From 420ae06faf033b799c677845045b50b259801dbd Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 28 Jan 2010 00:39:40 +0000 Subject: These API methods should return true for ->isReadOnly($args)! --- actions/apiaccountratelimitstatus.php | 17 ++++++++++++++++- actions/apifriendshipsexists.php | 15 +++++++++++++++ actions/apifriendshipsshow.php | 16 +++++++++++++++- actions/apigroupismember.php | 15 +++++++++++++++ actions/apigroupshow.php | 15 +++++++++++++++ actions/apihelptest.php | 15 +++++++++++++++ actions/apistatusnetconfig.php | 15 +++++++++++++++ actions/apistatusnetversion.php | 15 +++++++++++++++ actions/apiusershow.php | 15 +++++++++++++++ 9 files changed, 136 insertions(+), 2 deletions(-) (limited to 'actions') diff --git a/actions/apiaccountratelimitstatus.php b/actions/apiaccountratelimitstatus.php index 1a5afd552..f19e315bf 100644 --- a/actions/apiaccountratelimitstatus.php +++ b/actions/apiaccountratelimitstatus.php @@ -105,7 +105,22 @@ class ApiAccountRateLimitStatusAction extends ApiBareAuthAction print json_encode($out); } - $this->endDocument($this->format); + $this->endDocument($this->format); + } + + /** + * Return true if read only. + * + * MAY override + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; } } diff --git a/actions/apifriendshipsexists.php b/actions/apifriendshipsexists.php index c040b9f6a..ca62b5f51 100644 --- a/actions/apifriendshipsexists.php +++ b/actions/apifriendshipsexists.php @@ -116,4 +116,19 @@ class ApiFriendshipsExistsAction extends ApiPrivateAuthAction } } + /** + * Return true if read only. + * + * MAY override + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; + } + } diff --git a/actions/apifriendshipsshow.php b/actions/apifriendshipsshow.php index 73ecc9249..f29e63713 100644 --- a/actions/apifriendshipsshow.php +++ b/actions/apifriendshipsshow.php @@ -87,7 +87,6 @@ class ApiFriendshipsShowAction extends ApiBareAuthAction return true; } - /** * Determines whether this API resource requires auth. Overloaded to look * return true in case source_id and source_screen_name are both empty @@ -165,4 +164,19 @@ class ApiFriendshipsShowAction extends ApiBareAuthAction } + /** + * Return true if read only. + * + * MAY override + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; + } + } diff --git a/actions/apigroupismember.php b/actions/apigroupismember.php index 69ead0b53..97f843561 100644 --- a/actions/apigroupismember.php +++ b/actions/apigroupismember.php @@ -119,4 +119,19 @@ class ApiGroupIsMemberAction extends ApiBareAuthAction } } + /** + * Return true if read only. + * + * MAY override + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; + } + } diff --git a/actions/apigroupshow.php b/actions/apigroupshow.php index 7aa49b1bf..95d6f95af 100644 --- a/actions/apigroupshow.php +++ b/actions/apigroupshow.php @@ -149,4 +149,19 @@ class ApiGroupShowAction extends ApiPrivateAuthAction return null; } + /** + * Return true if read only. + * + * MAY override + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; + } + } diff --git a/actions/apihelptest.php b/actions/apihelptest.php index 7b4017531..d0e9e4926 100644 --- a/actions/apihelptest.php +++ b/actions/apihelptest.php @@ -92,5 +92,20 @@ class ApiHelpTestAction extends ApiPrivateAuthAction } } + /** + * Return true if read only. + * + * MAY override + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; + } + } diff --git a/actions/apistatusnetconfig.php b/actions/apistatusnetconfig.php index ab96f2e5f..dc1ab8685 100644 --- a/actions/apistatusnetconfig.php +++ b/actions/apistatusnetconfig.php @@ -138,5 +138,20 @@ class ApiStatusnetConfigAction extends ApiAction } } + /** + * Return true if read only. + * + * MAY override + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; + } + } diff --git a/actions/apistatusnetversion.php b/actions/apistatusnetversion.php index 5109cd806..d09480759 100644 --- a/actions/apistatusnetversion.php +++ b/actions/apistatusnetversion.php @@ -98,5 +98,20 @@ class ApiStatusnetVersionAction extends ApiPrivateAuthAction } } + /** + * Return true if read only. + * + * MAY override + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; + } + } diff --git a/actions/apiusershow.php b/actions/apiusershow.php index a7fe0dcc1..6c8fad49b 100644 --- a/actions/apiusershow.php +++ b/actions/apiusershow.php @@ -123,4 +123,19 @@ class ApiUserShowAction extends ApiPrivateAuthAction } + /** + * Return true if read only. + * + * MAY override + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; + } + } -- cgit v1.2.3-54-g00ecf From 5182cc686dacfcf64130b591a3b7ded8d4a0c9dc Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 28 Jan 2010 01:39:18 +0000 Subject: Numbered format specifiers --- actions/apioauthauthorize.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'actions') diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index fa074c4e7..15c3a9dad 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -303,8 +303,9 @@ class ApiOauthAuthorizeAction extends ApiOauthAction $access = ($this->app->access_type & Oauth_application::$writeAccess) ? 'access and update' : 'access'; - $msg = _("The application %s by %s would like " . - "the ability to %s your account data."); + $msg = _('The application %1$s by ' . + '%2$s would like the ability ' . + 'to %3$s your account data.'); $this->raw(sprintf($msg, $this->app->name, -- cgit v1.2.3-54-g00ecf From 5b1245a32a04de602196d2216b9d25ac32e0fd3b Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Thu, 28 Jan 2010 15:06:03 +0100 Subject: Removed avatar from repeat of username (matches noticelist) --- actions/showstream.php | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'actions') diff --git a/actions/showstream.php b/actions/showstream.php index 90ff67073..c52919386 100644 --- a/actions/showstream.php +++ b/actions/showstream.php @@ -291,23 +291,6 @@ class ProfileNoticeListItem extends NoticeListItem $this->out->elementStart('span', 'repeat'); - $this->out->elementStart('a', $attrs); - - $avatar = $this->profile->getAvatar(AVATAR_MINI_SIZE); - - $this->out->element('img', array('src' => ($avatar) ? - $avatar->displayUrl() : - Avatar::defaultImage(AVATAR_MINI_SIZE), - 'class' => 'avatar photo', - 'width' => AVATAR_MINI_SIZE, - 'height' => AVATAR_MINI_SIZE, - 'alt' => - ($this->profile->fullname) ? - $this->profile->fullname : - $this->profile->nickname)); - - $this->out->elementEnd('a'); - $text_link = XMLStringer::estring('a', $attrs, $this->profile->nickname); $this->out->raw(sprintf(_('Repeat of %s'), $text_link)); -- cgit v1.2.3-54-g00ecf From 440ee00b1ed9c1b0b552c14b72c962a79e1a402e Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 28 Jan 2010 22:04:14 -0800 Subject: Move sessions settings to its own panel --- actions/sessionsadminpanel.php | 201 +++++++++++++++++++++++++++++++++++++++++ actions/useradminpanel.php | 20 ---- lib/adminpanelaction.php | 11 ++- lib/default.php | 2 +- lib/router.php | 3 +- 5 files changed, 212 insertions(+), 25 deletions(-) create mode 100644 actions/sessionsadminpanel.php (limited to 'actions') diff --git a/actions/sessionsadminpanel.php b/actions/sessionsadminpanel.php new file mode 100644 index 000000000..4386ef844 --- /dev/null +++ b/actions/sessionsadminpanel.php @@ -0,0 +1,201 @@ +. + * + * @category Settings + * @package StatusNet + * @author Zach Copley + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Admin site sessions + * + * @category Admin + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class SessionsadminpanelAction extends AdminPanelAction +{ + /** + * Returns the page title + * + * @return string page title + */ + + function title() + { + return _('Sessions'); + } + + /** + * Instructions for using this form. + * + * @return string instructions + */ + + function getInstructions() + { + return _('Session settings for this StatusNet site.'); + } + + /** + * Show the site admin panel form + * + * @return void + */ + + function showForm() + { + $form = new SessionsAdminPanelForm($this); + $form->show(); + return; + } + + /** + * Save settings from the form + * + * @return void + */ + + function saveSettings() + { + static $booleans = array('sessions' => array('handle', 'debug')); + + $values = array(); + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] = ($this->boolean($setting)) ? 