We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit bfdab379 authored by Jonas Haraldsson's avatar Jonas Haraldsson

logged in users dont need to send user info

parent ccb55cb9
......@@ -57,6 +57,9 @@ function displayError($error_msg) {
*/
$smarty->assign('site_name', $site_name);
if ($logged_in) {
$smarty->assign('username', $this_user->name);
}
// We always need the api_key parameter and parameter cb or token
if (!isset($_REQUEST['api_key']) || !(isset($_REQUEST['cb']) || isset($_REQUEST['token']))) {
......@@ -71,7 +74,7 @@ if (!isset($_REQUEST['api_key']) || !(isset($_REQUEST['cb']) || isset($_REQUEST[
$smarty->assign('api_key', $_GET['api_key']);
// Desktop app auth stage 1
} elseif (isset($_GET['api_key']) && isset($_GET['token']) && !isset($_GET['cb']) && !isset($_POST['username'])) {
} elseif (isset($_GET['api_key']) && isset($_GET['token']) && !isset($_GET['cb']) && !isset($_POST['token'])) {
// Ensures the token exists and is not already bound to a user
$query = 'SELECT * FROM Auth WHERE token = ? AND username IS NULL';
......@@ -91,23 +94,25 @@ if (!isset($_REQUEST['api_key']) || !(isset($_REQUEST['cb']) || isset($_REQUEST[
$smarty->assign('token', $_GET['token']);
// Web/Desktop app auth stage 2.1
} elseif (isset($_POST['username'], $_POST['api_key'], $_POST['token'])) {
// Authenticate the user using the submitted password
$query = 'SELECT username FROM Users WHERE lower(username) = lower(?) AND password = ?';
$params = array($_POST['username'], md5($_POST['password']));
try {
$result = $adodb->GetOne($query, $params);
} catch (Exception $e) {
reportError($e->getMessage(), $e->getTraceAsString());
displayError('Database error');
}
if (!$result) {
displayError('Authentication failed');
} elseif (isset($_POST['api_key'], $_POST['token'])) {
if(!$logged_in) {
// Authenticate the user using the submitted password
$query = 'SELECT username FROM Users WHERE lower(username) = lower(?) AND password = ?';
$params = array($_POST['username'], md5($_POST['password']));
try {
$username = $adodb->GetOne($query, $params);
} catch (Exception $e) {
reportError($e->getMessage(), $e->getTraceAsString());
displayError('Database error');
}
if (!$username) {
displayError('Authentication failed');
}
}
// Bind the user to the token and cancel the expiration rule
$query = 'UPDATE Auth SET username = ?, expires = 0 WHERE token = ?';
$params = array($_POST['username'], $_POST['token']);
$params = array($username, $_POST['token']);
try {
$adodb->Execute($query, $params);
} catch (Exception $e) {
......@@ -123,7 +128,7 @@ if (!isset($_REQUEST['api_key']) || !(isset($_REQUEST['cb']) || isset($_REQUEST[
// Desktop app auth step 2.2
} else {
$smarty->assign('stage', 'deskapp2.2');
$smarty->assign('username', $_POST['username']);
$smarty->assign('username', $username);
}
}
......
......@@ -7,6 +7,7 @@
<p>Thank you very much {$username}. Your authorization has been recorded.</p>
<p>You may now close this page.</p>
{else}
{if $username}<h3>Hello {$username}</h3>{/if}
{if $clientname == 'Unknown client'}
<p><a href="{$clienturl}">{$clientname}</a> with<br /> API key: <b>{$api_key}</b><br />
{if $cb}
......@@ -17,9 +18,11 @@
{/if}
wants your permission to talk with this service.</p>
<form method="post" action="">
{if !$logged_in}
<p>Your Username: <input type="text" name="username" /></p>
<p>Your Password: <input type="password" name="password" /></p>
<p>
{/if}
<input type="submit" value="Submit" />
<input type="hidden" name="api_key" value="{$api_key}" />
<input type="hidden" name="token" value="{$token}" />
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment