public function userTokenJson(Application $app)
{
$appRepo = new API2ApplicationRepository();
$appRequestTokenRepo = new API2ApplicationRequestTokenRepository();
$userAuthorisationTokenRepo = new API2ApplicationUserAuthorisationTokenRepository();
$userTokenRepo = new API2ApplicationUserTokenRepository();
if (!$app['apiApp'] || !$app['apiAppLoadedBySecret']) {
return json_encode(array('success' => false));
}
// Load and check request token!
$data = array_merge($_GET, $_POST);
$authorisationToken = $data['authorisation_token'] && $data['request_token'] ? $userAuthorisationTokenRepo->loadByAppAndAuthorisationTokenAndRequestToken($app['apiApp'], $data['authorisation_token'], $data['request_token']) : null;
if (!$authorisationToken || $authorisationToken->getIsUsed()) {
return json_encode(array('success' => false));
}
// get user tokens
$userTokenRepo->createForAppAndUserId($app['apiApp'], $authorisationToken->getUserId());
$userToken = $userTokenRepo->loadByAppAndUserID($app['apiApp'], $authorisationToken->getUserId());
// mark token used
$userAuthorisationTokenRepo->markTokenUsed($authorisationToken);
// return
if ($userToken) {
return json_encode(array('success' => true, 'permissions' => array('is_editor' => $userToken->getIsEditor()), 'user_token' => $userToken->getUserToken(), 'user_secret' => $userToken->getUserSecret()));
} else {
// This might happen if user redraws permissions from app between logging in and app gotting tokens,
// since loadByAppAndUserID() checks user permisisons.
return json_encode(array('success' => false));
}
}
