You are here

class LingotekOAuthServer in Lingotek Translation 7.4

Same name and namespace in other branches
  1. 7.7 lib/oauth-php/library/LingotekOAuthServer.php \LingotekOAuthServer
  2. 7.5 lib/oauth-php/library/LingotekOAuthServer.php \LingotekOAuthServer
  3. 7.6 lib/oauth-php/library/LingotekOAuthServer.php \LingotekOAuthServer

Hierarchy

Expanded class hierarchy of LingotekOAuthServer

1 string reference to 'LingotekOAuthServer'
LingotekOAuthRequestLogger::flush in lib/oauth-php/library/LingotekOAuthRequestLogger.php
* Logs the request to the database, sends any cached output. * Also called on shutdown, to make sure we always log the request being handled.

File

lib/oauth-php/library/LingotekOAuthServer.php, line 37

View source
class LingotekOAuthServer extends LingotekOAuthRequestVerifier {
  protected $session;
  protected $allowed_uri_schemes = array(
    'http',
    'https',
  );
  protected $disallowed_uri_schemes = array(
    'file',
    'callto',
    'mailto',
  );

  /**
   * Construct the request to be verified
   *
   * @param string request
   * @param string method
   * @param array params The request parameters
   * @param string store The session storage class.
   * @param array store_options The session storage class parameters.
   * @param array options Extra options:
   *   - allowed_uri_schemes: list of allowed uri schemes.
   *   - disallowed_uri_schemes: list of unallowed uri schemes.
   *
   * e.g. Allow only http and https
   * $options = array(
   *     'allowed_uri_schemes' => array('http', 'https'),
   *     'disallowed_uri_schemes' => array()
   * );
   *
   * e.g. Disallow callto, mailto and file, allow everything else
   * $options = array(
   *     'allowed_uri_schemes' => array(),
   *     'disallowed_uri_schemes' => array('callto', 'mailto', 'file')
   * );
   *
   * e.g. Allow everything
   * $options = array(
   *     'allowed_uri_schemes' => array(),
   *     'disallowed_uri_schemes' => array()
   * );
   *
   */
  function __construct($uri = null, $method = null, $params = null, $store = 'SESSION', $store_options = array(), $options = array()) {
    parent::__construct($uri, $method, $params);
    $this->session = OAuthSession::instance($store, $store_options);
    if (array_key_exists('allowed_uri_schemes', $options) && is_array($options['allowed_uri_schemes'])) {
      $this->allowed_uri_schemes = $options['allowed_uri_schemes'];
    }
    if (array_key_exists('disallowed_uri_schemes', $options) && is_array($options['disallowed_uri_schemes'])) {
      $this->disallowed_uri_schemes = $options['disallowed_uri_schemes'];
    }
  }

  /**
   * Handle the request_token request.
   * Returns the new request token and request token secret.
   *
   * TODO: add correct result code to exception
   *
   * @return string 	returned request token, false on an error
   */
  public function requestToken() {
    LingotekOAuthRequestLogger::start($this);
    try {
      $this
        ->verify(false);
      $options = array();
      $ttl = $this
        ->getParam('xoauth_token_ttl', false);
      if ($ttl) {
        $options['token_ttl'] = $ttl;
      }

      // 1.0a Compatibility : associate callback url to the request token
      $cbUrl = $this
        ->getParam('oauth_callback', true);
      if ($cbUrl) {
        $options['oauth_callback'] = $cbUrl;
      }

