We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

editapplication.php 8.07 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
<?php
/**
 * StatusNet, the distributed open-source microblogging tool
 *
 * Edit an OAuth Application
 *
 * PHP version 5
 *
 * LICENCE: This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @category  Applications
 * @package   StatusNet
 * @author    Zach Copley <zach@status.net>
 * @copyright 2008-2009 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */

if (!defined('STATUSNET') && !defined('LACONICA')) {
    exit(1);
}

/**
 * Edit the details of an OAuth application
 *
 * This is the form for editing an application
 *
 * @category Application
 * @package  StatusNet
 * @author   Zach Copley <zach@status.net>
 * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link     http://status.net/
 */

class EditApplicationAction extends OwnerDesignAction
{
48 49 50
    var $msg   = null;
    var $owner = null;
    var $app   = null;
51 52 53

    function title()
    {
54
        return _('Edit application');
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
    }

    /**
     * Prepare to run
     */

    function prepare($args)
    {
        parent::prepare($args);

        if (!common_logged_in()) {
            $this->clientError(_('You must be logged in to edit an application.'));
            return false;
        }

        $id = (int)$this->arg('id');
71 72 73 74 75 76 77 78

        $this->app   = Oauth_application::staticGet($id);
        $this->owner = User::staticGet($this->app->owner);
        $cur         = common_current_user();

        if ($cur->id != $this->owner->id) {
            $this->clientError(_('You are not the owner of this application.'), 401);
        }
79 80 81 82 83 84 85 86 87 88 89 90

        if (!$this->app) {
            $this->clientError(_('No such application.'));
            return false;
        }

        return true;
    }

    /**
     * Handle the request
     *
91
     * On GET, show the form. On POST, try to save the app.
92 93 94 95 96 97 98 99 100
     *
     * @param array $args unused
     *
     * @return void
     */

    function handle($args)
    {
        parent::handle($args);
101

102
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
103 104 105 106
            $this->handlePost($args);
        } else {
            $this->showForm();
        }
107
    }
108

109 110
    function handlePost($args)
    {
111
        // Workaround for PHP returning empty $_POST and $_FILES when POST
112 113 114 115 116
        // length > post_max_size in php.ini

        if (empty($_FILES)
            && empty($_POST)
            && ($_SERVER['CONTENT_LENGTH'] > 0)
117
            ) {
118
            $msg = _('The server was unable to handle that much POST ' .
119
                     'data (%s bytes) due to its current configuration.');
120 121
            $this->clientException(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
            return;
122
        }
123

124 125 126 127 128 129 130 131 132 133 134
        // CSRF protection
        $token = $this->trimmed('token');
        if (!$token || $token != common_session_token()) {
            $this->clientError(_('There was a problem with your session token.'));
            return;
        }

        $cur = common_current_user();

        if ($this->arg('cancel')) {
            common_redirect(common_local_url('showapplication',
135
                                             array('id' => $this->app->id)), 303);
136 137 138 139 140
        } elseif ($this->arg('save')) {
            $this->trySave();
        } else {
            $this->clientError(_('Unexpected form submission.'));
        }
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173
    }

    function showForm($msg=null)
    {
        $this->msg = $msg;
        $this->showPage();
    }

    function showContent()
    {
        $form = new ApplicationEditForm($this, $this->app);
        $form->show();
    }

    function showPageNotice()
    {
        if (!empty($this->msg)) {
            $this->element('p', 'error', $this->msg);
        } else {
            $this->element('p', 'instructions',
                           _('Use this form to edit your application.'));
        }
    }

    function trySave()
    {
        $name         = $this->trimmed('name');
        $description  = $this->trimmed('description');
        $source_url   = $this->trimmed('source_url');
        $organization = $this->trimmed('organization');
        $homepage     = $this->trimmed('homepage');
        $callback_url = $this->trimmed('callback_url');
        $type         = $this->arg('app_type');
174
        $access_type  = $this->arg('default_access_type');
175 176

        if (empty($name)) {
177 178
            $this->showForm(_('Name is required.'));
            return;
179 180 181 182 183 184 185 186 187
        } elseif (mb_strlen($name) > 255) {
            $this->showForm(_('Name is too long (max 255 chars).'));
            return;
        } elseif (empty($description)) {
            $this->showForm(_('Description is required.'));
            return;
        } elseif (Oauth_application::descriptionTooLong($description)) {
            $this->showForm(sprintf(
                _('Description is too long (max %d chars).'),
188
                                    Oauth_application::maxDescription()));
189
            return;
190 191
        } elseif (mb_strlen($source_url) > 255) {
            $this->showForm(_('Source URL is too long.'));
192
            return;
193 194 195 196 197 198
        } elseif ((mb_strlen($source_url) > 0)
                  && !Validate::uri($source_url,
                                    array('allowed_schemes' => array('http', 'https'))))
            {
                $this->showForm(_('Source URL is not valid.'));
                return;
199 200 201 202 203 204 205 206 207
        } elseif (empty($organization)) {
            $this->showForm(_('Organization is required.'));
            return;
        } elseif (mb_strlen($organization) > 255) {
            $this->showForm(_('Organization is too long (max 255 chars).'));
            return;
        } elseif (empty($homepage)) {
            $this->showForm(_('Organization homepage is required.'));
            return;
208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224
        } elseif ((mb_strlen($homepage) > 0)
                  && !Validate::uri($homepage,
                                    array('allowed_schemes' => array('http', 'https'))))
            {
                $this->showForm(_('Homepage is not a valid URL.'));
                return;
            } elseif (mb_strlen($callback_url) > 255) {
                $this->showForm(_('Callback is too long.'));
                return;
            } elseif (mb_strlen($callback_url) > 0
                      && !Validate::uri($source_url,
                                        array('allowed_schemes' => array('http', 'https'))
                                        ))
                {
                    $this->showForm(_('Callback URL is not valid.'));
                    return;
                }
225 226 227 228 229 230

        $cur = common_current_user();

        // Checked in prepare() above

        assert(!is_null($cur));
231
        assert(!is_null($this->app));
232 233 234 235 236 237 238 239 240 241 242

        $orig = clone($this->app);

        $this->app->name         = $name;
        $this->app->description  = $description;
        $this->app->source_url   = $source_url;
        $this->app->organization = $organization;
        $this->app->homepage     = $homepage;
        $this->app->callback_url = $callback_url;
        $this->app->type         = $type;

243
        common_debug("access_type = $access_type");
244

245
        if ($access_type == 'r') {
246
            $this->app->access_type = 1;
247
        } else {
248
            $this->app->access_type = 3;
249 250
        }

251 252
        $result = $this->app->update($orig);

253
        if (!$result) {
254
            common_log_db_error($this->app, 'UPDATE', __FILE__);
255 256 257
            $this->serverError(_('Could not update application.'));
        }

258 259
        $this->app->uploadLogo();

260
        common_redirect(common_local_url('oauthappssettings'), 303);
261 262 263 264
    }

}