PageRenderTime 46ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/modules/OAuthTokens/views/view.authorize.php

https://bitbucket.org/cviolette/sugarcrm
PHP | 98 lines | 50 code | 7 blank | 41 comment | 19 complexity | f8a69d966c7d3edd9b82e1cc408626f0 MD5 | raw file
Possible License(s): LGPL-2.1, MPL-2.0-no-copyleft-exception, BSD-3-Clause 
    

  1. <?php
    2. 

  2. if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
    3. 

  3. /*********************************************************************************
    4. 

  4.  * SugarCRM Community Edition is a customer relationship management program developed by
    5. 

  5.  * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
    6. 

  6.  * 
    7. 

  7.  * This program is free software; you can redistribute it and/or modify it under
    8. 

  8.  * the terms of the GNU Affero General Public License version 3 as published by the
    9. 

  9.  * Free Software Foundation with the addition of the following permission added
    10. 

  10.  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
    11. 

  11.  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
    12. 

  12.  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
    13. 

  13.  * 
    14. 

  14.  * This program is distributed in the hope that it will be useful, but WITHOUT
    15. 

  15.  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
    16. 

  16.  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
    17. 

  17.  * details.
    18. 

  18.  * 
    19. 

  19.  * You should have received a copy of the GNU Affero General Public License along with
    20. 

  20.  * this program; if not, see http://www.gnu.org/licenses or write to the Free
    21. 

  21.  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
    22. 

  22.  * 02110-1301 USA.
    23. 

  23.  * 
    24. 

  24.  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
    25. 

  25.  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
    26. 

  26.  * 
    27. 

  27.  * The interactive user interfaces in modified source and object code versions
    28. 

  28.  * of this program must display Appropriate Legal Notices, as required under
    29. 

  29.  * Section 5 of the GNU Affero General Public License version 3.
    30. 

  30.  * 
    31. 

  31.  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
    32. 

  32.  * these Appropriate Legal Notices must retain the display of the "Powered by
    33. 

  33.  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
    34. 

  34.  * technical reasons, the Appropriate Legal Notices must display the words
    35. 

  35.  * "Powered by SugarCRM".
    36. 

  36.  ********************************************************************************/
    37. 

  37. 

  38. 

  39. 

  40. require_once 'include/SugarOAuthServer.php';
    41. 

  41. 

  42. class OauthTokensViewAuthorize extends SugarView
    43. 

  43. {
    44. 

  44. 	public function display()
    45. 

  45.     {
    46. 

  46.         if(!SugarOAuthServer::enabled()) {
    47. 

  47.             sugar_die($GLOBALS['mod_strings']['LBL_OAUTH_DISABLED']);
    48. 

  48.         }
    49. 

  49.         global $current_user;
    50. 

  50.         if(!isset($_REQUEST['token']) && isset($_REQUEST['oauth_token'])) {
    51. 

  51.             $_REQUEST['token'] = $_REQUEST['oauth_token'];
    52. 

  52.         }
    53. 

  53.         $sugar_smarty = new Sugar_Smarty();
    54. 

  54.         $sugar_smarty->assign('APP', $GLOBALS['app_strings']);
    55. 

  55.         $sugar_smarty->assign('MOD', $GLOBALS['mod_strings']);
    56. 

  56.         $sugar_smarty->assign('token', $_REQUEST['token']);
    57. 

  57.         $sugar_smarty->assign('sid', session_id());
    58. 

  58.         $token = OAuthToken::load($_REQUEST['token']);
    59. 

  59.         if(empty($token) || empty($token->consumer) || $token->tstate != OAuthToken::REQUEST || empty($token->consumer_obj)) {
    60. 

  60.             sugar_die('Invalid token');
    61. 

  61.         }
    62. 

  62. 

  63.         if(empty($_REQUEST['confirm'])) {
    64. 

  64.             $sugar_smarty->assign('consumer', sprintf($GLOBALS['mod_strings']['LBL_OAUTH_CONSUMERREQ'], $token->consumer_obj->name));
    65. 

  65. // SM: roles disabled for now
    66. 

  66. //            $roles = array('' => '');
    67. 

  67. //            $allroles = ACLRole::getAllRoles();
    68. 

  68. //            foreach($allroles as $role) {
    69. 

  69. //                $roles[$role->id] = $role->name;
    70. 

  70. //            }
    71. 

  71. //            $sugar_smarty->assign('roles', $roles);
    72. 

  72.             $hash = md5(rand());
    73. 

  73.             $_SESSION['oauth_hash'] = $hash;
    74. 

  74.             $sugar_smarty->assign('hash', $hash);
    75. 

  75.             echo $sugar_smarty->fetch('modules/OAuthTokens/tpl/authorize.tpl');
    76. 

  76.         } else {
    77. 

  77.             if($_REQUEST['sid'] != session_id() || $_SESSION['oauth_hash'] != $_REQUEST['hash']) {
    78. 

  78.                 sugar_die('Invalid request');
    79. 

  79.             }
    80. 

  80.             $verify = $token->authorize(array("user" => $current_user->id));
    81. 

  81.             if(!empty($token->callback_url)){
    82. 

  82.                 $redirect_url=$token->callback_url;
    83. 

  83.                 if(strchr($redirect_url, "?") !== false) {
    84. 

  84.                     $redirect_url .= '&';
    85. 

  85.                 } else {
    86. 

  86.                     $redirect_url .= '?';
    87. 

  87.                 }
    88. 

  88.                 $redirect_url .= "oauth_verifier=".$verify.'&oauth_token='.$_REQUEST['token'];
    89. 

  89.                 SugarApplication::redirect($redirect_url);
    90. 

  90.             }
    91. 

  91.             $sugar_smarty->assign('VERIFY', $verify);
    92. 

  92.             $sugar_smarty->assign('token', '');
    93. 

  93.             echo $sugar_smarty->fetch('modules/OAuthTokens/tpl/authorized.tpl');
    94. 

  94.         }
    95. 

  95.     }
    96. 

  96. 

  97. }
    98. 

  98. 

  99.