projects
/
authserver.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
remove the saved redirect when it's being used, always accept email scope
[authserver.git]
/
authorize.php
diff --git
a/authorize.php
b/authorize.php
index 2a7e0a5a12b4cdb0f37cc265cfc0cb8ed33377ab..4275254873b22fffd0dfaad35dd9490eff2050c4 100644
(file)
--- a/
authorize.php
+++ b/
authorize.php
@@
-55,8
+55,8
@@
if (!count($errors)) {
exit();
}
exit();
}
- // Display an authorization form.
- if (empty($_POST)) {
+ // Display an authorization form
(unless the scope is email, which we always grant in this system)
.
+ if (empty($_POST)
&& (@$request->query['scope'] != 'email')
) {
$para = $body->appendElement('p', sprintf(_('Hi %s!'), $user['email']));
$para->setAttribute('class', 'userwelcome');
$para = $body->appendElement('p', sprintf(_('Hi %s!'), $user['email']));
$para->setAttribute('class', 'userwelcome');
@@
-71,7
+71,7
@@
if (!count($errors)) {
}
else {
// Handle authorize request, forwarding code in GET parameters if the user has authorized your client.
}
else {
// Handle authorize request, forwarding code in GET parameters if the user has authorized your client.
- $is_authorized = (
$_POST['authorized'] === 'yes'
);
+ $is_authorized = (
($_POST['authorized'] === 'yes') || ($request->query['scope'] == 'email')
);
$server->handleAuthorizeRequest($request, $response, $is_authorized);
/* For testing only
if ($is_authorized) {
$server->handleAuthorizeRequest($request, $response, $is_authorized);
/* For testing only
if ($is_authorized) {