get rid of callback nonce
darcs-hash:20080602201707-84dde-400855b57fcf01e597494143cc78092351043b91.gz
This commit is contained in:
parent
7b24d101c0
commit
e103c8b6ea
|
@ -33,14 +33,7 @@ class FinishremotesubscribeAction extends Action {
|
|||
return;
|
||||
}
|
||||
|
||||
$nonce = $this->trimmed('nonce');
|
||||
|
||||
if (!$omb) {
|
||||
common_user_error(_t('No nonce returned!'));
|
||||
return;
|
||||
}
|
||||
|
||||
$omb = $_SESSION[$nonce];
|
||||
$omb = $_SESSION['oauth_authorization_request'];
|
||||
|
||||
if (!$omb) {
|
||||
common_user_error(_t('Not expecting this response!'));
|
||||
|
@ -173,7 +166,7 @@ class FinishremotesubscribeAction extends Action {
|
|||
}
|
||||
|
||||
# Clear the data
|
||||
unset($_SESSION[$nonce]);
|
||||
unset($_SESSION['oauth_authorization_request']);
|
||||
|
||||
# If we show subscriptions in reverse chron order, this should
|
||||
# show up close to the top of the page
|
||||
|
@ -187,7 +180,7 @@ class FinishremotesubscribeAction extends Action {
|
|||
$con = omb_oauth_consumer();
|
||||
$tok = new OAuthToken($omb['token'], $omb['secret']);
|
||||
|
||||
$url = $omb[OAUTH_ENDPOINT_ACCESS][0];
|
||||
$url = omb_service_uri($omb[OAUTH_ENDPOINT_ACCESS]);
|
||||
|
||||
# XXX: Is this the right thing to do? Strip off GET params and make them
|
||||
# POST params? Seems wrong to me.
|
||||
|
|
|
@ -336,10 +336,9 @@ class RemotesubscribeAction extends Action {
|
|||
$req->set_parameter('omb_listenee_avatar', $avatar->url);
|
||||
}
|
||||
|
||||
$nonce = $this->make_nonce();
|
||||
|
||||
$req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe',
|
||||
array('nonce' => $nonce)));
|
||||
# XXX: add a nonce to prevent replay attacks
|
||||
|
||||
$req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe'));
|
||||
|
||||
# XXX: test to see if endpoint accepts this signature method
|
||||
|
||||
|
@ -351,7 +350,7 @@ class RemotesubscribeAction extends Action {
|
|||
$omb['token'] = $token;
|
||||
$omb['secret'] = $secret;
|
||||
|
||||
$_SESSION[$nonce] = $omb;
|
||||
$_SESSION['oauth_authorization_request'] = $omb;
|
||||
|
||||
# Redirect to authorization service
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user