class OAuthServer in Lingotek Translation 7.3
Same name and namespace in other branches
- 7.2 lib/oauth-php/library/OAuthServer.php \OAuthServer
Hierarchy
- class \OAuthRequest
- class \OAuthRequestVerifier
- class \OAuthServer
- class \OAuthRequestVerifier
Expanded class hierarchy of OAuthServer
1 string reference to 'OAuthServer'
- OAuthRequestLogger::flush in lib/
oauth-php/ library/ OAuthRequestLogger.php - * Logs the request to the database, sends any cached output. * Also called on shutdown, to make sure we always log the request being handled.
File
- lib/
oauth-php/ library/ OAuthServer.php, line 37
View source
class OAuthServer extends OAuthRequestVerifier {
protected $session;
protected $allowed_uri_schemes = array(
'http',
'https',
);
protected $disallowed_uri_schemes = array(
'file',
'callto',
'mailto',
);
/**
* Construct the request to be verified
*
* @param string request
* @param string method
* @param array params The request parameters
* @param string store The session storage class.
* @param array store_options The session storage class parameters.
* @param array options Extra options:
* - allowed_uri_schemes: list of allowed uri schemes.
* - disallowed_uri_schemes: list of unallowed uri schemes.
*
* e.g. Allow only http and https
* $options = array(
* 'allowed_uri_schemes' => array('http', 'https'),
* 'disallowed_uri_schemes' => array()
* );
*
* e.g. Disallow callto, mailto and file, allow everything else
* $options = array(
* 'allowed_uri_schemes' => array(),
* 'disallowed_uri_schemes' => array('callto', 'mailto', 'file')
* );
*
* e.g. Allow everything
* $options = array(
* 'allowed_uri_schemes' => array(),
* 'disallowed_uri_schemes' => array()
* );
*
*/
function __construct($uri = null, $method = null, $params = null, $store = 'SESSION', $store_options = array(), $options = array()) {
parent::__construct($uri, $method, $params);
$this->session = OAuthSession::instance($store, $store_options);
if (array_key_exists('allowed_uri_schemes', $options) && is_array($options['allowed_uri_schemes'])) {
$this->allowed_uri_schemes = $options['allowed_uri_schemes'];
}
if (array_key_exists('disallowed_uri_schemes', $options) && is_array($options['disallowed_uri_schemes'])) {
$this->disallowed_uri_schemes = $options['disallowed_uri_schemes'];
}
}
/**
* Handle the request_token request.
* Returns the new request token and request token secret.
*
* TODO: add correct result code to exception
*
* @return string returned request token, false on an error
*/
public function requestToken() {
OAuthRequestLogger::start($this);
try {
$this
->verify(false);
$options = array();
$ttl = $this
->getParam('xoauth_token_ttl', false);
if ($ttl) {
$options['token_ttl'] = $ttl;
}
// 1.0a Compatibility : associate callback url to the request token
$cbUrl = $this
->getParam('oauth_callback', true);
if ($cbUrl) {
$options['oauth_callback'] = $cbUrl;
}
// Create a request token
$store = OAuthStore::instance();
$token = $store
->addConsumerRequestToken($this
->getParam('oauth_consumer_key', true), $options);
$result = 'oauth_callback_confirmed=1&oauth_token=' . $this
->urlencode($token['token']) . '&oauth_token_secret=' . $this
->urlencode($token['token_secret']);
if (!empty($token['token_ttl'])) {
$result .= '&xoauth_token_ttl=' . $this
->urlencode($token['token_ttl']);
}
$request_token = $token['token'];
header('HTTP/1.1 200 OK');
header('Content-Length: ' . strlen($result));
header('Content-Type: application/x-www-form-urlencoded');
echo $result;
} catch (OAuthException2 $e) {
$request_token = false;
header('HTTP/1.1 401 Unauthorized');
header('Content-Type: text/plain');
echo "OAuth Verification Failed: " . $e
->getMessage();
}
OAuthRequestLogger::flush();
return $request_token;
}
/**
* Verify the start of an authorization request. Verifies if the request token is valid.
* Next step is the method authorizeFinish()
*
* Nota bene: this stores the current token, consumer key and callback in the _SESSION
*
* @exception OAuthException2 thrown when not a valid request
* @return array token description
*/
public function authorizeVerify() {
OAuthRequestLogger::start($this);
$store = OAuthStore::instance();
$token = $this
->getParam('oauth_token', true);
$rs = $store
->getConsumerRequestToken($token);
if (empty($rs)) {
throw new OAuthException2('Unknown request token "' . $token . '"');
}
// We need to remember the callback
$verify_oauth_token = $this->session
->get('verify_oauth_token');
if (empty($verify_oauth_token) || strcmp($verify_oauth_token, $rs['token'])) {
$this->session
->set('verify_oauth_token', $rs['token']);
$this->session
->set('verify_oauth_consumer_key', $rs['consumer_key']);
$cb = $this
->getParam('oauth_callback', true);
if ($cb) {
$this->session
->set('verify_oauth_callback', $cb);
}
else {
$this->session
->set('verify_oauth_callback', $rs['callback_url']);
}
}
OAuthRequestLogger::flush();
return $rs;
}
/**
* Overrule this method when you want to display a nice page when
* the authorization is finished. This function does not know if the authorization was
* succesfull, you need to check the token in the database.
