function showApplication() { $user = common_current_user(); $this->out->elementStart('li', array('class' => 'application', 'id' => 'oauthclient-' . $this->application->id)); $this->out->elementStart('span', 'vcard author'); if (!$this->connections) { $this->out->elementStart('a', array('href' => common_local_url('showapplication', array('id' => $this->application->id)), 'class' => 'url')); } else { $this->out->elementStart('a', array('href' => $this->application->source_url, 'class' => 'url')); } if (!empty($this->application->icon)) { $this->out->element('img', array('src' => $this->application->icon, 'class' => 'photo avatar')); } $this->out->element('span', 'fn', $this->application->name); $this->out->elementEnd('a'); $this->out->elementEnd('span'); $this->out->raw(' by '); $this->out->element('a', array('href' => $this->application->homepage, 'class' => 'url'), $this->application->organization); $this->out->element('p', 'note', $this->application->description); $this->out->elementEnd('li'); if ($this->connections) { $appUser = Oauth_application_user::getByKeys($this->owner, $this->application); if (empty($appUser)) { common_debug("empty appUser!"); } $this->out->elementStart('li'); $access = $this->application->access_type & Oauth_application::$writeAccess ? 'read-write' : 'read-only'; $txt = 'Approved ' . common_date_string($appUser->modified) . " - {$access} access."; $this->out->raw($txt); $this->out->elementEnd('li'); $this->out->elementStart('li', 'entity_revoke'); $this->out->elementStart('form', array('id' => 'form_revoke_app', 'class' => 'form_revoke_app', 'method' => 'POST', 'action' => common_local_url('oauthconnectionssettings'))); $this->out->elementStart('fieldset'); $this->out->hidden('id', $this->application->id); $this->out->hidden('token', common_session_token()); $this->out->submit('revoke', _('Revoke')); $this->out->elementEnd('fieldset'); $this->out->elementEnd('form'); $this->out->elementEnd('li'); } }
function showApplication() { $user = common_current_user(); $this->out->elementStart('li', array('class' => 'application', 'id' => 'oauthclient-' . $this->application->id)); $this->out->elementStart('span', 'vcard author'); if (!$this->connections) { $this->out->elementStart('a', array('href' => common_local_url('showapplication', array('id' => $this->application->id)), 'class' => 'url')); } else { $this->out->elementStart('a', array('href' => $this->application->source_url, 'class' => 'url')); } if (!empty($this->application->icon)) { $this->out->element('img', array('src' => $this->application->icon, 'class' => 'photo avatar')); } $this->out->element('span', 'fn', $this->application->name); $this->out->elementEnd('a'); $this->out->elementEnd('span'); $this->out->raw(' by '); $this->out->element('a', array('href' => $this->application->homepage, 'class' => 'url'), $this->application->organization); $this->out->element('p', 'note', $this->application->description); $this->out->elementEnd('li'); if ($this->connections) { $appUser = Oauth_application_user::getByKeys($this->owner, $this->application); if (empty($appUser)) { common_debug("empty appUser!"); } $this->out->elementStart('li'); // TRANS: Application access type $readWriteText = _('read-write'); // TRANS: Application access type $readOnlyText = _('read-only'); $access = $this->application->access_type & Oauth_application::$writeAccess ? $readWriteText : $readOnlyText; $modifiedDate = common_date_string($appUser->modified); // TRANS: Used in application list. %1$s is a modified date, %2$s is access type (read-write or read-only) $txt = sprintf(_('Approved %1$s - "%2$s" access.'), $modifiedDate, $access); $this->out->raw($txt); $this->out->elementEnd('li'); $this->out->elementStart('li', 'entity_revoke'); $this->out->elementStart('form', array('id' => 'form_revoke_app', 'class' => 'form_revoke_app', 'method' => 'POST', 'action' => common_local_url('oauthconnectionssettings'))); $this->out->elementStart('fieldset'); $this->out->hidden('id', $this->application->id); $this->out->hidden('token', common_session_token()); // TRANS: Button label $this->out->submit('revoke', _m('BUTTON', 'Revoke')); $this->out->elementEnd('fieldset'); $this->out->elementEnd('form'); $this->out->elementEnd('li'); } }
function handlePost() { // check session token for CSRF protection. $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { $this->showForm(_('There was a problem with your session token. ' . 'Try again, please.')); return; } // check creds $user = null; if (!common_logged_in()) { $user = common_check_user($this->nickname, $this->password); if (empty($user)) { $this->showForm(_("Invalid nickname / password!")); return; } } else { $user = common_current_user(); } if ($this->arg('allow')) { // mark the req token as authorized $this->store->authorize_token($this->oauth_token); // Check to see if there was a previous token associated // with this user/app and kill it. If the user is doing this she // probably doesn't want any old tokens anyway. $appUser = Oauth_application_user::getByKeys($user, $this->app); if (!empty($appUser)) { $result = $appUser->delete(); if (!$result) { common_log_db_error($appUser, 'DELETE', __FILE__); throw new ServerException(_('Database error deleting OAuth application user.')); return; } } // associated the authorized req token with the user and the app $appUser = new Oauth_application_user(); $appUser->profile_id = $user->id; $appUser->application_id = $this->app->id; // Note: do not copy the access type from the application. // The access type should always be 0 when the OAuth app // user record has a request token associated with it. // Access type gets assigned once an access token has been // granted. The OAuth app user record then gets updated // with the new access token and access type. $appUser->token = $this->oauth_token; $appUser->created = common_sql_now(); $result = $appUser->insert(); if (!$result) { common_log_db_error($appUser, 'INSERT', __FILE__); throw new ServerException(_('Database error inserting OAuth application user.')); return; } // if we have a callback redirect and provide the token // A callback specified in the app setup overrides whatever // is passed in with the request. if (!empty($this->app->callback_url)) { $this->callback = $this->app->callback_url; } if (!empty($this->callback)) { $target_url = $this->getCallback($this->callback, array('oauth_token' => $this->oauth_token)); common_redirect($target_url, 303); } else { common_debug("callback was empty!"); } // otherwise inform the user that the rt was authorized $this->elementStart('p'); // XXX: Do OAuth 1.0a verifier code $this->raw(sprintf(_("The request token %s has been authorized. " . 'Please exchange it for an access token.'), $this->oauth_token)); $this->elementEnd('p'); } else { if ($this->arg('deny')) { $datastore = new ApiStatusNetOAuthDataStore(); $datastore->revoke_token($this->oauth_token, 0); $this->elementStart('p'); $this->raw(sprintf(_("The request token %s has been denied and revoked."), $this->oauth_token)); $this->elementEnd('p'); } else { $this->clientError(_('Unexpected form submission.')); return; } } }
/** * Revoke access to an authorized OAuth application * * @param int $appId the ID of the application * */ function revokeAccess($appId) { $cur = common_current_user(); $app = Oauth_application::staticGet('id', $appId); if (empty($app)) { $this->clientError(_('No such application.'), 404); return false; } // XXX: Transaction here? $appUser = Oauth_application_user::getByKeys($cur, $app); if (empty($appUser)) { $this->clientError(_('You are not a user of that application.'), 401); return false; } $datastore = new ApiStatusNetOAuthDataStore(); $datastore->revoke_token($appUser->token, 1); $result = $appUser->delete(); if (!$result) { common_log_db_error($orig, 'DELETE', __FILE__); $this->clientError(sprintf(_('Unable to revoke access for app: %s.'), $app->id)); return false; } $msg = 'User %s (id: %d) revoked access to app %s (id: %d)'; common_log(LOG_INFO, sprintf($msg, $cur->nickname, $cur->id, $app->name, $app->id)); }