Пример #1
0
 /**
  * Class handler.
  * 
  * @param array $args array of arguments
  *
  * @return void
  */
 function handle($args)
 {
     parent::handle($args);
     try {
         common_remove_magic_from_request();
         $req = OAuthRequest::from_request();
         $server = omb_oauth_server();
         $token = $server->fetch_request_token($req);
         print $token;
     } catch (OAuthException $e) {
         $this->serverError($e->getMessage());
     }
 }
Пример #2
0
 function handle($args)
 {
     parent::handle($args);
     try {
         common_remove_magic_from_request();
         $req = OAuthRequest::from_request();
         # Note: server-to-server function!
         $server = omb_oauth_server();
         list($consumer, $token) = $server->verify_request($req);
         if ($this->save_notice($req, $consumer, $token)) {
             print "omb_version=" . OMB_VERSION_01;
         }
     } catch (OAuthException $e) {
         $this->serverError($e->getMessage());
         return;
     }
 }
Пример #3
0
 /**
  * Class handler.
  *
  * @param array $args query arguments
  *
  * @return boolean false if user doesn't exist
  */
 function handle($args)
 {
     parent::handle($args);
     try {
         common_debug('getting request from env variables', __FILE__);
         common_remove_magic_from_request();
         $req = OAuthRequest::from_request();
         common_debug('getting a server', __FILE__);
         $server = omb_oauth_server();
         common_debug('fetching the access token', __FILE__);
         $token = $server->fetch_access_token($req);
         common_debug('got this token: "' . print_r($token, true) . '"', __FILE__);
         common_debug('printing the access token', __FILE__);
         print $token;
     } catch (OAuthException $e) {
         $this->serverError($e->getMessage());
     }
 }
Пример #4
0
 function handle($args)
 {
     parent::handle($args);
     try {
         common_remove_magic_from_request();
         $req = OAuthRequest::from_request();
         # Note: server-to-server function!
         $server = omb_oauth_server();
         list($consumer, $token) = $server->verify_request($req);
         if ($this->update_profile($req, $consumer, $token)) {
             header('HTTP/1.1 200 OK');
             header('Content-type: text/plain');
             print "omb_version=" . OMB_VERSION_01;
         }
     } catch (OAuthException $e) {
         $this->serverError($e->getMessage());
         return;
     }
 }
Пример #5
0
 function handle($args)
 {
     parent::handle($args);
     if (common_logged_in()) {
         $this->clientError(_('You can use the local subscription!'));
         return;
     }
     $omb = $_SESSION['oauth_authorization_request'];
     if (!$omb) {
         $this->clientError(_('Not expecting this response!'));
         return;
     }
     common_debug('stored request: ' . print_r($omb, true), __FILE__);
     common_remove_magic_from_request();
     $req = OAuthRequest::from_request();
     $token = $req->get_parameter('oauth_token');
     # I think this is the success metric
     if ($token != $omb['token']) {
         $this->clientError(_('Not authorized.'));
         return;
     }
     $version = $req->get_parameter('omb_version');
     if ($version != OMB_VERSION_01) {
         $this->clientError(_('Unknown version of OMB protocol.'));
         return;
     }
     $nickname = $req->get_parameter('omb_listener_nickname');
     if (!$nickname) {
         $this->clientError(_('No nickname provided by remote server.'));
         return;
     }
     $profile_url = $req->get_parameter('omb_listener_profile');
     if (!$profile_url) {
         $this->clientError(_('No profile URL returned by server.'));
         return;
     }
     if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) {
         $this->clientError(_('Invalid profile URL returned by server.'));
         return;
     }
     if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) {
         $this->clientError(_('You can use the local subscription!'));
         return;
     }
     common_debug('listenee: "' . $omb['listenee'] . '"', __FILE__);
     $user = User::staticGet('nickname', $omb['listenee']);
     if (!$user) {
