You are here

class OAuthRequester in Lingotek Translation 7.2

Same name and namespace in other branches
  1. 7.3 lib/oauth-php/library/OAuthRequester.php \OAuthRequester

Hierarchy

Expanded class hierarchy of OAuthRequester

1 string reference to 'OAuthRequester'
OAuthRequestLogger::flush in lib/oauth-php/library/OAuthRequestLogger.php
* Logs the request to the database, sends any cached output. * Also called on shutdown, to make sure we always log the request being handled.

File

lib/oauth-php/library/OAuthRequester.php, line 37

View source
class OAuthRequester extends OAuthRequestSigner {
  protected $files;

  /**
   * Construct a new request signer.  Perform the request with the doRequest() method below.
   *
   * A request can have either one file or a body, not both.
   *
   * The files array consists of arrays:
   * - file			the filename/path containing the data for the POST/PUT
   * - data			data for the file, omit when you have a file
   * - mime			content-type of the file
   * - filename		filename for content disposition header
   *
   * When OAuth (and PHP) can support multipart/form-data then we can handle more than one file.
   * For now max one file, with all the params encoded in the query string.
   *
   * @param string request
   * @param string method		http method.  GET, PUT, POST etc.
   * @param array params		name=>value array with request parameters
   * @param string body		optional body to send
   * @param array files		optional files to send (max 1 till OAuth support multipart/form-data posts)
   */
  function __construct($request, $method = null, $params = null, $body = null, $files = null) {
    parent::__construct($request, $method, $params, $body);

    // When there are files, then we can construct a POST with a single file
    if (!empty($files)) {
      $empty = true;
      foreach ($files as $f) {
        $empty = $empty && empty($f['file']) && !isset($f['data']);
      }
      if (!$empty) {
        if (!is_null($body)) {
          throw new OAuthException2('When sending files, you can\'t send a body as well.');
        }
        $this->files = $files;
      }
    }
  }

  /**
   * Perform the request, returns the response code, headers and body.
   *
   * @param int usr_id			optional user id for which we make the request
   * @param array curl_options	optional extra options for curl request
   * @param array options			options like name and token_ttl
   * @exception OAuthException2 when authentication not accepted
   * @exception OAuthException2 when signing was not possible
   * @return array (code=>int, headers=>array(), body=>string)
   */
  function doRequest($usr_id = 0, $curl_options = array(), $options = array()) {
    $name = isset($options['name']) ? $options['name'] : '';
    if (isset($options['token_ttl'])) {
      $this
        ->setParam('xoauth_token_ttl', intval($options['token_ttl']));
    }
    if (!empty($this->files)) {

      // At the moment OAuth does not support multipart/form-data, so try to encode
      // the supplied file (or data) as the request body and add a content-disposition header.
      list($extra_headers, $body) = OAuthBodyContentDisposition::encodeBody($this->files);
      $this
        ->setBody($body);
      $curl_options = $this
        ->prepareCurlOptions($curl_options, $extra_headers);
    }
    $this
      ->sign($usr_id, null, $name);
    $text = $this
      ->curl_raw($curl_options);
    $result = $this
      ->curl_parse($text);
    if ($result['code'] >= 400) {
      throw new OAuthException2('Request failed with code ' . $result['code'] . ': ' . $result['body']);
    }

    // Record the token time to live for this server access token, immediate delete iff ttl <= 0
    // Only done on a succesful request.
    $token_ttl = $this
      ->getParam('xoauth_token_ttl', false);
    if (is_numeric($token_ttl)) {
      $this->store
        ->setServerTokenTtl($this
        ->getParam('oauth_consumer_key', true), $this
        ->getParam('oauth_token', true), $token_ttl);
    }
    return $result;
  }

