public function userTokenJson(Application $app) { $appRepo = new API2ApplicationRepository(); $appRequestTokenRepo = new API2ApplicationRequestTokenRepository(); $userAuthorisationTokenRepo = new API2ApplicationUserAuthorisationTokenRepository(); $userTokenRepo = new API2ApplicationUserTokenRepository(); if (!$app['apiApp'] || !$app['apiAppLoadedBySecret']) { return json_encode(array('success' => false)); } // Load and check request token! $data = array_merge($_GET, $_POST); $authorisationToken = $data['authorisation_token'] && $data['request_token'] ? $userAuthorisationTokenRepo->loadByAppAndAuthorisationTokenAndRequestToken($app['apiApp'], $data['authorisation_token'], $data['request_token']) : null; if (!$authorisationToken || $authorisationToken->getIsUsed()) { return json_encode(array('success' => false)); } // get user tokens $userTokenRepo->createForAppAndUserId($app['apiApp'], $authorisationToken->getUserId()); $userToken = $userTokenRepo->loadByAppAndUserID($app['apiApp'], $authorisationToken->getUserId()); // mark token used $userAuthorisationTokenRepo->markTokenUsed($authorisationToken); // return if ($userToken) { return json_encode(array('success' => true, 'permissions' => array('is_editor' => $userToken->getIsEditor()), 'user_token' => $userToken->getUserToken(), 'user_secret' => $userToken->getUserSecret())); } else { // This might happen if user redraws permissions from app between logging in and app gotting tokens, // since loadByAppAndUserID() checks user permisisons. return json_encode(array('success' => false)); } }