function showApplication()
{
$user = common_current_user();
$this->out->elementStart('li', array('class' => 'application', 'id' => 'oauthclient-' . $this->application->id));
$this->out->elementStart('span', 'vcard author');
if (!$this->connections) {
$this->out->elementStart('a', array('href' => common_local_url('showapplication', array('id' => $this->application->id)), 'class' => 'url'));
} else {
$this->out->elementStart('a', array('href' => $this->application->source_url, 'class' => 'url'));
}
if (!empty($this->application->icon)) {
$this->out->element('img', array('src' => $this->application->icon, 'class' => 'photo avatar'));
}
$this->out->element('span', 'fn', $this->application->name);
$this->out->elementEnd('a');
$this->out->elementEnd('span');
$this->out->raw(' by ');
$this->out->element('a', array('href' => $this->application->homepage, 'class' => 'url'), $this->application->organization);
$this->out->element('p', 'note', $this->application->description);
$this->out->elementEnd('li');
if ($this->connections) {
$appUser = Oauth_application_user::getByKeys($this->owner, $this->application);
if (empty($appUser)) {
common_debug("empty appUser!");
}
$this->out->elementStart('li');
$access = $this->application->access_type & Oauth_application::$writeAccess ? 'read-write' : 'read-only';
$txt = 'Approved ' . common_date_string($appUser->modified) . " - {$access} access.";
$this->out->raw($txt);
$this->out->elementEnd('li');
$this->out->elementStart('li', 'entity_revoke');
$this->out->elementStart('form', array('id' => 'form_revoke_app', 'class' => 'form_revoke_app', 'method' => 'POST', 'action' => common_local_url('oauthconnectionssettings')));
$this->out->elementStart('fieldset');
$this->out->hidden('id', $this->application->id);
$this->out->hidden('token', common_session_token());
$this->out->submit('revoke', _('Revoke'));
$this->out->elementEnd('fieldset');
$this->out->elementEnd('form');
$this->out->elementEnd('li');
}
}
function showApplication()
{
$user = common_current_user();
$this->out->elementStart('li', array('class' => 'application', 'id' => 'oauthclient-' . $this->application->id));
$this->out->elementStart('span', 'vcard author');
if (!$this->connections) {
$this->out->elementStart('a', array('href' => common_local_url('showapplication', array('id' => $this->application->id)), 'class' => 'url'));
} else {
$this->out->elementStart('a', array('href' => $this->application->source_url, 'class' => 'url'));
}
if (!empty($this->application->icon)) {
$this->out->element('img', array('src' => $this->application->icon, 'class' => 'photo avatar'));
}
$this->out->element('span', 'fn', $this->application->name);
$this->out->elementEnd('a');
$this->out->elementEnd('span');
$this->out->raw(' by ');
$this->out->element('a', array('href' => $this->application->homepage, 'class' => 'url'), $this->application->organization);
$this->out->element('p', 'note', $this->application->description);
$this->out->elementEnd('li');
if ($this->connections) {
$appUser = Oauth_application_user::getByKeys($this->owner, $this->application);
if (empty($appUser)) {
common_debug("empty appUser!");
}
$this->out->elementStart('li');
// TRANS: Application access type
$readWriteText = _('read-write');
// TRANS: Application access type
$readOnlyText = _('read-only');
$access = $this->application->access_type & Oauth_application::$writeAccess ? $readWriteText : $readOnlyText;
$modifiedDate = common_date_string($appUser->modified);
// TRANS: Used in application list. %1$s is a modified date, %2$s is access type (read-write or read-only)
$txt = sprintf(_('Approved %1$s - "%2$s" access.'), $modifiedDate, $access);
$this->out->raw($txt);
$this->out->elementEnd('li');
$this->out->elementStart('li', 'entity_revoke');
$this->out->elementStart('form', array('id' => 'form_revoke_app', 'class' => 'form_revoke_app', 'method' => 'POST', 'action' => common_local_url('oauthconnectionssettings')));
$this->out->elementStart('fieldset');
$this->out->hidden('id', $this->application->id);
$this->out->hidden('token', common_session_token());
// TRANS: Button label
$this->out->submit('revoke', _m('BUTTON', 'Revoke'));
$this->out->elementEnd('fieldset');
$this->out->elementEnd('form');
$this->out->elementEnd('li');
}
}
function handlePost()
{
// check session token for CSRF protection.
