You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2009/03/20 16:41:58 UTC
svn commit: r756534 - in /roller/trunk/apps/weblogger/src:
java/org/apache/roller/weblogger/business/jpa/
java/org/apache/roller/weblogger/webservices/oauth/ sql/
Author: snoopdave
Date: Fri Mar 20 15:41:57 2009
New Revision: 756534
URL: http://svn.apache.org/viewvc?rev=756534&view=rev
Log:
couple fixes found via further testing with propono
- better handling of authorization step, setting of username
- refactoring of access token generation
Modified:
roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java
roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java
roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java
roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm
roller/trunk/apps/weblogger/src/sql/createdb.vm
Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java (original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java Fri Mar 20 15:41:57 2009
@@ -171,32 +171,18 @@
public void generateAccessToken(OAuthAccessor accessor)
throws OAuthException {
- // generate oauth_token and oauth_secret
- // generate token and secret based on consumer_key
- String consumer_key = (String) accessor.consumer.consumerKey;
-
- // unless we already have one
try {
- // in that case, just return it
+ // generate oauth_token and oauth_secret
+ // generate token and secret based on consumer_key
+ String consumer_key = (String) accessor.consumer.consumerKey;
+
OAuthAccessorRecord record = (OAuthAccessorRecord) strategy.load(
OAuthAccessorRecord.class, accessor.consumer.consumerKey);
- if (record != null) {
- accessor.accessToken = record.getAccessToken();
- accessor.tokenSecret = record.getTokenSecret();
- return;
- }
- } catch (WebloggerException ex) {
- throw new OAuthException("ERROR: getting access token", ex);
- }
+ // for now use md5 of name + current time as token
+ String token_data = consumer_key + System.nanoTime();
+ String token = DigestUtils.md5Hex(token_data);
- // for now use md5 of name + current time as token
- String token_data = consumer_key + System.nanoTime();
- String token = DigestUtils.md5Hex(token_data);
-
- try {
- OAuthAccessorRecord record = (OAuthAccessorRecord) strategy.load(
- OAuthAccessorRecord.class, accessor.consumer.consumerKey);
record.setRequestToken(null);
record.setAccessToken(token);
strategy.store(record);
Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java (original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AccessTokenServlet.java Fri Mar 20 15:41:57 2009
@@ -78,9 +78,11 @@
throw problem;
}
// generate access token and secret
- omgr.generateAccessToken(accessor);
- WebloggerFactory.getWeblogger().flush();
-
+ if (accessor.accessToken == null) {
+ omgr.generateAccessToken(accessor);
+ WebloggerFactory.getWeblogger().flush();
+ }
+
response.setContentType("text/plain");
OutputStream out = response.getOutputStream();
OAuth.formEncode(OAuth.newList(
Modified: roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java (original)
+++ roller/trunk/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/oauth/AuthorizationServlet.java Fri Mar 20 15:41:57 2009
@@ -75,24 +75,33 @@
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws IOException, ServletException{
+ throws IOException, ServletException {
try{
OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
OAuthManager omgr = WebloggerFactory.getWeblogger().getOAuthManager();
OAuthAccessor accessor = omgr.getAccessor(requestMessage);
+
+ String requestUserId = request.getParameter("xoauth_requestor_id");
+ String consumerUserId = (String)accessor.consumer.getProperty("userId");
- String userId = request.getParameter("userId");
- if (userId == null){
+ if (consumerUserId == null) {
+ // no user associted with the key, must be site-wide key,
+ // so get user to login and do the authorization process
sendToAuthorizePage(request, response, accessor);
+
+ } else if (!consumerUserId.equals(requestUserId)) {
+ // user is associated with key, but request has wrong or no username
+ throw new ServletException("ERROR: invalid or unspecified userId");
+
+ } else {
+ // set userId in accessor and mark it as authorized
+ omgr.markAsAuthorized(accessor, consumerUserId);
+ WebloggerFactory.getWeblogger().flush();
}
- // set userId in accessor and mark it as authorized
- omgr.markAsAuthorized(accessor, userId);
- WebloggerFactory.getWeblogger().flush();
returnToConsumer(request, response, accessor);
-
} catch (Exception e){
handleException(e, request, response, true);
Modified: roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm (original)
+++ roller/trunk/apps/weblogger/src/sql/400-to-500-migration.vm Fri Mar 20 15:41:57 2009
@@ -68,6 +68,7 @@
create index ua_attrname_idx on roller_userattribute( attrname$!db.INDEXSIZE );
create index ua_attrvalue_idx on roller_userattribute( attrvalue$!db.INDEXSIZE );
+-- each record is an OAuth consumer key and secret, can be tied to just one user
create table rol_oauthconsumer (
consumerkey varchar(48) not null primary key,
consumersecret varchar(48) not null,
@@ -76,6 +77,7 @@
create index oc_username_idx on rol_oauthconsumer( username$!db.INDEXSIZE );
create index oc_consumerkey_idx on rol_oauthconsumer( consumerkey$!db.INDEXSIZE );
+-- each record is an OAuth accessor, always tied to just one user
create table rol_oauthaccessor (
consumerkey varchar(48) not null primary key,
requesttoken varchar(48),
@@ -83,6 +85,7 @@
tokensecret varchar(48),
created $db.TIMESTAMP_SQL_TYPE not null,
updated $db.TIMESTAMP_SQL_TYPE not null,
+ username varchar(48),
authorized $db.BOOLEAN_SQL_TYPE_FALSE
);
create index oa_consumerkey_idx on rol_oauthaccessor( consumerkey$!db.INDEXSIZE );
Modified: roller/trunk/apps/weblogger/src/sql/createdb.vm
URL: http://svn.apache.org/viewvc/roller/trunk/apps/weblogger/src/sql/createdb.vm?rev=756534&r1=756533&r2=756534&view=diff
==============================================================================
--- roller/trunk/apps/weblogger/src/sql/createdb.vm (original)
+++ roller/trunk/apps/weblogger/src/sql/createdb.vm Fri Mar 20 15:41:57 2009
@@ -452,7 +452,7 @@
tokensecret varchar(48),
created $db.TIMESTAMP_SQL_TYPE not null,
updated $db.TIMESTAMP_SQL_TYPE not null,
- username varchar(48) not null,
+ username varchar(48),
authorized $db.BOOLEAN_SQL_TYPE_FALSE
);
create index oa_consumerkey_idx on rol_oauthaccessor( consumerkey$!db.INDEXSIZE );