static function getByUserAndToken($user, $token)
 {
     if (empty($user) || empty($token)) {
         return null;
     }
     $oau = new Oauth_application_user();
     $oau->profile_id = $user->id;
     $oau->token = $token;
     $oau->limit(1);
     $result = $oau->find(true);
     return empty($result) ? null : $oau;
 }
Esempio n. 2
0
 static function getByKeys($user, $app)
 {
     if (empty($user) || empty($app)) {
         return null;
     }
     $oau = new Oauth_application_user();
     $oau->profile_id = $user->id;
     $oau->application_id = $app->id;
     $oau->limit(1);
     $result = $oau->find(true);
     return empty($result) ? null : $oau;
 }
 function new_access_token($token, $consumer, $verifier = null)
 {
     common_debug(sprintf("New access token from request token %s, consumer %s and verifier %s ", $token, $consumer, $verifier), __FILE__);
     $rt = new Token();
     $rt->consumer_key = $consumer->key;
     $rt->tok = $token->key;
     $rt->type = 0;
     // request
     $app = Oauth_application::getByConsumerKey($consumer->key);
     assert(!empty($app));
     if ($rt->find(true) && $rt->state == 1 && $rt->verifier == $verifier) {
         // authorized
         common_debug('Request token found.', __FILE__);
         // find the app and profile associated with this token
         $tokenAssoc = Oauth_token_association::getKV('token', $rt->tok);
         if (!$tokenAssoc) {
             throw new Exception(_('Could not find a profile and application associated with the request token.'));
         }
         // Check to see if we have previously issued an access token for
         // this application and profile; if so we can just return the
         // existing access token. That seems to be the best practice. It
         // makes it so users only have to authorize the app once per
         // machine.
         $appUser = new Oauth_application_user();
         $appUser->application_id = $app->id;
         $appUser->profile_id = $tokenAssoc->profile_id;
         $result = $appUser->find(true);
         if (!empty($result)) {
             common_log(LOG_INFO, sprintf("Existing access token found for application %s, profile %s.", $app->id, $tokenAssoc->profile_id));
             $at = null;
             // Special case: we used to store request tokens in the
             // Oauth_application_user record, and the access_type would
             // always be 0 (no access) as a failsafe until an access
             // token was issued and replaced the request token. There could
             // be a few old Oauth_application_user records storing request
             // tokens still around, and we don't want to accidentally
             // return a useless request token instead of a new access
             // token. So if we find one, we generate a new access token
             // and update the existing Oauth_application_user record before
             // returning the new access token. This should be rare.
             if ($appUser->access_type == 0) {
                 $at = $this->generateNewAccessToken($consumer, $rt, $verifier);
                 $this->updateAppUser($appUser, $app, $at);
             } else {
                 $at = new Token();
                 // fetch the full access token
                 $at->consumer_key = $consumer->key;
                 $at->tok = $appUser->token;
                 $result = $at->find(true);
                 if (!$result) {
                     throw new Exception(_('Could not issue access token.'));
                 }
             }
             // Yay, we can re-issue the access token
             return new OAuthToken($at->tok, $at->secret);
         } else {
             common_log(LOG_INFO, sprintf("Creating new access token for application %s, profile %s.", $app->id, $tokenAssoc->profile_id));
             $at = $this->generateNewAccessToken($consumer, $rt, $verifier);
             $this->newAppUser($tokenAssoc, $app, $at);
             // Okay, good
             return new OAuthToken($at->tok, $at->secret);
         }
     } else {
         // the token was not authorized or not verfied
         common_log(LOG_INFO, sprintf("API OAuth - Attempt to exchange unauthorized or unverified request token %s for an access token.", $rt->tok));
         return null;
     }
 }
Esempio n. 4
0
 function new_access_token($token, $consumer)
 {
     common_debug('new_access_token("' . $token->key . '","' . $consumer->key . '")', __FILE__);
     $rt = new Token();
     $rt->consumer_key = $consumer->key;
     $rt->tok = $token->key;
     $rt->type = 0;
     // request
     $app = Oauth_application::getByConsumerKey($consumer->key);
     if (empty($app)) {
         common_debug("empty app!");
     }
     if ($rt->find(true) && $rt->state == 1) {
         // authorized
         common_debug('request token found.', __FILE__);
         // find the associated user of the app
         $appUser = new Oauth_application_user();
         $appUser->application_id = $app->id;
         $appUser->token = $rt->tok;
         $result = $appUser->find(true);
         if (!empty($result)) {
             common_debug("Oath app user found.");
         } else {
             common_debug("Oauth app user not found. app id {$app->id} token {$rt->tok}");
             return null;
         }
         // go ahead and make the access token
         $at = new Token();
         $at->consumer_key = $consumer->key;
         $at->tok = common_good_rand(16);
         $at->secret = common_good_rand(16);
         $at->type = 1;
         // access
         $at->created = DB_DataObject_Cast::dateTime();
         if (!$at->insert()) {
             $e = $at->_lastError;
             common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__);
             return null;
         } else {
             common_debug('access token "' . $at->tok . '" inserted', __FILE__);
             // burn the old one
             $orig_rt = clone $rt;
             $rt->state = 2;
             // used
             if (!$rt->update($orig_rt)) {
                 return null;
             }
             common_debug('request token "' . $rt->tok . '" updated', __FILE__);
             // update the token from req to access for the user
             $orig = clone $appUser;
             $appUser->token = $at->tok;
             // It's at this point that we change the access type
             // to whatever the application's access is.  Request
             // tokens should always have an access type of 0, and
             // therefore be unuseable for making requests for
             // protected resources.
             $appUser->access_type = $app->access_type;
             $result = $appUser->update($orig);
             if (empty($result)) {
                 common_debug('couldn\'t update OAuth app user.');
                 return null;
             }
             // Okay, good
             return new OAuthToken($at->tok, $at->secret);
         }
     } else {
         return null;
     }
 }
Esempio n. 5
0
 function new_access_token($token, $consumer, $verifier)
 {
     common_debug(sprintf("New access token from request token %s, consumer %s and verifier %s ", $token, $consumer, $verifier), __FILE__);
     $rt = new Token();
     $rt->consumer_key = $consumer->key;
     $rt->tok = $token->key;
     $rt->type = 0;
     // request
     $app = Oauth_application::getByConsumerKey($consumer->key);
     assert(!empty($app));
     if ($rt->find(true) && $rt->state == 1 && $rt->verifier == $verifier) {
         // authorized
         common_debug('Request token found.', __FILE__);
         // find the app and profile associated with this token
         $tokenAssoc = Oauth_token_association::staticGet('token', $rt->tok);
         if (!$tokenAssoc) {
             throw new Exception(_('Could not find a profile and application associated with the request token.'));
         }
         // check to see if we have previously issued an access token for this application
         // and profile
         $appUser = new Oauth_application_user();
         $appUser->application_id = $app->id;
         $appUser->profile_id = $tokenAssoc->profile_id;
         $result = $appUser->find(true);
         if (!empty($result)) {
             common_log(LOG_INFO, sprintf("Existing access token found for application %s, profile %s.", $app->id, $tokenAssoc->profile_id));
             $at = new Token();
             // fetch the full access token
             $at->consumer_key = $consumer->key;
             $at->tok = $appUser->token;
             $result = $at->find(true);
             if (!$result) {
                 throw new Exception(_('Could not issue access token.'));
             }
             // Yay, we can re-issue the access token
             return new OAuthToken($at->tok, $at->secret);
         } else {
             common_log(LOG_INFO, sprintf("Creating new access token for application %s, profile %s.", $app->id, $tokenAssoc->profile_id));
             // make a brand new access token
             $at = new Token();
             $at->consumer_key = $consumer->key;
             $at->tok = common_good_rand(16);
             $at->secret = common_good_rand(16);
             $at->type = 1;
             // access
             $at->verifier = $verifier;
             $at->verified_callback = $rt->verified_callback;
             // 1.0a
             $at->created = common_sql_now();
             if (!$at->insert()) {
                 $e = $at->_lastError;
                 common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__);
                 return null;
             } else {
                 common_debug('access token "' . $at->tok . '" inserted', __FILE__);
                 // burn the old one
                 $orig_rt = clone $rt;
                 $rt->state = 2;
                 // used
                 if (!$rt->update($orig_rt)) {
                     return null;
                 }
                 common_debug('request token "' . $rt->tok . '" updated', __FILE__);
             }
             // insert a new Oauth_application_user record w/access token
             $appUser = new Oauth_application_user();
             $appUser->profile_id = $tokenAssoc->profile_id;
             $appUser->application_id = $app->id;
             $appUser->access_type = $app->access_type;
             $appUser->token = $at->tok;
             $appUser->created = common_sql_now();
             $result = $appUser->insert();
             if (!$result) {
                 common_log_db_error($appUser, 'INSERT', __FILE__);
                 // TRANS: Server error displayed when a database error occurs.
                 $this->serverError(_('Database error inserting OAuth application user.'));
             }
             // Okay, good
             return new OAuthToken($at->tok, $at->secret);
         }
     } else {
         // the token was not authorized or not verfied
         common_log(LOG_INFO, sprintf("API OAuth - Attempt to exchange unauthorized or unverified request token %s for an access token.", $rt->tok));
         return null;
     }
 }