  /**
   * Request a request token from the site belonging to consumer_key
   *
   * @param string consumer_key
   * @param int usr_id
   * @param array params (optional) extra arguments for when requesting the request token
   * @param string method (optional) change the method of the request, defaults to POST (as it should be)
   * @param array options (optional) options like name and token_ttl
   * @param array curl_options	optional extra options for curl request
   * @exception OAuthException2 when no key could be fetched
   * @exception OAuthException2 when no server with consumer_key registered
   * @return array (authorize_uri, token)
   */
  static function requestRequestToken($consumer_key, $usr_id, $params = null, $method = 'POST', $options = array(), $curl_options = array()) {
    OAuthRequestLogger::start();
    if (isset($options['token_ttl']) && is_numeric($options['token_ttl'])) {
      $params['xoauth_token_ttl'] = intval($options['token_ttl']);
    }
    $store = OAuthStore::instance();
    $r = $store
      ->getServer($consumer_key, $usr_id);
    $uri = $r['request_token_uri'];
    $oauth = new OAuthRequester($uri, $method, $params);
    $oauth
      ->sign($usr_id, $r, '', 'requestToken');
    $text = $oauth
      ->curl_raw($curl_options);
    if (empty($text)) {
      throw new OAuthException2('No answer from the server "' . $uri . '" while requesting a request token');
    }
    $data = $oauth
      ->curl_parse($text);
    if ($data['code'] != 200) {
      throw new OAuthException2('Unexpected result from the server "' . $uri . '" (' . $data['code'] . ') while requesting a request token');
    }
    $token = array();
    $params = explode('&', $data['body']);
    foreach ($params as $p) {
      @(list($name, $value) = explode('=', $p, 2));
      $token[$name] = $oauth
        ->urldecode($value);
    }
    if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret'])) {
      $opts = array();
      if (isset($options['name'])) {
        $opts['name'] = $options['name'];
      }
      if (isset($token['xoauth_token_ttl'])) {
        $opts['token_ttl'] = $token['xoauth_token_ttl'];
      }
      $store
        ->addServerToken($consumer_key, 'request', $token['oauth_token'], $token['oauth_token_secret'], $usr_id, $opts);
    }
    else {
      throw new OAuthException2('The server "' . $uri . '" did not return the oauth_token or the oauth_token_secret');
    }
    OAuthRequestLogger::flush();

    // Now we can direct a browser to the authorize_uri
    return array(
      'authorize_uri' => $r['authorize_uri'],
      'token' => $token['oauth_token'],
    );
  }

  /**
   * Request an access token from the site belonging to consumer_key.
   * Before this we got an request token, now we want to exchange it for
   * an access token.
   *
   * @param string consumer_key
   * @param string token
   * @param int usr_id		user requesting the access token
   * @param string method (optional) change the method of the request, defaults to POST (as it should be)
   * @param array options (optional) extra options for request, eg token_ttl
   * @param array curl_options	optional extra options for curl request
   *
   * @exception OAuthException2 when no key could be fetched
   * @exception OAuthException2 when no server with consumer_key registered
   */
  static function requestAccessToken($consumer_key, $token, $usr_id, $method = 'POST', $options = array(), $curl_options = array()) {
    OAuthRequestLogger::start();
    $store = OAuthStore::instance();
    $r = $store
      ->getServerTokenSecrets($consumer_key, $token, 'request', $usr_id);
    $uri = $r['access_token_uri'];
    $token_name = $r['token_name'];

    // Delete the server request token, this one was for one use only
    $store
      ->deleteServerToken($consumer_key, $r['token'], 0, true);

