oauth_token)) {
-
-                common_debug("No request token found.");
-
-                $this->clientError(_('Bad request.'));
+                $this->clientError(_('No oauth_token parameter provided.'));
                 return;
             }
 
             if (empty($this->app)) {
-                common_debug('No app for that token.');
-                $this->clientError(_('Bad request.'));
+                $this->clientError(_('Invalid token.'));
                 return;
             }
 
             $name = $this->app->name;
-            common_debug("Requesting auth for app: " . $name);
 
             $this->showForm();
         }
@@ -124,8 +117,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
 
     function handlePost()
     {
-        common_debug("handlePost()");
-
         // check session token for CSRF protection.
 
         $token = $this->trimmed('token');
@@ -210,13 +201,9 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
 
             if (!empty($this->callback)) {
 
-                // XXX: Need better way to build this redirect url.
-
                 $target_url = $this->getCallback($this->callback,
                                                  array('oauth_token' => $this->oauth_token));
 
-                common_debug("Doing callback to $target_url");
-
                 common_redirect($target_url, 303);
             } else {
                 common_debug("callback was empty!");
@@ -236,9 +223,12 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
 
         } else if ($this->arg('deny')) {
 
+            $datastore = new ApiStatusNetOAuthDataStore();
+            $datastore->revoke_token($this->oauth_token, 0);
+
             $this->elementStart('p');
 
-            $this->raw(sprintf(_("The request token %s has been denied."),
+            $this->raw(sprintf(_("The request token %s has been denied and revoked."),
                                $this->oauth_token));
 
             $this->elementEnd('p');
-- 
cgit v1.2.3-54-g00ecf