*
* @param boolean authorized if the current token (oauth_token param) is authorized or not
* @param int user_id user for which the token was authorized (or denied)
* @return string verifier For 1.0a Compatibility
*/
public function authorizeFinish($authorized, $user_id) {
OAuthRequestLogger::start($this);
$token = $this
->getParam('oauth_token', true);
$verifier = null;
if ($this->session
->get('verify_oauth_token') == $token) {
// Flag the token as authorized, or remove the token when not authorized
$store = OAuthStore::instance();
// Fetch the referrer host from the oauth callback parameter
$referrer_host = '';
$oauth_callback = false;
$verify_oauth_callback = $this->session
->get('verify_oauth_callback');
if (!empty($verify_oauth_callback) && $verify_oauth_callback != 'oob') {
// OUT OF BAND
$oauth_callback = $this->session
->get('verify_oauth_callback');
$ps = parse_url($oauth_callback);
if (isset($ps['host'])) {
$referrer_host = $ps['host'];
}
}
if ($authorized) {
OAuthRequestLogger::addNote('Authorized token "' . $token . '" for user ' . $user_id . ' with referrer "' . $referrer_host . '"');
// 1.0a Compatibility : create a verifier code
$verifier = $store
->authorizeConsumerRequestToken($token, $user_id, $referrer_host);
}
else {
OAuthRequestLogger::addNote('Authorization rejected for token "' . $token . '" for user ' . $user_id . "\nToken has been deleted");
$store
->deleteConsumerRequestToken($token);
}
if (!empty($oauth_callback)) {
$params = array(
'oauth_token' => rawurlencode($token),
);
// 1.0a Compatibility : if verifier code has been generated, add it to the URL
if ($verifier) {
$params['oauth_verifier'] = $verifier;
}
$uri = preg_replace('/\\s/', '%20', $oauth_callback);
if (!empty($this->allowed_uri_schemes)) {
if (!in_array(substr($uri, 0, strpos($uri, '://')), $this->allowed_uri_schemes)) {
throw new OAuthException2('Illegal protocol in redirect uri ' . $uri);
}
}
else {
if (!empty($this->disallowed_uri_schemes)) {
if (in_array(substr($uri, 0, strpos($uri, '://')), $this->disallowed_uri_schemes)) {
throw new OAuthException2('Illegal protocol in redirect uri ' . $uri);
}
}
}
$this
->redirect($oauth_callback, $params);
}
}
OAuthRequestLogger::flush();
return $verifier;
}
/**
* Exchange a request token for an access token.
* The exchange is only succesful iff the request token has been authorized.
*
* Never returns, calls exit() when token is exchanged or when error is returned.
*/
public function accessToken() {
OAuthRequestLogger::start($this);
try {
$this
->verify('request');
$options = array();
$ttl = $this
->getParam('xoauth_token_ttl', false);
if ($ttl) {
$options['token_ttl'] = $ttl;
}
$verifier = $this
->getParam('oauth_verifier', false);
if ($verifier) {
$options['verifier'] = $verifier;
}
$store = OAuthStore::instance();
$token = $store
->exchangeConsumerRequestForAccessToken($this
->getParam('oauth_token', true), $options);
$result = 'oauth_token=' . $this
->urlencode($token['token']) . '&oauth_token_secret=' . $this
->urlencode($token['token_secret']);
if (!empty($token['token_ttl'])) {
$result .= '&xoauth_token_ttl=' . $this
->urlencode($token['token_ttl']);
}
header('HTTP/1.1 200 OK');
header('Content-Length: ' . strlen($result));
header('Content-Type: application/x-www-form-urlencoded');
echo $result;
} catch (OAuthException2 $e) {
header('HTTP/1.1 401 Access Denied');
header('Content-Type: text/plain');
echo "OAuth Verification Failed: " . $e
->getMessage();
}
OAuthRequestLogger::flush();
exit;
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
OAuthRequest:: |
protected | property | ||
|
OAuthRequest:: |
protected | property | ||
|
OAuthRequest:: |
protected | property | ||
|
OAuthRequest:: |
protected | property | ||
|
OAuthRequest:: |
protected | property | ||
|
OAuthRequest:: |
protected | property | ||
|
OAuthRequest:: |
protected | property | ||
|
OAuthRequest:: |
function | * Calculate the signature of a string. * Uses the signature method from the current parameters. * * | ||
|
OAuthRequest:: |
function | * Calculate the signature of the request, using the method in oauth_signature_method. * The signature is returned encoded in the form as used in the url. So the base64 and * urlencoding has been done. * * | ||
|
OAuthRequest:: |
function | * Perform some sanity checks. * * @exception OAuthException2 thrown when sanity checks failed | ||
|
OAuthRequest:: |
protected | function | * Return the default port for a scheme * * | |
|
OAuthRequest:: |
function | * Return the body of the OAuth request. * * | ||
|
OAuthRequest:: |
