From e8b6d7c946da5fb2ce5397bccfd332de8ca1f9dd Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 19 Oct 2010 20:54:53 -0700 Subject: Add support for an anonymous OAuth consumer. Note: this requires a small DB tweak. Oauth_application_user needs to have the primary compound key: (profile_id, application_id, token). http://status.net/open-source/issues/2761 This should also make it possible to have multiple access tokens per application. http://status.net/open-source/issues/2788 --- lib/apiauth.php | 4 +- lib/apioauthstore.php | 53 ++++++++--- lib/applicationlist.php | 248 +++++++++++++++++++++++++++++++++++++----------- 3 files changed, 235 insertions(+), 70 deletions(-) (limited to 'lib') diff --git a/lib/apiauth.php b/lib/apiauth.php index a1c698bba..0ebd7aa10 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -178,8 +178,10 @@ class ApiAuthAction extends ApiAction } // set the source attr + if ($app->name != 'anonymous') { + $this->source = $app->name; + } - $this->source = $app->name; $appUser = Oauth_application_user::staticGet('token', $access_token); diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php index 6e0039bdd..e30eea129 100644 --- a/lib/apioauthstore.php +++ b/lib/apioauthstore.php @@ -23,16 +23,43 @@ require_once INSTALLDIR . '/lib/oauthstore.php'; class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore { - function lookup_consumer($consumer_key) + function lookup_consumer($consumerKey) { - $con = Consumer::staticGet('consumer_key', $consumer_key); + $con = Consumer::staticGet('consumer_key', $consumerKey); if (!$con) { - return null; + + // Create an anon consumer and anon application if one + // doesn't exist already + if ($consumerKey == 'anonymous') { + $con = new Consumer(); + $con->consumer_key = $consumerKey; + $con->consumer_secret = $consumerKey; + $result = $con->insert(); + if (!$result) { + $this->serverError(_("Could not create anonymous consumer.")); + } + $app = new OAuth_application(); + $app->consumer_key = $con->consumer_key; + $app->name = 'anonymous'; + + // XXX: allow the user to set the access type when + // authorizing? Currently we default to r+w for anonymous + // OAuth client applications + $app->access_type = 3; // read + write + $id = $app->insert(); + if (!$id) { + $this->serverError(_("Could not create anonymous OAuth application.")); + } + } else { + return null; + } } - return new OAuthConsumer($con->consumer_key, - $con->consumer_secret); + return new OAuthConsumer( + $con->consumer_key, + $con->consumer_secret + ); } function getAppByRequestToken($token_key) @@ -94,7 +121,7 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore if ($rt->find(true) && $rt->state == 1 && $rt->verifier == $verifier) { // authorized - common_debug('request token found.', __FILE__); + common_debug('request token found.'); // find the associated user of the app @@ -140,6 +167,7 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore // update the token from req to access for the user $orig = clone($appUser); + $appUser->token = $at->tok; // It's at this point that we change the access type @@ -150,11 +178,10 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore $appUser->access_type = $app->access_type; - $result = $appUser->update($orig); + $result = $appUser->updateKeys($orig); - if (empty($result)) { - common_debug('couldn\'t update OAuth app user.'); - return null; + if (!$result) { + throw new Exception('Couldn\'t update OAuth app user.'); } // Okay, good @@ -179,9 +206,9 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore * @return void */ public function revoke_token($token_key, $type = 0) { - $rt = new Token(); - $rt->tok = $token_key; - $rt->type = $type; + $rt = new Token(); + $rt->tok = $token_key; + $rt->type = $type; $rt->state = 0; if (!$rt->find(true)) { diff --git a/lib/applicationlist.php b/lib/applicationlist.php index 8b6e3a8ad..6801fb6cf 100644 --- a/lib/applicationlist.php +++ b/lib/applicationlist.php @@ -22,7 +22,7 @@ * @category Application * @package StatusNet * @author Zach Copley - * @copyright 2008-2009 StatusNet, Inc. + * @copyright 2008-2010 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -55,14 +55,13 @@ class ApplicationList extends Widget /** Action object using us. */ var $action = null; - function __construct($application, $owner=null, $action=null, $connections = false) + function __construct($application, $owner=null, $action=null) { parent::__construct($action); $this->application = $application; $this->owner = $owner; $this->action = $action; - $this->connections = $connections; } function show() @@ -88,24 +87,34 @@ class ApplicationList extends Widget { $user = common_current_user(); - $this->out->elementStart('li', array('class' => 'application', - 'id' => 'oauthclient-' . $this->application->id)); + $this->out->elementStart( + 'li', + array( + 'class' => 'application', + 'id' => 'oauthclient-' . $this->application->id + ) + ); $this->out->elementStart('span', 'vcard author'); - if (!$this->connections) { - $this->out->elementStart('a', - array('href' => common_local_url('showapplication', - array('id' => $this->application->id)), - 'class' => 'url')); - - } else { - $this->out->elementStart('a', array('href' => $this->application->source_url, - 'class' => 'url')); - } + + $this->out->elementStart( + 'a', + array( + 'href' => common_local_url( + 'showapplication', + array('id' => $this->application->id)), + 'class' => 'url' + ) + ); if (!empty($this->application->icon)) { - $this->out->element('img', array('src' => $this->application->icon, - 'class' => 'photo avatar')); + $this->out->element( + 'img', + array( + 'src' => $this->application->icon, + 'class' => 'photo avatar' + ) + ); } $this->out->element('span', 'fn', $this->application->name); @@ -114,51 +123,58 @@ class ApplicationList extends Widget $this->out->raw(' by '); - $this->out->element('a', array('href' => $this->application->homepage, - 'class' => 'url'), - $this->application->organization); + $this->out->element( + 'a', + array( + 'href' => $this->application->homepage, + 'class' => 'url' + ), + $this->application->organization + ); $this->out->element('p', 'note', $this->application->description); $this->out->elementEnd('li'); - if ($this->connections) { - $appUser = Oauth_application_user::getByKeys($this->owner, $this->application); + } - if (empty($appUser)) { - common_debug("empty appUser!"); - } + /* Override this in subclasses. */ + function showOwnerControls() + { + return; + } - $this->out->elementStart('li'); - - // TRANS: Application access type - $readWriteText = _('read-write'); - // TRANS: Application access type - $readOnlyText = _('read-only'); - - $access = ($this->application->access_type & Oauth_application::$writeAccess) - ? $readWriteText : $readOnlyText; - $modifiedDate = common_date_string($appUser->modified); - // TRANS: Used in application list. %1$s is a modified date, %2$s is access type ("read-write" or "read-only") - $txt = sprintf(_('Approved %1$s - "%2$s" access.'),$modifiedDate,$access); - - $this->out->raw($txt); - $this->out->elementEnd('li'); - - $this->out->elementStart('li', 'entity_revoke'); - $this->out->elementStart('form', array('id' => 'form_revoke_app', - 'class' => 'form_revoke_app', - 'method' => 'POST', - 'action' => - common_local_url('oauthconnectionssettings'))); - $this->out->elementStart('fieldset'); - $this->out->hidden('id', $this->application->id); - $this->out->hidden('token', common_session_token()); - // TRANS: Button label - $this->out->submit('revoke', _m('BUTTON','Revoke')); - $this->out->elementEnd('fieldset'); - $this->out->elementEnd('form'); - $this->out->elementEnd('li'); - } +} + + +/** + * Widget to show a list of connected OAuth clients + * + * @category Application + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ +class ConnectedAppsList extends Widget +{ + /** Current connected application query */ + var $connection = null; + + /** Owner of this list */ + var $owner = null; + + /** Action object using us. */ + var $action = null; + + function __construct($connection, $owner=null, $action=null) + { + parent::__construct($action); + + common_debug("ConnectedAppsList constructor"); + + $this->connection = $connection; + $this->owner = $owner; + $this->action = $action; } /* Override this in subclasses. */ @@ -166,4 +182,124 @@ class ApplicationList extends Widget { return; } + + function show() + { + $this->out->elementStart('ul', 'applications'); + + $cnt = 0; + + while ($this->connection->fetch()) { + $cnt++; + if($cnt > APPS_PER_PAGE) { + break; + } + $this->showConnection(); + } + + $this->out->elementEnd('ul'); + + return $cnt; + } + + function showConnection() + { + $app = Oauth_application::staticGet('id', $this->connection->application_id); + + $this->out->elementStart( + 'li', + array( + 'class' => 'application', + 'id' => 'oauthclient-' . $app->id + ) + ); + + $this->out->elementStart('span', 'vcard author'); + + $this->out->elementStart( + 'a', + array( + 'href' => $app->source_url, + 'class' => 'url' + ) + ); + + if (!empty($app->icon)) { + $this->out->element( + 'img', + array( + 'src' => $app->icon, + 'class' => 'photo avatar' + ) + ); + } + if ($app->name != 'anonymous') { + $this->out->element('span', 'fn', $app->name); + } + $this->out->elementEnd('a'); + + if ($app->name == 'anonymous') { + $this->out->element('span', 'fn', "Unknown application"); + } + + $this->out->elementEnd('span'); + + if ($app->name != 'anonymous') { + + $this->out->raw(_(' by ')); + + $this->out->element( + 'a', + array( + 'href' => $app->homepage, + 'class' => 'url' + ), + $app->organization + ); + } + + // TRANS: Application access type + $readWriteText = _('read-write'); + // TRANS: Application access type + $readOnlyText = _('read-only'); + + $access = ($this->connection->access_type & Oauth_application::$writeAccess) + ? $readWriteText : $readOnlyText; + $modifiedDate = common_date_string($this->connection->modified); + // TRANS: Used in application list. %1$s is a modified date, %2$s is access type ("read-write" or "read-only") + $txt = sprintf(_('Approved %1$s - "%2$s" access.'), $modifiedDate, $access); + + $this->out->raw(" - $txt"); + if (!empty($app->description)) { + $this->out->element( + 'p', array('class' => 'application_description'), + $app->description + ); + } + $this->out->element( + 'p', array( + 'class' => 'access_token'), + _('Access token starting with: ') . substr($this->connection->token, 0, 7) + ); + + $this->out->elementStart( + 'form', + array( + 'id' => 'form_revoke_app', + 'class' => 'form_revoke_app', + 'method' => 'POST', + 'action' => common_local_url('oauthconnectionssettings') + ) + ); + $this->out->elementStart('fieldset'); + $this->out->hidden('oauth_token', $this->connection->token); + $this->out->hidden('token', common_session_token()); + // TRANS: Button label + $this->out->submit('revoke', _('Revoke')); + $this->out->elementEnd('fieldset'); + $this->out->elementEnd('form'); + + $this->out->elementEnd('li'); + + } } -- cgit v1.2.3-54-g00ecf