1 : 0; + } + } + + // This throws an exception on validation errors + + $this->validate($values); + + // assert(all values are valid); + + $config = new Config(); + + $config->query('BEGIN'); + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + $config->query('COMMIT'); + + return; + } + + function validate(&$values) + { + // stub + } +} + +class SessionsAdminPanelForm extends AdminForm +{ + /** + * ID of the form + * + * @return int ID of the form + */ + + function id() + { + return 'sessionsadminpanel'; + } + + /** + * class of the form + * + * @return string class of the form + */ + + function formClass() + { + return 'form_settings'; + } + + /** + * Action of the form + * + * @return string URL of the action + */ + + function action() + { + return common_local_url('sessionsadminpanel'); + } + + /** + * Data elements of the form + * + * @return void + */ + + function formData() + { + $this->out->elementStart('fieldset', array('id' => 'settings_user_sessions')); + $this->out->element('legend', null, _('Sessions')); + + $this->out->elementStart('ul', 'form_data'); + + $this->li(); + $this->out->checkbox('handle', _('Handle sessions'), + (bool) $this->value('handle', 'sessions'), + _('Whether to handle sessions ourselves.')); + $this->unli(); + + $this->li(); + $this->out->checkbox('debug', _('Session debugging'), + (bool) $this->value('debug', 'sessions'), + _('Turn on debugging output for sessions.')); + $this->unli(); + + $this->out->elementEnd('ul'); + + $this->out->elementEnd('fieldset'); + } + + /** + * Action elements + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', _('Save'), 'submit', null, _('Save site settings')); + } +} diff --git a/actions/useradminpanel.php b/actions/useradminpanel.php index 5de2db5ff..6813222f5 100644 --- a/actions/useradminpanel.php +++ b/actions/useradminpanel.php @@ -96,7 +96,6 @@ class UseradminpanelAction extends AdminPanelAction ); static $booleans = array( - 'sessions' => array('handle', 'debug'), 'invite' => array('enabled') ); @@ -261,26 +260,7 @@ class UserAdminPanelForm extends AdminForm $this->out->elementEnd('ul'); $this->out->elementEnd('fieldset'); - $this->out->elementStart('fieldset', array('id' => 'settings_user_sessions')); - $this->out->element('legend', null, _('Sessions')); - $this->out->elementStart('ul', 'form_data'); - - $this->li(); - $this->out->checkbox('sessions-handle', _('Handle sessions'), - (bool) $this->value('handle', 'sessions'), - _('Whether to handle sessions ourselves.')); - $this->unli(); - - $this->li(); - $this->out->checkbox('sessions-debug', _('Session debugging'), - (bool) $this->value('debug', 'sessions'), - _('Turn on debugging output for sessions.')); - $this->unli(); - - $this->out->elementEnd('ul'); - - $this->out->elementEnd('fieldset'); } diff --git a/lib/adminpanelaction.php b/lib/adminpanelaction.php index f62bfa458..f05627b31 100644 --- a/lib/adminpanelaction.php +++ b/lib/adminpanelaction.php @@ -327,9 +327,14 @@ class AdminPanelNav extends Widget _('Access configuration'), $action_name == 'accessadminpanel', 'nav_design_admin_panel'); } - if ($this->canAdmin('paths')) { - $this->out->menuItem(common_local_url('pathsadminpanel'), _('Paths'), - _('Paths configuration'), $action_name == 'pathsadminpanel', 'nav_design_admin_panel'); + if ($this->canAdmin('paths')) { + $this->out->menuItem(common_local_url('pathsadminpanel'), _('Paths'), + _('Paths configuration'), $action_name == 'pathsadminpanel', 'nav_design_admin_panel'); + } + + if ($this->canAdmin('sessions')) { + $this->out->menuItem(common_local_url('sessionsadminpanel'), _('Sessions'), + _('Sessions configuration'), $action_name == 'sessionsadminpanel', 'nav_design_admin_panel'); } Event::handle('EndAdminPanelNav', array($this)); diff --git a/lib/default.php b/lib/default.php index c01508695..1337a9633 100644 --- a/lib/default.php +++ b/lib/default.php @@ -266,7 +266,7 @@ $default = 'OpenID' => null), ), 'admin' => - array('panels' => array('design', 'site', 'user', 'paths', 'access')), + array('panels' => array('design', 'site', 'user', 'paths', 'access', 'sessions')), 'singleuser' => array('enabled' => false, 'nickname' => null), diff --git a/lib/router.php b/lib/router.php index 03765b39d..be9cfac0c 100644 --- a/lib/router.php +++ b/lib/router.php @@ -637,8 +637,9 @@ class Router $m->connect('admin/site', array('action' => 'siteadminpanel')); $m->connect('admin/design', array('action' => 'designadminpanel')); $m->connect('admin/user', array('action' => 'useradminpanel')); - $m->connect('admin/access', array('action' => 'accessadminpanel')); + $m->connect('admin/access', array('action' => 'accessadminpanel')); $m->connect('admin/paths', array('action' => 'pathsadminpanel')); + $m->connect('admin/sessions', array('action' => 'sessionsadminpanel')); $m->connect('getfile/:filename', array('action' => 'getfile'), -- cgit v1.2.3-54-g00ecf From 58685117169ba81fcd62474d21b0387635873136 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 28 Jan 2010 22:04:14 -0800 Subject: Move sessions settings to its own panel --- actions/sessionsadminpanel.php | 201 +++++++++++++++++++++++++++++++++++++++++ actions/useradminpanel.php | 20 ---- lib/adminpanelaction.php | 11 ++- lib/default.php | 2 +- lib/router.php | 3 +- 5 files changed, 212 insertions(+), 25 deletions(-) create mode 100644 actions/sessionsadminpanel.php (limited to 'actions') diff --git a/actions/sessionsadminpanel.php b/actions/sessionsadminpanel.php new file mode 100644 index 000000000..4386ef844 --- /dev/null +++ b/actions/sessionsadminpanel.php @@ -0,0 +1,201 @@ +. + * + * @category Settings + * @package StatusNet + * @author Zach Copley + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Admin site sessions + * + * @category Admin + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class SessionsadminpanelAction extends AdminPanelAction +{ + /** + * Returns the page title + * + * @return string page title + */ + + function title() + { + return _('Sessions'); + } + + /** + * Instructions for using this form. + * + * @return string instructions + */ + + function getInstructions() + { + return _('Session settings for this StatusNet site.'); + } + + /** + * Show the site admin panel form + * + * @return void + */ + + function showForm() + { + $form = new SessionsAdminPanelForm($this); + $form->show(); + return; + } + + /** + * Save settings from the form + * + * @return void + */ + + function saveSettings() + { + static $booleans = array('sessions' => array('handle', 'debug')); + + $values = array(); + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] = ($this->boolean($setting)) ? 1 : 0; + } + } + + // This throws an exception on validation errors + + $this->validate($values); + + // assert(all values are valid); + + $config = new Config(); + + $config->query('BEGIN'); + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + $config->query('COMMIT'); + + return; + } + + function validate(&$values) + { + // stub + } +} + +class SessionsAdminPanelForm extends AdminForm +{ + /** + * ID of the form + * + * @return int ID of the form + */ + + function id() + { + return 'sessionsadminpanel'; + } + + /** + * class of the form + * + * @return string class of the form + */ + + function formClass() + { + return 'form_settings'; + } + + /** + * Action of the form + * + * @return string URL of the action + */ + + function action() + { + return common_local_url('sessionsadminpanel'); + } + + /** + * Data elements of the form + * + * @return void + */ + + function formData() + { + $this->out->elementStart('fieldset', array('id' => 'settings_user_sessions')); + $this->out->element('legend', null, _('Sessions')); + + $this->out->elementStart('ul', 'form_data'); + + $this->li(); + $this->out->checkbox('handle', _('Handle sessions'), + (bool) $this->value('handle', 'sessions'), + _('Whether to handle sessions ourselves.')); + $this->unli(); + + $this->li(); + $this->out->checkbox('debug', _('Session debugging'), + (bool) $this->value('debug', 'sessions'), + _('Turn on debugging output for sessions.')); + $this->unli(); + + $this->out->elementEnd('ul'); + + $this->out->elementEnd('fieldset'); + } + + /** + * Action elements + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', _('Save'), 'submit', null, _('Save site settings')); + } +} diff --git a/actions/useradminpanel.php b/actions/useradminpanel.php index 5de2db5ff..6813222f5 100644 --- a/actions/useradminpanel.php +++ b/actions/useradminpanel.php @@ -96,7 +96,6 @@ class UseradminpanelAction extends AdminPanelAction ); static $booleans = array( - 'sessions' => array('handle', 'debug'), 'invite' => array('enabled') ); @@ -261,26 +260,7 @@ class UserAdminPanelForm extends AdminForm $this->out->elementEnd('ul'); $this->out->elementEnd('fieldset'); - $this->out->elementStart('fieldset', array('id' => 'settings_user_sessions')); - $this->out->element('legend', null, _('Sessions')); - $this->out->elementStart('ul', 'form_data'); - - $this->li(); - $this->out->checkbox('sessions-handle', _('Handle sessions'), - (bool) $this->value('handle', 'sessions'), - _('Whether to handle sessions ourselves.')); - $this->unli(); - - $this->li(); - $this->out->checkbox('sessions-debug', _('Session debugging'), - (bool) $this->value('debug', 'sessions'), - _('Turn on debugging output for sessions.')); - $this->unli(); - - $this->out->elementEnd('ul'); - - $this->out->elementEnd('fieldset'); } diff --git a/lib/adminpanelaction.php b/lib/adminpanelaction.php index f62bfa458..f05627b31 100644 --- a/lib/adminpanelaction.php +++ b/lib/adminpanelaction.php @@ -327,9 +327,14 @@ class AdminPanelNav extends Widget _('Access configuration'), $action_name == 'accessadminpanel', 'nav_design_admin_panel'); } - if ($this->canAdmin('paths')) { - $this->out->menuItem(common_local_url('pathsadminpanel'), _('Paths'), - _('Paths configuration'), $action_name == 'pathsadminpanel', 'nav_design_admin_panel'); + if ($this->canAdmin('paths')) { + $this->out->menuItem(common_local_url('pathsadminpanel'), _('Paths'), + _('Paths configuration'), $action_name == 'pathsadminpanel', 'nav_design_admin_panel'); + } + + if ($this->canAdmin('sessions')) { + $this->out->menuItem(common_local_url('sessionsadminpanel'), _('Sessions'), + _('Sessions configuration'), $action_name == 'sessionsadminpanel', 'nav_design_admin_panel'); } Event::handle('EndAdminPanelNav', array($this)); diff --git a/lib/default.php b/lib/default.php index a6b9919b2..64fb7a786 100644 --- a/lib/default.php +++ b/lib/default.php @@ -265,7 +265,7 @@ $default = 'OpenID' => null), ), 'admin' => - array('panels' => array('design', 'site', 'user', 'paths', 'access')), + array('panels' => array('design', 'site', 'user', 'paths', 'access', 'sessions')), 'singleuser' => array('enabled' => false, 'nickname' => null), diff --git a/lib/router.php b/lib/router.php index 03765b39d..be9cfac0c 100644 --- a/lib/router.php +++ b/lib/router.php @@ -637,8 +637,9 @@ class Router $m->connect('admin/site', array('action' => 'siteadminpanel')); $m->connect('admin/design', array('action' => 'designadminpanel')); $m->connect('admin/user', array('action' => 'useradminpanel')); - $m->connect('admin/access', array('action' => 'accessadminpanel')); + $m->connect('admin/access', array('action' => 'accessadminpanel')); $m->connect('admin/paths', array('action' => 'pathsadminpanel')); + $m->connect('admin/sessions', array('action' => 'sessionsadminpanel')); $m->connect('getfile/:filename', array('action' => 'getfile'), -- cgit v1.2.3-54-g00ecf From 1b7cc3393a6a039d4adcf955b3a79fe3c5cc6f47 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 30 Jan 2010 12:43:00 -0500 Subject: Use passed-in lat long in geocode.php Don't rewrite the lat-long for a location in geocode.php. --- actions/geocode.