dreamnear / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

Bug in OAuthtStoreSQL #42

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Hi there, my application functioned with one active user, but failed with
multiple users. I traced it back to line 324 in OAuthtStoreSQL.php.

$ocr_id = $this->query_one('
  SELECT ocr_id
  FROM oauth_consumer_registry
  WHERE ocr_consumer_key = \'%s\'
  ', $consumer_key);

I think a user ID is missing and it should be:

$ocr_id = $this->query_one('
  SELECT ocr_id
  FROM oauth_consumer_registry
  WHERE ocr_consumer_key = \'%s\' 
  AND ocr_usa_id_ref = \'%s\'
  ', $consumer_key, $user_id);

Please correct me if I'm wrong.

Original issue reported on code.google.com by r.weste...@gmail.com on 21 May 2010 at 2:40

GoogleCodeExporter commented 8 years ago
Should ocr_consumer_key not be unique? If thats true (i think so) 
ocr_usa_id_ref is redundant. Must be another 
fault.

Original comment by fiedler....@gmail.com on 21 May 2010 at 6:21

GoogleCodeExporter commented 8 years ago
The ocr_consumer_key is unique per application. I got one consumer key for 
twitter
and one for foursquare. My application is the consumer and twitter and 
foursquare are
the service providers. 
I followed 
http://code.google.com/p/oauth-php/wiki/ConsumerHowTo#Three-legged_OAuth.
It uses a fixed user_id (I presume user_id is the ID of a user in my 
application).
When I use multiple user_id's multiple records are inserted into
oauth_consumer_registry. I changed the specified query in the callback in order 
to
match the previously inserted records in oauth_consumer_registry.
I do think that this is a bit strange, because I don't see how ocr_usa_id_ref 
has any
value in the oauth_consumer_registry table.

Original comment by r.weste...@gmail.com on 21 May 2010 at 6:56

GoogleCodeExporter commented 8 years ago
ocr_consumer_key is unique per application. What I think you mean is: you have 
one
user with multiple service providers and somehow that is messy for you. 

Anyway, the SVN version has a patch similar to yours applied since r120. May I 
close
this?

Original comment by brunobg%...@gtempaccount.com on 26 May 2010 at 7:43

GoogleCodeExporter commented 8 years ago
ocr_consumer_key is indeed unique per application. I have multiple service 
providers
and multiple users. That's why I ran into problems. 

The patch in r120 is indeed similar to mine. Except the r120 version is better, 
since
it only prints an INT.
We got that cleared up. :)

Besides that it is indeed a bit messy for my needs. I realy don't need all the
records in oauth_consumer_registry. I only need one per service provider, not 
one for
every server provider and every user. It doesn't make sense.

Thnx to get some of this clear. I think it can be closed, since my original 
report is
answered. Thnx again.

Original comment by r.weste...@gmail.com on 26 May 2010 at 7:59

GoogleCodeExporter commented 8 years ago
Note that you can set ocr_usa_id_ref to NULL, or to any value, if you are not 
using
it. Though the oauth_consumer_registry table is useless to you, I'm pretty sure 
it
won't be the bottleneck of you application ;) Thanks for the input!

Original comment by brunobg%...@gtempaccount.com on 26 May 2010 at 8:22

GoogleCodeExporter commented 8 years ago
I know I can set user_id to NULL, but I use it to couple my internal users to
seperate OAuth tokens. But still thnx for the info.
The seemingly redundant rows are certainly not a bottleneck for my application 
;)

Original comment by r.weste...@gmail.com on 26 May 2010 at 8:58