public function generateaccesstoken()
{
if ($this->oauth_error) {
return FALSE;
}
$access_token = md5(OAuthProvider::generateToken(20, FALSE));
$access_token_secret = md5(OAuthProvider::generateToken(20, FALSE));
$token = token::findbytoken($this->oauth->token);
if (is_object($token)) {
$token->changetoaccesstoken($access_token, $access_token_secret);
return "access_token=" . $token->gettoken() . "&access_token_secret=" . $token->gettokensecret();
}
$this->oauth_error = TRUE;
return FALSE;
}
public static function generateToken()
{
return sha1(OAuthProvider::generateToken(20));
}
/**
* This function generates a verifier and returns it
*/
public function generateVerifier()
{
$verifier = sha1(OAuthProvider::generateToken(20, true));
return $verifier;
}
/**
* Short description for 'access_token'
*
* Long description (if any) ...
*
* @return unknown Return description (if any) ...
*/
private function access_token()
{
if (empty($this->_provider)) {
$this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9');
$this->_response->setErrorMessage('oauth_problem=bad oauth provider', 501, 'Internal Server Error');
return;
}
JLoader::import('Hubzero.User.Password');
$xauth_request = false;
$header = '';
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
$header = $_SERVER['HTTP_AUTHORIZATION'];
}
// @FIXME: header check is inexact and could give false positives
// @FIXME: pecl oauth provider doesn't handle x_auth in header
// @FIXME: api application should convert xauth variables in
// header to form/query data as workaround
// @FIXME: this code is here for future use if/when pecl oauth
// provider is fixed
//
if (isset($_GET['x_auth_mode']) || isset($_GET['x_auth_username']) || isset($_GET['x_auth_password']) || isset($_POST['x_auth_mode']) || isset($_POST['x_auth_username']) || isset($_POST['x_auth_password']) || strpos($header, 'x_auth_mode') !== false || strpos($header, 'x_auth_username') !== false || strpos($header, 'x_auth_mode') !== false) {
$xauth_request = true;
}
if ($xauth_request) {
if ($this->_provider->getConsumerData()->xauth == '0') {
$this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9');
$this->_response->setErrorMessage('oauth_problem=permission_denied', 401, 'Unauthorized0');
return;
}
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') {
$this->_response->setErrorMessage('SSL Required', 403, 'Forbidden');
return;
}
if (isset($this->_provider->x_auth_mode)) {
$x_auth_mode = $this->_provider->x_auth_mode;
} else {
if (isset($_POST['x_auth_mode'])) {
$x_auth_mode = $_POST['x_auth_mode'];
} else {
if (isset($_GET['x_auth_mode'])) {
$x_auth_mode = $_GET['x_auth_mode'];
} else {
$x_auth_mode = '';
}
}
}
if (isset($this->_provider->x_auth_username)) {
$x_auth_username = $this->_provider->x_auth_username;
} else {
if (isset($_POST['x_auth_username'])) {
$x_auth_username = $_POST['x_auth_username'];
} else {
if (isset($_GET['x_auth_username'])) {
$x_auth_username = $_GET['x_auth_username'];
} else {
$x_auth_username = '';
}
}
}
if (isset($this->_provider->x_auth_password)) {
$x_auth_password = $this->_provider->x_auth_password;
} else {
if (isset($_POST['x_auth_password'])) {
$x_auth_password = $_POST['x_auth_password'];
} else {
if (isset($_GET['x_auth_password'])) {
$x_auth_password = $_GET['x_auth_password'];
} else {
$x_auth_password = '';
}
}
}
if ($x_auth_mode != 'client_auth') {
$this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9');
$this->_response->setErrorMessage('oauth_problem=permission_denied', 400, 'Bad Request');
return;
}
$match = \Hubzero\User\Password::passwordMatches($x_auth_username, $x_auth_password, true);
if (!$match) {
$this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9');
$this->_response->setErrorMessage('oauth_problem=permission_denied', 401, 'Unauthorized');
return;
}
$useraccount = User::getInstance(JUserHelper::getUserId($x_auth_username));