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'actions') diff --git a/actions/geocode.php b/actions/geocode.php index 9671d2c27..7fd696baf 100644 --- a/actions/geocode.php +++ b/actions/geocode.php @@ -52,12 +52,7 @@ class GeocodeAction extends Action } $this->lat = $this->trimmed('lat'); $this->lon = $this->trimmed('lon'); - $location = Location::fromLatLon($this->lat, $this->lon); - if ($location) { - $this->location = Location::fromId($location->location_id, $location->location_ns); - $this->lat = $this->location->lat; - $this->lon = $this->location->lon; - } + $this->location = Location::fromLatLon($this->lat, $this->lon); return true; } -- cgit v1.2.3-54-g00ecf From def5d56ce1582c785cbff7d49103493b293838bb Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 30 Jan 2010 12:47:21 -0500 Subject: add lat, lon, location and remove closing tag from geocode.php --- actions/geocode.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'actions') diff --git a/actions/geocode.php b/actions/geocode.php index 7fd696baf..e883c6ce4 100644 --- a/actions/geocode.php +++ b/actions/geocode.php @@ -42,6 +42,10 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { */ class GeocodeAction extends Action { + var $lat = null; + var $lon = null; + var $location = null; + function prepare($args) { parent::prepare($args); @@ -90,4 +94,3 @@ class GeocodeAction extends Action return true; } } -?> -- cgit v1.2.3-54-g00ecf From dc62246443e3584ef5267505275f618f6fa86bf7 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sun, 31 Jan 2010 10:12:26 -0500 Subject: Add a robots.txt URL to the site root Adds a robots.txt file to the site root. Defaults defined by 'robotstxt' section of config. New events StartRobotsTxt and EndRobotsTxt to let plugins add information. Probably not useful if path is not /, but won't hurt anything, either. --- EVENTS.txt | 6 +++ README | 14 +++++++ actions/robotstxt.php | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++ index.php | 5 ++- lib/default.php | 4 ++ lib/router.php | 2 + 6 files changed, 129 insertions(+), 2 deletions(-) create mode 100644 actions/robotstxt.php (limited to 'actions') diff --git a/EVENTS.txt b/EVENTS.txt index 3317c80de..6bf12bf13 100644 --- a/EVENTS.txt +++ b/EVENTS.txt @@ -708,3 +708,9 @@ EndUserRegister: When a new user has been registered - &$profile: new profile data - &$user: new user account +StartRobotsTxt: Before outputting the robots.txt page +- &$action: RobotstxtAction being shown + +EndRobotsTxt: After the default robots.txt page (good place for customization) +- &$action: RobotstxtAction being shown + diff --git a/README b/README index da278f741..4e576dcdd 100644 --- a/README +++ b/README @@ -1496,6 +1496,20 @@ interface. It also makes the user's profile the root URL. enabled: Whether to run in "single user mode". Default false. nickname: nickname of the single user. +robotstxt +--------- + +We put out a default robots.txt file to guide the processing of +Web crawlers. See http://www.robotstxt.org/ for more information +on the format of this file. + +crawldelay: if non-empty, this value is provided as the Crawl-Delay: + for the robots.txt file. see http://ur1.ca/l5a0 + for more information. Default is zero, no explicit delay. +disallow: Array of (virtual) directories to disallow. Default is 'main', + 'search', 'message', 'settings', 'admin'. Ignored when site + is private, in which case the entire site ('/') is disallowed. + Plugins ======= diff --git a/actions/robotstxt.php b/actions/robotstxt.php new file mode 100644 index 000000000..5131097c8 --- /dev/null +++ b/actions/robotstxt.php @@ -0,0 +1,100 @@ + + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Prints out a static robots.txt + * + * @category Action + * @package StatusNet + * @author Evan Prodromou + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class RobotstxtAction extends Action +{ + /** + * Handles requests + * + * Since this is a relatively static document, we + * don't do a prepare() + * + * @param array $args GET, POST, and URL params; unused. + * + * @return void + */ + + function handle($args) + { + if (Event::handle('StartRobotsTxt', array($this))) { + + header('Content-Type: text/plain'); + + print "User-Agent: *\n"; + + if (common_config('site', 'private')) { + + print "Disallow: /\n"; + + } else { + + $disallow = common_config('robotstxt', 'disallow'); + + foreach ($disallow as $dir) { + print "Disallow: /$dir/\n"; + } + + $crawldelay = common_config('robotstxt', 'crawldelay'); + + if (!empty($crawldelay)) { + print "Crawl-delay: " . $crawldelay . "\n"; + } + } + + Event::handle('EndRobotsTxt', array($this)); + } + } + + /** + * Return true; this page doesn't touch the DB. + * + * @param array $args other arguments + * + * @return boolean is read only action? + */ + + function isReadOnly($args) + { + return true; + } +} diff --git a/index.php b/index.php index 605b380bf..06ff9900f 100644 --- a/index.php +++ b/index.php @@ -285,8 +285,9 @@ function main() if (!$user && common_config('site', 'private') && !isLoginAction($action) && !preg_match('/rss$/', $action) - && !preg_match('/^Api/', $action) - ) { + && $action != 'robotstxt' + && !preg_match('/^Api/', $action)) { + // set returnto $rargs =& common_copy_args($args); unset($rargs['action']); diff --git a/lib/default.php b/lib/default.php index 1337a9633..2bedc4bf0 100644 --- a/lib/default.php +++ b/lib/default.php @@ -270,4 +270,8 @@ $default = 'singleuser' => array('enabled' => false, 'nickname' => null), + 'robotstxt' => + array('crawldelay' => 0, + 'disallow' => array('main', 'settings', 'admin', 'search', 'message') + ), ); diff --git a/lib/router.php b/lib/router.php index ca9f32812..4b5b8d0bb 100644 --- a/lib/router.php +++ b/lib/router.php @@ -73,6 +73,8 @@ class Router if (Event::handle('StartInitializeRouter', array(&$m))) { + $m->connect('robots.txt', array('action' => 'robotstxt')); + $m->connect('opensearch/people', array('action' => 'opensearch', 'type' => 'people')); $m->connect('opensearch/notice', array('action' => 'opensearch', -- cgit v1.2.3-54-g00ecf From 30268cff7899519f249861e067e3af680ee1c570 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sun, 31 Jan 2010 15:16:59 -0500 Subject: Add Really Simple Discovery (RSD) support Anil Dash suggested that all implementers of the Twitter API include support for the remedial RSD format. This commit adds an RSD action that returns the API root and additional API data to help client developers discover and use our Twitter-compatible API. http://dashes.com/anil/2009/12/the-twitter-api-is-finished.html http://tales.phrasewise.com/rfc/rsd --- actions/public.php | 10 ++- actions/rsd.php | 226 +++++++++++++++++++++++++++++++++++++++++++++++++ actions/showstream.php | 9 ++ lib/router.php | 9 ++ 4 files changed, 253 insertions(+), 1 deletion(-) create mode 100644 actions/rsd.php (limited to 'actions') diff --git a/actions/public.php b/actions/public.php index 982dfde15..50278bfce 100644 --- a/actions/public.php +++ b/actions/public.php @@ -131,12 +131,20 @@ class PublicAction extends Action return _('Public timeline'); } } - + function extraHead() { parent::extraHead(); $this->element('meta', array('http-equiv' => 'X-XRDS-Location', 'content' => common_local_url('publicxrds'))); + + $rsd = common_local_url('rsd'); + + // RSD, http://tales.phrasewise.com/rfc/rsd + + $this->element('link', array('rel' => 'EditURI', + 'type' => 'application/rsd+xml', + 'href' => $rsd)); } /** diff --git a/actions/rsd.php b/actions/rsd.php new file mode 100644 index 000000000..f88bf2e9a --- /dev/null +++ b/actions/rsd.php @@ -0,0 +1,226 @@ +. + * + * @category API + * @package StatusNet + * @author Evan Prodromou + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * RSD action class + * + * Really Simple Discovery (RSD) is a simple (to a fault, maybe) + * discovery tool for blog APIs. + * + * http://tales.phrasewise.com/rfc/rsd + * + * Anil Dash suggested that RSD be used for services that implement + * the Twitter API: + * + * http://dashes.com/anil/2009/12/the-twitter-api-is-finished.html + * + * It's in use now for WordPress.com blogs: + * + * http://matt.wordpress.com/xmlrpc.php?rsd + * + * I (evan@status.net) have tried to stay faithful to the premise of + * RSD, while adding information useful to StatusNet client developers. + * In particular: + * + * - There is a link from each user's profile page to their personal + * RSD feed. A personal rsd.xml includes a 'blogID' element that is + * their username. + * - There is a link from the public root to '/rsd.xml', a public RSD + * feed. It's identical to the personal rsd except it doesn't include + * a blogId. + * - I've added a setting to the API to indicate that OAuth support is + * available. + * + * @category API + * @package StatusNet + * @author Evan Prodromou + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class RsdAction extends Action +{ + /** + * Optional attribute for the personal rsd.xml file. + */ + + var $user = null; + + /** + * Prepare the action for use. + * + * Check for a nickname; redirect if non-canonical; if + * not provided, assume public rsd.xml. + * + * @param array $args GET, POST, and URI arguments. + * + * @return boolean success flag + */ + + function prepare($args) + { + parent::prepare($args); + + // optional argument + + $nickname_arg = $this->arg('nickname'); + + if (empty($nickname_arg)) { + $this->user = null; + } else { + $nickname = common_canonical_nickname($nickname_arg); + + // Permanent redirect on non-canonical nickname + + if ($nickname_arg != $nickname) { + common_redirect(common_local_url('rsd', + array('nickname' => $nickname)), + 301); + return false; + } + + $this->user = User::staticGet('nickname', $nickname); + + if (empty($this->user)) { + $this->clientError(_('No such user.'), 404); + return false; + } + } + + return true; + } + + /** + * Action handler. + * + * Outputs the XML format for an RSD file. May include + * personal information if this is a personal file + * (based on whether $user attribute is set). + * + * @param array $args array of arguments + * + * @return nothing + */ + + function handle($args) + { + header('Content-Type: application/rsd+xml'); + + $this->startXML(); + + $rsdNS = 'http://archipelago.phrasewise.com/rsd'; + $this->elementStart('rsd', array('version' => '1.0', + 'xmlns' => $rsdNS)); + $this->elementStart('service'); + $this->element('engineName', null, _('StatusNet')); + $this->element('engineLink', null, 'http://status.net/'); + $this->elementStart('apis'); + if (Event::handle('StartRsdListApis', array($this, $this->user))) { + + $blogID = (empty($this->user)) ? '' : $this->user->nickname; + $apiAttrs = array('name' => 'Twitter', + 'preferred' => 'true', + 'apiLink' => $this->_apiRoot(), + 'blogID' => $blogID); + + $this->elementStart('api', $apiAttrs); + $this->elementStart('settings'); + $this->element('docs', null, + 'http://status.net/wiki/TwitterCompatibleAPI'); + $this->element('setting', array('name' => 'OAuth'), + 'true'); + $this->elementEnd('settings'); + $this->elementEnd('api'); + Event::handle('EndRsdListApis', array($this, $this->user)); + } + $this->elementEnd('apis'); + $this->elementEnd('service'); + $this->elementEnd('rsd'); + + $this->endXML(); + + return true; + } + + /** + * Returns last-modified date for use in caching + * + * Per-user rsd.xml is dated to last change of user + * (in case of nickname change); public has no date. + * + * @return string date of last change of this page + */ + + function lastModified() + { + if (!empty($this->user)) { + return $this->user->modified; + } else { + return null; + } + } + + /** + * Flag to indicate if this action is read-only + * + * It is; it doesn't change the DB. + * + * @param array $args ignored + * + * @return boolean true + */ + + function isReadOnly($args) + { + return true; + } + + /** + * Return current site's API root + * + * Varies based on URL parameters, like if fancy URLs are + * turned on. + * + * @return string API root URI for this site + */ + + private function _apiRoot() + { + if (common_config('site', 'fancy')) { + return common_path('api/', true); + } else { + return common_path('index.php/api/', true); + } + } +} diff --git a/actions/showstream.php b/actions/showstream.php index c52919386..07cc68b76 100644 --- a/actions/showstream.php +++ b/actions/showstream.php @@ -178,6 +178,15 @@ class ShowstreamAction extends ProfileAction $this->element('link', array('rel' => 'microsummary', 'href' => common_local_url('microsummary', array('nickname' => $this->profile->nickname)))); + + $rsd = common_local_url('rsd', + array('nickname' => $this->profile->nickname)); + + // RSD, http://tales.phrasewise.com/rfc/rsd + $this->element('link', array('rel' => 'EditURI', + 'type' => 'application/rsd+xml', + 'href' => $rsd)); + } function showProfile() diff --git a/lib/router.php b/lib/router.php index 4b5b8d0bb..b046b240c 100644 --- a/lib/router.php +++ b/lib/router.php @@ -708,6 +708,10 @@ class Router 'nickname' => $nickname), array('tag' => '[a-zA-Z0-9]+')); + $m->connect('rsd.xml', + array('action' => 'rsd', + 'nickname' => $nickname)); + $m->connect('', array('action' => 'showstream', 'nickname' => $nickname)); @@ -722,6 +726,7 @@ class Router $m->connect('featured', array('action' => 'featured')); $m->connect('favorited/', array('action' => 'favorited')); $m->connect('favorited', array('action' => 'favorited')); + $m->connect('rsd.xml', array('action' => 'rsd')); foreach (array('subscriptions', 'subscribers', 'nudge', 'all', 'foaf', 'xrds', @@ -769,6 +774,10 @@ class Router array('nickname' => '[a-zA-Z0-9]{1,64}'), array('tag' => '[a-zA-Z0-9]+')); + $m->connect(':nickname/rsd.xml', + array('action' => 'rsd'), + array('nickname' => '[a-zA-Z0-9]{1,64}')); + $m->connect(':nickname', array('action' => 'showstream'), array('nickname' => '[a-zA-Z0-9]{1,64}')); -- cgit v1.2.3-54-g00ecf From d6fe865133511ac64565a583106b3233b70a0b1e Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Mon, 1 Feb 2010 13:14:35 +0100 Subject: Removed hAtom pattern from registration page. --- actions/register.php | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'actions') diff --git a/actions/register.php b/actions/register.php index 698137346..063bbe2cc 100644 --- a/actions/register.php +++ b/actions/register.php @@ -303,27 +303,6 @@ class RegisterAction extends Action return ($user !== false); } - // overrrided to add entry-title class - function showPageTitle() { - if (Event::handle('StartShowPageTitle', array($this))) { - $this->element('h1', array('class' => 'entry-title'), $this->title()); - } - } - - // overrided to add hentry, and content-inner class - function showContentBlock() - { - $this->elementStart('div', array('id' => 'content', 'class' => 'hentry')); - $this->showPageTitle(); - $this->showPageNoticeBlock(); - $this->elementStart('div', array('id' => 'content_inner', - 'class' => 'entry-content')); - // show the actual content (forms, lists, whatever) - $this->showContent(); - $this->elementEnd('div'); - $this->elementEnd('div'); - } - /** * Instructions or a notice for the page * -- cgit v1.2.3-54-g00ecf From d264db61199789bd6b2e42161048da69ce95f45a Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 1 Feb 2010 11:10:36 -0500 Subject: fix local file include vulnerability in doc.php Conflicts: actions/doc.php --- actions/doc.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'actions') diff --git a/actions/doc.php b/actions/doc.php index 25d363472..eaf4b7df2 100644 --- a/actions/doc.php +++ b/actions/doc.php @@ -54,6 +54,9 @@ class DocAction extends Action parent::prepare($args); $this->title = $this->trimmed('title'); + if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) { + $this->title = 'help'; + } $this->output = null; $this->loadDoc(); -- cgit v1.2.3-54-g00ecf From 57d8f22a3ae8aba882b7782cbc426e65cdb355f6 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 1 Feb 2010 11:10:36 -0500 Subject: fix local file include vulnerability in doc.php Conflicts: actions/doc.php --- actions/doc.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'actions') diff --git a/actions/doc.php b/actions/doc.php index 25d363472..eaf4b7df2 100644 --- a/actions/doc.php +++ b/actions/doc.php @@ -54,6 +54,9 @@ class DocAction extends Action parent::prepare($args); $this->title = $this->trimmed('title'); + if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) { + $this->title = 'help'; + } $this->output = null; $this->loadDoc(); -- cgit v1.2.3-54-g00ecf From 84ab0156b415a405704784dfc19b59ebd3a1d1ee Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 1 Feb 2010 08:48:31 -0800 Subject: Improve name validation checks on local File references --- actions/getfile.php | 2 +- classes/File.php | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) (limited to 'actions') diff --git a/actions/getfile.php b/actions/getfile.php index cd327e410..9cbe8e1d9 100644 --- a/actions/getfile.php +++ b/actions/getfile.php @@ -71,7 +71,7 @@ class GetfileAction extends Action $filename = $this->trimmed('filename'); $path = null; - if ($filename) { + if ($filename && File::validFilename($filename)) { $path = File::path($filename); } diff --git a/classes/File.php b/classes/File.php index 34e4632a8..8d91ce500 100644 --- a/classes/File.php +++ b/classes/File.php @@ -176,8 +176,22 @@ class File extends Memcached_DataObject return "$nickname-$datestamp-$random.$ext"; } + /** + * Validation for as-saved base filenames + */ + static function validFilename($filename) + { + return preg_match('^/[A-Za-z0-9._-]+$/', $filename); + } + + /** + * @throws ClientException on invalid filename + */ static function path($filename) { + if (!self::validFilename($filename)) { + throw new ClientException("Invalid filename"); + } $dir = common_config('attachments', 'dir'); if ($dir[strlen($dir)-1] != '/') { @@ -189,6 +203,9 @@ class File extends Memcached_DataObject static function url($filename) { + if (!self::validFilename($filename)) { + throw new ClientException("Invalid filename"); + } if(common_config('site','private')) { return common_local_url('getfile', -- cgit v1.2.3-54-g00ecf From 6159edcebbcb1c230113e18788a676035979a4c8 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 1 Feb 2010 08:48:31 -0800 Subject: Improve name validation checks on local File references --- actions/getfile.php | 2 +- classes/File.php | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) (limited to 'actions') diff --git a/actions/getfile.php b/actions/getfile.php index cd327e410..9cbe8e1d9 100644 --- a/actions/getfile.php +++ b/actions/getfile.php @@ -71,7 +71,7 @@ class GetfileAction extends Action $filename = $this->trimmed('filename'); $path = null; - if ($filename) { + if ($filename && File::validFilename($filename)) { $path = File::path($filename); } diff --git a/classes/File.php b/classes/File.php index c527c4ffe..6dd9e0c06 100644 --- a/classes/File.php +++ b/classes/File.php @@ -176,8 +176,22 @@ class File extends Memcached_DataObject return "$nickname-$datestamp-$random.