You are here

public function LTIToolProvider::timestampNonceHandler in LTI Tool Provider 2.x

Same name and namespace in other branches
  1. 8 src/Authentication/Provider/LTIToolProvider.php \Drupal\lti_tool_provider\Authentication\Provider\LTIToolProvider::timestampNonceHandler()

Validate nonce.

Parameters

$provider:

Return value

int

  • OAUTH_OK if validated.
  • OAUTH_BAD_TIMESTAMP if timestamp too old.
  • OAUTH_BAD_NONCE if nonce has been used.

File

src/Authentication/Provider/LTIToolProvider.php, line 321

Class

LTIToolProvider
Oauth authentication provider for LTI Tool Provider.

Namespace

Drupal\lti_tool_provider\Authentication\Provider

Code

public function timestampNonceHandler($provider) : int {

  // Verify timestamp has been set.
  if (!isset($provider->timestamp)) {
    return OAUTH_BAD_TIMESTAMP;
  }

  // Verify nonce timestamp is not older than now - nonce interval.
  if ($provider->timestamp < time() - LTI_TOOL_PROVIDER_NONCE_INTERVAL) {
    return OAUTH_BAD_TIMESTAMP;
  }

  // Verify nonce timestamp is not newer than now + nonce interval.
  if ($provider->timestamp > time() + LTI_TOOL_PROVIDER_NONCE_INTERVAL) {
    return OAUTH_BAD_TIMESTAMP;
  }

  // Verify nonce and consumer_key has been set.
  if (!isset($provider->nonce) || !isset($provider->consumer_key)) {
    return OAUTH_BAD_NONCE;
  }
  try {
    $storage = $this->entityTypeManager
      ->getStorage('lti_tool_provider_nonce');

    // Verify that current nonce is not a duplicate.
    $nonce_exists = $storage
      ->getQuery()
      ->condition('nonce', $provider->nonce, '=')
      ->execute();
    if (count($nonce_exists)) {
      return OAUTH_BAD_NONCE;
    }

    // Store nonce in database.
    $storage
      ->create([
      'nonce' => $provider->nonce,
      'consumer_key' => $provider->consumer_key,
      'timestamp' => $provider->timestamp,
    ])
      ->save();
  } catch (Exception $e) {
    $this->loggerFactory
      ->warning($e
      ->getMessage());
    return OAUTH_BAD_NONCE;
  }
  return OAUTH_OK;
}