function new_request_token($consumer, $callback)
 {
     $t = new Token();
     $t->consumer_key = $consumer->key;
     $t->tok = common_random_hexstr(16);
     $t->secret = common_random_hexstr(16);
     $t->type = 0;
     // request
     $t->state = 0;
     // unauthorized
     $t->verified_callback = $callback;
     if ($callback === 'oob') {
         // six digit pin
         $t->verifier = mt_rand(0, 9999999);
     } else {
         $t->verifier = common_random_hexstr(8);
     }
     $t->created = common_sql_now();
     if (!$t->insert()) {
         return null;
     } else {
         return new OAuthToken($t->tok, $t->secret);
     }
 }
Esempio n. 2
0
 function new_access_token($token, $consumer)
 {
     common_debug('new_access_token("' . $token->key . '","' . $consumer->key . '")', __FILE__);
     $rt = new Token();
     $rt->consumer_key = $consumer->key;
     $rt->tok = $token->key;
     $rt->type = 0;
     // request
     if ($rt->find(true) && $rt->state == 1) {
         // authorized
         common_debug('request token found.', __FILE__);
         $at = new Token();
         $at->consumer_key = $consumer->key;
         $at->tok = common_good_rand(16);
         $at->secret = common_good_rand(16);
         $at->type = 1;
         // access
         $at->created = DB_DataObject_Cast::dateTime();
         if (!$at->insert()) {
             $e = $at->_lastError;
             common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__);
             return null;
         } else {
             common_debug('access token "' . $at->tok . '" inserted', __FILE__);
             // burn the old one
             $orig_rt = clone $rt;
             $rt->state = 2;
             // used
             if (!$rt->update($orig_rt)) {
                 return null;
             }
             common_debug('request token "' . $rt->tok . '" updated', __FILE__);
             // Update subscription
             // XXX: mixing levels here
             $sub = Subscription::staticGet('token', $rt->tok);
             if (!$sub) {
                 return null;
             }
             common_debug('subscription for request token found', __FILE__);
             $orig_sub = clone $sub;
             $sub->token = $at->tok;
             $sub->secret = $at->secret;
             if (!$sub->update($orig_sub)) {
                 return null;
             } else {
                 common_debug('subscription updated to use access token', __FILE__);
                 return new OAuthToken($at->tok, $at->secret);
             }
         }
     } else {
         return null;
     }
 }
Esempio n. 3
0
 function new_access_token($token, $consumer)
 {
     common_debug('new_access_token("' . $token->key . '","' . $consumer->key . '")', __FILE__);
     $rt = new Token();
     $rt->consumer_key = $consumer->key;
     $rt->tok = $token->key;
     $rt->type = 0;
     // request
     $app = Oauth_application::getByConsumerKey($consumer->key);
     if (empty($app)) {
         common_debug("empty app!");
     }
     if ($rt->find(true) && $rt->state == 1) {
         // authorized
         common_debug('request token found.', __FILE__);
         // find the associated user of the app
         $appUser = new Oauth_application_user();
         $appUser->application_id = $app->id;
         $appUser->token = $rt->tok;
         $result = $appUser->find(true);
         if (!empty($result)) {
             common_debug("Oath app user found.");
         } else {
             common_debug("Oauth app user not found. app id {$app->id} token {$rt->tok}");
             return null;
         }
         // go ahead and make the access token
         $at = new Token();
         $at->consumer_key = $consumer->key;
         $at->tok = common_good_rand(16);
         $at->secret = common_good_rand(16);
         $at->type = 1;
         // access
         $at->created = DB_DataObject_Cast::dateTime();
         if (!$at->insert()) {
             $e = $at->_lastError;
             common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__);
             return null;
         } else {
             common_debug('access token "' . $at->tok . '" inserted', __FILE__);
             // burn the old one
             $orig_rt = clone $rt;
             $rt->state = 2;
             // used
             if (!$rt->update($orig_rt)) {
                 return null;
             }
             common_debug('request token "' . $rt->tok . '" updated', __FILE__);
             // update the token from req to access for the user
             $orig = clone $appUser;
             $appUser->token = $at->tok;
             // It's at this point that we change the access type
             // to whatever the application's access is.  Request
             // tokens should always have an access type of 0, and
             // therefore be unuseable for making requests for
             // protected resources.
             $appUser->access_type = $app->access_type;
             $result = $appUser->update($orig);
             if (empty($result)) {
                 common_debug('couldn\'t update OAuth app user.');
                 return null;
             }
             // Okay, good
             return new OAuthToken($at->tok, $at->secret);
         }
     } else {
         return null;
     }
 }