/** * Save passed profile * * Stores the OMB profile $profile. Overwrites an existing entry. * Throws exceptions in case of error. * * @param OMB_Profile $profile The OMB profile which should be saved * * @access public **/ public function saveProfile($omb_profile) { if (common_profile_url($omb_profile->getNickname()) == $omb_profile->getProfileURL()) { throw new Exception('Not implemented'); } else { $remote = Remote_profile::staticGet('uri', $omb_profile->getIdentifierURI()); if ($remote) { $exists = true; $profile = Profile::staticGet($remote->id); $orig_remote = clone $remote; $orig_profile = clone $profile; // XXX: compare current postNotice and updateProfile URLs to the ones // stored in the DB to avoid (possibly...) above attack } else { $exists = false; $remote = new Remote_profile(); $remote->uri = $omb_profile->getIdentifierURI(); $profile = new Profile(); } $profile->nickname = $omb_profile->getNickname(); $profile->profileurl = $omb_profile->getProfileURL(); $fullname = $omb_profile->getFullname(); $profile->fullname = is_null($fullname) ? '' : $fullname; $homepage = $omb_profile->getHomepage(); $profile->homepage = is_null($homepage) ? '' : $homepage; $bio = $omb_profile->getBio(); $profile->bio = is_null($bio) ? '' : $bio; $location = $omb_profile->getLocation(); $profile->location = is_null($location) ? '' : $location; if ($exists) { $profile->update($orig_profile); } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); if (!$id) { // TRANS: Exception thrown when creating a new profile fails in OAuth store. throw new Exception(_('Error inserting new profile.')); } $remote->id = $id; } $avatar_url = $omb_profile->getAvatarURL(); if ($avatar_url) { if (!$this->add_avatar($profile, $avatar_url)) { // TRANS: Exception thrown when creating a new avatar fails in OAuth store. throw new Exception(_('Error inserting avatar.')); } } else { $avatar = $profile->getOriginalAvatar(); if ($avatar) { $avatar->delete(); } $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); if ($avatar) { $avatar->delete(); } $avatar = $profile->getAvatar(AVATAR_STREAM_SIZE); if ($avatar) { $avatar->delete(); } $avatar = $profile->getAvatar(AVATAR_MINI_SIZE); if ($avatar) { $avatar->delete(); } } if ($exists) { if (!$remote->update($orig_remote)) { // TRANS: Exception thrown when updating a remote profile fails in OAuth store. throw new Exception(_('Error updating remote profile.')); } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time if (!$remote->insert()) { // TRANS: Exception thrown when creating a remote profile fails in OAuth store. throw new Exception(_('Error inserting remote profile.')); } } } }
function ensureProfile($user) { // check to see if there's already a profile for this user $profileurl = 'http://twitter.com/' . $user->screen_name; $profile = $this->getProfileByUrl($user->screen_name, $profileurl); if (!empty($profile)) { common_debug($this->name() . " - Profile for {$profile->nickname} found."); // Check to see if the user's Avatar has changed $this->checkAvatar($user, $profile); return $profile; } else { common_debug($this->name() . ' - Adding profile and remote profile ' . "for Twitter user: {$profileurl}."); $profile = new Profile(); $profile->query("BEGIN"); $profile->nickname = $user->screen_name; $profile->fullname = $user->name; $profile->homepage = $user->url; $profile->bio = $user->description; $profile->location = $user->location; $profile->profileurl = $profileurl; $profile->created = common_sql_now(); try { $id = $profile->insert(); } catch (Exception $e) { common_log(LOG_WARNING, $this->name() . ' Couldn\'t insert profile - ' . $e->getMessage()); } if (empty($id)) { common_log_db_error($profile, 'INSERT', __FILE__); $profile->query("ROLLBACK"); return false; } // check for remote profile $remote_pro = Remote_profile::staticGet('uri', $profileurl); if (empty($remote_pro)) { $remote_pro = new Remote_profile(); $remote_pro->id = $id; $remote_pro->uri = $profileurl; $remote_pro->created = common_sql_now(); try { $rid = $remote_pro->insert(); } catch (Exception $e) { common_log(LOG_WARNING, $this->name() . ' Couldn\'t save remote profile - ' . $e->getMessage()); } if (empty($rid)) { common_log_db_error($profile, 'INSERT', __FILE__); $profile->query("ROLLBACK"); return false; } } $profile->query("COMMIT"); $this->saveAvatars($user, $id); return $profile; } }