$db = App::get('db');
$db->setQuery("SELECT token,token_secret FROM #__oauthp_tokens WHERE consumer_id=" . $db->Quote($this->_provider->getConsumerData()->id) . " AND user_id =" . $db->Quote($useraccount->get('id')) . " LIMIT 1;");
$result = $db->loadObject();
if ($result === false) {
$this->_response->setErrorMessage(500, 'Internal Server Error');
return;
}
if (!is_object($result)) {
if ($this->_provider->getConsumerData()->xauth_grant < 1) {
$this->_response->setErrorMessage(501, 'Internal Server Error');
return;
}
$token = sha1(OAuthProvider::generateToken(20, false));
$token_secret = sha1(OAuthProvider::generateToken(20, false));
$db = App::get('db');
$db->setQuery("INSERT INTO #__oauthp_tokens (consumer_id,user_id,state,token,token_secret,callback_url) VALUE (" . $db->Quote($this->_provider->getConsumerData()->id) . "," . $db->Quote($useraccount->get('id')) . "," . "'1'," . $db->Quote($token) . "," . $db->Quote($token_secret) . "," . $db->Quote($this->_provider->getConsumerData()->callback_url) . ");");
if (!$db->query()) {
$this->_response->setErrorMessage(502, 'Internal Server Error');
return;
}
if ($db->getAffectedRows() < 1) {
$this->_response->setErrorMessage(503, 'Internal Server Error');
return;
}
$this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9');
$this->_response->setMessage("oauth_token=" . $token . "&oauth_token_secret=" . $token_secret, 200, "OK");
} else {
$this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9');
$this->_response->setMessage("oauth_token=" . $result->token . "&oauth_token_secret=" . $result->token_secret, 200, "OK");
}
return;
} else {
$this->_response->setErrorMessage(503, 'Internal Server Error');
return;
// @FIXME: we don't support 3-legged auth yet
// lookup request token to access token, give out access token
// check verifier
// check used flag
$this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9');
$this->_response->setMessage("oauth_token=" . $token . "&oauth_token_secret=" . $token_secret, 200, "OK");
return;
}
}
/**
* Retrieves a token for use in registering this Known site with a hub. Tokens last for 10 minutes.
* @return string
*/
function getRegistrationToken()
{
if (empty(site()->config->hub_settings)) {
site()->config->hub_settings = [];
}
if (!empty(site()->config->hub_settings['registration_token'])) {
if (!empty(site()->config->hub_settings['registration_token_expiry'])) {
if (site()->config->hub_settings['registration_token_expiry'] > time() - 600) {
return site()->config->hub_settings['registration_token'];
}
}
}
$token_generator = new \OAuthProvider([]);
$token = $token_generator->generateToken(32);
$config = site()->config;
$config->hub_settings['registration_token'] = bin2hex($token);
$config->hub_settings['registration_token_expiry'] = time();
$config->save();
site()->config = $config;
return site()->config->hub_settings['registration_token'];
}
/**
* Wrapper around OAuthProvider::generateToken to add sha1 hashing at one place
* @static
* @param bool $sha1
* @return string
*/
public static function generateToken()
{
$token = OAuthProvider::generateToken(40, true);
return sha1($token);
}
/**
* Create a new random token
*
* We pass through sha1() to return a 40 character token.
*
* @param string $type
* The type of token to generate either: 'key', 'secret'
*/
public static function generateToken($type)
{
$token = OAuthProvider::generateToken(LTI_OAUTH_TOKEN_LENGTH);
$args = array('post_type' => 'lti_consumer', 'meta_value' => sha1($token));
switch ($type) {
case 'key':
$args['meta_key'] = LTI_META_KEY_NAME;
break;
case 'secret':
$args['meta_key'] = LTI_SECRET_KEY_NAME;
break;
}
$posts = get_posts($args);
// Loop until our token is unique for this meta value.
while (!empty($posts)) {
$token = OAuthProvider::generateToken(LTI_OAUTH_TOKEN_LENGTH);
$args['meta_value'] = sha1($token);
$posts = get_posts($args);
}
return sha1($token);
}