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
// check creds
$user = null;
if (!common_logged_in()) {
$user = common_check_user($this->nickname, $this->password);
if (empty($user)) {
$this->showForm(_("Invalid nickname / password!"));
return;
}
} else {
$user = common_current_user();
}
if ($this->arg('allow')) {
// mark the req token as authorized
$this->store->authorize_token($this->oauth_token);
// Check to see if there was a previous token associated
// with this user/app and kill it. If the user is doing this she
// probably doesn't want any old tokens anyway.
$appUser = Oauth_application_user::getByKeys($user, $this->app);
if (!empty($appUser)) {
$result = $appUser->delete();
if (!$result) {
common_log_db_error($appUser, 'DELETE', __FILE__);
throw new ServerException(_('Database error deleting OAuth application user.'));
return;
}
}
// associated the authorized req token with the user and the app
$appUser = new Oauth_application_user();
$appUser->profile_id = $user->id;
$appUser->application_id = $this->app->id;
// Note: do not copy the access type from the application.
// The access type should always be 0 when the OAuth app
// user record has a request token associated with it.
// Access type gets assigned once an access token has been
// granted. The OAuth app user record then gets updated
// with the new access token and access type.
$appUser->token = $this->oauth_token;
$appUser->created = common_sql_now();
$result = $appUser->insert();
if (!$result) {
common_log_db_error($appUser, 'INSERT', __FILE__);
throw new ServerException(_('Database error inserting OAuth application user.'));
return;
}
// if we have a callback redirect and provide the token
// A callback specified in the app setup overrides whatever
// is passed in with the request.
if (!empty($this->app->callback_url)) {
$this->callback = $this->app->callback_url;
}
if (!empty($this->callback)) {
$target_url = $this->getCallback($this->callback, array('oauth_token' => $this->oauth_token));
common_redirect($target_url, 303);
} else {
common_debug("callback was empty!");
}
// otherwise inform the user that the rt was authorized
$this->elementStart('p');
// XXX: Do OAuth 1.0a verifier code
$this->raw(sprintf(_("The request token %s has been authorized. " . 'Please exchange it for an access token.'), $this->oauth_token));
$this->elementEnd('p');
} else {
if ($this->arg('deny')) {
$datastore = new ApiStatusNetOAuthDataStore();
$datastore->revoke_token($this->oauth_token, 0);
$this->elementStart('p');
$this->raw(sprintf(_("The request token %s has been denied and revoked."), $this->oauth_token));
$this->elementEnd('p');
} else {
$this->clientError(_('Unexpected form submission.'));
return;
}
}
}
/**
* Revoke access to an authorized OAuth application
*
* @param int $appId the ID of the application
*
*/
function revokeAccess($appId)
{
$cur = common_current_user();
$app = Oauth_application::staticGet('id', $appId);
if (empty($app)) {
$this->clientError(_('No such application.'), 404);
return false;
}
// XXX: Transaction here?
$appUser = Oauth_application_user::getByKeys($cur, $app);
if (empty($appUser)) {
$this->clientError(_('You are not a user of that application.'), 401);
return false;
}
$datastore = new ApiStatusNetOAuthDataStore();
$datastore->revoke_token($appUser->token, 1);
$result = $appUser->delete();
if (!$result) {
common_log_db_error($orig, 'DELETE', __FILE__);
$this->clientError(sprintf(_('Unable to revoke access for app: %s.'), $app->id));
return false;
}
$msg = 'User %s (id: %d) revoked access to app %s (id: %d)';
common_log(LOG_INFO, sprintf($msg, $cur->nickname, $cur->id, $app->name, $app->id));
}