         $this->clientError(_('User being listened to doesn\'t exist.'));
         return;
     }
     $other = User::staticGet('uri', $omb['listener']);
     if ($other) {
         $this->clientError(_('You can use the local subscription!'));
         return;
     }
     $fullname = $req->get_parameter('omb_listener_fullname');
     $homepage = $req->get_parameter('omb_listener_homepage');
     $bio = $req->get_parameter('omb_listener_bio');
     $location = $req->get_parameter('omb_listener_location');
     $avatar_url = $req->get_parameter('omb_listener_avatar');
     list($newtok, $newsecret) = $this->access_token($omb);
     if (!$newtok || !$newsecret) {
         $this->clientError(_('Couldn\'t convert request tokens to access tokens.'));
         return;
     }
     # XXX: possible attack point; subscribe and return someone else's profile URI
     $remote = Remote_profile::staticGet('uri', $omb['listener']);
     if ($remote) {
         $exists = true;
         $profile = Profile::staticGet($remote->id);
         $orig_remote = clone $remote;
         $orig_profile = clone $profile;
         # XXX: compare current postNotice and updateProfile URLs to the ones
         # stored in the DB to avoid (possibly...) above attack
     } else {
         $exists = false;
         $remote = new Remote_profile();
         $remote->uri = $omb['listener'];
         $profile = new Profile();
     }
     $profile->nickname = $nickname;
     $profile->profileurl = $profile_url;
     if (!is_null($fullname)) {
         $profile->fullname = $fullname;
     }
     if (!is_null($homepage)) {
         $profile->homepage = $homepage;
     }
     if (!is_null($bio)) {
         $profile->bio = $bio;
     }
     if (!is_null($location)) {
         $profile->location = $location;
     }
     if ($exists) {
         $profile->update($orig_profile);
     } else {
         $profile->created = DB_DataObject_Cast::dateTime();
         # current time
         $id = $profile->insert();
         if (!$id) {
             $this->serverError(_('Error inserting new profile'));
             return;
         }
         $remote->id = $id;
     }
     if ($avatar_url) {
         if (!$this->add_avatar($profile, $avatar_url)) {
             $this->serverError(_('Error inserting avatar'));
             return;
         }
     }
     $remote->postnoticeurl = $omb['post_notice_url'];
     $remote->updateprofileurl = $omb['update_profile_url'];
     if ($exists) {
         if (!$remote->update($orig_remote)) {
             $this->serverError(_('Error updating remote profile'));
             return;
         }
     } else {
         $remote->created = DB_DataObject_Cast::dateTime();
         # current time
         if (!$remote->insert()) {
             $this->serverError(_('Error inserting remote profile'));
             return;
         }
     }
     if ($user->hasBlocked($profile)) {
         $this->clientError(_('That user has blocked you from subscribing.'));
         return;
     }
     $sub = new Subscription();
     $sub->subscriber = $remote->id;
     $sub->subscribed = $user->id;
     $sub_exists = false;
     if ($sub->find(true)) {
         $sub_exists = true;
         $orig_sub = clone $sub;
     } else {
         $sub_exists = false;
         $sub->created = DB_DataObject_Cast::dateTime();
         # current time
     }
     $sub->token = $newtok;
     $sub->secret = $newsecret;
     if ($sub_exists) {
         $result = $sub->update($orig_sub);
     } else {
         $result = $sub->insert();
     }
     if (!$result) {
         common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__);
         $this->clientError(_('Couldn\'t insert new subscription.'));
         return;
     }
     # Notify user, if necessary
     mail_subscribe_notify_profile($user, $profile);
     # Clear the data
     unset($_SESSION['oauth_authorization_request']);
     # If we show subscriptions in reverse chron order, this should
     # show up close to the top of the page
     common_redirect(common_local_url('subscribers', array('nickname' => $user->nickname)));
 }
Пример #6
0
 function getNewRequest()
 {
     common_remove_magic_from_request();
     $req = OAuthRequest::from_request();
     return $req;
 }