clean up auth dialog
This commit is contained in:
Michiel de Jong
parent
2e309aae97
commit
61d535984d
2 changed files with 28 additions and 52 deletions
|
|
@ -3,6 +3,6 @@
|
|||
rel="remoteStorage"
|
||||
template="<?php echo WF_BASEURL; ?>/apps/remoteStorage/WebDAV.php/<?php echo WF_USER; ?>/remoteStorage/{category}/"
|
||||
api="WebDAV"
|
||||
auth="<?php echo WF_BASEURL; ?>/?app=remoteStorage&getfile=auth.php/<?php echo WF_USER; ?>">
|
||||
auth="<?php echo WF_BASEURL; ?>/?app=remoteStorage&getfile=auth.php&userid=<?php echo WF_USER; ?>">
|
||||
</Link>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -29,19 +29,8 @@
|
|||
// Do not load FS ...
|
||||
$RUNTIME_NOSETUPFS = true;
|
||||
|
||||
require_once('../../lib/base.php');
|
||||
|
||||
require_once('../../lib/user.php');
|
||||
require_once('../../lib/public/user.php');
|
||||
|
||||
require_once('../../lib/app.php');
|
||||
require_once('../../lib/public/app.php');
|
||||
|
||||
require_once('../../3rdparty/Sabre/DAV/Auth/IBackend.php');
|
||||
require_once('../../3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php');
|
||||
require_once('../../lib/connector/sabre/auth.php');
|
||||
|
||||
OCP\App::checkAppEnabled('remoteStorage');
|
||||
require_once('Sabre/autoload.php');
|
||||
require_once('lib_remoteStorage.php');
|
||||
require_once('oauth_ro_auth.php');
|
||||
|
||||
|
|
@ -49,32 +38,27 @@ ini_set('default_charset', 'UTF-8');
|
|||
#ini_set('error_reporting', '');
|
||||
@ob_clean();
|
||||
|
||||
$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
|
||||
$pathParts = explode('/', $path);
|
||||
|
||||
if(count($pathParts) == 2 && $pathParts[0] == '') {
|
||||
//TODO: input checking. these explodes may fail to produces the desired arrays:
|
||||
$subPathParts = explode('?', $pathParts[1]);
|
||||
$ownCloudUser = $subPathParts[0];
|
||||
foreach($_GET as $k => $v) {
|
||||
if($k=='user_address'){
|
||||
$userAddress=$v;
|
||||
} else if($k=='redirect_uri'){
|
||||
$appUrlParts=explode('/', $v);
|
||||
$appUrl = $appUrlParts[2];//bit dodgy i guess
|
||||
} else if($k=='scope'){
|
||||
$categories=$v;
|
||||
}
|
||||
}
|
||||
$currUser = OCP\USER::getUser();
|
||||
if($currUser == $ownCloudUser) {
|
||||
if(isset($_POST['allow'])) {
|
||||
//TODO: check if this can be faked by editing the cookie in firebug!
|
||||
$token=OC_remoteStorage::createCategories($appUrl, $categories);
|
||||
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
|
||||
} else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
|
||||
header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
|
||||
} else {
|
||||
foreach($_GET as $k => $v) {
|
||||
if($k=='userid'){
|
||||
$userId=$v;
|
||||
} else if($k=='redirect_uri'){
|
||||
$appUrlParts=explode('/', $v);
|
||||
$appUrl = $appUrlParts[2];//bit dodgy i guess
|
||||
} else if($k=='scope'){
|
||||
$categories=$v;
|
||||
}
|
||||
}
|
||||
$currUser = OCP\USER::getUser();
|
||||
if($userId && $appUrl && $categories) {
|
||||
if($currUser == $userId) {
|
||||
if(isset($_POST['allow'])) {
|
||||
//TODO: check if this can be faked by editing the cookie in firebug!
|
||||
$token=OC_remoteStorage::createCategories($appUrl, $categories);
|
||||
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
|
||||
} else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
|
||||
header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer');
|
||||
} else {
|
||||
//params ok, logged in ok, but need to click Allow still:
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
|
@ -125,22 +109,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
|
|||
</body>
|
||||
</html>
|
||||
<?php
|
||||
}
|
||||
} else {
|
||||
if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
|
||||
$url = "https://";
|
||||
} else {
|
||||
$url = "http://";
|
||||
}
|
||||
$url .= $_SERVER['SERVER_NAME'];
|
||||
$url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
|
||||
}//end 'need to click Allow still'
|
||||
} else {//login not ok
|
||||
if($currUser) {
|
||||
die('You are logged in as '.$currUser.' instead of '.$ownCloudUser);
|
||||
die('You are logged in as '.$currUser.' instead of '.$userId);
|
||||
} else {
|
||||
header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING']));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
//die('please use auth.php/username?params. '.var_export($pathParts, true));
|
||||
die('please use auth.php/username?params.');
|
||||
} else {//params not ok
|
||||
die('please use e.g. /?app=remoteStorage&getfile=auth.php&userid=admin');
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue