Make sure applications are really looked up by consumer key
This commit is contained in:
Zach Copley
parent
e101a6df6b
commit
c0eee277d1
|
|
@ -74,42 +74,11 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
|
|||
$this->oauth_token = $this->arg('oauth_token');
|
||||
$this->callback = $this->arg('oauth_callback');
|
||||
$this->store = new ApiStatusNetOAuthDataStore();
|
||||
$this->app = $this->store->getAppByRequestToken($this->oauth_token);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
function getApp()
|
||||
{
|
||||
// Look up the full req token
|
||||
|
||||
$req_token = $this->store->lookup_token(null,
|
||||
'request',
|
||||
$this->oauth_token);
|
||||
|
||||
if (empty($req_token)) {
|
||||
|
||||
common_debug("Couldn't find request token!");
|
||||
|
||||
$this->clientError(_('Bad request.'));
|
||||
return;
|
||||
}
|
||||
|
||||
// Look up the app
|
||||
|
||||
$app = new Oauth_application();
|
||||
$app->consumer_key = $req_token->consumer_key;
|
||||
$result = $app->find(true);
|
||||
|
||||
if (!empty($result)) {
|
||||
$this->app = $app;
|
||||
return true;
|
||||
|
||||
} else {
|
||||
common_debug("couldn't find the app!");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle input, produce output
|
||||
*
|
||||
|
|
@ -140,7 +109,8 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
|
|||
return;
|
||||
}
|
||||
|
||||
if (!$this->getApp()) {
|
||||
if (empty($this->app)) {
|
||||
common_debug('No app for that token.');
|
||||
$this->clientError(_('Bad request.'));
|
||||
return;
|
||||
}
|
||||
|
|
@ -166,11 +136,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
|
|||
return;
|
||||
}
|
||||
|
||||
if (!$this->getApp()) {
|
||||
$this->clientError(_('Bad request.'));
|
||||
return;
|
||||
}
|
||||
|
||||
// check creds
|
||||
|
||||
$user = null;
|
||||
|
|
@ -416,7 +381,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction
|
|||
function getInstructions()
|
||||
{
|
||||
return _('Allow or deny access to your account information.');
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -36,6 +36,44 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
|
|||
$con->consumer_secret);
|
||||
}
|
||||
|
||||
function getAppByRequestToken($token_key)
|
||||
{
|
||||
// Look up the full req tokenx
|
||||
|
||||
$req_token = $this->lookup_token(null,
|
||||
'request',
|
||||
$token_key);
|
||||
|
||||
if (empty($req_token)) {
|
||||
common_debug("couldn't get request token from oauth datastore");
|
||||
return null;
|
||||
}
|
||||
|
||||
// Look up the full Token
|
||||
|
||||
$token = new Token();
|
||||
$token->tok = $req_token->key;
|
||||
$result = $token->find(true);
|
||||
|
||||
if (empty($result)) {
|
||||
common_debug('Couldn\'t find req token in the token table.');
|
||||
return null;
|
||||
}
|
||||
|
||||
// Look up the app
|
||||
|
||||
$app = new Oauth_application();
|
||||
$app->consumer_key = $token->consumer_key;
|
||||
$result = $app->find(true);
|
||||
|
||||
if (!empty($result)) {
|
||||
return $app;
|
||||
} else {
|
||||
common_debug("Couldn't find the app!");
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
function new_access_token($token, $consumer)
|
||||
{
|
||||
common_debug('new_access_token("'.$token->key.'","'.$consumer->key.'")', __FILE__);
|
||||
|
|
@ -64,7 +102,7 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore
|
|||
if (!empty($result)) {
|
||||
common_debug("Oath app user found.");
|
||||
} else {
|
||||
common_debug("Oauth app user not found.");
|
||||
common_debug("Oauth app user not found. app id $app->id token $rt->tok");
|
||||
return null;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user