/** * Clean up old authorized tokens for specified consumer-user pairs * * @param Mage_Oauth_Model_Token $exceptToken Token just created to exclude from delete * @return int The number of affected rows */ public function cleanOldAuthorizedTokensExcept(Mage_Oauth_Model_Token $exceptToken) { if (!$exceptToken->getId() || !$exceptToken->getAuthorized()) { Mage::throwException('Invalid token to except'); } $adapter = $this->_getWriteAdapter(); $where = $adapter->quoteInto('authorized = 1 AND consumer_id = ?', $exceptToken->getConsumerId(), Zend_Db::INT_TYPE); $where .= $adapter->quoteInto(' AND entity_id <> ?', $exceptToken->getId(), Zend_Db::INT_TYPE); if ($exceptToken->getCustomerId()) { $where .= $adapter->quoteInto(' AND customer_id = ?', $exceptToken->getCustomerId(), Zend_Db::INT_TYPE); } elseif ($exceptToken->getAdminId()) { $where .= $adapter->quoteInto(' AND admin_id = ?', $exceptToken->getAdminId(), Zend_Db::INT_TYPE); } else { Mage::throwException('Invalid token to except'); } return $adapter->delete($this->getMainTable(), $where); }
/** * Load token object, validate it depending on request type, set access data and save * * @return Mage_Oauth_Model_Server * @throws Mage_Oauth_Exception */ protected function _initToken() { $this->_token = Mage::getModel('oauth/token'); if (self::REQUEST_INITIATE != $this->_requestType) { $this->_validateTokenParam(); $this->_token->load($this->_protocolParams['oauth_token'], 'token'); if (!$this->_token->getId()) { $this->_throwException('', self::ERR_TOKEN_REJECTED); } if (self::REQUEST_TOKEN == $this->_requestType) { $this->_validateVerifierParam(); if ($this->_token->getVerifier() != $this->_protocolParams['oauth_verifier']) { $this->_throwException('', self::ERR_VERIFIER_INVALID); } if ($this->_token->getConsumerId() != $this->_consumer->getId()) { $this->_throwException('', self::ERR_TOKEN_REJECTED); } if (Mage_Oauth_Model_Token::TYPE_REQUEST != $this->_token->getType()) { $this->_throwException('', self::ERR_TOKEN_USED); } } elseif (self::REQUEST_AUTHORIZE == $this->_requestType) { if ($this->_token->getAuthorized()) { $this->_throwException('', self::ERR_TOKEN_USED); } } elseif (self::REQUEST_RESOURCE == $this->_requestType) { if (Mage_Oauth_Model_Token::TYPE_ACCESS != $this->_token->getType()) { $this->_throwException('', self::ERR_TOKEN_REJECTED); } if ($this->_token->getRevoked()) { $this->_throwException('', self::ERR_TOKEN_REVOKED); } if ($this->_token->getConsumerId() != $this->_consumer->getId()) { $this->_throwException('', self::ERR_TOKEN_REJECTED); } //TODO: Implement check for expiration (after it implemented in token model) } } else { $this->_validateCallbackUrlParam(); } return $this; }
/** * Return complete callback URL or boolean FALSE if no callback provided * * @param Mage_Oauth_Model_Token $token Token object * @param bool $rejected OPTIONAL Add user reject sign * @return bool|string */ public function getFullCallbackUrl(Mage_Oauth_Model_Token $token, $rejected = false) { $callbackUrl = $token->getCallbackUrl(); if (Mage_Oauth_Model_Server::CALLBACK_ESTABLISHED == $callbackUrl) { return false; } if ($rejected) { /** @var $consumer Mage_Oauth_Model_Consumer */ $consumer = Mage::getModel('oauth/consumer')->load($token->getConsumerId()); if ($consumer->getId() && $consumer->getRejectedCallbackUrl()) { $callbackUrl = $consumer->getRejectedCallbackUrl(); } } elseif (!$token->getAuthorized()) { Mage::throwException('Token is not authorized'); } $callbackUrl .= false === strpos($callbackUrl, '?') ? '?' : '&'; $callbackUrl .= 'oauth_token=' . $token->getToken() . '&'; $callbackUrl .= $rejected ? self::QUERY_PARAM_REJECTED . '=1' : 'oauth_verifier=' . $token->getVerifier(); return $callbackUrl; }