/** * * @return \models\API2ApplicationModel */ public function loadByAppAndRequestToken(API2ApplicationModel $app, $requestToken) { global $DB; $stat = $DB->prepare("SELECT api2_application_request_token.* FROM api2_application_request_token" . " WHERE api2_application_id = :api2_application_id AND request_token = :request_token"); $stat->execute(array('api2_application_id' => $app->getId(), 'request_token' => $requestToken)); if ($stat->rowCount() > 0) { $token = new API2ApplicationRequestTokenModel(); $token->setFromDataBaseRow($stat->fetch()); return $token; } }
function requestTokenJson(Application $app) { $data = array_merge($_GET, $_POST); if (!$app['apiApp'] || !$app['apiAppLoadedBySecret']) { return json_encode(array('success' => false)); } // Settings $requestToken = new \models\API2ApplicationRequestTokenModel(); if ($app['apiApp']->getIsCallbackUrl() && isset($data['callback_url']) && trim($data['callback_url'])) { if ($app['apiApp']->isCallbackUrlAllowed(trim($data['callback_url']))) { $requestToken->setCallbackUrl(trim($data['callback_url'])); } else { return json_encode(array('success' => false, 'error_message' => 'That callback URL is not allowed')); } } if ($app['apiApp']->getIsCallbackDisplay() && isset($data['callback_display']) && strtolower(trim($data['callback_display'])) == "true") { $requestToken->setIsCallbackDisplay(true); } if ($app['apiApp']->getIsCallbackJavascript() && isset($data['callback_javascript']) && strtolower(trim($data['callback_javascript'])) == "true") { $requestToken->setIsCallbackJavascript(true); } // $requestToken->setUserId(); TODO $scopeArray = isset($data['scope']) ? explode(",", str_replace(" ", ",", $data['scope'])) : array(); $requestToken->setIsEditor(in_array('permission_editor', $scopeArray) && $app['apiApp']->getIsEditor()); $requestToken->setStateFromUser(isset($data['state']) ? $data['state'] : null); // Check if (!$requestToken->isAnyCallbackSet()) { return json_encode(array('success' => false, 'error_message' => 'You must pass a callback')); } // Generate Token $tokenRepo = new API2ApplicationRequestTokenRepository(); $token = $tokenRepo->create($app['apiApp'], $requestToken); return json_encode(array('success' => true, 'request_token' => $token->getRequestToken())); }
public function createForAppAndUserFromRequestToken(API2ApplicationModel $app, UserAccountModel $user, API2ApplicationRequestTokenModel $requestToken) { global $DB; $token = new \models\API2ApplicationUserAuthorisationTokenModel(); $token->setApi2ApplicationId($app->getId()); $token->setUserId($user->getId()); $token->setRequestToken($requestToken->getRequestToken()); $token->setAuthorisationToken(createKey(1, 255)); global $DB; try { $DB->beginTransaction(); // Mark Request Token used $stat = $DB->prepare("UPDATE api2_application_request_token SET used_at=:used_at " . "WHERE api2_application_id=:api2_application_id AND request_token=:request_token"); $stat->execute(array('used_at' => \TimeSource::getFormattedForDataBase(), 'api2_application_id' => $app->getId(), 'request_token' => $requestToken->getRequestToken())); // TODO make sure token is unique!!!!! $stat = $DB->prepare("INSERT INTO api2_application_user_authorisation_token (api2_application_id, user_id, authorisation_token, request_token, created_at) " . "VALUES (:api2_application_id, :user_id, :authorisation_token,:request_token, :created_at)"); $stat->execute(array('api2_application_id' => $app->getId(), 'user_id' => $user->getId(), 'authorisation_token' => $token->getAuthorisationToken(), 'request_token' => $token->getRequestToken(), 'created_at' => \TimeSource::getFormattedForDataBase())); $DB->commit(); } catch (Exception $e) { $DB->rollBack(); } return $token; }
/** * @dataProvider dataForTestGetCallbackUrlWithParams */ function testGetCallbackUrlWithParams($url, $params, $result) { $rt = new API2ApplicationRequestTokenModel(); $rt->setCallbackUrl($url); $this->assertEquals($result, $rt->getCallbackUrlWithParams($params)); }