class sOAuthServer in jQuery social stream 7
Same name and namespace in other branches
- 7.2 jquery_social_stream.js.inc \sOAuthServer
Hierarchy
- class \sOAuthServer
Expanded class hierarchy of sOAuthServer
File
- ./
jquery_social_stream.js.inc, line 813 - JS callbacks.
View source
class sOAuthServer {
protected $timestamp_threshold = 300;
// in seconds, five minutes
protected $version = '1.0';
// hi blaine
protected $signature_methods = array();
protected $data_store;
function __construct($data_store) {
$this->data_store = $data_store;
}
public function add_signature_method($signature_method) {
$this->signature_methods[$signature_method
->get_name()] = $signature_method;
}
// high level functions
/**
* process a request_token request
* returns the request token on success
*/
public function fetch_request_token(&$request) {
$this
->get_version($request);
$consumer = $this
->get_consumer($request);
// no token required for the initial token request
$token = NULL;
$this
->check_signature($request, $consumer, $token);
// Rev A change
$callback = $request
->get_parameter('oauth_callback');
$new_token = $this->data_store
->new_request_token($consumer, $callback);
return $new_token;
}
/**
* process an access_token request
* returns the access token on success
*/
public function fetch_access_token(&$request) {
$this
->get_version($request);
$consumer = $this
->get_consumer($request);
// requires authorized request token
$token = $this
->get_token($request, $consumer, "request");
$this
->check_signature($request, $consumer, $token);
// Rev A change
$verifier = $request
->get_parameter('oauth_verifier');
$new_token = $this->data_store
->new_access_token($token, $consumer, $verifier);
return $new_token;
}
/**
* verify an api call, checks all the parameters
*/
public function verify_request(&$request) {
$this
->get_version($request);
$consumer = $this
->get_consumer($request);
$token = $this
->get_token($request, $consumer, "access");
$this
->check_signature($request, $consumer, $token);
return array(
$consumer,
$token,
);
}
// Internals from here
/**
* version 1
*/
private function get_version(&$request) {
$version = $request
->get_parameter("oauth_version");
if (!$version) {
// Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
// Chapter 7.0 ("Accessing Protected Ressources")
$version = '1.0';
}
if ($version !== $this->version) {
throw new sOAuthException("sOAuth version '{$version}' not supported");
}
return $version;
}
/**
* figure out the signature with some defaults
*/
private function get_signature_method(&$request) {
$signature_method = @$request
->get_parameter("oauth_signature_method");
if (!$signature_method) {
// According to chapter 7 ("Accessing Protected Ressources") the signature-method
// parameter is required, and we can't just fallback to PLAINTEXT
throw new sOAuthException('No signature method parameter. This parameter is required');
}
if (!in_array($signature_method, array_keys($this->signature_methods))) {
throw new sOAuthException("Signature method '{$signature_method}' not supported " . "try one of the following: " . implode(", ", array_keys($this->signature_methods)));
}
return $this->signature_methods[$signature_method];
}
/**
* try to find the consumer for the provided request's consumer key
*/
private function get_consumer(&$request) {
$consumer_key = @$request
->get_parameter("oauth_consumer_key");
if (!$consumer_key) {
throw new sOAuthException("Invalid consumer key");
}
$consumer = $this->data_store
->lookup_consumer($consumer_key);
if (!$consumer) {
throw new sOAuthException("Invalid consumer");
}
return $consumer;
}
/**
* try to find the token for the provided request's token key
*/
private function get_token(&$request, $consumer, $token_type = "access") {
$token_field = @$request
->get_parameter('oauth_token');
$token = $this->data_store
->lookup_token($consumer, $token_type, $token_field);
if (!$token) {
throw new sOAuthException("Invalid {$token_type} token: {$token_field}");
}
return $token;
}
/**
* all-in-one function to check the signature on a request
* should guess the signature method appropriately
*/
private function check_signature(&$request, $consumer, $token) {
// this should probably be in a different method
$timestamp = @$request
->get_parameter('oauth_timestamp');
$nonce = @$request
->get_parameter('oauth_nonce');
$this
->check_timestamp($timestamp);
$this
->check_nonce($consumer, $token, $nonce, $timestamp);
$signature_method = $this
->get_signature_method($request);
$signature = $request
->get_parameter('oauth_signature');
$valid_sig = $signature_method
->check_signature($request, $consumer, $token, $signature);
if (!$valid_sig) {
throw new sOAuthException("Invalid signature");
}
}
/**
* check that the timestamp is new enough
*/
private function check_timestamp($timestamp) {
if (!$timestamp) {
throw new sOAuthException('Missing timestamp parameter. The parameter is required');
}
// verify that timestamp is recentish
$now = time();
if (abs($now - $timestamp) > $this->timestamp_threshold) {
throw new sOAuthException("Expired timestamp, yours {$timestamp}, ours {$now}");
}
}
/**
* check that the nonce is not repeated
*/
private function check_nonce($consumer, $token, $nonce, $timestamp) {
if (!$nonce) {
throw new sOAuthException('Missing nonce parameter. The parameter is required');
}
// verify that the nonce is uniqueish
$found = $this->data_store
->lookup_nonce($consumer, $token, $nonce, $timestamp);
if ($found) {
throw new sOAuthException("Nonce already used: {$nonce}");
}
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
sOAuthServer:: |
protected | property | ||
sOAuthServer:: |
protected | property | ||
sOAuthServer:: |
protected | property | ||
sOAuthServer:: |
protected | property | ||
sOAuthServer:: |
public | function | ||
sOAuthServer:: |
private | function | check that the nonce is not repeated | |
sOAuthServer:: |
private | function | all-in-one function to check the signature on a request should guess the signature method appropriately | |
sOAuthServer:: |
private | function | check that the timestamp is new enough | |
sOAuthServer:: |
public | function | process an access_token request returns the access token on success | |
sOAuthServer:: |
public | function | process a request_token request returns the request token on success | |
sOAuthServer:: |
private | function | try to find the consumer for the provided request's consumer key | |
sOAuthServer:: |
private | function | figure out the signature with some defaults | |
sOAuthServer:: |
private | function | try to find the token for the provided request's token key | |
sOAuthServer:: |
private | function | version 1 | |
sOAuthServer:: |
public | function | verify an api call, checks all the parameters | |
sOAuthServer:: |
function |