function ensureProfile($user) { // check to see if there's already a profile for this user $profileurl = 'http://twitter.com/' . $user->screen_name; $profile = Profile::staticGet('profileurl', $profileurl); if ($profile) { if (defined('SCRIPT_DEBUG')) { common_debug("Profile for {$profile->nickname} found."); } // Check to see if the user's Avatar has changed $this->checkAvatar($user, $profile); return $profile->id; } else { if (defined('SCRIPT_DEBUG')) { common_debug('Adding profile and remote profile ' . "for Twitter user: {$profileurl}"); } $profile = new Profile(); $profile->query("BEGIN"); $profile->nickname = $user->screen_name; $profile->fullname = $user->name; $profile->homepage = $user->url; $profile->bio = $user->description; $profile->location = $user->location; $profile->profileurl = $profileurl; $profile->created = common_sql_now(); $id = $profile->insert(); if (empty($id)) { common_log_db_error($profile, 'INSERT', __FILE__); $profile->query("ROLLBACK"); return false; } // check for remote profile $remote_pro = Remote_profile::staticGet('uri', $profileurl); if (!$remote_pro) { $remote_pro = new Remote_profile(); $remote_pro->id = $id; $remote_pro->uri = $profileurl; $remote_pro->created = common_sql_now(); $rid = $remote_pro->insert(); if (empty($rid)) { common_log_db_error($profile, 'INSERT', __FILE__); $profile->query("ROLLBACK"); return false; } } $profile->query("COMMIT"); $this->saveAvatars($user, $id); return $id; } }
function handle($args) { parent::handle($args); if (common_logged_in()) { $this->clientError(_('You can use the local subscription!')); return; } $omb = $_SESSION['oauth_authorization_request']; if (!$omb) { $this->clientError(_('Not expecting this response!')); return; } common_debug('stored request: ' . print_r($omb, true), __FILE__); common_remove_magic_from_request(); $req = OAuthRequest::from_request(); $token = $req->get_parameter('oauth_token'); # I think this is the success metric if ($token != $omb['token']) { $this->clientError(_('Not authorized.')); return; } $version = $req->get_parameter('omb_version'); if ($version != OMB_VERSION_01) { $this->clientError(_('Unknown version of OMB protocol.')); return; } $nickname = $req->get_parameter('omb_listener_nickname'); if (!$nickname) { $this->clientError(_('No nickname provided by remote server.')); return; } $profile_url = $req->get_parameter('omb_listener_profile'); if (!$profile_url) { $this->clientError(_('No profile URL returned by server.')); return; } if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) { $this->clientError(_('Invalid profile URL returned by server.')); return; } if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) { $this->clientError(_('You can use the local subscription!')); return; } common_debug('listenee: "' . $omb['listenee'] . '"', __FILE__); $user = User::staticGet('nickname', $omb['listenee']); if (!$user) { $this->clientError(_('User being listened to doesn\'t exist.')); return; } $other = User::staticGet('uri', $omb['listener']); if ($other) { $this->clientError(_('You can use the local subscription!')); return; } $fullname = $req->get_parameter('omb_listener_fullname'); $homepage = $req->get_parameter('omb_listener_homepage'); $bio = $req->get_parameter('omb_listener_bio'); $location = $req->get_parameter('omb_listener_location'); $avatar_url = $req->get_parameter('omb_listener_avatar'); list($newtok, $newsecret) = $this->access_token($omb); if (!$newtok || !$newsecret) { $this->clientError(_('Couldn\'t convert request tokens to access tokens.')); return; } # XXX: possible attack point; subscribe and return someone else's profile URI $remote = Remote_profile::staticGet('uri', $omb['listener']); if ($remote) { $exists = true; $profile = Profile::staticGet($remote->id); $orig_remote = clone $remote; $orig_profile = clone $profile; # XXX: compare current postNotice and updateProfile URLs to the ones # stored in the DB to avoid (possibly...) above attack } else { $exists = false; $remote = new Remote_profile(); $remote->uri = $omb['listener']; $profile = new Profile(); } $profile->nickname = $nickname; $profile->profileurl = $profile_url; if (!is_null($fullname)) { $profile->fullname = $fullname; } if (!is_null($homepage)) { $profile->homepage = $homepage; } if (!is_null($bio)) { $profile->bio = $bio; } if (!is_null($location)) { $profile->location = $location; } if ($exists) { $profile->update($orig_profile); } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); if (!