function _services_oauth_authenticate_call in Services 7.3
Same name and namespace in other branches
- 6.3 auth/services_oauth/services_oauth.inc \_services_oauth_authenticate_call()
Authenticates a call using OAuth to verify the request.
Parameters
array $settings: The settings for the authentication module.
array $method: The method that's being called
array $args: The arguments that are being used to call the method
Return value
void|string Returns nothing, or a error message if authentication fails
1 string reference to '_services_oauth_authenticate_call'
- services_oauth_services_authentication_info in auth/
services_oauth/ services_oauth.module - Implementation of hook_services_authentication().
File
- auth/
services_oauth/ services_oauth.inc, line 20 - Include file for services_oauth module.
Code
function _services_oauth_authenticate_call($settings, $method, $args) {
$endpoint = array();
// Grep the specific settings for this method
if (!empty($method['endpoint']['services_oauth']['credentials'])) {
$endpoint += array_filter($method['endpoint']['services_oauth']);
}
$endpoint += $settings;
$cred = isset($endpoint['credentials']) ? $endpoint['credentials'] : 'token';
$auth_level = isset($endpoint['authorization']) ? $endpoint['authorization'] : '*';
// If no credentials are needed we'll pass this one through
if ($cred == 'none') {
return FALSE;
}
try {
module_load_include('inc', 'oauth_common');
list($signed, $consumer, $token) = oauth_common_verify_request();
if (!$signed && ($cred == 'consumer' || $cred == 'token')) {
throw new OAuthException('The request must be signed');
}
if ($consumer == NULL) {
throw new OAuthException('Missing consumer token');
}
if ($consumer->context !== $settings['oauth_context']) {
throw new OAuthException('The consumer is not valid in the current context');
}
// Validate the token, if it's required by the method
if ($cred == 'token') {
if (empty($token->key)) {
throw new OAuthException('Missing access token');
}
if (!$token->authorized) {
throw new OAuthException('The access token is not authorized');
}
// Check that the consumer has been granted the required authorization level
if (!empty($auth_level) && !in_array('*', $token->services) && !in_array($auth_level, $token->services)) {
throw new OAuthException('The consumer is not authorized to access this service');
}
}
// Add the oauth authentication info to server info
services_set_server_info('oauth_consumer', $consumer);
services_set_server_info('oauth_token', $token);
// Load the user if the request was authenticated using a token
// that's associated with a account.
if ($cred == 'token') {
if ($token->uid) {
global $user;
$user = user_load($token->uid);
}
}
else {
if ($cred == 'consumer') {
if ($consumer->uid) {
// This authenticates as the user who owns 'key'; It is for 2-stage
// OAuth and is vastly inferior to 3-stage OAuth.
global $user;
$user = user_load($consumer->uid);
}
}
}
} catch (OAuthException $e) {
drupal_add_http_header('WWW-Authenticate', sprintf('OAuth realm="%s"', url('', array(
'absolute' => TRUE,
))));
return $e
->getMessage();
}
}