    // Try to exchange our request token for an access token
    $oauth = new OAuthRequester($uri, $method);
    if (isset($options['oauth_verifier'])) {
      $oauth
        ->setParam('oauth_verifier', $options['oauth_verifier']);
    }
    if (isset($options['token_ttl']) && is_numeric($options['token_ttl'])) {
      $oauth
        ->setParam('xoauth_token_ttl', intval($options['token_ttl']));
    }
    OAuthRequestLogger::setRequestObject($oauth);
    $oauth
      ->sign($usr_id, $r, '', 'accessToken');
    $text = $oauth
      ->curl_raw($curl_options);
    if (empty($text)) {
      throw new OAuthException2('No answer from the server "' . $uri . '" while requesting an access token');
    }
    $data = $oauth
      ->curl_parse($text);
    if ($data['code'] != 200) {
      throw new OAuthException2('Unexpected result from the server "' . $uri . '" (' . $data['code'] . ') while requesting an access token');
    }
    $token = array();
    $params = explode('&', $data['body']);
    foreach ($params as $p) {
      @(list($name, $value) = explode('=', $p, 2));
      $token[$oauth
        ->urldecode($name)] = $oauth
        ->urldecode($value);
    }
    if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret'])) {
      $opts = array();
      $opts['name'] = $token_name;
      if (isset($token['xoauth_token_ttl'])) {
        $opts['token_ttl'] = $token['xoauth_token_ttl'];
      }
      $store
        ->addServerToken($consumer_key, 'access', $token['oauth_token'], $token['oauth_token_secret'], $usr_id, $opts);
    }
    else {
      throw new OAuthException2('The server "' . $uri . '" did not return the oauth_token or the oauth_token_secret');
    }
    OAuthRequestLogger::flush();
  }

  /**
   * Open and close a curl session passing all the options to the curl libs
   *
   * @param array opts the curl options.
   * @exception OAuthException2 when temporary file for PUT operation could not be created
   * @return string the result of the curl action
   */
  protected function curl_raw($opts = array()) {
    if (isset($opts[CURLOPT_HTTPHEADER])) {
      $header = $opts[CURLOPT_HTTPHEADER];
    }
    else {
      $header = array();
    }
    $ch = curl_init();
    $method = $this
      ->getMethod();
    $url = $this
      ->getRequestUrl();
    $header[] = $this
      ->getAuthorizationHeader();
    $query = $this
      ->getQueryString();
    $body = $this
      ->getBody();
    $has_content_type = false;
    foreach ($header as $h) {
      if (strncasecmp($h, 'Content-Type:', 13) == 0) {
        $has_content_type = true;
      }
    }
    if (!is_null($body)) {
      if ($method == 'TRACE') {
        throw new OAuthException2('A body can not be sent with a TRACE operation');
      }

      // PUT and POST allow a request body
      if (!empty($query)) {
        $url .= '?' . $query;
      }

      // Make sure that the content type of the request is ok
      if (!$has_content_type) {
        $header[] = 'Content-Type: application/octet-stream';
        $has_content_type = true;
      }

      // When PUTting, we need to use an intermediate file (because of the curl implementation)
      if ($method == 'PUT') {

        /*
        if (version_compare(phpversion(), '5.2.0') >= 0)
        {
        	// Use the data wrapper to create the file expected by the put method
        	$put_file = fopen('data://application/octet-stream;base64,'.base64_encode($body));
        }
        */
        $put_file = @tmpfile();
        if (!$put_file) {
          throw new OAuthException2('Could not create tmpfile for PUT operation');
        }
        fwrite($put_file, $body);
        fseek($put_file, 0);
        curl_setopt($ch, CURLOPT_PUT, true);
        curl_setopt($ch, CURLOPT_INFILE, $put_file);
        curl_setopt($ch, CURLOPT_INFILESIZE, strlen($body));
      }
      else {
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
      }
    }
    else {

      // a 'normal' request, no body to be send
      if ($method == 'POST') {
        if (!$has_content_type) {
          $header[] = 'Content-Type: application/x-www-form-urlencoded';
          $has_content_type = true;
        }
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
      }
      else {
        if (!empty($query)) {
          $url .= '?' . $query;
        }
        if ($method != 'GET') {
          curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
        }
      }
    }
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    curl_setopt($ch, CURLOPT_USERAGENT, 'anyMeta/OAuth 1.0 - ($LastChangedRevision: 174 $)');
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HEADER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    foreach ($opts as $k => $v) {
      if ($k != CURLOPT_HTTPHEADER) {
        curl_setopt($ch, $k, $v);
      }
    }
    $txt = curl_exec($ch);
    if ($txt === false) {
      $error = curl_error($ch);
      curl_close($ch);
      throw new OAuthException2('CURL error: ' . $error);
    }
    curl_close($ch);
    if (!empty($put_file)) {
      fclose($put_file);
    }

    // Tell the logger what we requested and what we received back
    $data = $method . " {$url}\n" . implode("\n", $header);
    if (is_string($body)) {
      $data .= "\n\n" . $body;
    }
    else {
      if ($method == 'POST') {
        $data .= "\n\n" . $query;
      }
    }
    OAuthRequestLogger::setSent($data, $body);
    OAuthRequestLogger::setReceived($txt);
    return $txt;
  }

  /**
   * Parse an http response
   *
   * @param string response the http text to parse
   * @return array (code=>http-code, headers=>http-headers, body=>body)
   */
  protected function curl_parse($response) {
    if (empty($response)) {
      return array();
    }
    @(list($headers, $body) = explode("\r\n\r\n", $response, 2));
    $lines = explode("\r\n", $headers);
    if (preg_match('@^HTTP/[0-9]\\.[0-9] +100@', $lines[0])) {

      /* HTTP/1.x 100 Continue
       * the real data is on the next line
       */
      @(list($headers, $body) = explode("\r\n\r\n", $body, 2));
      $lines = explode("\r\n", $headers);
    }

    // first line of headers is the HTTP response code
    $http_line = array_shift($lines);
    if (preg_match('@^HTTP/[0-9]\\.[0-9] +([0-9]{3})@', $http_line, $matches)) {
      $code = $matches[1];
    }

    // put the rest of the headers in an array
    $headers = array();
    foreach ($lines as $l) {
      list($k, $v) = explode(': ', $l, 2);
      $headers[strtolower($k)] = $v;
    }
    return array(
      'code' => $code,
      'headers' => $headers,
      'body' => $body,
    );
  }

  /**
   * Mix the given headers into the headers that were given to curl
   *
   * @param array curl_options
   * @param array extra_headers
   * @return array new curl options
   */
  protected function prepareCurlOptions($curl_options, $extra_headers) {
    $hs = array();
    if (!empty($curl_options[CURLOPT_HTTPHEADER]) && is_array($curl_options[CURLOPT_HTTPHEADER])) {
      foreach ($curl_options[CURLOPT_HTTPHEADER] as $h) {
        list($opt, $val) = explode(':', $h, 2);
        $opt = str_replace(' ', '-', ucwords(str_replace('-', ' ', $opt)));
        $hs[$opt] = $val;
      }
    }
    $curl_options[CURLOPT_HTTPHEADER] = array();
    $hs = array_merge($hs, $extra_headers);
    foreach ($hs as $h => $v) {
      $curl_options[CURLOPT_HTTPHEADER][] = "{$h}: {$v}";
    }
    return $curl_options;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
OAuthRequest::$body protected property
OAuthRequest::$headers protected property
OAuthRequest::$method protected property
OAuthRequest::$param protected property
OAuthRequest::$realm protected property
OAuthRequest::$uri protected property
OAuthRequest::$uri_parts protected property
OAuthRequest::calculateDataSignature function * Calculate the signature of a string. * Uses the signature method from the current parameters. * *
OAuthRequest::calculateSignature function * Calculate the signature of the request, using the method in oauth_signature_method. * The signature is returned encoded in the form as used in the url. So the base64 and * urlencoding has been done. * *
OAuthRequest::checks function * Perform some sanity checks. * * @exception OAuthException2 thrown when sanity checks failed
OAuthRequest::defaultPortForScheme protected function * Return the default port for a scheme * *
OAuthRequest::getBody function * Return the body of the OAuth request. * *
OAuthRequest::getMethod function * Return the request method * *
OAuthRequest::getNormalizedParams function * Return the complete parameter string for the signature check. * All parameters are correctly urlencoded and sorted on name and value * *
OAuthRequest::getParam function * Get a parameter, value is always urlencoded * *
OAuthRequest::getRequestBody private function * Get the body of a POST or PUT. * * Used for fetching the post parameters and to calculate the body signature. * *
OAuthRequest::getRequestBodyOfMultipart private function * Get the body of a POST with multipart/form-data by Edison tsai on 16:52 2010/09/16 * * Used for fetching the post parameters and to calculate the body signature. * *
OAuthRequest::getRequestContentType private function * Fetch the content type of the current request * *
OAuthRequest::getRequestUrl function * Return the normalised url for signature checks
OAuthRequest::getSignatureMethod function * Fetch the signature object used for calculating and checking the signature base string * *
OAuthRequest::parseHeaders private function * Parse the oauth parameters from the request headers * Looks for something like: * Authorization: OAuth…
OAuthRequest::parseUri protected function * Parse the uri into its parts. Fill in the missing parts. * *
OAuthRequest::redirect public function * Simple function to perform a redirect (GET). * Redirects the User-Agent, does not return. * *
OAuthRequest::selectSignatureMethod public function * Select a signature method from the list of available methods. * We try to check the most secure methods first. * * @todo Let the signature method tell us how secure it is *
OAuthRequest::setBody function * Return the body of the OAuth request. * *
OAuthRequest::setParam function * Set a parameter * *
OAuthRequest::signatureBaseString function * Return the signature base string. * Note that we can't use rawurlencode due to specified use of RFC3986. * *
OAuthRequest::transcodeParams protected function * Re-encode all parameters so that they are encoded using RFC3986. * Updates the $this->param attribute.
OAuthRequest::urldecode function * Decode a string according to RFC3986. * Also correctly decodes RFC1738 urls. * *
OAuthRequest::urlencode function * Encode a string according to the RFC3986 * *
OAuthRequest::urltranscode function * urltranscode - make sure that a value is encoded using RFC3986. * We use a basic urldecode() function so that any use of '+' as the * encoding of the space character is correctly handled. * *
OAuthRequester::$files protected property
OAuthRequester::curl_parse protected function * Parse an http response * *
OAuthRequester::curl_raw protected function * Open and close a curl session passing all the options to the curl libs * *
OAuthRequester::doRequest function * Perform the request, returns the response code, headers and body. * *
OAuthRequester::prepareCurlOptions protected function * Mix the given headers into the headers that were given to curl * *
OAuthRequester::requestAccessToken static function * Request an access token from the site belonging to consumer_key. * Before this we got an request token, now we want to exchange it for * an access token. * *
OAuthRequester::requestRequestToken static function * Request a request token from the site belonging to consumer_key * *
OAuthRequester::__construct function * Construct a new request signer. Perform the request with the doRequest() method below. * * A request can have either one file or a body, not both. * * The files array consists of arrays: * - file the filename/path containing the data… Overrides OAuthRequestSigner::__construct
OAuthRequestSigner::$request protected property
OAuthRequestSigner::$signed private property
OAuthRequestSigner::$store protected property
OAuthRequestSigner::$usr_id protected property
OAuthRequestSigner::getAuthorizationHeader function * Builds the Authorization header for the request. * Adds all oauth_ and xoauth_ parameters to the Authorization header. * *
OAuthRequestSigner::getQueryString function * Builds the application/x-www-form-urlencoded parameter string. Can be appended as * the query part to a GET or inside the request body for a POST. * *
OAuthRequestSigner::setUnsigned function * Reset the 'signed' flag, so that any changes in the parameters force a recalculation * of the signature.
OAuthRequestSigner::sign function * Sign our message in the way the server understands. * Set the needed oauth_xxxx parameters. * *