$ext"; } + /** + * Validation for as-saved base filenames + */ + static function validFilename($filename) + { + return preg_match('^/[A-Za-z0-9._-]+$/', $filename); + } + + /** + * @throws ClientException on invalid filename + */ static function path($filename) { + if (!self::validFilename($filename)) { + throw new ClientException("Invalid filename"); + } $dir = common_config('attachments', 'dir'); if ($dir[strlen($dir)-1] != '/') { @@ -189,6 +203,9 @@ class File extends Memcached_DataObject static function url($filename) { + if (!self::validFilename($filename)) { + throw new ClientException("Invalid filename"); + } if(common_config('site','private')) { return common_local_url('getfile', -- cgit v1.2.3-54-g00ecf From 0e49b3525d81a62a21e94e656c0ee5f2d38409eb Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Mon, 1 Feb 2010 20:31:56 +0100 Subject: Sentence case for app statistics --- actions/showapplication.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actions') diff --git a/actions/showapplication.php b/actions/showapplication.php index a6ff425c7..090e11882 100644 --- a/actions/showapplication.php +++ b/actions/showapplication.php @@ -201,7 +201,7 @@ class ShowApplicationAction extends OwnerDesignAction $userCnt = $appUsers->count(); $this->raw(sprintf( - _('created by %1$s - %2$s access by default - %3$d users'), + _('Created by %1$s - %2$s access by default - %3$d users'), $profile->getBestName(), $defaultAccess, $userCnt -- cgit v1.2.3-54-g00ecf From 59d16cf16ac75e18431dfd5452c748e880dafefd Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 1 Feb 2010 20:58:29 +0000 Subject: OAuth app names should be unique. --- actions/editapplication.php | 24 ++++++++++++++++++++++++ actions/newapplication.php | 20 ++++++++++++++++++++ classes/statusnet.ini | 3 ++- db/statusnet.sql | 2 +- 4 files changed, 47 insertions(+), 2 deletions(-) (limited to 'actions') diff --git a/actions/editapplication.php b/actions/editapplication.php index 9cc3e3cea..029b622e8 100644 --- a/actions/editapplication.php +++ b/actions/editapplication.php @@ -179,6 +179,9 @@ class EditApplicationAction extends OwnerDesignAction } elseif (mb_strlen($name) > 255) { $this->showForm(_('Name is too long (max 255 chars).')); return; + } else if ($this->nameExists($name)) { + $this->showForm(_('Name already in use. Try another one.')); + return; } elseif (empty($description)) { $this->showForm(_('Description is required.')); return; @@ -260,5 +263,26 @@ class EditApplicationAction extends OwnerDesignAction common_redirect(common_local_url('oauthappssettings'), 303); } + /** + * Does the app name already exist? + * + * Checks the DB to see someone has already registered and app + * with the same name. + * + * @param string $name app name to check + * + * @return boolean true if the name already exists + */ + + function nameExists($name) + { + $newapp = Oauth_application::staticGet('name', $name); + if (!$newapp) { + return false; + } else { + return $newapp->id != $this->app->id; + } + } + } diff --git a/actions/newapplication.php b/actions/newapplication.php index c499fe7c7..ba1cca5c9 100644 --- a/actions/newapplication.php +++ b/actions/newapplication.php @@ -158,6 +158,9 @@ class NewApplicationAction extends OwnerDesignAction if (empty($name)) { $this->showForm(_('Name is required.')); return; + } else if ($this->nameExists($name)) { + $this->showForm(_('Name already in use. Try another one.')); + return; } elseif (mb_strlen($name) > 255) { $this->showForm(_('Name is too long (max 255 chars).')); return; @@ -273,5 +276,22 @@ class NewApplicationAction extends OwnerDesignAction } + /** + * Does the app name already exist? + * + * Checks the DB to see someone has already registered and app + * with the same name. + * + * @param string $name app name to check + * + * @return boolean true if the name already exists + */ + + function nameExists($name) + { + $app = Oauth_application::staticGet('name', $name); + return ($app !== false); + } + } diff --git a/classes/statusnet.ini b/classes/statusnet.ini index 6203650a6..4ace4407b 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -353,7 +353,7 @@ notice_id = K id = 129 owner = 129 consumer_key = 130 -name = 130 +name = 2 description = 2 icon = 130 source_url = 2 @@ -367,6 +367,7 @@ modified = 384 [oauth_application__keys] id = N +name = U [oauth_application_user] profile_id = 129 diff --git a/db/statusnet.sql b/db/statusnet.sql index 17de4fd0d..71a6e724c 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -214,7 +214,7 @@ create table oauth_application ( id integer auto_increment primary key comment 'unique identifier', owner integer not null comment 'owner of the application' references profile (id), consumer_key varchar(255) not null comment 'application consumer key' references consumer (consumer_key), - name varchar(255) not null comment 'name of the application', + name varchar(255) unique key comment 'name of the application', description varchar(255) comment 'description of the application', icon varchar(255) not null comment 'application icon', source_url varchar(255) comment 'application homepage - used for source link', -- cgit v1.2.3-54-g00ecf From 803c6d954c92582520bed4ff4397f53b581fdc34 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Mon, 1 Feb 2010 23:10:44 +0000 Subject: Revert "Removed hAtom pattern from registration page." This reverts commit d6fe865133511ac64565a583106b3233b70a0b1e. Screws up list rendering when registration is complete. --- actions/register.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'actions') diff --git a/actions/register.php b/actions/register.php index 063bbe2cc..698137346 100644 --- a/actions/register.php +++ b/actions/register.php @@ -303,6 +303,27 @@ class RegisterAction extends Action return ($user !== false); } + // overrrided to add entry-title class + function showPageTitle() { + if (Event::handle('StartShowPageTitle', array($this))) { + $this->element('h1', array('class' => 'entry-title'), $this->title()); + } + } + + // overrided to add hentry, and content-inner class + function showContentBlock() + { + $this->elementStart('div', array('id' => 'content', 'class' => 'hentry')); + $this->showPageTitle(); + $this->showPageNoticeBlock(); + $this->elementStart('div', array('id' => 'content_inner', + 'class' => 'entry-content')); + // show the actual content (forms, lists, whatever) + $this->showContent(); + $this->elementEnd('div'); + $this->elementEnd('div'); + } + /** * Instructions or a notice for the page * -- cgit v1.2.3-54-g00ecf From 38bebb4c0dbdf7452a55cc46bbb4a80ec55dcabe Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 06:26:03 +0000 Subject: Allow developers to delete OAuth applications --- actions/deleteapplication.php | 176 ++++++++++++++++++++++++++++++++++++++++++ actions/showapplication.php | 19 ++++- classes/Consumer.php | 30 +++++++ classes/Oauth_application.php | 17 ++++ lib/router.php | 4 + 5 files changed, 244 insertions(+), 2 deletions(-) create mode 100644 actions/deleteapplication.php (limited to 'actions') diff --git a/actions/deleteapplication.php b/actions/deleteapplication.php new file mode 100644 index 000000000..17526e111 --- /dev/null +++ b/actions/deleteapplication.php @@ -0,0 +1,176 @@ +. + * + * @category Action + * @package StatusNet + * @author Zach Copley + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Delete an OAuth appliction + * + * @category Action + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class DeleteapplicationAction extends Action +{ + var $app = null; + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + if (!common_logged_in()) { + $this->clientError(_('You must be logged in to delete an application.')); + return false; + } + + $id = (int)$this->arg('id'); + $this->app = Oauth_application::staticGet('id', $id); + + if (empty($this->app)) { + $this->clientError(_('Application not found.')); + return false; + } + + $cur = common_current_user(); + + if ($cur->id != $this->app->owner) { + $this->clientError(_('You are not the owner of this application.'), 401); + return false; + } + + return true; + } + + /** + * Handle request + * + * Shows a page with list of favorite notices + * + * @param array $args $_REQUEST args; handled in prepare() + * + * @return void + */ + + function handle($args) + { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + // CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token.')); + return; + } + + if ($this->arg('no')) { + common_redirect(common_local_url('showapplication', + array('id' => $this->app->id)), 303); + } elseif ($this->arg('yes')) { + $this->handlePost(); + common_redirect(common_local_url('oauthappssettings'), 303); + } else { + $this->showPage(); + } + } + } + + function showContent() { + $this->areYouSureForm(); + } + + function title() { + return _('Delete application'); + } + + function showNoticeForm() { + // nop + } + + /** + * Confirm