You are here

class LingotekOAuthRequestVerifier in Lingotek Translation 7.7

Same name and namespace in other branches
  1. 7.4 lib/oauth-php/library/LingotekOAuthRequestVerifier.php \LingotekOAuthRequestVerifier
  2. 7.5 lib/oauth-php/library/LingotekOAuthRequestVerifier.php \LingotekOAuthRequestVerifier
  3. 7.6 lib/oauth-php/library/LingotekOAuthRequestVerifier.php \LingotekOAuthRequestVerifier

Hierarchy

Expanded class hierarchy of LingotekOAuthRequestVerifier

1 string reference to 'LingotekOAuthRequestVerifier'
LingotekOAuthRequestLogger::flush in lib/oauth-php/library/LingotekOAuthRequestLogger.php
* Logs the request to the database, sends any cached output. * Also called on shutdown, to make sure we always log the request being handled.

File

lib/oauth-php/library/LingotekOAuthRequestVerifier.php, line 39

View source
class LingotekOAuthRequestVerifier extends LingotekOAuthRequest {
  private $request;
  private $store;
  private $accepted_signatures = null;

  /**
   * Construct the request to be verified
   *
   * @param string request
   * @param string method
   * @param array params The request parameters
   */
  function __construct($uri = null, $method = null, $params = null) {
    if ($params) {
      $encodedParams = array();
      foreach ($params as $key => $value) {
        if (preg_match("/^oauth_/", $key)) {
          continue;
        }
        $encodedParams[rawurlencode($key)] = rawurlencode($value);
      }
      $this->param = array_merge($this->param, $encodedParams);
    }
    $this->store = OAuthStore::instance();
    parent::__construct($uri, $method);
    LingotekOAuthRequestLogger::start($this);
  }

  /**
   * See if the current request is signed with OAuth
   *
   * @return boolean
   */
  public static function requestIsSigned() {
    if (isset($_REQUEST['oauth_signature'])) {
      $signed = true;
    }
    else {
      $hs = LingotekOAuthRequestLogger::getAllHeaders();
      if (isset($hs['Authorization']) && strpos($hs['Authorization'], 'oauth_signature') !== false) {
        $signed = true;
      }
      else {
        $signed = false;
      }
    }
    return $signed;
  }

  /**
   * Verify the request if it seemed to be signed.
   *
   * @param string token_type the kind of token needed, defaults to 'access'
   * @exception OAuthException2 thrown when the request did not verify
   * @return boolean	true when signed, false when not signed
   */
  public function verifyIfSigned($token_type = 'access') {
    if ($this
      ->getParam('oauth_consumer_key')) {
      LingotekOAuthRequestLogger::start($this);
      $this
        ->verify($token_type);
      $signed = true;
      LingotekOAuthRequestLogger::flush();
    }
    else {
      $signed = false;
    }
    return $signed;
  }

  /**
   * Verify the request
   *
   * @param string token_type the kind of token needed, defaults to 'access' (false, 'access', 'request')
   * @exception OAuthException2 thrown when the request did not verify
   * @return int user_id associated with token (false when no user associated)
   */
  public function verify($token_type = 'access') {
    $retval = $this
      ->verifyExtended($token_type);
    return $retval['user_id'];
  }

  /**
   * Verify the request
   *
   * @param string token_type the kind of token needed, defaults to 'access' (false, 'access', 'request')
   * @exception OAuthException2 thrown when the request did not verify
   * @return array ('user_id' => associated with token (false when no user associated),
   *  'consumer_key' => the associated consumer_key)
   *
   */
  public function verifyExtended($token_type = 'access') {
    $consumer_key = $this
      ->getParam('oauth_consumer_key');
    $token = $this
      ->getParam('oauth_token');
    $user_id = false;
    $secrets = array();
    if ($consumer_key && ($token_type === false || $token)) {
      $secrets = $this->store
        ->getSecretsForVerify($this
        ->urldecode($consumer_key), $this
        ->urldecode($token), $token_type);
      $this->store
        ->checkServerNonce($this
        ->urldecode($consumer_key), $this
        ->urldecode($token), $this
        ->getParam('oauth_timestamp', true), $this
        ->getParam('oauth_nonce', true));
      $oauth_sig = $this
        ->getParam('oauth_signature');
      if (empty($oauth_sig)) {
        throw new OAuthException2('Verification of signature failed (no oauth_signature in request).');
      }
      try {
        $this
          ->verifySignature($secrets['consumer_secret'], $secrets['token_secret'], $token_type);
      } catch (OAuthException2 $e) {
        throw new OAuthException2('Verification of signature failed (signature base string was "' . $this
          ->signatureBaseString() . '").' . " with  " . print_r(array(
          $secrets['consumer_secret'],
          $secrets['token_secret'],
          $token_type,
        ), true));
      }

