1: <?php
2: /**
3: * Magento
4: *
5: * NOTICE OF LICENSE
6: *
7: * This source file is subject to the Open Software License (OSL 3.0)
8: * that is bundled with this package in the file LICENSE.txt.
9: * It is also available through the world-wide-web at this URL:
10: * http://opensource.org/licenses/osl-3.0.php
11: * If you did not receive a copy of the license and are unable to
12: * obtain it through the world-wide-web, please send an email
13: * to license@magentocommerce.com so we can send you a copy immediately.
14: *
15: * DISCLAIMER
16: *
17: * Do not edit or add to this file if you wish to upgrade Magento to newer
18: * versions in the future. If you wish to customize Magento for your
19: * needs please refer to http://www.magentocommerce.com for more information.
20: *
21: * @category Mage
22: * @package Mage_Oauth
23: * @copyright Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
24: * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
25: */
26:
27: /**
28: * oAuth authorize controller
29: *
30: * @category Mage
31: * @package Mage_Oauth
32: * @author Magento Core Team <core@magentocommerce.com>
33: */
34: class Mage_Oauth_AuthorizeController extends Mage_Core_Controller_Front_Action
35: {
36: /**
37: * Session name
38: *
39: * @var string
40: */
41: protected $_sessionName = 'customer/session';
42:
43: /**
44: * Init authorize page
45: *
46: * @param bool $simple Is simple page?
47: * @return Mage_Oauth_AuthorizeController
48: */
49: protected function _initForm($simple = false)
50: {
51: /** @var $server Mage_Oauth_Model_Server */
52: $server = Mage::getModel('oauth/server');
53: /** @var $session Mage_Customer_Model_Session */
54: $session = Mage::getSingleton($this->_sessionName);
55:
56: $isException = false;
57: try {
58: $server->checkAuthorizeRequest();
59: } catch (Mage_Core_Exception $e) {
60: $session->addError($e->getMessage());
61: } catch (Mage_Oauth_Exception $e) {
62: $isException = true;
63: $session->addException($e, $this->__('An error occurred. Your authorization request is invalid.'));
64: } catch (Exception $e) {
65: $isException = true;
66: $session->addException($e, $this->__('An error occurred.'));
67: }
68:
69: $this->loadLayout();
70: $layout = $this->getLayout();
71: $logged = $session->isLoggedIn();
72:
73: $contentBlock = $layout->getBlock('content');
74: if ($logged) {
75: $contentBlock->unsetChild('oauth.authorize.form');
76: /** @var $block Mage_Oauth_Block_Authorize_Button */
77: $block = $contentBlock->getChild('oauth.authorize.button');
78: } else {
79: $contentBlock->unsetChild('oauth.authorize.button');
80: /** @var $block Mage_Oauth_Block_Authorize */
81: $block = $contentBlock->getChild('oauth.authorize.form');
82: }
83:
84: /** @var $helper Mage_Core_Helper_Url */
85: $helper = Mage::helper('core/url');
86: $session->setAfterAuthUrl(Mage::getUrl('customer/account/login', array('_nosid' => true)))
87: ->setBeforeAuthUrl($helper->getCurrentUrl());
88:
89: $block->setIsSimple($simple)
90: ->setToken($this->getRequest()->getQuery('oauth_token'))
91: ->setHasException($isException);
92: return $this;
93: }
94:
95: /**
96: * Init confirm page
97: *
98: * @param bool $simple Is simple page?
