private void OAuthApprove()
{
string oauthToken = core.Http.Form["oauth_token"];
bool success = false;
try
{
OAuthToken token = new OAuthToken(core, oauthToken);
ApplicationEntry ae = token.Application;
OAuthApplication oae = new OAuthApplication(core, ae);
if (core.Http.Form["mode"] == "verify")
{
Authenticator authenticator = new Authenticator();
if (authenticator.CheckCode(core.Session.CandidateMember.UserInfo.TwoFactorAuthKey, core.Http.Form["verify"]))
{
success = true;
}
else
{
showVerificationForm(ae, oauthToken, core.Session.SessionId);
return;
}
}
else
{
bool authenticated = false;
string userName = Request.Form["username"];
string password = BoxSocial.Internals.User.HashPassword(Request.Form["password"]);
DataTable userTable = db.Query(string.Format("SELECT uk.user_name, uk.user_id, ui.user_password, ui.user_two_factor_auth_key, ui.user_two_factor_auth_verified FROM user_keys uk INNER JOIN user_info ui ON uk.user_id = ui.user_id WHERE uk.user_name = '{0}';",
userName));
if (userTable.Rows.Count == 1)
{
DataRow userRow = userTable.Rows[0];
string dbPassword = (string)userRow["user_password"];
if (dbPassword == password)
{
authenticated = true;
}
if (authenticated)
{
if ((byte)userRow["user_two_factor_auth_verified"] > 0)
{
string sessionId = session.SessionBegin((long)userRow["user_id"], false, false, false);
showVerificationForm(ae, oauthToken, sessionId);
return;
}
else
{
string sessionId = session.SessionBegin((long)userRow["user_id"], false, false);
success = true;
}
}
else
{
OAuthAuthorize(true);
return;
}
}
}
if (success)
{
OAuthVerifier verifier = OAuthVerifier.Create(core, token, core.Session.CandidateMember);
token.UseToken();
db.CommitTransaction();
if (!string.IsNullOrEmpty(oae.CallbackUrl))
{
Response.Redirect(string.Format("{0}?oauth_token={1}&oauth_verifier={2}", oae.CallbackUrl, Uri.EscapeDataString(token.Token), Uri.EscapeDataString(verifier.Verifier)));
}
else
{
core.Response.SendRawText("", string.Format("oauth_token={0}&oauth_verifier={1}", Uri.EscapeDataString(token.Token), Uri.EscapeDataString(verifier.Verifier)));
}
}
else
{
// Incorrect password
OAuthAuthorize(true);
return;
}
}
catch (InvalidOAuthTokenException)
{
core.Functions.Generate403();
}
EndResponse();
}
public bool Deauthorise(Core core, Primitive viewer, Primitive owner)
{
if (this.ApplicationType != Internals.ApplicationType.OAuth) return false;
try
{
PrimitiveApplicationInfo pai = new PrimitiveApplicationInfo(core, owner, this.Id);
OAuthToken token = new OAuthToken(core, pai.OAuthAccessToken);
token.UseToken();
token.Update();
DeleteQuery dQuery = new DeleteQuery(typeof(PrimitiveApplicationInfo));
dQuery.AddCondition("application_id", Id);
dQuery.AddCondition("item_id", owner.Id);
dQuery.AddCondition("item_type_id", owner.TypeId);
if (core.Db.Query(dQuery) > 0)
{
return true;
}
}
catch (InvalidPrimitiveAppInfoException)
{
}
catch (InvalidOAuthTokenException)
{
}
return false;
}