roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From snoopd...@apache.org
Subject svn commit: r756534 - in /roller/trunk/apps/weblogger/src: java/org/apache/roller/weblogger/business/jpa/ java/org/apache/roller/weblogger/webservices/oauth/ sql/
Date Fri, 20 Mar 2009 15:41:58 GMT
Author: snoopdave
Date: Fri Mar 20 15:41:57 2009
New Revision: 756534

URL: http://svn.apache.org/viewvc?rev=756534&view=rev
Log:
couple fixes found via further testing with propono
- better handling of authorization step, setting of username
- refactoring of access token generation

Modified:
    roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java
    roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java
    roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java
    roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm
    roller/trunk/apps/weblogger/src/sql/createdb.vm

Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java
(original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java
Fri Mar 20 15:41:57 2009
@@ -171,32 +171,18 @@
     public void generateAccessToken(OAuthAccessor accessor)
             throws OAuthException {
 
-        // generate oauth_token and oauth_secret
-        // generate token and secret based on consumer_key
-        String consumer_key = (String) accessor.consumer.consumerKey;
-
-        // unless we already have one
         try {
-            // in that case, just return it
+            // generate oauth_token and oauth_secret
+            // generate token and secret based on consumer_key
+            String consumer_key = (String) accessor.consumer.consumerKey;
+
             OAuthAccessorRecord record = (OAuthAccessorRecord) strategy.load(
                 OAuthAccessorRecord.class, accessor.consumer.consumerKey);
-            if (record != null) {
-                accessor.accessToken = record.getAccessToken();
-                accessor.tokenSecret = record.getTokenSecret();
-                return;
-            }
             
-        } catch (WebloggerException ex) {
-            throw new OAuthException("ERROR: getting access token", ex);
-        }
+            // for now use md5 of name + current time as token
+            String token_data = consumer_key + System.nanoTime();
+            String token = DigestUtils.md5Hex(token_data);
 
-        // for now use md5 of name + current time as token
-        String token_data = consumer_key + System.nanoTime();
-        String token = DigestUtils.md5Hex(token_data);
-
-        try {
-            OAuthAccessorRecord record = (OAuthAccessorRecord) strategy.load(
-                OAuthAccessorRecord.class, accessor.consumer.consumerKey);
             record.setRequestToken(null);
             record.setAccessToken(token);
             strategy.store(record);

Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java
(original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java
Fri Mar 20 15:41:57 2009
@@ -78,9 +78,11 @@
                 throw problem;
             }
             // generate access token and secret
-            omgr.generateAccessToken(accessor);
-            WebloggerFactory.getWeblogger().flush();
-            
+            if (accessor.accessToken == null) {
+                omgr.generateAccessToken(accessor);
+                WebloggerFactory.getWeblogger().flush();
+            }
+
             response.setContentType("text/plain");
             OutputStream out = response.getOutputStream();
             OAuth.formEncode(OAuth.newList(

Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java
(original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java
Fri Mar 20 15:41:57 2009
@@ -75,24 +75,33 @@
     
     @Override 
     public void doPost(HttpServletRequest request, HttpServletResponse response) 
-            throws IOException, ServletException{
+            throws IOException, ServletException {
         
         try{
             OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
             
             OAuthManager omgr = WebloggerFactory.getWeblogger().getOAuthManager();
             OAuthAccessor accessor = omgr.getAccessor(requestMessage);
+
+            String requestUserId = request.getParameter("xoauth_requestor_id");
+            String consumerUserId = (String)accessor.consumer.getProperty("userId");
             
-            String userId = request.getParameter("userId");
-            if (userId == null){
+            if (consumerUserId == null) {
+                // no user associted with the key, must be site-wide key,
+                // so get user to login and do the authorization process
                 sendToAuthorizePage(request, response, accessor);
+            
+            } else if (!consumerUserId.equals(requestUserId)) {
+                // user is associated with key, but request has wrong or no username
+                throw new ServletException("ERROR: invalid or unspecified userId");
+
+            } else {
+                // set userId in accessor and mark it as authorized
+                omgr.markAsAuthorized(accessor, consumerUserId);
+                WebloggerFactory.getWeblogger().flush();
             }
-            // set userId in accessor and mark it as authorized
-            omgr.markAsAuthorized(accessor, userId);
-            WebloggerFactory.getWeblogger().flush();
             
             returnToConsumer(request, response, accessor);
-
             
         } catch (Exception e){
             handleException(e, request, response, true);

Modified: roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm (original)
+++ roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm Fri Mar 20 15:41:57 2009
@@ -68,6 +68,7 @@
 create index ua_attrname_idx  on roller_userattribute( attrname$!db.INDEXSIZE );
 create index ua_attrvalue_idx on roller_userattribute( attrvalue$!db.INDEXSIZE );
 
+-- each record is an OAuth consumer key and secret, can be tied to just one user
 create table rol_oauthconsumer (
     consumerkey varchar(48) not null primary key,
     consumersecret varchar(48) not null,
@@ -76,6 +77,7 @@
 create index oc_username_idx  on rol_oauthconsumer( username$!db.INDEXSIZE );
 create index oc_consumerkey_idx  on rol_oauthconsumer( consumerkey$!db.INDEXSIZE );
 
+-- each record is an OAuth accessor, always tied to just one user
 create table rol_oauthaccessor (
     consumerkey varchar(48) not null primary key,
     requesttoken varchar(48),
@@ -83,6 +85,7 @@
     tokensecret varchar(48),
     created $db.TIMESTAMP_SQL_TYPE not null,
     updated $db.TIMESTAMP_SQL_TYPE not null,
+    username varchar(48),
     authorized $db.BOOLEAN_SQL_TYPE_FALSE
 );
 create index oa_consumerkey_idx  on rol_oauthaccessor( consumerkey$!db.INDEXSIZE );

Modified: roller/trunk/apps/weblogger/src/sql/createdb.vm
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/sql/createdb.vm?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/sql/createdb.vm (original)
+++ roller/trunk/apps/weblogger/src/sql/createdb.vm Fri Mar 20 15:41:57 2009
@@ -452,7 +452,7 @@
     tokensecret varchar(48),
     created $db.TIMESTAMP_SQL_TYPE not null,
     updated $db.TIMESTAMP_SQL_TYPE not null,
-    username varchar(48) not null,
+    username varchar(48),
     authorized $db.BOOLEAN_SQL_TYPE_FALSE
 );
 create index oa_consumerkey_idx  on rol_oauthaccessor( consumerkey$!db.INDEXSIZE );



Mime
View raw message