Redirect the user after authorization

rmccue · rmccue · commit 4b05d5e33538 · 2014-04-13T19:29:46.000+10:00
diff --git a/lib/class-wp-json-authentication-oauth1-authorize.php b/lib/class-wp-json-authentication-oauth1-authorize.php
@@ -67,7 +67,16 @@ public function render_page() {
 
 			switch ( $_POST['wp-submit'] ) {
 				case 'authorize':
-					$authenticator->authorize_request_token( $this->token['key'] );
+					$verifier = $authenticator->authorize_request_token( $this->token['key'] );
+					if ( is_wp_error( $verifier ) ) {
+						$this->display_error( $error );
+						exit;
+					}
+
+					$error = $this->handle_callback_redirect( $verifier );
+					if ( is_wp_error( $error ) ) {
+						$this->display_error( $error );
+					}
 					exit;
 
 				case 'cancel':
@@ -102,6 +111,47 @@ public function page_fields() {
 		wp_nonce_field( 'json_oauth1_authorize' );
 	}
 
+	/**
+	 * Handle redirecting the user after authorization
+	 *
+	 * @param string $verifier Verification code
+	 * @return null|WP_Error Null on success, error otherwise
+	 */
+	public function handle_callback_redirect( $verifier ) {
+		$callback = $this->token['callback'];
+		if ( $callback === 'oob' || empty( $callback ) ) {
+			return apply_filters( 'json_oauth1_handle_callback', null, $this->token );
+		}
+
+		if ( empty( $callback ) ) {
+			// No callback registered, display verification code to the user
+			login_header( __( 'Access Token' ) );
+			echo '<p>' . sprintf( __( 'Your access token is <code>%s</code>' ), $verifier ) . '</p>';
+			login_footer();
+
+			return null;
+		}
+
+		// Ensure the URL is safe to access
+		$callback = wp_http_validate_url( $callback );
+		if ( empty( $callback ) ) {
+			return new WP_Error( 'json_oauth1_invalid_callback', __( 'The callback URL is invalid' ), array( 'status' => 400 ) );
+		}
+
+		$args = array(
+			'oauth_token' => $this->token['key'],
+			'oauth_verifier' => $verifier,
+			'wp_scope' => '*',
+		);
+		$args = apply_filters( 'json_oauth1_callback_args', $args, $token );
+		$args = urlencode_deep( $args );
+		$callback = add_query_arg( $args, $callback );
+
+		wp_redirect( $callback );
+
+		return null;
+	}
+
 	/**
 	 * Display an error using login page wrapper
 	 *
