Update ApiOauthAccessTokenAction to OAuth 1.0a

This commit is contained in:
Zach Copley 2010-10-07 18:32:27 -07:00
parent f8808b0761
commit 459727bd61
2 changed files with 65 additions and 25 deletions

View File

@ -2,7 +2,8 @@
/** /**
* StatusNet, the distributed open-source microblogging tool * StatusNet, the distributed open-source microblogging tool
* *
* Exchange an authorized OAuth request token for an access token * Action for getting OAuth token credentials (exchange an authorized
* request token for an access token)
* *
* PHP version 5 * PHP version 5
* *
@ -34,7 +35,8 @@ if (!defined('STATUSNET')) {
require_once INSTALLDIR . '/lib/apioauth.php'; require_once INSTALLDIR . '/lib/apioauth.php';
/** /**
* Exchange an authorized OAuth request token for an access token * Action for getting OAuth token credentials (exchange an authorized
* request token for an access token)
* *
* @category API * @category API
* @package StatusNet * @package StatusNet
@ -45,6 +47,8 @@ require_once INSTALLDIR . '/lib/apioauth.php';
class ApiOauthAccessTokenAction extends ApiOauthAction class ApiOauthAccessTokenAction extends ApiOauthAction
{ {
protected $reqToken = null;
protected $verifier = null;
/** /**
* Class handler. * Class handler.
@ -65,30 +69,58 @@ class ApiOauthAccessTokenAction extends ApiOauthAction
$atok = null; $atok = null;
// XXX: Insist that oauth_token and oauth_verifier be populated?
// Spec doesn't say they MUST be.
try { try {
$req = OAuthRequest::from_request(); $req = OAuthRequest::from_request();
$this->reqToken = $req->get_parameter('oauth_token');
$this->verifier = $req->get_parameter('oauth_verifier');
$atok = $server->fetch_access_token($req); $atok = $server->fetch_access_token($req);
} catch (OAuthException $e) { } catch (OAuthException $e) {
common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage()); common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage());
common_debug(var_export($req, true)); common_debug(var_export($req, true));
$this->outputError($e->getMessage()); $code = $e->getCode();
return; $this->clientError($e->getMessage(), empty($code) ? 401 : $code, 'text');
} }
if (empty($atok)) { if (empty($atok)) {
common_debug('couldn\'t get access token.');
print "Token exchange failed. Has the request token been authorized?\n"; // Token exchange failed -- log it
list($proxy, $ip) = common_client_ip();
$msg = sprintf(
'API OAuth - Failure exchanging request token for access token, '
. 'request token = %s, verifier = %s, IP = %s, proxy = %s',
$this->reqToken,
$this->verifier,
$ip,
$proxy
);
common_log(LOG_WARNING, $msg);
print "Invalid request token or verifier.";
} else { } else {
print $atok; $this->showAccessToken($atok);
} }
} }
function outputError($msg) /*
* Display OAuth token credentials
*
* @param OAuthToken token the access token
*/
function showAccessToken($token)
{ {
header('HTTP/1.1 401 Unauthorized'); header('Content-Type: application/x-www-form-urlencoded');
header('Content-Type: text/html; charset=utf-8'); print $token;
print $msg . "\n";
} }
} }

View File

@ -71,29 +71,33 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
} }
} }
function new_access_token($token, $consumer) function new_access_token($token, $consumer, $verifier)
{ {
common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__); common_debug(
'new_access_token("' . $token->key . '","' . $consumer->key. '","' . $verifier . '")',
__FILE__
);
$rt = new Token(); $rt = new Token();
$rt->consumer_key = $consumer->key; $rt->consumer_key = $consumer->key;
$rt->tok = $token->key; $rt->tok = $token->key;
$rt->type = 0; // request $rt->type = 0; // request
$app = Oauth_application::getByConsumerKey($consumer->key); $app = Oauth_application::getByConsumerKey($consumer->key);
assert(!empty($app));
if (empty($app)) { if ($rt->find(true) && $rt->state == 1 && $rt->verifier == $verifier) { // authorized
common_debug("empty app!");
}
if ($rt->find(true) && $rt->state == 1) { // authorized
common_debug('request token found.', __FILE__); common_debug('request token found.', __FILE__);
// find the associated user of the app // find the associated user of the app
$appUser = new Oauth_application_user(); $appUser = new Oauth_application_user();
$appUser->application_id = $app->id; $appUser->application_id = $app->id;
$appUser->token = $rt->tok; $appUser->token = $rt->tok;
$result = $appUser->find(true); $result = $appUser->find(true);
if (!empty($result)) { if (!empty($result)) {
@ -106,10 +110,12 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
// go ahead and make the access token // go ahead and make the access token
$at = new Token(); $at = new Token();
$at->consumer_key = $consumer->key; $at->consumer_key = $consumer->key;
$at->tok = common_good_rand(16); $at->tok = common_good_rand(16);
$at->secret = common_good_rand(16); $at->secret = common_good_rand(16);
$at->type = 1; // access $at->type = 1; // access
$at->verifier = $verifier;
$at->verified_callback = $rt->verified_callback; // 1.0a
$at->created = DB_DataObject_Cast::dateTime(); $at->created = DB_DataObject_Cast::dateTime();
if (!$at->insert()) { if (!$at->insert()) {
@ -217,4 +223,6 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
return new OAuthToken($t->tok, $t->secret); return new OAuthToken($t->tok, $t->secret);
} }
} }
} }