      // Check the optional body signature
      if ($this
        ->getParam('xoauth_body_signature')) {
        $method = $this
          ->getParam('xoauth_body_signature_method');
        if (empty($method)) {
          $method = $this
            ->getParam('oauth_signature_method');
        }
        try {
          $this
            ->verifyDataSignature($this
            ->getBody(), $secrets['consumer_secret'], $secrets['token_secret'], $method, $this
            ->getParam('xoauth_body_signature'));
        } catch (OAuthException2 $e) {
          throw new OAuthException2('Verification of body signature failed.');
        }
      }

      // All ok - fetch the user associated with this request
      if (isset($secrets['user_id'])) {
        $user_id = $secrets['user_id'];
      }

      // Check if the consumer wants us to reset the ttl of this token
      $ttl = $this
        ->getParam('xoauth_token_ttl', true);
      if (is_numeric($ttl)) {
        $this->store
          ->setConsumerAccessTokenTtl($this
          ->urldecode($token), $ttl);
      }
    }
    else {
      throw new OAuthException2('Can\'t verify request, missing oauth_consumer_key or oauth_token');
    }
    return array(
      'user_id' => $user_id,
      'consumer_key' => $consumer_key,
      'osr_id' => $secrets['osr_id'],
    );
  }

  /**
   * Verify the signature of the request, using the method in oauth_signature_method.
   * The signature is returned encoded in the form as used in the url.  So the base64 and
   * urlencoding has been done.
   *
   * @param string consumer_secret
   * @param string token_secret
   * @exception OAuthException2 thrown when the signature method is unknown
   * @exception OAuthException2 when not all parts available
   * @exception OAuthException2 when signature does not match
   */
  public function verifySignature($consumer_secret, $token_secret, $token_type = 'access') {
    $required = array(
      'oauth_consumer_key',
      'oauth_signature_method',
      'oauth_timestamp',
      'oauth_nonce',
      'oauth_signature',
    );
    if ($token_type !== false) {
      $required[] = 'oauth_token';
    }
    foreach ($required as $req) {
      if (!isset($this->param[$req])) {
        throw new OAuthException2('Can\'t verify request signature, missing parameter "' . $req . '"');
      }
    }
    $this
      ->checks();
    $base = $this
      ->signatureBaseString();
    $this
      ->verifyDataSignature($base, $consumer_secret, $token_secret, $this->param['oauth_signature_method'], $this->param['oauth_signature']);
  }

  /**
   * Verify the signature of a string.
   *
   * @param string 	data
   * @param string	consumer_secret
   * @param string	token_secret
   * @param string 	signature_method
   * @param string 	signature
   * @exception OAuthException2 thrown when the signature method is unknown
   * @exception OAuthException2 when signature does not match
   */
  public function verifyDataSignature($data, $consumer_secret, $token_secret, $signature_method, $signature) {
    if (is_null($data)) {
      $data = '';
    }
    $sig = $this
      ->getSignatureMethod($signature_method);
    if (!$sig
      ->verify($this, $data, $consumer_secret, $token_secret, $signature)) {
      throw new OAuthException2('Signature verification failed (' . $signature_method . ')');
    }
  }

