diff options
| author | Zach Copley <zach@status.net> | 2010-01-13 11:31:15 +0000 |
|---|---|---|
| committer | Zach Copley <zach@status.net> | 2010-01-24 16:36:05 -0800 |
| commit | c0eee277d1058c9c291b3c4474cc8a72cb8c6d0e (patch) | |
| tree | cbed89b9d1b76cfb4f7c74bd6ac4baf6f4a6fa6d /actions | |
| parent | e101a6df6ba1cbec4664bb81fc81655e5db18b0f (diff) | |
Make sure applications are really looked up by consumer key
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/apioauthauthorize.php | 42 |
1 files changed, 3 insertions, 39 deletions
diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index cdf9cb7df..0966ba1d7 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -74,42 +74,11 @@ class ApiOauthAuthorizeAction extends ApiOauthAction $this->oauth_token = $this->arg('oauth_token'); $this->callback = $this->arg('oauth_callback'); $this->store = new ApiStatusNetOAuthDataStore(); + $this->app = $this->store->getAppByRequestToken($this->oauth_token); return true; } - function getApp() - { - // Look up the full req token - - $req_token = $this->store->lookup_token(null, - 'request', - $this->oauth_token); - - if (empty($req_token)) { - - common_debug("Couldn't find request token!"); - - $this->clientError(_('Bad request.')); - return; - } - - // Look up the app - - $app = new Oauth_application(); - $app->consumer_key = $req_token->consumer_key; - $result = $app->find(true); - - if (!empty($result)) { - $this->app = $app; - return true; - - } else { - common_debug("couldn't find the app!"); - return false; - } - } - /** * Handle input, produce output * @@ -140,7 +109,8 @@ class ApiOauthAuthorizeAction extends ApiOauthAction return; } - if (!$this->getApp()) { + if (empty($this->app)) { + common_debug('No app for that token.'); $this->clientError(_('Bad request.')); return; } @@ -166,11 +136,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction return; } - if (!$this->getApp()) { - $this->clientError(_('Bad request.')); - return; - } - // check creds $user = null; @@ -416,7 +381,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function getInstructions() { return _('Allow or deny access to your account information.'); - } /** |