summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-01-13 11:31:15 +0000
committerZach Copley <zach@status.net>2010-01-14 02:41:09 +0000
commit6c8bf36fe15317dc418791947dc652f61f5645b9 (patch)
treed5dfd9e33b4fb309c8715deb45004964c9838190 /actions
parent7c34ac8cc2c3813f05deb8ac80e511648b441914 (diff)
Make sure applications are really looked up by consumer key
Diffstat (limited to 'actions')
-rw-r--r--actions/apioauthauthorize.php42
1 files changed, 3 insertions, 39 deletions
diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php
index cdf9cb7df..0966ba1d7 100644
--- a/actions/apioauthauthorize.php
+++ b/actions/apioauthauthorize.php
@@ -74,42 +74,11 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
$this->oauth_token = $this->arg('oauth_token');
$this->callback = $this->arg('oauth_callback');
$this->store = new ApiStatusNetOAuthDataStore();
+ $this->app = $this->store->getAppByRequestToken($this->oauth_token);
return true;
}
- function getApp()
- {
- // Look up the full req token
-
- $req_token = $this->store->lookup_token(null,
- 'request',
- $this->oauth_token);
-
- if (empty($req_token)) {
-
- common_debug("Couldn't find request token!");
-
- $this->clientError(_('Bad request.'));
- return;
- }
-
- // Look up the app
-
- $app = new Oauth_application();
- $app->consumer_key = $req_token->consumer_key;
- $result = $app->find(true);
-
- if (!empty($result)) {
- $this->app = $app;
- return true;
-
- } else {
- common_debug("couldn't find the app!");
- return false;
- }
- }
-
/**
* Handle input, produce output
*
@@ -140,7 +109,8 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
return;
}
- if (!$this->getApp()) {
+ if (empty($this->app)) {
+ common_debug('No app for that token.');
$this->clientError(_('Bad request.'));
return;
}
@@ -166,11 +136,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
return;
}
- if (!$this->getApp()) {
- $this->clientError(_('Bad request.'));
- return;
- }
-
// check creds
$user = null;
@@ -416,7 +381,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
function getInstructions()
{
return _('Allow or deny access to your account information.');
-
}
/**