function | * Return the request method * * | ||
|
OAuthRequest:: |
function | * Return the complete parameter string for the signature check. * All parameters are correctly urlencoded and sorted on name and value * * | ||
|
OAuthRequest:: |
function | * Get a parameter, value is always urlencoded * * | ||
|
OAuthRequest:: |
private | function | * Get the body of a POST or PUT. * * Used for fetching the post parameters and to calculate the body signature. * * | |
|
OAuthRequest:: |
private | function | * Get the body of a POST with multipart/form-data by Edison tsai on 16:52 2010/09/16 * * Used for fetching the post parameters and to calculate the body signature. * * | |
|
OAuthRequest:: |
private | function | * Fetch the content type of the current request * * | |
|
OAuthRequest:: |
function | * Return the normalised url for signature checks | ||
|
OAuthRequest:: |
function | * Fetch the signature object used for calculating and checking the signature base string * * | ||
|
OAuthRequest:: |
private | function | * Parse the oauth parameters from the request headers * Looks for something like: * Authorization: OAuth… | |
|
OAuthRequest:: |
protected | function | * Parse the uri into its parts. Fill in the missing parts. * * | |
|
OAuthRequest:: |
public | function | * Simple function to perform a redirect (GET). * Redirects the User-Agent, does not return. * * | |
|
OAuthRequest:: |
public | function | * Select a signature method from the list of available methods. * We try to check the most secure methods first. * * @todo Let the signature method tell us how secure it is * | |
|
OAuthRequest:: |
function | * Return the body of the OAuth request. * * | ||
|
OAuthRequest:: |
function | * Set a parameter * * | ||
|
OAuthRequest:: |
function | * Return the signature base string. * Note that we can't use rawurlencode due to specified use of RFC3986. * * | ||
|
OAuthRequest:: |
protected | function | * Re-encode all parameters so that they are encoded using RFC3986. * Updates the $this->param attribute. | |
|
OAuthRequest:: |
function | * Decode a string according to RFC3986. * Also correctly decodes RFC1738 urls. * * | ||
|
OAuthRequest:: |
function | * Encode a string according to the RFC3986 * * | ||
|
OAuthRequest:: |
function | * urltranscode - make sure that a value is encoded using RFC3986. * We use a basic urldecode() function so that any use of '+' as the * encoding of the space character is correctly handled. * * | ||
|
OAuthRequestVerifier:: |
private | property | ||
|
OAuthRequestVerifier:: |
private | property | ||
|
OAuthRequestVerifier:: |
private | property | ||
|
OAuthRequestVerifier:: |
public static | function | * See if the current request is signed with OAuth * * | |
|
OAuthRequestVerifier:: |
public | function | * * | |
|
OAuthRequestVerifier:: |
public | function | * Verify the request * * | |
|
OAuthRequestVerifier:: |
public | function | * Verify the signature of a string. * * | |
|
OAuthRequestVerifier:: |
public | function | * Verify the request * * | |
|
OAuthRequestVerifier:: |
public | function | * Verify the request if it seemed to be signed. * * | |
|
OAuthRequestVerifier:: |
public | function | * Verify the signature of the request, using the method in oauth_signature_method. * The signature is returned encoded in the form as used in the url. So the base64 and * urlencoding has been done. * * | |
|
OAuthServer:: |
protected | property | ||
|
OAuthServer:: |
protected | property | ||
|
OAuthServer:: |
protected | property | ||
|
OAuthServer:: |
public | function | * Exchange a request token for an access token. * The exchange is only succesful iff the request token has been authorized. * * Never returns, calls exit() when token is exchanged or when error is returned. | |
|
OAuthServer:: |
public | function | * Overrule this method when you want to display a nice page when * the authorization is finished. This function does not know if the authorization was * succesfull, you need to check the token in the database. * * | |
|
OAuthServer:: |
public | function | * Verify the start of an authorization request. Verifies if the request token is valid. * Next step is the method authorizeFinish() * * Nota bene: this stores the current token, consumer key and callback in the _SESSION * * @exception… | |
|
OAuthServer:: |
public | function | * Handle the request_token request. * Returns the new request token and request token secret. * * TODO: add correct result code to exception * * | |
|
OAuthServer:: |
function |
* Construct the request to be verified
*
* Overrides OAuthRequestVerifier:: |