summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-10-07 18:32:27 -0700
committerZach Copley <zach@status.net>2010-10-07 18:32:27 -0700
commit459727bd610df5e579311a1627ee9b0e93ac44b0 (patch)
tree828858719c08ca9a7d6a26d85fd70eea0453f9e7
parentf8808b076108bbc80e2e23e795c34bcdf817a183 (diff)
Update ApiOauthAccessTokenAction to OAuth 1.0a
-rw-r--r--actions/apioauthaccesstoken.php56
-rw-r--r--lib/apioauthstore.php34
2 files changed, 65 insertions, 25 deletions
diff --git a/actions/apioauthaccesstoken.php b/actions/apioauthaccesstoken.php
index 887df4c20..b8b188b1d 100644
--- a/actions/apioauthaccesstoken.php
+++ b/actions/apioauthaccesstoken.php
@@ -2,7 +2,8 @@
/**
* StatusNet, the distributed open-source microblogging tool
*
- * Exchange an authorized OAuth request token for an access token
+ * Action for getting OAuth token credentials (exchange an authorized
+ * request token for an access token)
*
* PHP version 5
*
@@ -34,7 +35,8 @@ if (!defined('STATUSNET')) {
require_once INSTALLDIR . '/lib/apioauth.php';
/**
- * Exchange an authorized OAuth request token for an access token
+ * Action for getting OAuth token credentials (exchange an authorized
+ * request token for an access token)
*
* @category API
* @package StatusNet
@@ -45,6 +47,8 @@ require_once INSTALLDIR . '/lib/apioauth.php';
class ApiOauthAccessTokenAction extends ApiOauthAction
{
+ protected $reqToken = null;
+ protected $verifier = null;
/**
* Class handler.
@@ -65,30 +69,58 @@ class ApiOauthAccessTokenAction extends ApiOauthAction
$atok = null;
+ // XXX: Insist that oauth_token and oauth_verifier be populated?
+ // Spec doesn't say they MUST be.
+
try {
+
$req = OAuthRequest::from_request();
+
+ $this->reqToken = $req->get_parameter('oauth_token');
+ $this->verifier = $req->get_parameter('oauth_verifier');
+
$atok = $server->fetch_access_token($req);
} catch (OAuthException $e) {
common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage());
common_debug(var_export($req, true));
- $this->outputError($e->getMessage());
- return;
+ $code = $e->getCode();
+ $this->clientError($e->getMessage(), empty($code) ? 401 : $code, 'text');
}
if (empty($atok)) {
- common_debug('couldn\'t get access token.');
- print "Token exchange failed. Has the request token been authorized?\n";
+
+ // Token exchange failed -- log it
+
+ list($proxy, $ip) = common_client_ip();
+
+ $msg = sprintf(
+ 'API OAuth - Failure exchanging request token for access token, '
+ . 'request token = %s, verifier = %s, IP = %s, proxy = %s',
+ $this->reqToken,
+ $this->verifier,
+ $ip,
+ $proxy
+ );
+
+ common_log(LOG_WARNING, $msg);
+
+ print "Invalid request token or verifier.";
+
} else {
- print $atok;
+ $this->showAccessToken($atok);
}
}
- function outputError($msg)
+ /*
+ * Display OAuth token credentials
+ *
+ * @param OAuthToken token the access token
+ */
+
+ function showAccessToken($token)
{
- header('HTTP/1.1 401 Unauthorized');
- header('Content-Type: text/html; charset=utf-8');
- print $msg . "\n";
+ header('Content-Type: application/x-www-form-urlencoded');
+ print $token;
}
}
-
diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php
index 7a4fe8db5..4b52ba1ba 100644
--- a/lib/apioauthstore.php
+++ b/lib/apioauthstore.php
@@ -71,29 +71,33 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
}
}
- function new_access_token($token, $consumer)
+ function new_access_token($token, $consumer, $verifier)
{
- common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__);
+ common_debug(
+ 'new_access_token("' . $token->key . '","' . $consumer->key. '","' . $verifier . '")',
+ __FILE__
+ );
$rt = new Token();
+
$rt->consumer_key = $consumer->key;
- $rt->tok = $token->key;
- $rt->type = 0; // request
+ $rt->tok = $token->key;
+ $rt->type = 0; // request
$app = Oauth_application::getByConsumerKey($consumer->key);
+ assert(!empty($app));
- if (empty($app)) {
- common_debug("empty app!");
- }
+ if ($rt->find(true) && $rt->state == 1 && $rt->verifier == $verifier) { // authorized
- if ($rt->find(true) && $rt->state == 1) { // authorized
common_debug('request token found.', __FILE__);
// find the associated user of the app
$appUser = new Oauth_application_user();
+
$appUser->application_id = $app->id;
- $appUser->token = $rt->tok;
+ $appUser->token = $rt->tok;
+
$result = $appUser->find(true);
if (!empty($result)) {
@@ -106,10 +110,12 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
// go ahead and make the access token
$at = new Token();
- $at->consumer_key = $consumer->key;
- $at->tok = common_good_rand(16);
- $at->secret = common_good_rand(16);
- $at->type = 1; // access
+ $at->consumer_key = $consumer->key;
+ $at->tok = common_good_rand(16);
+ $at->secret = common_good_rand(16);
+ $at->type = 1; // access
+ $at->verifier = $verifier;
+ $at->verified_callback = $rt->verified_callback; // 1.0a
$at->created = DB_DataObject_Cast::dateTime();
if (!$at->insert()) {
@@ -217,4 +223,6 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
return new OAuthToken($t->tok, $t->secret);
}
}
+
+
}