From df7565ddcca1e75476f4ad9318e83751d79884ba Mon Sep 17 00:00:00 2001
From: Adrian Lang <mail@adrianlang.de>
Date: Sat, 7 Mar 2009 13:04:36 +0100
Subject: [PATCH] Remove second OAuth request validation.

---
 actions/userauthorization.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index d0041ca5ae..28243deccc 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -56,7 +56,6 @@ class UserauthorizationAction extends Action
                 if (!$req) {
                     $this->clientError(_('No request found!'));
                 }
-                # XXX: only validate new requests, since nonce is one-time use
                 $this->validateRequest($req);
                 $this->storeRequest($req);
                 $this->showForm($req);
@@ -307,14 +306,11 @@ class UserauthorizationAction extends Action
         }
 
         $user = common_current_user();
-        $datastore = omb_oauth_datastore();
-        $consumer = $this->getConsumer($datastore, $req);
-        $token = $this->getToken($datastore, $req, $consumer);
 
         $sub = new Subscription();
         $sub->subscriber = $user->id;
         $sub->subscribed = $remote->id;
-        $sub->token = $token->key; # NOTE: request token, not valid for use!
+        $sub->token = $req->get_parameter('oauth_token'); # NOTE: request token, not valid for use!
         $sub->created = DB_DataObject_Cast::dateTime(); # current time
 
         if (!$sub->insert()) {
@@ -388,7 +384,9 @@ class UserauthorizationAction extends Action
 
     function validateRequest(&$req)
     {
-        /* Find token. */
+        /* Find token.
+           TODO: If no token is passed the user should get a prompt to enter it
+                 according to OAuth Core 1.0 */
         $t = new Token();
         $t->tok = $req->get_parameter('oauth_token');
         $t->type = 0;