diff options
author | Adrian Lang <mail@adrianlang.de> | 2009-03-07 13:04:36 +0100 |
---|---|---|
committer | Adrian Lang <mail@adrianlang.de> | 2009-03-11 10:32:12 +0100 |
commit | df7565ddcca1e75476f4ad9318e83751d79884ba (patch) | |
tree | 6cc88f8859b1406e6759b7b43289518cd6706c3d /actions | |
parent | 24713499a9686b6c2f1e765bb29d7e93e7256cd0 (diff) |
Remove second OAuth request validation.
Diffstat (limited to 'actions')
-rw-r--r-- | actions/userauthorization.php | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/actions/userauthorization.php b/actions/userauthorization.php index d0041ca5a..28243decc 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -56,7 +56,6 @@ class UserauthorizationAction extends Action if (!$req) { $this->clientError(_('No request found!')); } - # XXX: only validate new requests, since nonce is one-time use $this->validateRequest($req); $this->storeRequest($req); $this->showForm($req); @@ -307,14 +306,11 @@ class UserauthorizationAction extends Action } $user = common_current_user(); - $datastore = omb_oauth_datastore(); - $consumer = $this->getConsumer($datastore, $req); - $token = $this->getToken($datastore, $req, $consumer); $sub = new Subscription(); $sub->subscriber = $user->id; $sub->subscribed = $remote->id; - $sub->token = $token->key; # NOTE: request token, not valid for use! + $sub->token = $req->get_parameter('oauth_token'); # NOTE: request token, not valid for use! $sub->created = DB_DataObject_Cast::dateTime(); # current time if (!$sub->insert()) { @@ -388,7 +384,9 @@ class UserauthorizationAction extends Action function validateRequest(&$req) { - /* Find token. */ + /* Find token. + TODO: If no token is passed the user should get a prompt to enter it + according to OAuth Core 1.0 */ $t = new Token(); $t->tok = $req->get_parameter('oauth_token'); $t->type = 0; |