function new_access_token($token, $consumer, $verifier)
{
common_debug(sprintf("New access token from request token %s, consumer %s and verifier %s ", $token, $consumer, $verifier), __FILE__);
$rt = new Token();
$rt->consumer_key = $consumer->key;
$rt->tok = $token->key;
$rt->type = 0;
// request
$app = Oauth_application::getByConsumerKey($consumer->key);
assert(!empty($app));
if ($rt->find(true) && $rt->state == 1 && $rt->verifier == $verifier) {
// authorized
common_debug('Request token found.', __FILE__);
// find the app and profile associated with this token
$tokenAssoc = Oauth_token_association::staticGet('token', $rt->tok);
if (!$tokenAssoc) {
throw new Exception(_('Could not find a profile and application associated with the request token.'));
}
// check to see if we have previously issued an access token for this application
// and profile
$appUser = new Oauth_application_user();
$appUser->application_id = $app->id;
$appUser->profile_id = $tokenAssoc->profile_id;
$result = $appUser->find(true);
if (!empty($result)) {
common_log(LOG_INFO, sprintf("Existing access token found for application %s, profile %s.", $app->id, $tokenAssoc->profile_id));
$at = new Token();
// fetch the full access token
$at->consumer_key = $consumer->key;
$at->tok = $appUser->token;
$result = $at->find(true);
if (!$result) {
throw new Exception(_('Could not issue access token.'));
}
// Yay, we can re-issue the access token
return new OAuthToken($at->tok, $at->secret);
} else {
common_log(LOG_INFO, sprintf("Creating new access token for application %s, profile %s.", $app->id, $tokenAssoc->profile_id));
// make a brand new access token
$at = new Token();
$at->consumer_key = $consumer->key;
$at->tok = common_good_rand(16);
$at->secret = common_good_rand(16);
$at->type = 1;
// access
$at->verifier = $verifier;
$at->verified_callback = $rt->verified_callback;
// 1.0a
$at->created = common_sql_now();
if (!$at->insert()) {
$e = $at->_lastError;
common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__);
return null;
} else {
common_debug('access token "' . $at->tok . '" inserted', __FILE__);
// burn the old one
$orig_rt = clone $rt;
$rt->state = 2;
// used
if (!$rt->update($orig_rt)) {
return null;
}
common_debug('request token "' . $rt->tok . '" updated', __FILE__);
}
// insert a new Oauth_application_user record w/access token
$appUser = new Oauth_application_user();
$appUser->profile_id = $tokenAssoc->profile_id;
$appUser->application_id = $app->id;
$appUser->access_type = $app->access_type;
$appUser->token = $at->tok;
$appUser->created = common_sql_now();
$result = $appUser->insert();
if (!$result) {
common_log_db_error($appUser, 'INSERT', __FILE__);
// TRANS: Server error displayed when a database error occurs.
$this->serverError(_('Database error inserting OAuth application user.'));
}
// Okay, good
return new OAuthToken($at->tok, $at->secret);
}
} else {
// the token was not authorized or not verfied
common_log(LOG_INFO, sprintf("API OAuth - Attempt to exchange unauthorized or unverified request token %s for an access token.", $rt->tok));
return null;
}
}
private function newAppUser($tokenAssoc, $app, $at)
{
$appUser = new Oauth_application_user();
$appUser->profile_id = $tokenAssoc->profile_id;
$appUser->application_id = $app->id;
$appUser->access_type = $app->access_type;
$appUser->token = $at->tok;
$appUser->created = common_sql_now();
$result = $appUser->insert();
if (!$result) {
common_log_db_error($appUser, 'INSERT', __FILE__);
throw new Exception(_('Database error inserting OAuth application user.'));
}
}
function handlePost()
{
// check session token for CSRF protection.
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->showForm(_('There was a problem with your session token. ' . 'Try again, please.'));
return;
}
// check creds
$user = null;
if (!common_logged_in()) {
$user = common_check_user($this->nickname, $this->password);
if (empty($user)) {
$this->showForm(_("Invalid nickname / password!"));
return;
}
} else {
$user = common_current_user();
}
if ($this->arg('allow')) {
// mark the req token as authorized
$this->store->authorize_token($this->oauth_token);
// Check to see if there was a previous token associated
// with this user/app and kill it. If the user is doing this she
// probably doesn't want any old tokens anyway.
$appUser = Oauth_application_user::getByKeys($user, $this->app);
if (!empty($appUser)) {
$result = $appUser->delete();
if (!$result) {
common_log_db_error($appUser, 'DELETE', __FILE__);
throw new ServerException(_('Database error deleting OAuth application user.'));
return;
}
}
// associated the authorized req token with the user and the app
$appUser = new Oauth_application_user();
$appUser->profile_id = $user->id;
$appUser->application_id = $this->app->id;
// Note: do not copy the access type from the application.
// The access type should always be 0 when the OAuth app
// user record has a request token associated with it.
// Access type gets assigned once an access token has been
// granted. The OAuth app user record then gets updated
// with the new access token and access type.
$appUser->token = $this->oauth_token;
$appUser->created = common_sql_now();
$result = $appUser->insert();
if (!$result) {
common_log_db_error($appUser, 'INSERT', __FILE__);
throw new ServerException(_('Database error inserting OAuth application user.'));
return;
}
// if we have a callback redirect and provide the token
// A callback specified in the app setup overrides whatever
// is passed in with the request.
if (!empty($this->app->callback_url)) {
$this->callback = $this->app->callback_url;
}
if (!empty($this->callback)) {
$target_url = $this->getCallback($this->callback, array('oauth_token' => $this->oauth_token));
common_redirect($target_url, 303);
} else {
common_debug("callback was empty!");
}
// otherwise inform the user that the rt was authorized
$this->elementStart('p');
// XXX: Do OAuth 1.0a verifier code
$this->raw(sprintf(_("The request token %s has been authorized. " . 'Please exchange it for an access token.'), $this->oauth_token));
$this->elementEnd('p');
} else {
if ($this->arg('deny')) {
$datastore = new ApiStatusNetOAuthDataStore();
$datastore->revoke_token($this->oauth_token, 0);
$this->elementStart('p');
$this->raw(sprintf(_("The request token %s has been denied and revoked."), $this->oauth_token));
$this->elementEnd('p');
} else {
$this->clientError(_('Unexpected form submission.'));
return;
}
}
}
