summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@controlyourself.ca>2009-03-07 12:55:09 -0800
committerEvan Prodromou <evan@controlyourself.ca>2009-03-07 12:55:09 -0800
commit1179ecd13d68e76d74ad94e2d3ca22d9681eeffe (patch)
treee0517dbd0df004f531adfa6f411c2087b5bd0190
parent22742c3b72a02c29eef0e678abd839e378a783c4 (diff)
Fix nonce usage in OAuth store
The OAuth store was failing on getting a request token, because the token value was forced to be non-null in the DB. Let this value be null, and use the correct primary key (consumer, timestamp, nonce). Drop the reference to token table, and don't ever use it.
-rw-r--r--classes/Nonce.php9
-rwxr-xr-xclasses/laconica.ini4
-rw-r--r--db/laconica.sql5
-rw-r--r--lib/oauthstore.php3
4 files changed, 9 insertions, 12 deletions
diff --git a/classes/Nonce.php b/classes/Nonce.php
index 2c0edfa14..486a65a3c 100644
--- a/classes/Nonce.php
+++ b/classes/Nonce.php
@@ -4,22 +4,21 @@
*/
require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
-class Nonce extends Memcached_DataObject
+class Nonce extends Memcached_DataObject
{
###START_AUTOCODE
/* the code below is auto generated do not remove the above tag */
public $__table = 'nonce'; // table name
public $consumer_key; // varchar(255) primary_key not_null
- public $tok; // char(32) primary_key not_null
+ public $tok; // char(32)
public $nonce; // char(32) primary_key not_null
- public $ts; // datetime() not_null
+ public $ts; // datetime() primary_key not_null
public $created; // datetime() not_null
public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
/* Static get */
- function staticGet($k,$v=null)
- { return Memcached_DataObject::staticGet('Nonce',$k,$v); }
+ function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('Nonce',$k,$v); }
/* the code above is auto generated do not remove the tag below */
###END_AUTOCODE
diff --git a/classes/laconica.ini b/classes/laconica.ini
index 5fd2cd1f8..529454d99 100755
--- a/classes/laconica.ini
+++ b/classes/laconica.ini
@@ -145,7 +145,7 @@ id = N
[nonce]
consumer_key = 130
-tok = 130
+tok = 2
nonce = 130
ts = 142
created = 142
@@ -153,8 +153,8 @@ modified = 384
[nonce__keys]
consumer_key = K
-tok = K
nonce = K
+ts = K
[notice]
id = 129
diff --git a/db/laconica.sql b/db/laconica.sql
index c2cd887de..098fa4fd1 100644
--- a/db/laconica.sql
+++ b/db/laconica.sql
@@ -181,15 +181,14 @@ create table token (
create table nonce (
consumer_key varchar(255) not null comment 'unique identifier, root URL',
- tok char(32) not null comment 'identifying value',
+ tok char(32) null comment 'buggy old value, ignored',
nonce char(32) not null comment 'nonce',
ts datetime not null comment 'timestamp sent',
created datetime not null comment 'date this record was created',
modified timestamp comment 'date this record was modified',
- constraint primary key (consumer_key, tok, nonce),
- constraint foreign key (consumer_key, tok) references token (consumer_key, tok)
+ constraint primary key (consumer_key, ts, nonce)
) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin;
/* One-to-many relationship of user to openid_url */
diff --git a/lib/oauthstore.php b/lib/oauthstore.php
index 9af05ea2d..7d2e1f27b 100644
--- a/lib/oauthstore.php
+++ b/lib/oauthstore.php
@@ -58,12 +58,11 @@ class LaconicaOAuthDataStore extends OAuthDataStore
{
$n = new Nonce();
$n->consumer_key = $consumer->key;
- $n->tok = $token->key;
+ $n->ts = $timestamp;
$n->nonce = $nonce;
if ($n->find(true)) {
return true;
} else {
- $n->ts = $timestamp;
$n->created = DB_DataObject_Cast::dateTime();
$n->insert();
return false;