      // Create a request token
      $store = OAuthStore::instance();
      $token = $store
        ->addConsumerRequestToken($this
        ->getParam('oauth_consumer_key', true), $options);
      $result = 'oauth_callback_confirmed=1&oauth_token=' . $this
        ->urlencode($token['token']) . '&oauth_token_secret=' . $this
        ->urlencode($token['token_secret']);
      if (!empty($token['token_ttl'])) {
        $result .= '&xoauth_token_ttl=' . $this
          ->urlencode($token['token_ttl']);
      }
      $request_token = $token['token'];
      header('HTTP/1.1 200 OK');
      header('Content-Length: ' . strlen($result));
      header('Content-Type: application/x-www-form-urlencoded');
      echo $result;
    } catch (OAuthException2 $e) {
      $request_token = false;
      header('HTTP/1.1 401 Unauthorized');
      header('Content-Type: text/plain');
      echo "OAuth Verification Failed: " . $e
        ->getMessage();
    }
    LingotekOAuthRequestLogger::flush();
    return $request_token;
  }

  /**
   * Verify the start of an authorization request.  Verifies if the request token is valid.
   * Next step is the method authorizeFinish()
   *
   * Nota bene: this stores the current token, consumer key and callback in the _SESSION
   *
   * @exception OAuthException2 thrown when not a valid request
   * @return array token description
   */
  public function authorizeVerify() {
    LingotekOAuthRequestLogger::start($this);
    $store = OAuthStore::instance();
    $token = $this
      ->getParam('oauth_token', true);
    $rs = $store
      ->getConsumerRequestToken($token);
    if (empty($rs)) {
      throw new OAuthException2('Unknown request token "' . $token . '"');
    }

    // We need to remember the callback
    $verify_oauth_token = $this->session
      ->get('verify_oauth_token');
    if (empty($verify_oauth_token) || strcmp($verify_oauth_token, $rs['token'])) {
      $this->session
        ->set('verify_oauth_token', $rs['token']);
      $this->session
        ->set('verify_oauth_consumer_key', $rs['consumer_key']);
      $cb = $this
        ->getParam('oauth_callback', true);
      if ($cb) {
        $this->session
          ->set('verify_oauth_callback', $cb);
      }
      else {
        $this->session
          ->set('verify_oauth_callback', $rs['callback_url']);
      }
    }
    LingotekOAuthRequestLogger::flush();
    return $rs;
  }

  /**
   * Overrule this method when you want to display a nice page when
   * the authorization is finished.  This function does not know if the authorization was
   * succesfull, you need to check the token in the database.
   *
   * @param boolean authorized	if the current token (oauth_token param) is authorized or not
   * @param int user_id			user for which the token was authorized (or denied)
   * @return string verifier  For 1.0a Compatibility
   */
  public function authorizeFinish($authorized, $user_id) {
    LingotekOAuthRequestLogger::start($this);
    $token = $this
      ->getParam('oauth_token', true);
    $verifier = null;
    if ($this->session
      ->get('verify_oauth_token') == $token) {

      // Flag the token as authorized, or remove the token when not authorized
      $store = OAuthStore::instance();

      // Fetch the referrer host from the oauth callback parameter
      $referrer_host = '';
      $oauth_callback = false;
      $verify_oauth_callback = $this->session
        ->get('verify_oauth_callback');
      if (!empty($verify_oauth_callback) && $verify_oauth_callback != 'oob') {

        // OUT OF BAND
        $oauth_callback = $this->session
          ->get('verify_oauth_callback');
        $ps = parse_url($oauth_callback);
        if (isset($ps['host'])) {
          $referrer_host = $ps['host'];
        }
      }
      if ($authorized) {
        LingotekOAuthRequestLogger::addNote('Authorized token "' . $token . '" for user ' . $user_id . ' with referrer "' . $referrer_host . '"');

        // 1.0a Compatibility : create a verifier code
        $verifier = $store
          ->authorizeConsumerRequestToken($token, $user_id, $referrer_host);
      }
      else {
        LingotekOAuthRequestLogger::addNote('Authorization rejected for token "' . $token . '" for user ' . $user_id . "\nToken has been deleted");
        $store
          ->deleteConsumerRequestToken($token);
      }
      if (!empty($oauth_callback)) {
        $params = array(
          'oauth_token' => rawurlencode($token),
        );

