oauthconnectionssettings.php 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221
  1. <?php
  2. /**
  3. * StatusNet, the distributed open-source microblogging tool
  4. *
  5. * List a user's OAuth connected applications
  6. *
  7. * PHP version 5
  8. *
  9. * LICENCE: This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as published by
  11. * the Free Software Foundation, either version 3 of the License, or
  12. * (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. * @category Settings
  23. * @package StatusNet
  24. * @author Zach Copley <zach@status.net>
  25. * @copyright 2008-2010 StatusNet, Inc.
  26. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  27. * @link http://status.net/
  28. */
  29. if (!defined('GNUSOCIAL')) { exit(1); }
  30. /**
  31. * Show connected OAuth applications
  32. *
  33. * @category Settings
  34. * @package StatusNet
  35. * @author Zach Copley <zach@status.net>
  36. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  37. * @link http://status.net/
  38. *
  39. * @see SettingsAction
  40. */
  41. class OauthconnectionssettingsAction extends SettingsAction
  42. {
  43. var $page = null;
  44. protected $oauth_token = null;
  45. protected function doPreparation()
  46. {
  47. $this->oauth_token = $this->arg('oauth_token');
  48. $this->page = $this->int('page') ?: 1;
  49. }
  50. /**
  51. * Title of the page
  52. *
  53. * @return string Title of the page
  54. */
  55. function title()
  56. {
  57. // TRANS: Title for OAuth connection settings.
  58. return _('Connected applications');
  59. }
  60. /**
  61. * Instructions for use
  62. *
  63. * @return instructions for use
  64. */
  65. function getInstructions()
  66. {
  67. // TRANS: Instructions for OAuth connection settings.
  68. return _('The following connections exist for your account.');
  69. }
  70. /**
  71. * Content area of the page
  72. *
  73. * @return void
  74. */
  75. function showContent()
  76. {
  77. $offset = ($this->page - 1) * APPS_PER_PAGE;
  78. $limit = APPS_PER_PAGE + 1;
  79. $connection = $this->scoped->getConnectedApps($offset, $limit);
  80. $cnt = 0;
  81. if (!empty($connection)) {
  82. $cal = new ConnectedAppsList($connection, $this->scoped, $this);
  83. $cnt = $cal->show();
  84. }
  85. if ($cnt == 0) {
  86. $this->showEmptyListMessage();
  87. }
  88. $this->pagination(
  89. $this->page > 1,
  90. $cnt > APPS_PER_PAGE,
  91. $this->page,
  92. 'connectionssettings',
  93. array('nickname' => $this->scoped->getNickname())
  94. );
  95. }
  96. /**
  97. * Handle posts to this form
  98. *
  99. * Based on the button that was pressed, muxes out to other functions
  100. * to do the actual task requested.
  101. *
  102. * All sub-functions reload the form with a message -- success or failure.
  103. *
  104. * @return void
  105. */
  106. protected function doPost()
  107. {
  108. if ($this->arg('revoke')) {
  109. return $this->revokeAccess($this->oauth_token);
  110. }
  111. // TRANS: Client error when submitting a form with unexpected information.
  112. throw new ClientException(_('Unexpected form submission.'), 401);
  113. }
  114. /**
  115. * Revoke an access token
  116. *
  117. * XXX: Confirm revoke before doing it
  118. *
  119. * @param int $appId the ID of the application
  120. *
  121. */
  122. function revokeAccess($token)
  123. {
  124. $cur = common_current_user();
  125. $appUser = Oauth_application_user::getByUserAndToken($cur, $token);
  126. if (empty($appUser)) {
  127. // TRANS: Client error when trying to revoke access for an application while not being a user of it.
  128. $this->clientError(_('You are not a user of that application.'), 401);
  129. }
  130. $app = Oauth_application::getKV('id', $appUser->application_id);
  131. $datastore = new ApiGNUsocialOAuthDataStore();
  132. $datastore->revoke_token($appUser->token, 1);
  133. $result = $appUser->delete();
  134. if (!$result) {
  135. common_log_db_error($orig, 'DELETE', __FILE__);
  136. // TRANS: Client error when revoking access has failed for some reason.
  137. // TRANS: %s is the application ID revoking access failed for.
  138. $this->clientError(sprintf(_('Unable to revoke access for application: %s.'), $app->id));
  139. }
  140. $msg = 'API OAuth - user %s (id: %d) revoked access token %s for app id %d';
  141. common_log(
  142. LOG_INFO,
  143. sprintf(
  144. $msg,
  145. $cur->nickname,
  146. $cur->id,
  147. $appUser->token,
  148. $appUser->application_id
  149. )
  150. );
  151. $msg = sprintf(
  152. // TRANS: Success message after revoking access for an application.
  153. // TRANS: %1$s is the application name, %2$s is the first part of the user token.
  154. _('You have successfully revoked access for %1$s and the access token starting with %2$s.'),
  155. $app->name,
  156. substr($appUser->token, 0, 7)
  157. );
  158. $this->showForm($msg, true);
  159. }
  160. function showEmptyListMessage()
  161. {
  162. // TRANS: Empty list message when no applications have been authorised yet.
  163. $message = _('You have not authorized any applications to use your account.');
  164. $this->elementStart('div', 'guide');
  165. $this->raw(common_markup_to_html($message));
  166. $this->elementEnd('div');
  167. }
  168. function showSections()
  169. {
  170. $cur = common_current_user();
  171. $this->elementStart('div', array('id' => 'developer-help', 'class' => 'section'));
  172. $this->element('h2', null, 'Developers');
  173. $this->elementStart('p');
  174. $devMsg = sprintf(
  175. // TRANS: Note for developers in the OAuth connection settings form.
  176. // TRANS: This message contains a Markdown link. Do not separate "](".
  177. // TRANS: %s is the URL to the OAuth settings.
  178. _('Are you a developer? [Register an OAuth client application](%s) to use with this instance of StatusNet.'),
  179. common_local_url('oauthappssettings')
  180. );
  181. $output = common_markup_to_html($devMsg);
  182. $this->raw($output);
  183. $this->elementEnd('p');
  184. $this->elementEnd('section');
  185. }
  186. }