diff options
| author | Zach Copley <zach@status.net> | 2010-10-19 20:54:53 -0700 |
|---|---|---|
| committer | Zach Copley <zach@status.net> | 2010-10-19 20:54:53 -0700 |
| commit | e8b6d7c946da5fb2ce5397bccfd332de8ca1f9dd (patch) | |
| tree | 3deb74da4e590c4f5756caed1fa1299a2b1bd2f0 /lib/apioauthstore.php | |
| parent | d48f4a81d6af7a9a326ffc2e87d7de568ab48fbe (diff) | |
Add support for an anonymous OAuth consumer. Note: this requires a
small DB tweak. Oauth_application_user needs to have the primary
compound key: (profile_id, application_id, token).
http://status.net/open-source/issues/2761
This should also make it possible to have multiple access tokens
per application.
http://status.net/open-source/issues/2788
Diffstat (limited to 'lib/apioauthstore.php')
| -rw-r--r-- | lib/apioauthstore.php | 53 |
1 files changed, 40 insertions, 13 deletions
diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php index 6e0039bdd..e30eea129 100644 --- a/lib/apioauthstore.php +++ b/lib/apioauthstore.php @@ -23,16 +23,43 @@ require_once INSTALLDIR . '/lib/oauthstore.php'; class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore { - function lookup_consumer($consumer_key) + function lookup_consumer($consumerKey) { - $con = Consumer::staticGet('consumer_key', $consumer_key); + $con = Consumer::staticGet('consumer_key', $consumerKey); if (!$con) { - return null; + + // Create an anon consumer and anon application if one + // doesn't exist already + if ($consumerKey == 'anonymous') { + $con = new Consumer(); + $con->consumer_key = $consumerKey; + $con->consumer_secret = $consumerKey; + $result = $con->insert(); + if (!$result) { + $this->serverError(_("Could not create anonymous consumer.")); + } + $app = new OAuth_application(); + $app->consumer_key = $con->consumer_key; + $app->name = 'anonymous'; + + // XXX: allow the user to set the access type when + // authorizing? Currently we default to r+w for anonymous + // OAuth client applications + $app->access_type = 3; // read + write + $id = $app->insert(); + if (!$id) { + $this->serverError(_("Could not create anonymous OAuth application.")); + } + } else { + return null; + } } - return new OAuthConsumer($con->consumer_key, - $con->consumer_secret); + return new OAuthConsumer( + $con->consumer_key, + $con->consumer_secret + ); } function getAppByRequestToken($token_key) @@ -94,7 +121,7 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore if ($rt->find(true) && $rt->state == 1 && $rt->verifier == $verifier) { // authorized - common_debug('request token found.', __FILE__); + common_debug('request token found.'); // find the associated user of the app @@ -140,6 +167,7 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore // update the token from req to access for the user $orig = clone($appUser); + $appUser->token = $at->tok; // It's at this point that we change the access type @@ -150,11 +178,10 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore $appUser->access_type = $app->access_type; - $result = $appUser->update($orig); + $result = $appUser->updateKeys($orig); - if (empty($result)) { - common_debug('couldn\'t update OAuth app user.'); - return null; + if (!$result) { + throw new Exception('Couldn\'t update OAuth app user.'); } // Okay, good @@ -179,9 +206,9 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore * @return void */ public function revoke_token($token_key, $type = 0) { - $rt = new Token(); - $rt->tok = $token_key; - $rt->type = $type; + $rt = new Token(); + $rt->tok = $token_key; + $rt->type = $type; $rt->state = 0; if (!$rt->find(true)) { |