diff options
author | Zach Copley <zach@status.net> | 2010-01-13 11:31:15 +0000 |
---|---|---|
committer | Zach Copley <zach@status.net> | 2010-01-14 02:41:09 +0000 |
commit | 6c8bf36fe15317dc418791947dc652f61f5645b9 (patch) | |
tree | d5dfd9e33b4fb309c8715deb45004964c9838190 /actions | |
parent | 7c34ac8cc2c3813f05deb8ac80e511648b441914 (diff) |
Make sure applications are really looked up by consumer key
Diffstat (limited to 'actions')
-rw-r--r-- | actions/apioauthauthorize.php | 42 |
1 files changed, 3 insertions, 39 deletions
diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index cdf9cb7df..0966ba1d7 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -74,42 +74,11 @@ class ApiOauthAuthorizeAction extends ApiOauthAction $this->oauth_token = $this->arg('oauth_token'); $this->callback = $this->arg('oauth_callback'); $this->store = new ApiStatusNetOAuthDataStore(); + $this->app = $this->store->getAppByRequestToken($this->oauth_token); return true; } - function getApp() - { - // Look up the full req token - - $req_token = $this->store->lookup_token(null, - 'request', - $this->oauth_token); - - if (empty($req_token)) { - - common_debug("Couldn't find request token!"); - - $this->clientError(_('Bad request.')); - return; - } - - // Look up the app - - $app = new Oauth_application(); - $app->consumer_key = $req_token->consumer_key; - $result = $app->find(true); - - if (!empty($result)) { - $this->app = $app; - return true; - - } else { - common_debug("couldn't find the app!"); - return false; - } - } - /** * Handle input, produce output * @@ -140,7 +109,8 @@ class ApiOauthAuthorizeAction extends ApiOauthAction return; } - if (!$this->getApp()) { + if (empty($this->app)) { + common_debug('No app for that token.'); $this->clientError(_('Bad request.')); return; } @@ -166,11 +136,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction return; } - if (!$this->getApp()) { - $this->clientError(_('Bad request.')); - return; - } - // check creds $user = null; @@ -416,7 +381,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function getInstructions() { return _('Allow or deny access to your account information.'); - } /** |