        // 1.0a Compatibility : if verifier code has been generated, add it to the URL
        if ($verifier) {
          $params['oauth_verifier'] = $verifier;
        }
        $uri = preg_replace('/\\s/', '%20', $oauth_callback);
        if (!empty($this->allowed_uri_schemes)) {
          if (!in_array(substr($uri, 0, strpos($uri, '://')), $this->allowed_uri_schemes)) {
            throw new OAuthException2('Illegal protocol in redirect uri ' . $uri);
          }
        }
        else {
          if (!empty($this->disallowed_uri_schemes)) {
            if (in_array(substr($uri, 0, strpos($uri, '://')), $this->disallowed_uri_schemes)) {
              throw new OAuthException2('Illegal protocol in redirect uri ' . $uri);
            }
          }
        }
        $this
          ->redirect($oauth_callback, $params);
      }
    }
    LingotekOAuthRequestLogger::flush();
    return $verifier;
  }

  /**
   * Exchange a request token for an access token.
   * The exchange is only succesful iff the request token has been authorized.
   *
   * Never returns, calls exit() when token is exchanged or when error is returned.
   */
  public function accessToken() {
    LingotekOAuthRequestLogger::start($this);
    try {
      $this
        ->verify('request');
      $options = array();
      $ttl = $this
        ->getParam('xoauth_token_ttl', false);
      if ($ttl) {
        $options['token_ttl'] = $ttl;
      }
      $verifier = $this
        ->getParam('oauth_verifier', false);
      if ($verifier) {
        $options['verifier'] = $verifier;
      }
      $store = OAuthStore::instance();
      $token = $store
        ->exchangeConsumerRequestForAccessToken($this
        ->getParam('oauth_token', true), $options);
      $result = 'oauth_token=' . $this
        ->urlencode($token['token']) . '&oauth_token_secret=' . $this
        ->urlencode($token['token_secret']);
      if (!empty($token['token_ttl'])) {
        $result .= '&xoauth_token_ttl=' . $this
          ->urlencode($token['token_ttl']);
      }
      header('HTTP/1.1 200 OK');
      header('Content-Length: ' . strlen($result));
      header('Content-Type: application/x-www-form-urlencoded');
      echo $result;
    } catch (OAuthException2 $e) {
      header('HTTP/1.1 401 Access Denied');
      header('Content-Type: text/plain');
      echo "OAuth Verification Failed: " . $e
        ->getMessage();
    }
    LingotekOAuthRequestLogger::flush();
    exit;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
LingotekOAuthRequest::$body protected property
LingotekOAuthRequest::$headers protected property
LingotekOAuthRequest::$method protected property
LingotekOAuthRequest::$param protected property
LingotekOAuthRequest::$realm protected property
LingotekOAuthRequest::$uri protected property
LingotekOAuthRequest::$uri_parts protected property
LingotekOAuthRequest::calculateDataSignature function * Calculate the signature of a string. * Uses the signature method from the current parameters. * *
LingotekOAuthRequest::calculateSignature function * Calculate the signature of the request, using the method in oauth_signature_method. * The signature is returned encoded in the form as used in the url. So the base64 and * urlencoding has been done. * *
LingotekOAuthRequest::checks function * Perform some sanity checks. * * @exception OAuthException2 thrown when sanity checks failed
LingotekOAuthRequest::defaultPortForScheme protected function * Return the default port for a scheme * *
LingotekOAuthRequest::getBody function * Return the body of the OAuth request. * *
LingotekOAuthRequest::getMethod function * Return the request method * *
LingotekOAuthRequest::getNormalizedParams function * Return the complete parameter string for the signature check. * All parameters are correctly urlencoded and sorted on name and value * *
LingotekOAuthRequest::getParam function * Get a parameter, value is always urlencoded * *
LingotekOAuthRequest::getRequestBody private function * Get the body of a POST or PUT. * * Used for fetching the post parameters and to calculate the body signature. * *
LingotekOAuthRequest::getRequestBodyOfMultipart private function * Get the body of a POST with multipart/form-data by Edison tsai on 16:52 2010/09/16 * * Used for fetching the post parameters and to calculate the body signature. * *
