You are here

Home » API reference » Services 7.3 » services_oauth.inc

function _services_oauth_authenticate_call in Services 7.3

Same name and namespace in other branches
  1. 6.3 auth/services_oauth/services_oauth.inc \_services_oauth_authenticate_call()

Authenticates a call using OAuth to verify the request.

Parameters

array $settings: The settings for the authentication module.

array $method: The method that's being called

array $args: The arguments that are being used to call the method

Return value

void|string Returns nothing, or a error message if authentication fails

1 string reference to '_services_oauth_authenticate_call'
services_oauth_services_authentication_info in auth/services_oauth/services_oauth.module
Implementation of hook_services_authentication().

File

auth/services_oauth/services_oauth.inc, line 20
Include file for services_oauth module.

Code

function _services_oauth_authenticate_call($settings, $method, $args) {
  $endpoint = array();

  // Grep the specific settings for this method
  if (!empty($method['endpoint']['services_oauth']['credentials'])) {
    $endpoint += array_filter($method['endpoint']['services_oauth']);
  }
  $endpoint += $settings;
  $cred = isset($endpoint['credentials']) ? $endpoint['credentials'] : 'token';
  $auth_level = isset($endpoint['authorization']) ? $endpoint['authorization'] : '*';

  // If no credentials are needed we'll pass this one through
  if ($cred == 'none') {
    return FALSE;
  }
  try {
    module_load_include('inc', 'oauth_common');
    list($signed, $consumer, $token) = oauth_common_verify_request();
    if (!$signed && ($cred == 'consumer' || $cred == 'token')) {
      throw new OAuthException('The request must be signed');
    }
    if ($consumer == NULL) {
      throw new OAuthException('Missing consumer token');
    }
    if ($consumer->context !== $settings['oauth_context']) {
      throw new OAuthException('The consumer is not valid in the current context');
    }

    // Validate the token, if it's required by the method
    if ($cred == 'token') {
      if (empty($token->key)) {
        throw new OAuthException('Missing access token');
      }
      if (!$token->authorized) {
        throw new OAuthException('The access token is not authorized');
      }

      // Check that the consumer has been granted the required authorization level
      if (!empty($auth_level) && !in_array('*', $token->services) && !in_array($auth_level, $token->services)) {
        throw new OAuthException('The consumer is not authorized to access this service');
      }
    }

    // Add the oauth authentication info to server info
    services_set_server_info('oauth_consumer', $consumer);
    services_set_server_info('oauth_token', $token);

    // Load the user if the request was authenticated using a token
    // that's associated with a account.
    if ($cred == 'token') {
      if ($token->uid) {
        global $user;
        $user = user_load($token->uid);
      }
    }
    else {
      if ($cred == 'consumer') {
        if ($consumer->uid) {

          // This authenticates as the user who owns 'key';  It is for 2-stage
          // OAuth and is vastly inferior to 3-stage OAuth.
          global $user;
          $user = user_load($consumer->uid);
        }
      }
    }
  } catch (OAuthException $e) {
    drupal_add_http_header('WWW-Authenticate', sprintf('OAuth realm="%s"', url('', array(
      'absolute' => TRUE,
    ))));
    return $e
      ->getMessage();
  }
}