$id) { $this->serverError(_('Error inserting new profile')); return; } $remote->id = $id; } if ($avatar_url) { if (!$this->add_avatar($profile, $avatar_url)) { $this->serverError(_('Error inserting avatar')); return; } } $remote->postnoticeurl = $omb['post_notice_url']; $remote->updateprofileurl = $omb['update_profile_url']; if ($exists) { if (!$remote->update($orig_remote)) { $this->serverError(_('Error updating remote profile')); return; } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time if (!$remote->insert()) { $this->serverError(_('Error inserting remote profile')); return; } } if ($user->hasBlocked($profile)) { $this->clientError(_('That user has blocked you from subscribing.')); return; } $sub = new Subscription(); $sub->subscriber = $remote->id; $sub->subscribed = $user->id; $sub_exists = false; if ($sub->find(true)) { $sub_exists = true; $orig_sub = clone $sub; } else { $sub_exists = false; $sub->created = DB_DataObject_Cast::dateTime(); # current time } $sub->token = $newtok; $sub->secret = $newsecret; if ($sub_exists) { $result = $sub->update($orig_sub); } else { $result = $sub->insert(); } if (!$result) { common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__); $this->clientError(_('Couldn\'t insert new subscription.')); return; } # Notify user, if necessary mail_subscribe_notify_profile($user, $profile); # Clear the data unset($_SESSION['oauth_authorization_request']); # If we show subscriptions in reverse chron order, this should # show up close to the top of the page common_redirect(common_local_url('subscribers', array('nickname' => $user->nickname))); }
function saveRemoteProfile(&$req) { # FIXME: we should really do this when the consumer comes # back for an access token. If they never do, we've got stuff in a # weird state. $nickname = $req->get_parameter('omb_listenee_nickname'); $fullname = $req->get_parameter('omb_listenee_fullname'); $profile_url = $req->get_parameter('omb_listenee_profile'); $homepage = $req->get_parameter('omb_listenee_homepage'); $bio = $req->get_parameter('omb_listenee_bio'); $location = $req->get_parameter('omb_listenee_location'); $avatar_url = $req->get_parameter('omb_listenee_avatar'); $listenee = $req->get_parameter('omb_listenee'); $remote = Remote_profile::staticGet('uri', $listenee); if ($remote) { $exists = true; $profile = Profile::staticGet($remote->id); $orig_remote = clone $remote; $orig_profile = clone $profile; } else { $exists = false; $remote = new Remote_profile(); $remote->uri = $listenee; $profile = new Profile(); } $profile->nickname = $nickname; $profile->profileurl = $profile_url; if (!is_null($fullname)) { $profile->fullname = $fullname; } if (!is_null($homepage)) { $profile->homepage = $homepage; } if (!is_null($bio)) { $profile->bio = $bio; } if (!is_null($location)) { $profile->location = $location; } if ($exists) { $profile->update($orig_profile); } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); if (!$id) { return false; } $remote->id = $id; } if ($exists) { if (!$remote->update($orig_remote)) { return false; } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time if (!$remote->insert()) { return false; } } if ($avatar_url) { if (!$this->addAvatar($profile, $avatar_url)) { return false; } } $user = common_current_user(); $datastore = omb_oauth_datastore(); $consumer = $this->getConsumer($datastore, $req); $token = $this->getToken($datastore, $req, $consumer); $sub = new Subscription(); $sub->subscriber = $user->id; $sub->subscribed = $remote->id; $sub->token = $token->key; # NOTE: request token, not valid for use! $sub->created = DB_DataObject_Cast::dateTime(); # current time if (!$sub->insert()) { return false; } return true; }