$perms_map = api_oauth2_access_tokens_permissions_map(); $GLOBALS['smarty']->assign_by_ref("permissions", $perms_map); $ttl_map = api_oauth2_access_tokens_ttl_map(); $GLOBALS['smarty']->assign_by_ref("ttl_map", $ttl_map); $step = 1; if (post_isset("done") && crumb_check($crumb_key)) { $ok = 1; $title = post_str("title"); $perms = post_str("perms"); $ttl = post_int32("ttl"); $conf = post_str("confirm"); if ($ok && !$title) { $GLOBALS['smarty']->assign("error", "no_title"); $ok = 0; } if ($ok && !api_oauth2_access_tokens_is_valid_permission($perms)) { $GLOBALS['smarty']->assign("error", "bad_perms"); $ok = 0; } # We're not going to worry about descriptions if ($ok) { $GLOBALS['smarty']->assign("title", $title); $GLOBALS['smarty']->assign("perms", $perms); $GLOBALS['smarty']->assign("ttl", $ttl); $step = 2; } if ($ok && $conf) { $key = null; $token = null; $step = 3; $description = "";
if (!api_oauth2_access_tokens_is_valid_permission($perms)) { $GLOBALS['smarty']->assign("error", "bad_perms"); } else { $rsp = api_oauth2_access_tokens_create($key_row, $GLOBALS['cfg']['user'], $perms, $ttl); $GLOBALS['smarty']->assign_by_ref("token_rsp", $rsp); } } else { } } $GLOBALS['smarty']->display("page_api_oauth2_authenticate_self.txt"); exit; } # Okay, let's do this $ok = 1; $scope = request_str("scope"); if ($ok && !api_oauth2_access_tokens_is_valid_permission($scope, "string perms")) { $GLOBALS['smarty']->assign("error", "invalid_scope"); $ok = 0; } if ($ok && request_str("redirect_uri") != $key_row['app_callback']) { $GLOBALS['smarty']->assign("error", "invalid_callback"); $ok = 0; } if ($ok && request_str("response_type") != "code") { $GLOBALS['smarty']->assign("error", "invalid_type"); $ok = 0; } # Do we already have a grant token for this user? # And yes this is a repeat of the code below that should maybe be # moved in to a function or something. But for now it's fine... # (20121024/straup)