Merge branch 'oauth2-ui-pr' into 'dev'

Oauth2 ui pr

See merge request hubzilla/core!1255

Zotlabs/Module/Settings/Oauth2.php

@@ -10,10 +10,19 @@ class Oauth2 {
 	
 		if(x($_POST,'remove')){
 			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
-			
+			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
+		logger("REMOVE! ".$name." uid: ".local_channel());	
 			$key = $_POST['remove'];
-			q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
+			q("DELETE FROM oauth_authorization_codes WHERE client_id='%s' AND user_id=%d",
-				dbesc($key),
+				dbesc($name),
+				intval(local_channel())
+			);
+			q("DELETE FROM oauth_access_tokens WHERE client_id='%s' AND user_id=%d",
+				dbesc($name),
+				intval(local_channel())
+			);
+			q("DELETE FROM oauth_refresh_tokens WHERE client_id='%s' AND user_id=%d",
+				dbesc($name),
 				intval(local_channel())
 			);
 			goaway(z_root()."/settings/oauth2/");
@@ -45,14 +54,15 @@ class Oauth2 {
 								grant_types = '%s',
 								scope = '%s', 
 								user_id = %d
-							WHERE client_id='%s'",
+							WHERE client_id='%s' and user_id = %s",
 							dbesc($name),
 							dbesc($secret),
 							dbesc($redirect),
 							dbesc($grant),
 							dbesc($scope),
 							intval(local_channel()),
-							dbesc($name));
+							dbesc($name),
+                                                        intval(local_channel()));
 				} else {
 					$r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id)
 						VALUES ('%s','%s','%s','%s','%s',%d)",
@@ -128,6 +138,18 @@ class Oauth2 {
 					dbesc(argv(3)),
 					intval(local_channel())
 			);
+			$r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(3)),
+					intval(local_channel())
+			);
+			$r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(3)),
+					intval(local_channel())
+			);
+			$r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(3)),
+					intval(local_channel())
+			);
 			goaway(z_root()."/settings/oauth2/");
 			return;			
 		}
@@ -135,7 +157,8 @@ class Oauth2 {
 
 		$r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my 
 				FROM oauth_clients
-				LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id
+				LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND
+                                                                 oauth_clients.user_id=oauth_access_tokens.user_id
 				WHERE oauth_clients.user_id IN (%d,0)",
 				intval(local_channel()),
 				intval(local_channel())

view/tpl/settings_oauth2.tpl

@@ -4,8 +4,6 @@
 </div>
 
 <div class="section-content-tools-wrapper">
-<form action="settings/oauth2" method="post" autocomplete="off">
-<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
 
 	<div id="profile-edit-links">
 		<ul>
@@ -16,6 +14,9 @@
 	</div>
 
 	{{foreach $apps as $app}}
+<form action="settings/oauth2" method="post" autocomplete="off">
+<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+<input type='hidden' name='name' value='{{$app.client_id}}'>
 	<div class='oauthapp'>
 		{{if $app.client_id}}<h4>{{$app.client_id}}</h4>{{else}}<h4>{{$noname}}</h4>{{/if}}
 		{{if $app.my}}
@@ -28,8 +29,8 @@
 		<a href="{{$baseurl}}/settings/oauth2/delete/{{$app.client_id}}?t={{$form_security_token}}" title="{{$delete}}"><i class="fa fa-trash-o btn btn-outline-secondary"></i></a>
 		{{/if}}		
 	</div>
+</form>
 	{{/foreach}}
 
-</form>
 </div>
 </div>