Esempio n. 1
0
 /**
  * Clean up old authorized tokens for specified consumer-user pairs
  *
  * @param Mage_Oauth_Model_Token $exceptToken Token just created to exclude from delete
  * @return int The number of affected rows
  */
 public function cleanOldAuthorizedTokensExcept(Mage_Oauth_Model_Token $exceptToken)
 {
     if (!$exceptToken->getId() || !$exceptToken->getAuthorized()) {
         Mage::throwException('Invalid token to except');
     }
     $adapter = $this->_getWriteAdapter();
     $where = $adapter->quoteInto('authorized = 1 AND consumer_id = ?', $exceptToken->getConsumerId(), Zend_Db::INT_TYPE);
     $where .= $adapter->quoteInto(' AND entity_id <> ?', $exceptToken->getId(), Zend_Db::INT_TYPE);
     if ($exceptToken->getCustomerId()) {
         $where .= $adapter->quoteInto(' AND customer_id = ?', $exceptToken->getCustomerId(), Zend_Db::INT_TYPE);
     } elseif ($exceptToken->getAdminId()) {
         $where .= $adapter->quoteInto(' AND admin_id = ?', $exceptToken->getAdminId(), Zend_Db::INT_TYPE);
     } else {
         Mage::throwException('Invalid token to except');
     }
     return $adapter->delete($this->getMainTable(), $where);
 }
Esempio n. 2
0
 /**
  * Load token object, validate it depending on request type, set access data and save
  *
  * @return Mage_Oauth_Model_Server
  * @throws Mage_Oauth_Exception
  */
 protected function _initToken()
 {
     $this->_token = Mage::getModel('oauth/token');
     if (self::REQUEST_INITIATE != $this->_requestType) {
         $this->_validateTokenParam();
         $this->_token->load($this->_protocolParams['oauth_token'], 'token');
         if (!$this->_token->getId()) {
             $this->_throwException('', self::ERR_TOKEN_REJECTED);
         }
         if (self::REQUEST_TOKEN == $this->_requestType) {
             $this->_validateVerifierParam();
             if ($this->_token->getVerifier() != $this->_protocolParams['oauth_verifier']) {
                 $this->_throwException('', self::ERR_VERIFIER_INVALID);
             }
             if ($this->_token->getConsumerId() != $this->_consumer->getId()) {
                 $this->_throwException('', self::ERR_TOKEN_REJECTED);
             }
             if (Mage_Oauth_Model_Token::TYPE_REQUEST != $this->_token->getType()) {
                 $this->_throwException('', self::ERR_TOKEN_USED);
             }
         } elseif (self::REQUEST_AUTHORIZE == $this->_requestType) {
             if ($this->_token->getAuthorized()) {
                 $this->_throwException('', self::ERR_TOKEN_USED);
             }
         } elseif (self::REQUEST_RESOURCE == $this->_requestType) {
             if (Mage_Oauth_Model_Token::TYPE_ACCESS != $this->_token->getType()) {
                 $this->_throwException('', self::ERR_TOKEN_REJECTED);
             }
             if ($this->_token->getRevoked()) {
                 $this->_throwException('', self::ERR_TOKEN_REVOKED);
             }
             if ($this->_token->getConsumerId() != $this->_consumer->getId()) {
                 $this->_throwException('', self::ERR_TOKEN_REJECTED);
             }
             //TODO: Implement check for expiration (after it implemented in token model)
         }
     } else {
         $this->_validateCallbackUrlParam();
     }
     return $this;
 }
Esempio n. 3
0
 /**
  * Return complete callback URL or boolean FALSE if no callback provided
  *
  * @param Mage_Oauth_Model_Token $token Token object
  * @param bool $rejected OPTIONAL Add user reject sign
  * @return bool|string
  */
 public function getFullCallbackUrl(Mage_Oauth_Model_Token $token, $rejected = false)
 {
     $callbackUrl = $token->getCallbackUrl();
     if (Mage_Oauth_Model_Server::CALLBACK_ESTABLISHED == $callbackUrl) {
         return false;
     }
     if ($rejected) {
         /** @var $consumer Mage_Oauth_Model_Consumer */
         $consumer = Mage::getModel('oauth/consumer')->load($token->getConsumerId());
         if ($consumer->getId() && $consumer->getRejectedCallbackUrl()) {
             $callbackUrl = $consumer->getRejectedCallbackUrl();
         }
     } elseif (!$token->getAuthorized()) {
         Mage::throwException('Token is not authorized');
     }
     $callbackUrl .= false === strpos($callbackUrl, '?') ? '?' : '&';
     $callbackUrl .= 'oauth_token=' . $token->getToken() . '&';
     $callbackUrl .= $rejected ? self::QUERY_PARAM_REJECTED . '=1' : 'oauth_verifier=' . $token->getVerifier();
     return $callbackUrl;
 }