$perms_map = api_oauth2_access_tokens_permissions_map();
$GLOBALS['smarty']->assign_by_ref("permissions", $perms_map);
$ttl_map = api_oauth2_access_tokens_ttl_map();
$GLOBALS['smarty']->assign_by_ref("ttl_map", $ttl_map);
$step = 1;
if (post_isset("done") && crumb_check($crumb_key)) {
$ok = 1;
$title = post_str("title");
$perms = post_str("perms");
$ttl = post_int32("ttl");
$conf = post_str("confirm");
if ($ok && !$title) {
$GLOBALS['smarty']->assign("error", "no_title");
$ok = 0;
}
if ($ok && !api_oauth2_access_tokens_is_valid_permission($perms)) {
$GLOBALS['smarty']->assign("error", "bad_perms");
$ok = 0;
}
# We're not going to worry about descriptions
if ($ok) {
$GLOBALS['smarty']->assign("title", $title);
$GLOBALS['smarty']->assign("perms", $perms);
$GLOBALS['smarty']->assign("ttl", $ttl);
$step = 2;
}
if ($ok && $conf) {
$key = null;
$token = null;
$step = 3;
$description = "";
if (!api_oauth2_access_tokens_is_valid_permission($perms)) {
$GLOBALS['smarty']->assign("error", "bad_perms");
} else {
$rsp = api_oauth2_access_tokens_create($key_row, $GLOBALS['cfg']['user'], $perms, $ttl);
$GLOBALS['smarty']->assign_by_ref("token_rsp", $rsp);
}
} else {
}
}
$GLOBALS['smarty']->display("page_api_oauth2_authenticate_self.txt");
exit;
}
# Okay, let's do this
$ok = 1;
$scope = request_str("scope");
if ($ok && !api_oauth2_access_tokens_is_valid_permission($scope, "string perms")) {
$GLOBALS['smarty']->assign("error", "invalid_scope");
$ok = 0;
}
if ($ok && request_str("redirect_uri") != $key_row['app_callback']) {
$GLOBALS['smarty']->assign("error", "invalid_callback");
$ok = 0;
}
if ($ok && request_str("response_type") != "code") {
$GLOBALS['smarty']->assign("error", "invalid_type");
$ok = 0;
}
# Do we already have a grant token for this user?
# And yes this is a repeat of the code below that should maybe be
# moved in to a function or something. But for now it's fine...
# (20121024/straup)
