clean up auth dialog

This commit is contained in:
Michiel de Jong 2012-05-11 11:05:44 +02:00
parent 2e309aae97
commit 61d535984d
2 changed files with 28 additions and 52 deletions

View file

@ -3,6 +3,6 @@
rel="remoteStorage"
template="<?php echo WF_BASEURL; ?>/apps/remoteStorage/WebDAV.php/<?php echo WF_USER; ?>/remoteStorage/{category}/"
api="WebDAV"
auth="<?php echo WF_BASEURL; ?>/?app=remoteStorage&getfile=auth.php/<?php echo WF_USER; ?>">
auth="<?php echo WF_BASEURL; ?>/?app=remoteStorage&getfile=auth.php&userid=<?php echo WF_USER; ?>">
</Link>
<?php } ?>

View file

@ -29,19 +29,8 @@
// Do not load FS ...
$RUNTIME_NOSETUPFS = true;
require_once('../../lib/base.php');
require_once('../../lib/user.php');
require_once('../../lib/public/user.php');
require_once('../../lib/app.php');
require_once('../../lib/public/app.php');
require_once('../../3rdparty/Sabre/DAV/Auth/IBackend.php');
require_once('../../3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php');
require_once('../../lib/connector/sabre/auth.php');
OCP\App::checkAppEnabled('remoteStorage');
require_once('Sabre/autoload.php');
require_once('lib_remoteStorage.php');
require_once('oauth_ro_auth.php');
@ -49,32 +38,27 @@ ini_set('default_charset', 'UTF-8');
#ini_set('error_reporting', '');
@ob_clean();
$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
$pathParts = explode('/', $path);
if(count($pathParts) == 2 && $pathParts[0] == '') {
//TODO: input checking. these explodes may fail to produces the desired arrays:
$subPathParts = explode('?', $pathParts[1]);
$ownCloudUser = $subPathParts[0];
foreach($_GET as $k => $v) {
if($k=='user_address'){
$userAddress=$v;
} else if($k=='redirect_uri'){
$appUrlParts=explode('/', $v);
$appUrl = $appUrlParts[2];//bit dodgy i guess
} else if($k=='scope'){
$categories=$v;
}
}
$currUser = OCP\USER::getUser();
if($currUser == $ownCloudUser) {
if(isset($_POST['allow'])) {
//TODO: check if this can be faked by editing the cookie in firebug!
$token=OC_remoteStorage::createCategories($appUrl, $categories);
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
} else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
} else {
foreach($_GET as $k => $v) {
if($k=='userid'){
$userId=$v;
} else if($k=='redirect_uri'){
$appUrlParts=explode('/', $v);
$appUrl = $appUrlParts[2];//bit dodgy i guess
} else if($k=='scope'){
$categories=$v;
}
}
$currUser = OCP\USER::getUser();
if($userId && $appUrl && $categories) {
if($currUser == $userId) {
if(isset($_POST['allow'])) {
//TODO: check if this can be faked by editing the cookie in firebug!
$token=OC_remoteStorage::createCategories($appUrl, $categories);
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
} else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
} else {
//params ok, logged in ok, but need to click Allow still:
?>
<!DOCTYPE html>
<html>
@ -125,22 +109,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
</body>
</html>
<?php
}
} else {
if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
$url = "https://";
} else {
$url = "http://";
}
$url .= $_SERVER['SERVER_NAME'];
$url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
}//end 'need to click Allow still'
} else {//login not ok
if($currUser) {
die('You are logged in as '.$currUser.' instead of '.$ownCloudUser);
die('You are logged in as '.$currUser.' instead of '.$userId);
} else {
header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING']));
}
}
} else {
//die('please use auth.php/username?params. '.var_export($pathParts, true));
die('please use auth.php/username?params.');
} else {//params not ok
die('please use e.g. /?app=remoteStorage&getfile=auth.php&userid=admin');
}