with user. + * + * Shows a confirmation form. + * + * @return void + */ + function areYouSureForm() + { + $id = $this->app->id; + $this->elementStart('form', array('id' => 'deleteapplication-' . $id, + 'method' => 'post', + 'class' => 'form_settings form_entity_block', + 'action' => common_local_url('deleteapplication', + array('id' => $this->app->id)))); + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->element('legend', _('Delete application')); + $this->element('p', null, + _('Are you sure you want to delete this application? '. + 'This will clear all data about the application from the '. + 'database, including all existing user connections.')); + $this->submit('form_action-no', + _('No'), + 'submit form_action-primary', + 'no', + _("Do not delete this application")); + $this->submit('form_action-yes', + _('Yes'), + 'submit form_action-secondary', + 'yes', _('Delete this application')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + /** + * Actually delete the app + * + * @return void + */ + + function handlePost() + { + $this->app->delete(); + } +} + diff --git a/actions/showapplication.php b/actions/showapplication.php index a6ff425c7..d307ea452 100644 --- a/actions/showapplication.php +++ b/actions/showapplication.php @@ -222,18 +222,33 @@ class ShowApplicationAction extends OwnerDesignAction $this->elementStart('li', 'entity_reset_keysecret'); $this->elementStart('form', array( - 'id' => 'forma_reset_key', + 'id' => 'form_reset_key', 'class' => 'form_reset_key', 'method' => 'POST', 'action' => common_local_url('showapplication', array('id' => $this->application->id)))); - $this->elementStart('fieldset'); $this->hidden('token', common_session_token()); $this->submit('reset', _('Reset key & secret')); $this->elementEnd('fieldset'); $this->elementEnd('form'); $this->elementEnd('li'); + + $this->elementStart('li', 'entity_delete'); + $this->elementStart('form', array( + 'id' => 'form_delete_application', + 'class' => 'form_delete_application', + 'method' => 'POST', + 'action' => common_local_url('deleteapplication', + array('id' => $this->application->id)))); + + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->submit('delete', _('Delete')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + $this->elementEnd('li'); + $this->elementEnd('ul'); $this->elementEnd('div'); diff --git a/classes/Consumer.php b/classes/Consumer.php index ad64a8491..ce399f278 100644 --- a/classes/Consumer.php +++ b/classes/Consumer.php @@ -36,4 +36,34 @@ class Consumer extends Memcached_DataObject return $cons; } + /** + * Delete a Consumer and related tokens and nonces + * + * XXX: Should this happen in an OAuthDataStore instead? + * + */ + function delete() + { + // XXX: Is there any reason NOT to do this kind of cleanup? + + $this->_deleteTokens(); + $this->_deleteNonces(); + + parent::delete(); + } + + function _deleteTokens() + { + $token = new Token(); + $token->consumer_key = $this->consumer_key; + $token->delete(); + } + + function _deleteNonces() + { + $nonce = new Nonce(); + $nonce->consumer_key = $this->consumer_key; + $nonce->delete(); + } + } diff --git a/classes/Oauth_application.php b/classes/Oauth_application.php index a6b539087..748b64220 100644 --- a/classes/Oauth_application.php +++ b/classes/Oauth_application.php @@ -137,4 +137,21 @@ class Oauth_application extends Memcached_DataObject } } + function delete() + { + $this->_deleteAppUsers(); + + $consumer = $this->getConsumer(); + $consumer->delete(); + + parent::delete(); + } + + function _deleteAppUsers() + { + $oauser = new Oauth_application_user(); + $oauser->application_id = $this->id; + $oauser->delete(); + } + } diff --git a/lib/router.php b/lib/router.php index b046b240c..987d0152e 100644 --- a/lib/router.php +++ b/lib/router.php @@ -152,6 +152,10 @@ class Router array('action' => 'editapplication'), array('id' => '[0-9]+') ); + $m->connect('settings/oauthapps/delete/:id', + array('action' => 'deleteapplication'), + array('id' => '[0-9]+') + ); // search -- cgit v1.2.3-54-g00ecf From f1094185e4943ec391abb60757e94bf566e6ecb2 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 07:35:54 +0000 Subject: Better token revocation --- actions/apioauthauthorize.php | 22 ++++++---------------- actions/oauthconnectionssettings.php | 24 +++++++++++++++--------- db/statusnet.sql | 2 +- lib/apioauthstore.php | 27 +++++++++++++++++++++++++++ 4 files changed, 49 insertions(+), 26 deletions(-) (limited to 'actions') diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index dec0dc9f6..1711db6ab 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -99,24 +99,17 @@ class ApiOauthAuthorizeAction extends ApiOauthAction } else { - // XXX: make better error messages - if (empty($this->oauth_token)) { - - common_debug("No request token found."); - - $this->clientError(_('Bad request.')); + $this->clientError(_('No oauth_token parameter provided.')); return; } if (empty($this->app)) { - common_debug('No app for that token.'); - $this->clientError(_('Bad request.')); + $this->clientError(_('Invalid token.')); return; } $name = $this->app->name; - common_debug("Requesting auth for app: " . $name); $this->showForm(); } @@ -124,8 +117,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function handlePost() { - common_debug("handlePost()"); - // check session token for CSRF protection. $token = $this->trimmed('token'); @@ -210,13 +201,9 @@ class ApiOauthAuthorizeAction extends ApiOauthAction if (!empty($this->callback)) { - // XXX: Need better way to build this redirect url. - $target_url = $this->getCallback($this->callback, array('oauth_token' => $this->oauth_token)); - common_debug("Doing callback to $target_url"); - common_redirect($target_url, 303); } else { common_debug("callback was empty!"); @@ -236,9 +223,12 @@ class ApiOauthAuthorizeAction extends ApiOauthAction } else if ($this->arg('deny')) { + $datastore = new ApiStatusNetOAuthDataStore(); + $datastore->revoke_token($this->oauth_token, 0); + $this->elementStart('p'); - $this->raw(sprintf(_("The request token %s has been denied."), + $this->raw(sprintf(_("The request token %s has been denied and revoked."), $this->oauth_token)); $this->elementEnd('p'); diff --git a/actions/oauthconnectionssettings.php b/actions/oauthconnectionssettings.php index c2e8d441b..b1467f0d0 100644 --- a/actions/oauthconnectionssettings.php +++ b/actions/oauthconnectionssettings.php @@ -33,6 +33,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { require_once INSTALLDIR . '/lib/connectsettingsaction.php'; require_once INSTALLDIR . '/lib/applicationlist.php'; +require_once INSTALLDIR . '/lib/apioauthstore.php'; /** * Show connected OAuth applications @@ -71,11 +72,6 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return _('Connected applications'); } - function isReadOnly($args) - { - return true; - } - /** * Instructions for use * @@ -153,6 +149,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction } } + /** + * Revoke access to an authorized OAuth application + * + * @param int $appId the ID of the application + * + */ + function revokeAccess($appId) { $cur = common_current_user(); @@ -164,6 +167,8 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return false; } + // XXX: Transaction here? + $appUser = Oauth_application_user::getByKeys($cur, $app); if (empty($appUser)) { @@ -171,12 +176,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return false; } - $orig = clone($appUser); - $appUser->access_type = 0; // No access - $result = $appUser->update(); + $datastore = new ApiStatusNetOAuthDataStore(); + $datastore->revoke_token($appUser->token, 1); + + $result = $appUser->delete(); if (!$result) { - common_log_db_error($orig, 'UPDATE', __FILE__); + common_log_db_error($orig, 'DELETE', __FILE__); $this->clientError(_('Unable to revoke access for app: ' . $app->id)); return false; } diff --git a/db/statusnet.sql b/db/statusnet.sql index 71a6e724c..8946f4d7e 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -230,7 +230,7 @@ create table oauth_application ( create table oauth_application_user ( profile_id integer not null comment 'user of the application' references profile (id), application_id integer not null comment 'id of the application' references oauth_application (id), - access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write, bit 3 = revoked', + access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write', token varchar(255) comment 'request or access token', created datetime not null comment 'date this record was created', modified timestamp comment 'date this record was modified', diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php index 32110d057..1bb11cbca 100644 --- a/lib/apioauthstore.php +++ b/lib/apioauthstore.php @@ -159,5 +159,32 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore } } + /** + * Revoke specified access token + * + * Revokes the token specified by $token_key. + * Throws exceptions in case of error. + * + * @param string $token_key the token to be revoked + * @param int $type type of token (0 = req, 1 = access) + * + * @access public + * + * @return void + */ + + public function revoke_token($token_key, $type = 0) { + $rt = new Token(); + $rt->tok = $token_key; + $rt->type = $type; + $rt->state = 0; + if (!$rt->find(true)) { + throw new Exception('Tried to revoke unknown token'); + } + if (!$rt->delete()) { + throw new Exception('Failed to delete revoked token'); + } + } + } -- cgit v1.2.3-54-g00ecf From c03883fc88c678e62e02d201cb74b862b108188a Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 07:59:28 +0000 Subject: Suppress notice input box on OAuth authorization page --- actions/apioauthauthorize.php | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) (limited to 'actions') diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index 1711db6ab..e7c6f3761 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -67,8 +67,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction { parent::prepare($args); - common_debug("apioauthauthorize"); - $this->nickname = $this->trimmed('nickname'); $this->password = $this->arg('password'); $this->oauth_token = $this->arg('oauth_token'); @@ -193,8 +191,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction // A callback specified in the app setup overrides whatever // is passed in with the request. - common_debug("Req token is authorized - doing callback"); - if (!empty($this->app->callback_url)) { $this->callback = $this->app->callback_url; } @@ -295,12 +291,15 @@ class ApiOauthAuthorizeAction extends ApiOauthAction $msg = _('The application %1$s by ' . '%2$s would like the ability ' . - 'to %3$s your account data.'); + 'to %3$s your %4$s account data. ' . + 'You should only give access to your %4$s account ' . + 'to third parties you trust.'); $this->raw(sprintf($msg, $this->app->name, $this->app->organization, - $access)); + $access, + common_config('site', 'name'))); $this->elementEnd('p'); $this->elementEnd('li'); $this->elementEnd('ul'); @@ -362,6 +361,31 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function showLocalNav() { + // NOP + } + + /** + * Show site notice. + * + * @return nothing + */ + + function showSiteNotice() + { + // NOP + } + + /** + * Show notice form. + * + * Show the form for posting a new notice + * + * @return nothing + */ + + function showNoticeForm() + { + // NOP } } -- cgit v1.2.3-54-g00ecf From df2a08126510445f93eddbebc0551ee44c945fd5 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 1 Feb 2010 20:58:29 +0000 Subject: OAuth app names should be unique. --- actions/editapplication.php | 24 ++++++++++++++++++++++++ actions/newapplication.php | 20 ++++++++++++++++++++ classes/statusnet.ini | 3 ++- db/statusnet.sql | 2 +- 4 files changed, 47 insertions(+), 2 deletions(-) (limited to 'actions') diff --git a/actions/editapplication.php b/actions/editapplication.php index 9cc3e3cea..029b622e8 100644 --- a/actions/editapplication.php +++ b/actions/editapplication.php @@ -179,6 +179,9 @@ class EditApplicationAction extends OwnerDesignAction } elseif (mb_strlen($name) > 255) { $this->showForm(_('Name is too long (max 255 chars).')); return; + } else if ($this->nameExists($name)) { + $this->showForm(_('Name already in use. Try another one.')); + return; } elseif (empty($description)) { $this->showForm(_('Description is required.')); return; @@ -260,5 +263,26 @@ class EditApplicationAction extends OwnerDesignAction common_redirect(common_local_url('oauthappssettings'), 303); } + /** + * Does the app name already exist? + * + * Checks the DB to see someone has already registered and app + * with the same name. + * + * @param string $name app name to check + * + * @return boolean true if the name already exists + */ + + function nameExists($name) + { + $newapp = Oauth_application::staticGet('name', $name); + if (!$newapp) { + return false; + } else { + return $newapp->id != $this->app->id; + } + } + } diff --git a/actions/newapplication.php b/actions/newapplication.php index c499fe7c7..ba1cca5c9 100644 --- a/actions/newapplication.php +++ b/actions/newapplication.php @@ -158,6 +158,9 @@ class NewApplicationAction extends OwnerDesignAction if (empty($name)) { $this->showForm(_('Name is required.')); return; + } else if ($this->nameExists($name)) { + $this->showForm(_('Name already in use. Try another one.')); + return; } elseif (mb_strlen($name) > 255) { $this->showForm(_('Name is too long (max 255 chars).')); return; @@ -273,5 +276,22 @@ class NewApplicationAction extends OwnerDesignAction } + /** + * Does the app name already exist? + * + * Checks the DB to see someone has already registered and app + * with the same name. + * + * @param string $name app name to check + * + * @return boolean true if the name already exists + */ + + function nameExists($name) + { + $app = Oauth_application::staticGet('name', $name); + return ($app !== false); + } + } diff --git a/classes/statusnet.ini b/classes/statusnet.ini index 6203650a6..4ace4407b 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -353,7 +353,7 @@ notice_id = K id = 129 owner = 129 consumer_key = 130 -name = 130 +name = 2 description = 2 icon = 130 source_url = 2 @@ -367,6 +367,7 @@ modified = 384 [oauth_application__keys] id = N +name = U [oauth_application_user] profile_id = 129 diff --git a/db/statusnet.sql b/db/statusnet.sql index 17de4fd0d..71a6e724c 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -214,7 +214,7 @@ create table oauth_application ( id integer auto_increment primary key comment 'unique identifier', owner integer not null comment 'owner of the application' references profile (id), consumer_key varchar(255) not null comment 'application consumer key' references consumer (consumer_key), - name varchar(255) not null comment 'name of the application', + name varchar(255) unique key comment 'name of the application', description varchar(255) comment 'description of the application', icon varchar(255) not null comment 'application icon', source_url varchar(255) comment 'application homepage - used for source link', -- cgit v1.2.3-54-g00ecf From f0875ceea1bd6940bb30deab0f6a0f38a752a2c6 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 06:26:03 +0000 Subject: Allow developers to delete OAuth applications --- actions/deleteapplication.php | 176 ++++++++++++++++++++++++++++++++++++++++++ actions/showapplication.php | 19 ++++- classes/Consumer.php | 30 +++++++ classes/Oauth_application.php | 17 ++++ lib/router.php | 4 + 5 files changed, 244 insertions(+), 2 deletions(-) create mode 100644 actions/deleteapplication.php (limited to 'actions') diff --git a/actions/deleteapplication.php b/actions/deleteapplication.php new file mode 100644 index 000000000..17526e111 --- /dev/null +++ b/actions/deleteapplication.php @@ -0,0 +1,176 @@ +. + * + * @category Action + * @package StatusNet + * @author Zach Copley + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Delete an OAuth appliction + * + * @category Action + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class DeleteapplicationAction extends Action +{ + var $app = null; + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + if (!common_logged_in()) { + $this->clientError(_('You must be logged in to delete an application.')); + return false; + } + + $id = (int)$this->arg('id'); + $this->app = Oauth_application::staticGet('id', $id); + + if (empty($this->app)) { + $this->clientError(_('Application not found.')); + return false; + } + + $cur = common_current_user(); + + if ($cur->id != $this->app->owner) { + $this->clientError(_('You are not the owner of this application.'), 401); + return false; + } + + return true; + } + + /** + * Handle request + * + * Shows a page with list of favorite notices + * + * @param array $args $_REQUEST args; handled in prepare() + * + * @return void + */ + + function handle($args) + { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + // CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token.')); + return; + } + + if ($this->arg('no')) { + common_redirect(common_local_url('showapplication', + array('id' => $this->app->id)), 303); + } elseif ($this->arg('yes')) { + $this->handlePost(); + common_redirect(common_local_url('oauthappssettings'), 303); + } else { + $this->showPage(); + } + } + } + + function showContent() { + $this->areYouSureForm(); + } + + function title() { + return _('Delete application'); + } + + function showNoticeForm() { + // nop + } + + /** + * Confirm with user. + * + * Shows a confirmation form. + * + * @return void + */ + function areYouSureForm() + { + $id = $this->app->id; + $this->elementStart('form', array('id' => 'deleteapplication-' . $id, + 'method' => 'post', + 'class' => 'form_settings form_entity_block', + 'action' => common_local_url('deleteapplication', + array('id' => $this->app->id)))); + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->element('legend', _('Delete application')); + $this->element('p', null, + _('Are you sure you want to delete this application? '. + 'This will clear all data about the application from the '. + 'database, including all existing user connections.')); + $this->submit('form_action-no', + _('No'), + 'submit form_action-primary', + 'no', + _("Do not delete this application")); + $this->submit('form_action-yes', + _('Yes'), + 'submit form_action-secondary', + 'yes', _('Delete this application')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + /** + * Actually delete the app + * + * @return void + */ + + function handlePost() + { + $this->app->delete(); + } +} + diff --git a/actions/showapplication.php b/actions/showapplication.php index 090e11882..020d62480 100644 --- a/actions/showapplication.php +++ b/actions/showapplication.php @@ -222,18 +222,33 @@ class ShowApplicationAction extends OwnerDesignAction $this->elementStart('li', 'entity_reset_keysecret'); $this->elementStart('form', array( - 'id' => 'forma_reset_key', + 'id' => 'form_reset_key', 'class' => 'form_reset_key', 'method' => 'POST', 'action' => common_local_url('showapplication', array('id' => $this->application->id)))); - $this->elementStart('fieldset'); $this->hidden('token', common_session_token()); $this->submit('reset', _('Reset key & secret')); $this->elementEnd('fieldset'); $this->elementEnd('form'); $this->elementEnd('li'); + + $this->elementStart('li', 'entity_delete'); + $this->elementStart('form', array( + 'id' => 'form_delete_application', + 'class' => 'form_delete_application', + 'method' => 'POST', + 'action' => common_local_url('deleteapplication', + array('id' => $this->application->id)))); + + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->submit('delete', _('Delete')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + $this->elementEnd('li'); + $this->elementEnd('ul'); $this->elementEnd('div'); diff --git a/classes/Consumer.php b/classes/Consumer.php index ad64a8491..ce399f278 100644 --- a/classes/Consumer.php +++ b/classes/Consumer.php @@ -36,4 +36,34 @@ class Consumer extends Memcached_DataObject return $cons; } + /** + * Delete a Consumer and related tokens and nonces + * + * XXX: Should this happen in an OAuthDataStore instead? + * + */ + function delete() + { + // XXX: Is there any reason NOT to do this kind of cleanup? + + $this->_deleteTokens(); + $this->_deleteNonces(); + + parent::delete(); + } + + function _deleteTokens() + { + $token = new Token(); + $token->consumer_key = $this->consumer_key; + $token->delete(); + } + + function _deleteNonces() + { + $nonce = new Nonce(); + $nonce->consumer_key = $this->consumer_key; + $nonce->delete(); + } + } diff --git a/classes/Oauth_application.php b/classes/Oauth_application.php index a6b539087..748b64220 100644 --- a/classes/Oauth_application.php +++ b/classes/Oauth_application.php @@ -137,4 +137,21 @@ class Oauth_application extends Memcached_DataObject } } + function delete() + { + $this->_deleteAppUsers(); + + $consumer = $this->getConsumer(); + $consumer->delete(); + + parent::delete(); + } + + function _deleteAppUsers() + { + $oauser = new Oauth_application_user(); + $oauser->application_id = $this->id; + $oauser->delete(); + } + } diff --git a/lib/router.php b/lib/router.php index b046b240c..987d0152e 100644 --- a/lib/router.php +++ b/lib/router.php @@ -152,6 +152,10 @@ class Router array('action' => 'editapplication'), array('id' => '[0-9]+') ); + $m->connect('settings/oauthapps/delete/:id', + array('action' => 'deleteapplication'), + array('id' => '[0-9]+') + ); // search -- cgit v1.2.3-54-g00ecf From 819127307896c3aee43f0f009f6ff636eb227b4c Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 07:35:54 +0000 Subject: Better token revocation --- actions/apioauthauthorize.php | 22 ++++++---------------- actions/oauthconnectionssettings.php | 24 +++++++++++++++--------- db/statusnet.sql | 2 +- lib/apioauthstore.php | 27 +++++++++++++++++++++++++++ 4 files changed, 49 insertions(+), 26 deletions(-) (limited to 'actions') diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index 15c3a9dad..05d925d26 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -99,24 +99,17 @@ class ApiOauthAuthorizeAction extends ApiOauthAction } else { - // XXX: make better error messages - if (empty($this->oauth_token)) { - - common_debug("No request token found."); - - $this->clientError(_('Bad request.')); + $this->clientError(_('No oauth_token parameter provided.')); return; } if (empty($this->app)) { - common_debug('No app for that token.'); - $this->clientError(_('Bad request.')); + $this->clientError(_('Invalid token.')); return; } $name = $this->app->name; - common_debug("Requesting auth for app: " . $name); $this->showForm(); } @@ -124,8 +117,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function handlePost() { - common_debug("handlePost()"); - // check session token for CSRF protection. $token = $this->trimmed('token'); @@ -210,13 +201,9 @@ class ApiOauthAuthorizeAction extends ApiOauthAction if (!empty($this->callback)) { - // XXX: Need better way to build this redirect url. - $target_url = $this->getCallback($this->callback, array('oauth_token' => $this->oauth_token)); - common_debug("Doing callback to $target_url"); - common_redirect($target_url, 303); } else { common_debug("callback was empty!"); @@ -236,9 +223,12 @@ class ApiOauthAuthorizeAction extends ApiOauthAction } else if ($this->arg('deny')) { + $datastore = new ApiStatusNetOAuthDataStore(); + $datastore->revoke_token($this->oauth_token, 0); + $this->elementStart('p'); - $this->raw(sprintf(_("The request token %s has been denied."), + $this->raw(sprintf(_("The request token %s has been denied and revoked."), $this->oauth_token)); $this->elementEnd('p'); diff --git a/actions/oauthconnectionssettings.php b/actions/oauthconnectionssettings.php index c2e8d441b..b1467f0d0 100644 --- a/actions/oauthconnectionssettings.php +++ b/actions/oauthconnectionssettings.php @@ -33,6 +33,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { require_once INSTALLDIR . '/lib/connectsettingsaction.php'; require_once INSTALLDIR . '/lib/applicationlist.php'; +require_once INSTALLDIR . '/lib/apioauthstore.php'; /** * Show connected OAuth applications @@ -71,11 +72,6 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return _('Connected applications'); } - function isReadOnly($args) - { - return true; - } - /** * Instructions for use * @@ -153,6 +149,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction } } + /** + * Revoke access to an authorized OAuth application + * + * @param int $appId the ID of the application + * + */ + function revokeAccess($appId) { $cur = common_current_user(); @@ -164,6 +167,8 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return false; } + // XXX: Transaction here? + $appUser = Oauth_application_user::getByKeys($cur, $app); if (empty($appUser)) { @@ -171,12 +176,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return false; } - $orig = clone($appUser); - $appUser->access_type = 0; // No access - $result = $appUser->update(); + $datastore = new ApiStatusNetOAuthDataStore(); + $datastore->revoke_token($appUser->token, 1); + + $result = $appUser->delete(); if (!$result) { - common_log_db_error($orig, 'UPDATE', __FILE__); + common_log_db_error($orig, 'DELETE', __FILE__); $this->clientError(_('Unable to revoke access for app: ' . $app->id)); return false; } diff --git a/db/statusnet.sql b/db/statusnet.sql index 71a6e724c..8946f4d7e 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -230,7 +230,7 @@ create table oauth_application ( create table oauth_application_user ( profile_id integer not null comment 'user of the application' references profile (id), application_id integer not null comment 'id of the application' references oauth_application (id), - access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write, bit 3 = revoked', + access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write', token varchar(255) comment 'request or access token', created datetime not null comment 'date this record was created', modified timestamp comment 'date this record was modified', diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php index 32110d057..1bb11cbca 100644 --- a/lib/apioauthstore.php +++ b/lib/apioauthstore.php @@ -159,5 +159,32 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore } } + /** + * Revoke specified access token + * + * Revokes the token specified by $token_key. + * Throws exceptions in case of error. + * + * @param string $token_key the token to be revoked + * @param int $type type of token (0 = req, 1 = access) + * + * @access public + * + * @return void + */ + + public function revoke_token($token_key, $type = 0) { + $rt = new Token(); + $rt->tok = $token_key; + $rt->type = $type; + $rt->state = 0; + if (!$rt->find(true)) { + throw new Exception('Tried to revoke unknown token'); + } + if (!$rt->delete()) { + throw new Exception('Failed to delete revoked token'); + } + } + } -- cgit v1.2.3-54-g00ecf From 3906713b2aec17d889d79dcf526ae05e284b5b33 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 07:59:28 +0000 Subject: Suppress notice input box on OAuth authorization page --- actions/apioauthauthorize.php | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) (limited to 'actions') diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index 05d925d26..2caa8d20b 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -67,8 +67,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction { parent::prepare($args); - common_debug("apioauthauthorize"); - $this->nickname = $this->trimmed('nickname'); $this->password = $this->arg('password'); $this->oauth_token = $this->arg('oauth_token'); @@ -193,8 +191,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction // A callback specified in the app setup overrides whatever // is passed in with the request. - common_debug("Req token is authorized - doing callback"); - if (!empty($this->app->callback_url)) { $this->callback = $this->app->callback_url; } @@ -295,12 +291,15 @@ class ApiOauthAuthorizeAction extends ApiOauthAction $msg = _('The application %1$s by ' . '%2$s would like the ability ' . - 'to %3$s your account data.'); + 'to %3$s your %4$s account data. ' . + 'You should only give access to your %4$s account ' . + 'to third parties you trust.'); $this->raw(sprintf($msg, $this->app->name, $this->app->organization, - $access)); + $access, + common_config('site', 'name'))); $this->elementEnd('p'); $this->elementEnd('li'); $this->elementEnd('ul'); @@ -362,6 +361,31 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function showLocalNav() { + // NOP + } + + /** + * Show site notice. + * + * @return nothing + */ + + function showSiteNotice() + { + // NOP + } + + /** + * Show notice form. + * + * Show the form for posting a new notice + * + * @return nothing + */ + + function showNoticeForm() + { + // NOP } } -- cgit v1.2.3-54-g00ecf