summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-02-02 07:35:54 +0000
committerZach Copley <zach@status.net>2010-02-02 08:50:33 +0000
commit819127307896c3aee43f0f009f6ff636eb227b4c (patch)
tree0835a48f7bd59380c3b6441766b139c6e40566a2
parentf0875ceea1bd6940bb30deab0f6a0f38a752a2c6 (diff)
Better token revocation
-rw-r--r--actions/apioauthauthorize.php22
-rw-r--r--actions/oauthconnectionssettings.php24
-rw-r--r--db/statusnet.sql2
-rw-r--r--lib/apioauthstore.php27
4 files changed, 49 insertions, 26 deletions
diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php
index 15c3a9dad..05d925d26 100644
--- a/actions/apioauthauthorize.php
+++ b/actions/apioauthauthorize.php
@@ -99,24 +99,17 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
} else {
- // XXX: make better error messages
-
if (empty($this->oauth_token)) {
-
- common_debug("No request token found.");
-
- $this->clientError(_('Bad request.'));
+ $this->clientError(_('No oauth_token parameter provided.'));
return;
}
if (empty($this->app)) {
- common_debug('No app for that token.');
- $this->clientError(_('Bad request.'));
+ $this->clientError(_('Invalid token.'));
return;
}
$name = $this->app->name;
- common_debug("Requesting auth for app: " . $name);
$this->showForm();
}
@@ -124,8 +117,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
function handlePost()
{
- common_debug("handlePost()");
-
// check session token for CSRF protection.
$token = $this->trimmed('token');
@@ -210,13 +201,9 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
if (!empty($this->callback)) {
- // XXX: Need better way to build this redirect url.
-
$target_url = $this->getCallback($this->callback,
array('oauth_token' => $this->oauth_token));
- common_debug("Doing callback to $target_url");
-
common_redirect($target_url, 303);
} else {
common_debug("callback was empty!");
@@ -236,9 +223,12 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
} else if ($this->arg('deny')) {
+ $datastore = new ApiStatusNetOAuthDataStore();
+ $datastore->revoke_token($this->oauth_token, 0);
+
$this->elementStart('p');
- $this->raw(sprintf(_("The request token %s has been denied."),
+ $this->raw(sprintf(_("The request token %s has been denied and revoked."),
$this->oauth_token));
$this->elementEnd('p');
diff --git a/actions/oauthconnectionssettings.php b/actions/oauthconnectionssettings.php
index c2e8d441b..b1467f0d0 100644
--- a/actions/oauthconnectionssettings.php
+++ b/actions/oauthconnectionssettings.php
@@ -33,6 +33,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
require_once INSTALLDIR . '/lib/connectsettingsaction.php';
require_once INSTALLDIR . '/lib/applicationlist.php';
+require_once INSTALLDIR . '/lib/apioauthstore.php';
/**
* Show connected OAuth applications
@@ -71,11 +72,6 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction
return _('Connected applications');
}
- function isReadOnly($args)
- {
- return true;
- }
-
/**
* Instructions for use
*
@@ -153,6 +149,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction
}
}
+ /**
+ * Revoke access to an authorized OAuth application
+ *
+ * @param int $appId the ID of the application
+ *
+ */
+
function revokeAccess($appId)
{
$cur = common_current_user();
@@ -164,6 +167,8 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction
return false;
}
+ // XXX: Transaction here?
+
$appUser = Oauth_application_user::getByKeys($cur, $app);
if (empty($appUser)) {
@@ -171,12 +176,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction
return false;
}
- $orig = clone($appUser);
- $appUser->access_type = 0; // No access
- $result = $appUser->update();
+ $datastore = new ApiStatusNetOAuthDataStore();
+ $datastore->revoke_token($appUser->token, 1);
+
+ $result = $appUser->delete();
if (!$result) {
- common_log_db_error($orig, 'UPDATE', __FILE__);
+ common_log_db_error($orig, 'DELETE', __FILE__);
$this->clientError(_('Unable to revoke access for app: ' . $app->id));
return false;
}
diff --git a/db/statusnet.sql b/db/statusnet.sql
index 71a6e724c..8946f4d7e 100644
--- a/db/statusnet.sql
+++ b/db/statusnet.sql
@@ -230,7 +230,7 @@ create table oauth_application (
create table oauth_application_user (
profile_id integer not null comment 'user of the application' references profile (id),
application_id integer not null comment 'id of the application' references oauth_application (id),
- access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write, bit 3 = revoked',
+ access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write',
token varchar(255) comment 'request or access token',
created datetime not null comment 'date this record was created',
modified timestamp comment 'date this record was modified',
diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php
index 32110d057..1bb11cbca 100644
--- a/lib/apioauthstore.php
+++ b/lib/apioauthstore.php
@@ -159,5 +159,32 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
}
}
+ /**
+ * Revoke specified access token
+ *
+ * Revokes the token specified by $token_key.
+ * Throws exceptions in case of error.
+ *
+ * @param string $token_key the token to be revoked
+ * @param int $type type of token (0 = req, 1 = access)
+ *
+ * @access public
+ *
+ * @return void
+ */
+
+ public function revoke_token($token_key, $type = 0) {
+ $rt = new Token();
+ $rt->tok = $token_key;
+ $rt->type = $type;
+ $rt->state = 0;
+ if (!$rt->find(true)) {
+ throw new Exception('Tried to revoke unknown token');
+ }
+ if (!$rt->delete()) {
+ throw new Exception('Failed to delete revoked token');
+ }
+ }
+
}