remoteStorage app version 0.5

1 files changed, 61 insertions, 28 deletions

diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php
index cc40e895e01..c00f9d5555c 100644
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -8,7 +8,7 @@
 * @copyright 2010 Frank Karlitschek karlitschek@kde.org
 * 
 * Adapted:
-* @author Michiel de Jong, 2011
+* @author Michiel de Jong, 2012
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
@@ -17,11 +17,11 @@
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
-* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+* License along with this library.	If not, see <http://www.gnu.org/licenses/>.
 *
 */
 
@@ -39,24 +39,8 @@ ini_set('default_charset', 'UTF-8');
 #ini_set('error_reporting', '');
 @ob_clean();
 
-//allow use as remote storage for other websites
-if(isset($_SERVER['HTTP_ORIGIN'])) {
-	header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
-	header('Access-Control-Max-Age: 3600');
-	header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND');
-  	header('Access-Control-Allow-Headers: Authorization, Content-Type');
-} else {
-	header('Access-Control-Allow-Origin: *');
-}
-
 $path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
-$pathParts =  explode('/', $path);
-// for webdav:
-// 0/     1       /   2    /   3  /   4     /    5     /   6     / 7
-//  /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key
-// for oauth:
-// 0/      1      /  2     /  3  / 4
-//  /$ownCloudUser/remoteStorage/oauth/auth
+$pathParts =	explode('/', $path);
 
 if(count($pathParts) == 2 && $pathParts[0] == '') {
 	//TODO: input checking. these explodes may fail to produces the desired arrays:
@@ -66,7 +50,8 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
 		if($k=='user_address'){
 			$userAddress=$v;
 		} else if($k=='redirect_uri'){
-			$appUrl=$v;
+			$appUrlParts=explode('/', $v);
+		$appUrl = $appUrlParts[2];//bit dodgy i guess
 		} else if($k=='scope'){
 			$categories=$v;
 		}
@@ -78,7 +63,56 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
 			$token=OC_remoteStorage::createCategories($appUrl, $categories);
 			header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
 		} else {
-			echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
+?>
+<!DOCTYPE html>
+<html>
+	<head>
+	<title>ownCloud</title>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+	<link rel="shortcut icon" href="../../../core/img/favicon.png" /><link rel="apple-touch-icon-precomposed" href="../../../core/img/favicon-touch.png" />
+			<link rel="stylesheet" href="../../../core/css/styles.css" type="text/css" media="screen" />
+			<link rel="stylesheet" href="../auth.css" type="text/css" media="screen" />
+		</head>
+	<body id="body-login">
+	<div id="login">
+		<header>
+		<div id="header">
+			<img src="../../../core/img/owncloud-logo-medium-white.png" alt="ownCloud" />
+		</div>
+		</header>
+		<section id="main">
+		<div id="oauth">
+      <h2><img src="../remoteStorage-big.png" alt="remoteStorage" /></h2>
+      <p><strong><?php $appUrlParts = explode('/', $_GET['redirect_uri']); echo htmlentities($appUrlParts[2]); ?></strong>
+      requests read &amp; write access to your 
+      <?php
+        $categories = explode(',', htmlentities($_GET['scope']));
+        if(!count($categories)) {
+          echo htmlentities($_GET['scope']);
+        } else {
+          echo '<em>'.$categories[0].'</em>';
+          if(count($categories)==2) {
+            echo ' and <em>'.$categories[1].'</em>';
+          } else if(count($categories)>2) {
+            for($i=1; $i<count($categories)-1; $i++) {
+              echo ', <em>'.$categories[$i].'</em>';
+            }
+            echo ', and <em>'.$categories[$i].'</em>';
+          }
+        }
+      ?>.
+			</p>
+			<form accept-charset="UTF-8" method="post">
+				<input id="allow-auth" name="allow" type="submit" value="Allow" />
+				<input id="deny-auth" name="deny" type="submit" value="Deny" />
+			</form>
+		</div>
+		</section>
+	</div>
+	<footer><p class="info"><a href="http://owncloud.org/">ownCloud</a> &ndash; web services under your control</p></footer>
+	</body>
+</html>
+<?php
 		}
 	} else {
 		if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
@@ -88,12 +122,11 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
 		}
 		$url .= $_SERVER['SERVER_NAME'];
 		$url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
-		die('You are '.($currUser?'logged in as '.$currUser.' instead of '.$ownCloudUser:'not logged in').'. Please '
-			.'<input type="submit" onclick="'
-			."window.open('$url','Close me!','height=600,width=300');"
-			.'" value="log in">'
-			.', close the pop-up, and '
-			.'<form method="POST"><input name="allow" type="submit" value="Click here"></form>');
+		if($currUser) {
+			die('You are logged in as '.$currUser.' instead of '.$ownCloudUser);
+		} else {
+			header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING']));
+		}
 	}
 } else {
 	//die('please use auth.php/username?params. '.var_export($pathParts, true));