private void RequestOAuthAccessToken() { // Final step in oauth handshake OAuthApplication oae = null; string nonce = null; string verifier = core.Http.Form["oauth_verifier"]; OAuthVerifier oAuthVerifier = null; OAuthToken oauthToken = null; try { oAuthVerifier = new OAuthVerifier(core, verifier); } catch (InvalidOAuthVerifierException) { core.Http.StatusCode = 401; NameValueCollection response = new NameValueCollection(); response.Add("error", "unauthorised, invalid verifier"); core.Http.WriteAndEndResponse(response); return; } if (oAuthVerifier.Expired) { core.Http.StatusCode = 401; NameValueCollection response = new NameValueCollection(); response.Add("error", "unauthorised, verifier expired"); core.Http.WriteAndEndResponse(response); return; } try { oauthToken = new OAuthToken(core, oAuthVerifier.TokenId); } catch (InvalidOAuthTokenException) { core.Http.StatusCode = 401; NameValueCollection response = new NameValueCollection(); response.Add("error", "unauthorised, invalid token"); core.Http.WriteAndEndResponse(response); return; } if (AuthoriseRequest("/oauth/access_token", oauthToken, out oae, out nonce)) { oAuthVerifier.UseVerifier(); // TODO: check application is not already installed SelectQuery query = new SelectQuery(typeof(PrimitiveApplicationInfo)); query.AddCondition("application_id", oauthToken.ApplicationId); query.AddCondition("item_id", oAuthVerifier.UserId); query.AddCondition("item_type_id", ItemKey.GetTypeId(core, typeof(User))); System.Data.Common.DbDataReader appReader = db.ReaderQuery(query); if (!appReader.HasRows) { appReader.Close(); appReader.Dispose(); OAuthToken oauthAuthToken = OAuthToken.Create(core, oae, nonce); InsertQuery iQuery = new InsertQuery("primitive_apps"); iQuery.AddField("application_id", oauthToken.ApplicationId); iQuery.AddField("item_id", oAuthVerifier.UserId); iQuery.AddField("item_type_id", ItemKey.GetTypeId(core, typeof(User))); iQuery.AddField("app_email_notifications", true); iQuery.AddField("app_oauth_access_token", oauthAuthToken.Token); iQuery.AddField("app_oauth_access_token_secret", oauthAuthToken.TokenSecret); if (core.Db.Query(iQuery) > 0) { // successfull } db.CommitTransaction(); NameValueCollection response = new NameValueCollection(); response.Add("oauth_token", oauthAuthToken.Token); response.Add("oauth_token_secret", oauthAuthToken.TokenSecret); core.Http.WriteAndEndResponse(response); } else { appReader.Read(); PrimitiveApplicationInfo pai = new PrimitiveApplicationInfo(core, appReader); appReader.Close(); appReader.Dispose(); NameValueCollection response = new NameValueCollection(); response.Add("oauth_token", pai.OAuthAccessToken); response.Add("oauth_token_secret", pai.OAuthAccessTokenSecret); core.Http.WriteAndEndResponse(response); } } else { // FAIL core.Http.StatusCode = 401; NameValueCollection response = new NameValueCollection(); response.Add("error", "unauthorised, access token rejected"); core.Http.WriteAndEndResponse(response); core.Http.End(); return; } }
public void ApplicationSettings(object sender, EventArgs e) { template.SetTemplate("account_primitive_application_settings.html"); long id = core.Functions.RequestLong("id", 0); if (id == 0) { core.Display.ShowMessage("Error", "Error!"); return; } SelectQuery query = new SelectQuery("primitive_apps"); query.AddFields(ApplicationEntry.GetFieldsPrefixed(core, typeof(ApplicationEntry))); query.AddFields(PrimitiveApplicationInfo.GetFieldsPrefixed(core, typeof(PrimitiveApplicationInfo))); query.AddJoin(JoinTypes.Inner, new DataField("primitive_apps", "application_id"), new DataField("applications", "application_id")); query.AddCondition("primitive_apps.application_id", id); query.AddCondition("item_id", Owner.Id); query.AddCondition("item_type_id", Owner.TypeId); DataTable applicationTable = db.Query(query); if (applicationTable.Rows.Count == 1) { ApplicationEntry ae = new ApplicationEntry(core, applicationTable.Rows[0]); //List<string> applicationPermissions = new List<string>(); //applicationPermissions.Add("Can Access"); template.Parse("APPLICATION_NAME", ae.Title); //core.Display.ParsePermissionsBox(template, "S_GAPPLICATION_PERMS", ae.Permissions, applicationPermissions); template.Parse("S_APPLICATION_ID", ae.ApplicationId.ToString()); string radioChecked = " checked=\"checked\""; if (Owner is User) { template.Parse("S_USER", true); PrimitiveApplicationInfo ownerInfo = new PrimitiveApplicationInfo(core, Owner, ae.Id); if (ownerInfo.EmailNotifications) { template.Parse("S_EMAIL_NOTIFICATIONS_YES", radioChecked); } else { template.Parse("S_EMAIL_NOTIFICATIONS_NO", radioChecked); } } } else { core.Display.ShowMessage("Error", "Error!"); } }
public SessionState(Core core, Mysql db, OAuthToken token, HttpRequest Request, HttpResponse Response) { if (core == null) { throw new NullCoreException(); } this.Request = Request; this.Response = Response; this.db = db; this.core = core; applicationId = token.ApplicationId; SelectQuery query = new SelectQuery(typeof(PrimitiveApplicationInfo)); query.AddCondition("application_id", token.ApplicationId); query.AddCondition("app_oauth_access_token", token.Token); System.Data.Common.DbDataReader appReader = core.Db.ReaderQuery(query); if (appReader.HasRows) { appReader.Read(); PrimitiveApplicationInfo pai = new PrimitiveApplicationInfo(core, appReader); appReader.Close(); appReader.Dispose(); if (pai.Owner is User) { this.core = core; this.db = core.Db; isLoggedIn = true; this.signInState = SessionSignInState.SignedIn; loggedInMember = (User)pai.Owner; ipAddress = IPAddress.Parse(SessionState.ReturnRealIPAddress(Request.ServerVariables)); this.sessionMethod = SessionMethods.OAuth; } } else { appReader.Close(); appReader.Dispose(); this.core = core; this.db = core.Db; isLoggedIn = false; this.signInState = SessionSignInState.SignedOut; ipAddress = IPAddress.Parse(SessionState.ReturnRealIPAddress(Request.ServerVariables)); this.sessionMethod = SessionMethods.OAuth; } }
public bool Deauthorise(Core core, Primitive viewer, Primitive owner) { if (this.ApplicationType != Internals.ApplicationType.OAuth) return false; try { PrimitiveApplicationInfo pai = new PrimitiveApplicationInfo(core, owner, this.Id); OAuthToken token = new OAuthToken(core, pai.OAuthAccessToken); token.UseToken(); token.Update(); DeleteQuery dQuery = new DeleteQuery(typeof(PrimitiveApplicationInfo)); dQuery.AddCondition("application_id", Id); dQuery.AddCondition("item_id", owner.Id); dQuery.AddCondition("item_type_id", owner.TypeId); if (core.Db.Query(dQuery) > 0) { return true; } } catch (InvalidPrimitiveAppInfoException) { } catch (InvalidOAuthTokenException) { } return false; }