From 1179ecd13d68e76d74ad94e2d3ca22d9681eeffe Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 7 Mar 2009 12:55:09 -0800 Subject: Fix nonce usage in OAuth store The OAuth store was failing on getting a request token, because the token value was forced to be non-null in the DB. Let this value be null, and use the correct primary key (consumer, timestamp, nonce). Drop the reference to token table, and don't ever use it. --- lib/oauthstore.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/oauthstore.php') diff --git a/lib/oauthstore.php b/lib/oauthstore.php index 9af05ea2d..7d2e1f27b 100644 --- a/lib/oauthstore.php +++ b/lib/oauthstore.php @@ -58,12 +58,11 @@ class LaconicaOAuthDataStore extends OAuthDataStore { $n = new Nonce(); $n->consumer_key = $consumer->key; - $n->tok = $token->key; + $n->ts = $timestamp; $n->nonce = $nonce; if ($n->find(true)) { return true; } else { - $n->ts = $timestamp; $n->created = DB_DataObject_Cast::dateTime(); $n->insert(); return false; -- cgit v1.2.3-54-g00ecf From 2400589c2fc9355679b5da318286ecf96e386133 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 7 Mar 2009 13:00:13 -0800 Subject: helpful documentation for oauthstore nonce stuff --- lib/oauthstore.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/oauthstore.php') diff --git a/lib/oauthstore.php b/lib/oauthstore.php index 7d2e1f27b..183164e17 100644 --- a/lib/oauthstore.php +++ b/lib/oauthstore.php @@ -54,6 +54,12 @@ class LaconicaOAuthDataStore extends OAuthDataStore } } + // http://oauth.net/core/1.0/#nonce + // "The Consumer SHALL then generate a Nonce value that is unique for + // all requests with that timestamp." + + // XXX: It's not clear why the token is here + function lookup_nonce($consumer, $token, $nonce, $timestamp) { $n = new Nonce(); -- cgit v1.2.3-54-g00ecf