  /**
   *
   * @param array $accepted The array of accepted signature methods, or if null is passed
   * all supported methods are accepted and there is no filtering.
   *
   */
  public function setAcceptedSignatureMethods($accepted = null) {
    if (is_array($accepted)) {
      $this->accepted_signatures = $accepted;
    }
    else {
      if ($accepted == null) {
        $this->accepted_signatures = null;
      }
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
LingotekOAuthRequest::$body protected property
LingotekOAuthRequest::$headers protected property
LingotekOAuthRequest::$method protected property
LingotekOAuthRequest::$param protected property
LingotekOAuthRequest::$realm protected property
LingotekOAuthRequest::$uri protected property
LingotekOAuthRequest::$uri_parts protected property
LingotekOAuthRequest::calculateDataSignature function * Calculate the signature of a string. * Uses the signature method from the current parameters. * *
LingotekOAuthRequest::calculateSignature function * Calculate the signature of the request, using the method in oauth_signature_method. * The signature is returned encoded in the form as used in the url. So the base64 and * urlencoding has been done. * *
LingotekOAuthRequest::checks function * Perform some sanity checks. * * @exception OAuthException2 thrown when sanity checks failed
LingotekOAuthRequest::defaultPortForScheme protected function * Return the default port for a scheme * *
LingotekOAuthRequest::getBody function * Return the body of the OAuth request. * *
LingotekOAuthRequest::getMethod function * Return the request method * *
LingotekOAuthRequest::getNormalizedParams function * Return the complete parameter string for the signature check. * All parameters are correctly urlencoded and sorted on name and value * *
LingotekOAuthRequest::getParam function * Get a parameter, value is always urlencoded * *
LingotekOAuthRequest::getRequestBody private function * Get the body of a POST or PUT. * * Used for fetching the post parameters and to calculate the body signature. * *
LingotekOAuthRequest::getRequestBodyOfMultipart private function * Get the body of a POST with multipart/form-data by Edison tsai on 16:52 2010/09/16 * * Used for fetching the post parameters and to calculate the body signature. * *
LingotekOAuthRequest::getRequestContentType private function * Fetch the content type of the current request * *
LingotekOAuthRequest::getRequestUrl function * Return the normalised url for signature checks
LingotekOAuthRequest::getSignatureMethod function * Fetch the signature object used for calculating and checking the signature base string * *
LingotekOAuthRequest::parseHeaders private function * Parse the oauth parameters from the request headers * Looks for something like: * Authorization: OAuth…
LingotekOAuthRequest::parseUri protected function * Parse the uri into its parts. Fill in the missing parts. * *
LingotekOAuthRequest::redirect public function * Simple function to perform a redirect (GET). * Redirects the User-Agent, does not return. * *
LingotekOAuthRequest::selectSignatureMethod public function * Select a signature method from the list of available methods. * We try to check the most secure methods first. * * @todo Let the signature method tell us how secure it is *
LingotekOAuthRequest::setBody function * Return the body of the OAuth request. * *
LingotekOAuthRequest::setParam function * Set a parameter * *
LingotekOAuthRequest::signatureBaseString function * Return the signature base string. * Note that we can't use rawurlencode due to specified use of RFC3986. * *
LingotekOAuthRequest::urldecode function * Decode a string according to RFC3986. * Also correctly decodes RFC1738 urls. * *
LingotekOAuthRequest::urlencode function * Encode a string according to the RFC3986 * *
LingotekOAuthRequest::urltranscode function * urltranscode - make sure that a value is encoded using RFC3986. * We use a basic urldecode() function so that any use of '+' as the * encoding of the space character is correctly handled. * *
LingotekOAuthRequestVerifier::$accepted_signatures private property
LingotekOAuthRequestVerifier::$request private property
LingotekOAuthRequestVerifier::$store private property
LingotekOAuthRequestVerifier::requestIsSigned public static function * See if the current request is signed with OAuth * *
LingotekOAuthRequestVerifier::setAcceptedSignatureMethods public function * *
LingotekOAuthRequestVerifier::verify public function * Verify the request * *
LingotekOAuthRequestVerifier::verifyDataSignature public function * Verify the signature of a string. * *
LingotekOAuthRequestVerifier::verifyExtended public function * Verify the request * *
LingotekOAuthRequestVerifier::verifyIfSigned public function * Verify the request if it seemed to be signed. * *
LingotekOAuthRequestVerifier::verifySignature public function * Verify the signature of the request, using the method in oauth_signature_method. * The signature is returned encoded in the form as used in the url. So the base64 and * urlencoding has been done. * *
LingotekOAuthRequestVerifier::__construct function * Construct the request to be verified * * Overrides LingotekOAuthRequest::__construct 1