99: * @return Mage_Oauth_AuthorizeController
100: */
101: protected function _initConfirmPage($simple = false)
102: {
103: /** @var $helper Mage_Oauth_Helper_Data */
104: $helper = Mage::helper('oauth');
105:
106: /** @var $session Mage_Customer_Model_Session */
107: $session = Mage::getSingleton($this->_sessionName);
108: if (!$session->getCustomerId()) {
109: $session->addError($this->__('Please login to proceed authorization.'));
110: $url = $helper->getAuthorizeUrl(Mage_Oauth_Model_Token::USER_TYPE_CUSTOMER);
111: $this->_redirectUrl($url);
112: return $this;
113: }
114:
115: $this->loadLayout();
116:
117: /** @var $block Mage_Oauth_Block_Authorize */
118: $block = $this->getLayout()->getBlock('oauth.authorize.confirm');
119: $block->setIsSimple($simple);
120:
121: try {
122: /** @var $server Mage_Oauth_Model_Server */
123: $server = Mage::getModel('oauth/server');
124:
125: /** @var $token Mage_Oauth_Model_Token */
126: $token = $server->authorizeToken($session->getCustomerId(), Mage_Oauth_Model_Token::USER_TYPE_CUSTOMER);
127:
128: if (($callback = $helper->getFullCallbackUrl($token))) { //false in case of OOB
129: $this->_redirectUrl($callback . ($simple ? '&simple=1' : ''));
130: return $this;
131: } else {
132: $block->setVerifier($token->getVerifier());
133: $session->addSuccess($this->__('Authorization confirmed.'));
134: }
135: } catch (Mage_Core_Exception $e) {
136: $session->addError($e->getMessage());
137: } catch (Mage_Oauth_Exception $e) {
138: $session->addException($e, $this->__('An error occurred. Your authorization request is invalid.'));
139: } catch (Exception $e) {
140: $session->addException($e, $this->__('An error occurred on confirm authorize.'));
141: }
142:
143: $this->_initLayoutMessages($this->_sessionName);
144: $this->renderLayout();
145:
146: return $this;
147: }
148:
149: /**
150: * Init reject page
151: *
152: * @param bool $simple Is simple page?
153: * @return Mage_Oauth_AuthorizeController
154: */
155: protected function _initRejectPage($simple = false)
156: {
157: $this->loadLayout();
158:
159: /** @var $session Mage_Customer_Model_Session */
160: $session = Mage::getSingleton($this->_sessionName);
161: try {
162: /** @var $server Mage_Oauth_Model_Server */
163: $server = Mage::getModel('oauth/server');
164:
165: /** @var $block Mage_Oauth_Block_Authorize */
166: $block = $this->getLayout()->getBlock('oauth.authorize.reject');
167: $block->setIsSimple($simple);
168:
169: /** @var $token Mage_Oauth_Model_Token */
170: $token = $server->checkAuthorizeRequest();
171: /** @var $helper Mage_Oauth_Helper_Data */
172: $helper = Mage::helper('oauth');
173:
174: if (($callback = $helper->getFullCallbackUrl($token, true))) {
175: $this->_redirectUrl($callback . ($simple ? '&simple=1' : ''));
176: return $this;
177: } else {
178: $session->addNotice($this->__('The application access request is rejected.'));
179: }
180: } catch (Mage_Core_Exception $e) {
181: $session->addError($e->getMessage());
182: } catch (Exception $e) {
183: $session->addException($e, $this->__('An error occurred on reject authorize.'));
184: }
185:
186: $this->_initLayoutMessages($this->_sessionName);
187: $this->renderLayout();
188:
189: return $this;
190: }
191:
192: /**
193: * Index action.
194: *
195: * @return void
196: */
197: public function indexAction()
198: {
199: $this->_initForm();
200: $this->_initLayoutMessages($this->_sessionName);
201: $this->renderLayout();
202: }
203:
204: /**
205: * OAuth authorize or allow decline access simple page
206: *
207: * @return void
208: */
209: public function simpleAction()
210: {
211: $this->_initForm(true);
212: $this->_initLayoutMessages($this->_sessionName);
213: $this->renderLayout();
214: }
215:
216: /**
217: * Confirm token authorization action
218: */
219: public function confirmAction()
220: {
221: $this->_initConfirmPage();
222: }
223:
224: /**
225: * Confirm token authorization simple page
226: */
227: public function confirmSimpleAction()
228: {
229: $this->_initConfirmPage(true);
230: }
231:
232: /**
233: * Reject token authorization action
234: */
235: public function rejectAction()
236: {
237: $this->_initRejectPage();
238: }
239:
240: /**
241: * Reject token authorization simple page
242: */
243: public function rejectSimpleAction()
244: {
245: $this->_initRejectPage(true);
246: }
247: }
248: