120 lines
3 KiB
Perl
120 lines
3 KiB
Perl
#!/usr/bin/perl
|
|
#
|
|
# DW::Controller::OAuth::User
|
|
#
|
|
# Web-facing OAuth ( User Methods )
|
|
#
|
|
# Authors:
|
|
# Andrea Nall <anall@andreanall.com>
|
|
#
|
|
# Copyright (c) 2013 by Dreamwidth Studios, LLC.
|
|
#
|
|
# This program is free software; you may redistribute it and/or modify it under
|
|
# the same terms as Perl itself. For a copy of the license, please reference
|
|
# 'perldoc perlartistic' or 'perldoc perlgpl'.
|
|
#
|
|
package DW::Controller::OAuth::User;
|
|
|
|
use strict;
|
|
use warnings;
|
|
use DW::Routing;
|
|
use DW::Controller;
|
|
use DW::Request;
|
|
|
|
use DW::OAuth::Consumer;
|
|
use DW::OAuth::Access;
|
|
|
|
# User facing
|
|
DW::Routing->register_string( "/oauth/index", \&index_handler, app => 1 );
|
|
DW::Routing->register_regex( qr!^/oauth/token/(\d+)$!, \&token_handler, app => 1 );
|
|
DW::Routing->register_regex( qr!^/oauth/token/(\d+)/deauthorize$!, \&delete_handler, app => 1 );
|
|
|
|
sub index_handler {
|
|
my ( $ok, $rv ) = controller();
|
|
return $rv unless $ok;
|
|
|
|
my $r = $rv->{r};
|
|
my $args = $r->get_args;
|
|
|
|
my $u = $rv->{u};
|
|
my $view_u = $u;
|
|
|
|
my $view_other = DW::OAuth->can_view_other($u);
|
|
$view_u = LJ::load_user( $args->{user} )
|
|
if ( $view_other && $args->{user} );
|
|
my $tokens = DW::OAuth::Access->tokens_for_user($view_u);
|
|
DW::OAuth::Access->load_all_lastaccess($tokens);
|
|
|
|
$tokens = [ sort { $b->lastaccess <=> $a->lastaccess } @$tokens ];
|
|
|
|
return DW::Template->render_template(
|
|
'oauth/index.tt',
|
|
{
|
|
%$rv,
|
|
viewother => !$u->equals($view_u),
|
|
view_u => $view_u,
|
|
tokens => $tokens,
|
|
can_view_other => $view_other,
|
|
}
|
|
);
|
|
}
|
|
|
|
sub token_handler {
|
|
my $consumer_id = $_[1];
|
|
|
|
my ( $ok, $rv ) = controller();
|
|
return $rv unless $ok;
|
|
|
|
my $r = $rv->{r};
|
|
my $u = $rv->{u};
|
|
my $args = $r->get_args;
|
|
|
|
my $view_u = $u;
|
|
|
|
my $view_other = DW::OAuth->can_view_other($u);
|
|
$view_u = LJ::load_user( $args->{user} )
|
|
if ( $view_other && $args->{user} );
|
|
my $token = DW::OAuth::Access->from_consumer( $view_u, $consumer_id );
|
|
return $r->NOT_FOUND
|
|
unless $token;
|
|
|
|
return DW::Template->render_template(
|
|
'oauth/token.tt',
|
|
{
|
|
%$rv,
|
|
viewother => !$u->equals($view_u),
|
|
view_consumer => $view_other || $token->consumer->owner->equals($u),
|
|
view_u => $view_u,
|
|
token => $token,
|
|
}
|
|
);
|
|
}
|
|
|
|
sub delete_handler {
|
|
my $consumer_id = $_[1];
|
|
|
|
my ( $ok, $rv ) = controller( form_auth => 1 );
|
|
return $rv unless $ok;
|
|
|
|
my $r = $rv->{r};
|
|
my $u = $rv->{u};
|
|
|
|
my $redir_dest = LJ::create_url( "/oauth/token/$consumer_id", keep_args => qw/ user / );
|
|
|
|
return $r->redirect($redir_dest)
|
|
unless $r->did_post;
|
|
|
|
my $token = DW::OAuth::Access->from_consumer( $u, $consumer_id );
|
|
|
|
return $r->NOT_FOUND
|
|
unless $token;
|
|
|
|
return $r->redirect($redir_dest)
|
|
unless $token->user->equals($u);
|
|
|
|
$token->delete if $token;
|
|
return $r->redirect("/oauth/");
|
|
}
|
|
|
|
1;
|
|
|