protected function getResponse(Provider\Consumer $consumer, Provider\Request $request) { if ($this->nonce == $request->getNonce()) { throw new Exception('Nonce hasnt changed'); } if ($this->verifier != $request->getVerifier()) { throw new Exception('Invalid verifier'); } // the access token can be used six month $expire = 'P6M'; // generate a new access token $token = Security::generateToken(); $tokenSecret = Security::generateToken(); $date = new DateTime('NOW', $this->registry['core.default_timezone']); $con = new Condition(array('id', '=', $this->requestId)); $this->sql->update($this->registry['table.oauth_request'], array('status' => Oauth\Record::ACCESS, 'token' => $token, 'tokenSecret' => $tokenSecret, 'expire' => $expire, 'date' => $date->format(DateTime::SQL)), $con); $response = new Provider\Response(); $response->setToken($token); $response->setTokenSecret($tokenSecret); return $response; }
protected function getResponse(Provider\Consumer $consumer, Provider\Request $request) { // we check how often this ip has requested an token ... because // of security reasons each consumer can have max 5 request tokens $maxCount = 5; $ip = $_SERVER['REMOTE_ADDR']; $con = new Condition(array('ip', '=', $ip), array('status', '=', Oauth\Record::TEMPORARY)); $count = $this->sql->count($this->registry['table.oauth_request'], $con); if ($count >= $maxCount) { $conDelete = new Condition(); $result = $this->sql->select($this->registry['table.oauth_request'], array('id', 'expire', 'date'), $con, Sql::SELECT_ALL); foreach ($result as $row) { $now = new DateTime('NOW', $this->registry['core.default_timezone']); $date = new DateTime($row['date'], $this->registry['core.default_timezone']); $date->add(new DateInterval($row['expire'])); if ($now > $date) { $conDelete->add('id', '=', $row['id'], 'OR'); } } if ($conDelete->hasCondition()) { $this->sql->delete($this->registry['table.oauth_request'], $conDelete); } throw new Exception('You can only have max. ' . $maxCount . ' active request tokens'); } // get nonce $nonce = $request->getNonce(); // assign callback $callback = $request->getCallback(); // generate tokens $token = Security::generateToken(); $tokenSecret = Security::generateToken(); // we save the timestamp in the request but because it comes from // the user we doesnt use them to check the expire date $timestamp = $request->getTimestamp(); // you have 30 minutes to authorize the request token and to exchange // them for an access token $expire = 'PT30M'; $date = new DateTime('NOW', $this->registry['core.default_timezone']); $this->sql->insert($this->registry['table.oauth_request'], array('apiId' => $this->apiId, 'status' => Oauth\Record::TEMPORARY, 'ip' => $ip, 'nonce' => $nonce, 'callback' => $callback, 'token' => $token, 'tokenSecret' => $tokenSecret, 'timestamp' => $timestamp, 'expire' => $expire, 'date' => $date->format(DateTime::SQL))); $response = new Provider\Response(); $response->setToken($token); $response->setTokenSecret($tokenSecret); return $response; }