summaryrefslogtreecommitdiff
path: root/actions/apioauthauthorize.php
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-10-21 17:11:59 -0700
committerZach Copley <zach@status.net>2010-10-21 17:11:59 -0700
commitce0d81c19010a7eb25a721ad8662d82327139561 (patch)
tree0efaa0f40610ead97b5d84ace3c5243ffb5b784f /actions/apioauthauthorize.php
parent94f7bfa50ae3a2f3443addc3825d99e584cb7d68 (diff)
OAuth - inform consumer when user refused to authorize a request token
http://status.net/open-source/issues/2848
Diffstat (limited to 'actions/apioauthauthorize.php')
-rw-r--r--actions/apioauthauthorize.php54
1 files changed, 42 insertions, 12 deletions
diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php
index a95c8268d..30fe77ec8 100644
--- a/actions/apioauthauthorize.php
+++ b/actions/apioauthauthorize.php
@@ -172,11 +172,11 @@ class ApiOauthAuthorizeAction extends Action
$user = common_current_user();
}
- if ($this->arg('allow')) {
+ // fetch the token
+ $this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam);
+ assert(!empty($this->reqToken));
- common_debug("allow");
- // fetch the token
- $this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam);
+ if ($this->arg('allow')) {
// mark the req token as authorized
try {
@@ -188,8 +188,10 @@ class ApiOauthAuthorizeAction extends Action
common_log(
LOG_INFO,
sprintf(
- "The request token '%s' for OAuth application %s (%s) has been authorized.",
- $this->oauthTokenParam,
+ "API OAuth - User %d (%s) has authorized request token %s for OAuth application %d (%s).",
+ $user->id,
+ $user->nickname,
+ $this->reqToken->tok,
$this->app->id,
$this->app->name
)
@@ -227,10 +229,7 @@ class ApiOauthAuthorizeAction extends Action
)
);
- common_log(
- LOG_INFO,
- "API OAuth - Request token authorized; doing callback to $targetUrl"
- );
+ common_log(LOG_INFO, "Redirecting to callback: $targetUrl");
// Redirect the user to the provided OAuth callback
common_redirect($targetUrl, 303);
@@ -254,13 +253,45 @@ class ApiOauthAuthorizeAction extends Action
} else if ($this->arg('cancel')) {
+ common_log(
+ LOG_INFO,
+ sprintf(
+ "API OAuth - User %d (%s) refused to authorize request token %s for OAuth application %d (%s).",
+ $user->id,
+ $user->nickname,
+ $this->reqToken->tok,
+ $this->app->id,
+ $this->app->name
+ )
+ );
+
try {
$this->store->revoke_token($this->oauthTokenParam, 0);
- $this->showCanceled();
} catch (Exception $e) {
$this->ServerError($e->getMessage());
}
+ $callback = $this->getCallback();
+
+ // If there's a callback available, inform the consumer the user
+ // has refused authorization
+ if (!empty($callback) && $this->reqToken->verified_callback != 'oob') {
+ $targetUrl = $this->buildCallbackUrl(
+ $callback,
+ array(
+ 'oauth_problem' => 'user_refused',
+ )
+ );
+
+ common_log(LOG_INFO, "Redirecting to callback: $targetUrl");
+
+ // Redirect the user to the provided OAuth callback
+ common_redirect($targetUrl, 303);
+ }
+
+ // otherwise inform the user that authorization for the rt was declined
+ $this->showCanceled();
+
} else {
// TRANS: Client error given on when invalid data was passed through a form in the OAuth API.
$this->clientError(_('Unexpected form submission.'));
@@ -291,7 +322,6 @@ class ApiOauthAuthorizeAction extends Action
$schema->ensureTable('oauth_token_association', $reqTokenCols);
}
-
/**
* Override to add some special (more compact) styling when the page is
* being displayed in desktop mode.