You are here

function oauth_common_form_authorize in OAuth 1.0 7.3

Same name and namespace in other branches
  1. 6.3 oauth_common.pages.inc \oauth_common_form_authorize()
  2. 7.4 oauth_common.pages.inc \oauth_common_form_authorize()

Form for granting access to the consumer

1 string reference to 'oauth_common_form_authorize'
oauth_common_menu in ./oauth_common.module
Implements hook_menu().

File

./oauth_common.pages.inc, line 75
Page callbacks for OAuth module

Code

function oauth_common_form_authorize() {
  module_load_include('inc', 'oauth_common');
  $req = DrupalOAuthRequest::from_request();
  $context = oauth_common_context_from_request($req);
  $auth_ops = $context->authorization_options;
  if (!$context) {
    drupal_set_message(t("Can't find OAuth context, check the site's settings."), 'error');
    return;
  }
  $token = $req
    ->get_parameter('oauth_token');
  $callback = $req
    ->get_parameter('oauth_callback');
  $token = DrupalOAuthToken::loadByKey($token, FALSE, OAUTH_COMMON_TOKEN_TYPE_REQUEST);

  // Check that we have a valid token
  if (!$token) {
    drupal_set_message(t('Please include a valid OAuth token in your request.'), 'error');
    return;
  }
  $consumer = $token->consumer;

  // Redirect to the right form, or present an error.
  global $user;
  if ($user->uid) {

    // There's some strange bug in the ?destination=... handling
    // This is not exactly beautiful, but it gets the work done
    // TODO: Find out why!
    if (drupal_substr($_SERVER['REQUEST_URI'], 0, 2) == '//') {
      header('Location: ' . drupal_substr($_SERVER['REQUEST_URI'], 1), TRUE, 302);
    }
    if (!(user_access('oauth authorize any consumers') || user_access('oauth authorize consumers in ' . $consumer->context))) {
      drupal_set_message(t('You are not authorized to allow external services access to this system.'), 'error');
      return drupal_access_denied();
    }
    if (!empty($auth_ops['automatic_authorization']) && $auth_ops['automatic_authorization'] && !empty($consumer->callback_url)) {

      // Authorize the request token
      $token->uid = $user->uid;
      $token->authorized = 1;
      $token->services = $context->authorization_options['default_authorization_levels'];
      $token
        ->write(TRUE);

      // Pick the callback url apart and add the token parameter
      $callback = parse_url($consumer->callback_url);
      $query = array();
      if (!empty($callback['query'])) {
        parse_str($callback['query'], $query);
      }
      $query['oauth_token'] = $token->key;
      $callback['query'] = http_build_query($query, 'idx_', '&');

      // Return to the consumer site
      header('Location: ' . _oauth_common_glue_url($callback), TRUE, 302);
      exit;
    }
    $tvars = array(
      '@user' => $user->name,
      '@appname' => $consumer->name,
      '@sitename' => variable_get('site_name', ''),
    );
    $title = !empty($context->title) ? $context->title : 'Authorize @appname';
    drupal_set_title(t($title, $tvars), PASS_THROUGH);
    $form = array();
    $form['token'] = array(
      '#type' => 'value',
      '#value' => $token,
    );
    $message = !empty($auth_ops['message']) ? $auth_ops['message'] : 'The application @appname wants to access @sitename on your behalf, check the permissions ' . 'that you would like the application to have.';
    $form['message'] = array(
      '#type' => 'item',
      '#markup' => t($message, $tvars),
    );
    $message = !empty($auth_ops['warning']) ? $auth_ops['warning'] : 'If you don\'t know what @appname is, or don\'t want to give it access to your content, ' . 'just click here and we\'ll take you away from this page without granting @appname any access ' . 'to @sitename.';
    $form['warning'] = array(
      '#type' => 'item',
      '#markup' => l(t($message, $tvars), 'oauth/authorization/deny/' . $token->key),
      '#attributes' => array(
        'class' => array(
          'abort-authorization',
        ),
      ),
    );
    $disable_selection = !empty($auth_ops['disable_auth_level_selection']) && !empty($auth_ops['default_authorization_levels']) && $auth_ops['disable_auth_level_selection'];
    if (!$disable_selection) {
      $authorization_title = !empty($auth_ops['authorization_title']) ? $auth_ops['authorization_title'] : 'Permissions';
      $form['authorization'] = array(
        '#type' => 'fieldset',
        '#title' => t($authorization_title, $tvars),
      );
      $form['authorization']['levels'] = array(
        '#tree' => TRUE,
      );
      foreach ($context->authorization_levels as $name => $level) {
        $auth_level_opt = array(
          '#type' => 'checkbox',
          '#title' => t($level['title'], $tvars),
          '#description' => t($level['description'], $tvars),
          '#value' => $level['default'],
        );
        $form['authorization']['levels'][$name] = $auth_level_opt;
      }
    }
    else {
      $form['authorization']['levels'] = array(
        '#tree' => TRUE,
      );
      foreach ($auth_ops['default_authorization_levels'] as $level) {
        $form['authorization']['levels'][$level] = array(
          '#type' => 'value',
          '#value' => $level,
        );
      }
    }
    $deny_title = !empty($auth_ops['deny_access_title']) ? $auth_ops['deny_access_title'] : 'Deny access';
    $form['deny'] = array(
      '#type' => 'item',
      '#markup' => l(t($deny_title), 'oauth/authorization/deny/' . $token->key),
      '#attributes' => array(
        'class' => array(
          'deny-access',
        ),
      ),
    );
    $grant_title = !empty($auth_ops['grant_access_title']) ? $auth_ops['grant_access_title'] : 'Grant access';
    $form['actions'] = array(
      '#type' => 'actions',
    );
    $form['actions']['confirm'] = array(
      '#type' => 'submit',
      '#value' => t($grant_title),
    );
    return $form;
  }
  else {
    $query = $_GET;
    unset($query['q']);

    // why are there so few q's?
    // Allow this path to be set to something other than the standard
    // login page in case the site has a mobile-enhanced login page.
    $path = variable_get('oauth_common_login_path', OAUTH_COMMON_LOGIN_PATH);
    drupal_goto($path, array(
      'query' => array(
        'destination' => url('oauth/authorize', array(
          'query' => $query,
        )),
      ),
    ));
  }
}