LingotekOAuthRequest::getRequestContentType private function * Fetch the content type of the current request * *
LingotekOAuthRequest::getRequestUrl function * Return the normalised url for signature checks
LingotekOAuthRequest::getSignatureMethod function * Fetch the signature object used for calculating and checking the signature base string * *
LingotekOAuthRequest::parseHeaders private function * Parse the oauth parameters from the request headers * Looks for something like: * Authorization: OAuth…
LingotekOAuthRequest::parseUri protected function * Parse the uri into its parts. Fill in the missing parts. * *
LingotekOAuthRequest::redirect public function * Simple function to perform a redirect (GET). * Redirects the User-Agent, does not return. * *
LingotekOAuthRequest::selectSignatureMethod public function * Select a signature method from the list of available methods. * We try to check the most secure methods first. * * @todo Let the signature method tell us how secure it is *
LingotekOAuthRequest::setBody function * Return the body of the OAuth request. * *
LingotekOAuthRequest::setParam function * Set a parameter * *
LingotekOAuthRequest::signatureBaseString function * Return the signature base string. * Note that we can't use rawurlencode due to specified use of RFC3986. * *
LingotekOAuthRequest::transcodeParams protected function * Re-encode all parameters so that they are encoded using RFC3986. * Updates the $this->param attribute.
LingotekOAuthRequest::urldecode function * Decode a string according to RFC3986. * Also correctly decodes RFC1738 urls. * *
LingotekOAuthRequest::urlencode function * Encode a string according to the RFC3986 * *
LingotekOAuthRequest::urltranscode function * urltranscode - make sure that a value is encoded using RFC3986. * We use a basic urldecode() function so that any use of '+' as the * encoding of the space character is correctly handled. * *
LingotekOAuthRequestVerifier::$accepted_signatures private property
LingotekOAuthRequestVerifier::$request private property
LingotekOAuthRequestVerifier::$store private property
LingotekOAuthRequestVerifier::requestIsSigned public static function * See if the current request is signed with OAuth * *
LingotekOAuthRequestVerifier::setAcceptedSignatureMethods public function * *
LingotekOAuthRequestVerifier::verify public function * Verify the request * *
LingotekOAuthRequestVerifier::verifyDataSignature public function * Verify the signature of a string. * *
LingotekOAuthRequestVerifier::verifyExtended public function * Verify the request * *
LingotekOAuthRequestVerifier::verifyIfSigned public function * Verify the request if it seemed to be signed. * *
LingotekOAuthRequestVerifier::verifySignature public function * Verify the signature of the request, using the method in oauth_signature_method. * The signature is returned encoded in the form as used in the url. So the base64 and * urlencoding has been done. * *
LingotekOAuthServer::$allowed_uri_schemes protected property
LingotekOAuthServer::$disallowed_uri_schemes protected property
LingotekOAuthServer::$session protected property
LingotekOAuthServer::accessToken public function * Exchange a request token for an access token. * The exchange is only succesful iff the request token has been authorized. * * Never returns, calls exit() when token is exchanged or when error is returned.
LingotekOAuthServer::authorizeFinish public function * Overrule this method when you want to display a nice page when * the authorization is finished. This function does not know if the authorization was * succesfull, you need to check the token in the database. * *
LingotekOAuthServer::authorizeVerify public function * Verify the start of an authorization request. Verifies if the request token is valid. * Next step is the method authorizeFinish() * * Nota bene: this stores the current token, consumer key and callback in the _SESSION * * @exception…
LingotekOAuthServer::requestToken public function * Handle the request_token request. * Returns the new request token and request token secret. * * TODO: add correct result code to exception * *
LingotekOAuthServer::__construct function * Construct the request to be verified * * Overrides LingotekOAuthRequestVerifier::__construct