diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php index f3893e43fc..b64655bbea 100644 --- a/actions/remotesubscribe.php +++ b/actions/remotesubscribe.php @@ -23,9 +23,9 @@ require_once(INSTALLDIR.'/lib/omb.php'); require_once('Auth/Yadis/Yadis.php'); class RemotesubscribeAction extends Action { - + function handle($args) { - + parent::handle($args); if (common_logged_in()) { @@ -54,32 +54,32 @@ class RemotesubscribeAction extends Action { common_element_end('form'); common_show_footer(); } - + function remote_subscription() { $user = $this->get_user(); - + if (!$user) { $this->show_form(_t('No such user!')); return; } - + $profile = $this->trimmed('profile'); - + if (!$profile) { $this->show_form(_t('No such user!')); return; } - + if (!Validate::uri($profile, array('allowed_schemes' => array('http', 'https')))) { $this->show_form(_t('Invalid profile URL (bad format)')); return; } - + $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); $yadis = Auth_Yadis_Yadis::discover($profile, $fetcher); common_debug('remotesubscribe.php: XRDS discovery failure? "'.$yadis->failed.'"'); - + if (!$yadis || $yadis->failed) { $this->show_form(_t('Not a valid profile URL (no YADIS document).')); return; @@ -91,26 +91,26 @@ class RemotesubscribeAction extends Action { $this->show_form(_t('Not a valid profile URL (no XRDS defined).')); return; } - + common_debug('remotesubscribe.php: XRDS is "'.print_r($xrds,TRUE).'"'); $omb = $this->getOmb($xrds); - + if (!$omb) { $this->show_form(_t('Not a valid profile URL (incorrect services).')); return; } - + list($token, $secret) = $this->request_token($omb); - + if (!$token || !$secret) { $this->show_form(_t('Couldn\'t get a request token.')); return; } - + $this->request_authorization($user, $omb, $token, $secret); } - + function get_user() { $user = NULL; $nickname = $this->trimmed('nickname'); @@ -121,43 +121,43 @@ class RemotesubscribeAction extends Action { } function getOmb($xrds) { - + static $omb_endpoints = array(OMB_ENDPOINT_UPDATEPROFILE, OMB_ENDPOINT_POSTNOTICE); static $oauth_endpoints = array(OAUTH_ENDPOINT_REQUEST, OAUTH_ENDPOINT_AUTHORIZE, OAUTH_ENDPOINT_ACCESS); $omb = array(); # XXX: the following code could probably be refactored to eliminate dupes - + common_debug('remotesubscribe.php - looking for oauth discovery service'); - + $oauth_services = $xrds->services(omb_service_filter(OAUTH_DISCOVERY)); - + if (!$oauth_services) { common_debug('remotesubscribe.php - failed to find oauth discovery service'); return NULL; } $oauth_service = $oauth_services[0]; - + common_debug('remotesubscribe.php - looking for oauth discovery XRD'); - + $xrd = $this->getXRD($oauth_service, $xrds); - + if (!$xrd) { common_debug('remotesubscribe.php - failed to find oauth discovery XRD'); return NULL; } - + common_debug('remotesubscribe.php - adding OAuth services from XRD'); - + if (!$this->addServices($xrd, $oauth_endpoints, $omb)) { common_debug('remotesubscribe.php - failed to add OAuth services'); return NULL; } common_debug('remotesubscribe.php - looking for OMB discovery service'); - + $omb_services = $xrds->services(omb_service_filter(OMB_NAMESPACE)); if (!$omb_services) { @@ -166,35 +166,35 @@ class RemotesubscribeAction extends Action { } $omb_service = $omb_services[0]; - + common_debug('remotesubscribe.php - looking for OMB discovery XRD'); - + $xrd = $this->getXRD($omb_service, $xrds); if (!$xrd) { common_debug('remotesubscribe.php - failed to find OMB discovery XRD'); return NULL; } - + common_debug('remotesubscribe.php - adding OMB services from XRD'); - + if (!$this->addServices($xrd, $omb_endpoints, $omb)) { common_debug('remotesubscribe.php - failed to add OMB services'); return NULL; } - + # XXX: check that we got all the services we needed - + foreach (array_merge($omb_endpoints, $oauth_endpoints) as $type) { if (!array_key_exists($type, $omb)) { return NULL; } } - + if (!omb_local_id($omb[OAUTH_ENDPOINT_REQUEST])) { return NULL; } - + return $omb; } @@ -229,15 +229,15 @@ class RemotesubscribeAction extends Action { } return true; } - + function request_token($omb) { $con = omb_oauth_consumer(); $url = omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]); - + # XXX: Is this the right thing to do? Strip off GET params and make them # POST params? Seems wrong to me. - + $parsed = parse_url($url); $params = array(); parse_str($parsed['query'], $params); @@ -245,54 +245,54 @@ class RemotesubscribeAction extends Action { $req = OAuthRequest::from_consumer_and_token($con, NULL, "POST", $url, $params); $listener = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); - + if (!$listener) { return NULL; } - + $req->set_parameter('omb_listener', $listener); $req->set_parameter('omb_version', OMB_VERSION_01); - + # XXX: test to see if endpoint accepts this signature method $req->sign_request(omb_hmac_sha1(), $con, NULL); - + # We re-use this tool's fetcher, since it's pretty good - + $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); $result = $fetcher->post($req->get_normalized_http_url(), $req->to_postdata()); - + if ($result->status != 200) { return NULL; } parse_str($result->body, $return); - + return array($return['oauth_token'], $return['oauth_token_secret']); } - + function request_authorization($user, $omb, $token, $secret) { global $config; # for license URL - + $con = omb_oauth_consumer(); $tok = new OAuthToken($token, $secret); - + $url = omb_service_uri($omb[OAUTH_ENDPOINT_AUTHORIZE]); - + # XXX: Is this the right thing to do? Strip off GET params and make them # POST params? Seems wrong to me. - + $parsed = parse_url($url); $params = array(); parse_str($parsed['query'], $params); $req = OAuthRequest::from_consumer_and_token($con, $tok, 'GET', $url, $params); - + # We send over a ton of information. This lets the other # server store info about our user, and it lets the current # user decide if they really want to authorize the subscription. - + $req->set_parameter('omb_version', OMB_VERSION_01); $req->set_parameter('omb_listener', omb_local_id($omb[OAUTH_ENDPOINT_REQUEST])); $req->set_parameter('omb_listenee', $user->uri); @@ -318,24 +318,24 @@ class RemotesubscribeAction extends Action { } $nonce = $this->make_nonce(); - + $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe', array('nonce' => $nonce))); - + # XXX: test to see if endpoint accepts this signature method $req->sign_request(omb_hmac_sha1(), $con, $tok); - + # store all our info here $omb['listenee'] = $user->nickname; $omb['token'] = $token; $omb['secret'] = $secret; - + $_SESSION[$nonce] = $omb; - + # Redirect to authorization service - + common_redirect($req->to_url()); return; }