* @copyright 2014 Christian Weiske * @license http://www.gnu.org/licenses/agpl.html GNU AGPL v3 * @link http://cweiske.de/grauphel.htm */ namespace OCA\Grauphel\Controller; use \OCP\AppFramework\Controller; use \OCA\Grauphel\Lib\Dependencies; use \OCA\Grauphel\Lib\OAuthException; use \OCA\Grauphel\Lib\Response\ErrorResponse; use \OCA\Grauphel\Lib\TokenStorage; /** * OAuth token management * * @category Tools * @package Grauphel * @author Christian Weiske * @copyright 2014 Christian Weiske * @license http://www.gnu.org/licenses/agpl.html GNU AGPL v3 * @version Release: @package_version@ * @link http://cweiske.de/grauphel.htm */ class TokenController extends Controller { /** * constructor of the controller * * @param string $appName Name of the app * @param IRequest $request Instance of the request */ public function __construct($appName, \OCP\IRequest $request, $user) { parent::__construct($appName, $request); $this->user = $user; //default http header: we assume something is broken header('HTTP/1.0 500 Internal Server Error'); } /** * Delete access tokens * DELETE /tokens/$username/$tokenKey * * @NoAdminRequired * @NoCSRFRequired */ public function delete($username, $tokenKey) { if (false && ($this->user === null || $this->user->getUid() != $username)) { $res = new ErrorResponse('You may only delete your own tokens.'); $res->setStatus(\OCP\AppFramework\Http::STATUS_FORBIDDEN); return $res; } $deps = Dependencies::get(); try { $token = $deps->tokens->load('access', $tokenKey); } catch (OAuthException $e) { $res = new ErrorResponse('Token not found.'); $res->setStatus(\OCP\AppFramework\Http::STATUS_NOT_FOUND); return $res; } if ($username != $token->user) { $res = new ErrorResponse('You may only delete your own tokens.'); $res->setStatus(\OCP\AppFramework\Http::STATUS_FORBIDDEN); return $res; } $deps->tokens->delete('access', $tokenKey); $res = new \OCP\AppFramework\Http\Response(); $res->setStatus(\OCP\AppFramework\Http::STATUS_NO_CONTENT); return $res; } } ?>