From 61d535984df81d5531350cd7895769793722d69e Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Fri, 11 May 2012 11:05:44 +0200 Subject: clean up auth dialog --- apps/remoteStorage/appinfo/webfinger.php | 2 +- apps/remoteStorage/auth.php | 78 +++++++++++--------------------- 2 files changed, 28 insertions(+), 52 deletions(-) (limited to 'apps') diff --git a/apps/remoteStorage/appinfo/webfinger.php b/apps/remoteStorage/appinfo/webfinger.php index 9173ed54c9e..1cb2d45ee7a 100644 --- a/apps/remoteStorage/appinfo/webfinger.php +++ b/apps/remoteStorage/appinfo/webfinger.php @@ -3,6 +3,6 @@ rel="remoteStorage" template="/apps/remoteStorage/WebDAV.php//remoteStorage/{category}/" api="WebDAV" - auth="/?app=remoteStorage&getfile=auth.php/"> + auth="/?app=remoteStorage&getfile=auth.php&userid="> diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php index 502bfc0b33b..2fd5011d9f4 100755 --- a/apps/remoteStorage/auth.php +++ b/apps/remoteStorage/auth.php @@ -29,19 +29,8 @@ // Do not load FS ... $RUNTIME_NOSETUPFS = true; -require_once('../../lib/base.php'); - -require_once('../../lib/user.php'); -require_once('../../lib/public/user.php'); - -require_once('../../lib/app.php'); -require_once('../../lib/public/app.php'); - -require_once('../../3rdparty/Sabre/DAV/Auth/IBackend.php'); -require_once('../../3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php'); -require_once('../../lib/connector/sabre/auth.php'); - OCP\App::checkAppEnabled('remoteStorage'); +require_once('Sabre/autoload.php'); require_once('lib_remoteStorage.php'); require_once('oauth_ro_auth.php'); @@ -49,32 +38,27 @@ ini_set('default_charset', 'UTF-8'); #ini_set('error_reporting', ''); @ob_clean(); -$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); -$pathParts = explode('/', $path); - -if(count($pathParts) == 2 && $pathParts[0] == '') { - //TODO: input checking. these explodes may fail to produces the desired arrays: - $subPathParts = explode('?', $pathParts[1]); - $ownCloudUser = $subPathParts[0]; - foreach($_GET as $k => $v) { - if($k=='user_address'){ - $userAddress=$v; - } else if($k=='redirect_uri'){ - $appUrlParts=explode('/', $v); - $appUrl = $appUrlParts[2];//bit dodgy i guess - } else if($k=='scope'){ - $categories=$v; - } - } - $currUser = OCP\USER::getUser(); - if($currUser == $ownCloudUser) { - if(isset($_POST['allow'])) { - //TODO: check if this can be faked by editing the cookie in firebug! - $token=OC_remoteStorage::createCategories($appUrl, $categories); - header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer'); - } else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) { - header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer'); - } else { +foreach($_GET as $k => $v) { + if($k=='userid'){ + $userId=$v; + } else if($k=='redirect_uri'){ + $appUrlParts=explode('/', $v); + $appUrl = $appUrlParts[2];//bit dodgy i guess + } else if($k=='scope'){ + $categories=$v; + } +} +$currUser = OCP\USER::getUser(); +if($userId && $appUrl && $categories) { + if($currUser == $userId) { + if(isset($_POST['allow'])) { + //TODO: check if this can be faked by editing the cookie in firebug! + $token=OC_remoteStorage::createCategories($appUrl, $categories); + header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer'); + } else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) { + header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer'); + } else { + //params ok, logged in ok, but need to click Allow still: ?> @@ -125,22 +109,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {