function get_oauth_user_id()
{
try {
$verifier = new OAuthRequestVerifier();
return $verifier->verify();
} catch (OAuthException2 $e) {
return FALSE;
}
}
/**
*
**/
public static function verify()
{
$req = new OAuthRequestVerifier();
$result = $req->verifyExtended('access');
self::$consumer_key = $result['consumer_key'];
$query = "SELECT user_id FROM oauth_mapping WHERE oauth_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($result['user_id']));
$user_id = $statement->fetchColumn();
if (!$user_id) {
throw new Exception('Precondition failed', 412);
}
return $user_id;
}
private function checkConnection()
{
if (!isset($this->isvalid)) {
Neuron_Auth_OAuthStore::getStore();
if (OAuthRequestVerifier::requestIsSigned()) {
try {
$this->request = new OAuthRequestVerifier();
$req = $this->request;
$user_id = $req->verify();
// If we have an user_id, then login as that user (for this request)
if ($user_id) {
$this->userid = $user_id;
$this->isvalid = true;
return true;
}
} catch (OAuthException $e) {
// The request was signed, but failed verification
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: OAuth realm=""');
header('Content-Type: text/plain; charset=utf8');
echo $e->getMessage();
exit;
}
}
}
return false;
}
public static function getConsummerKey()
{
self::storeInstance();
if (OAuthRequestVerifier::requestIsSigned()) {
try {
$req = new OAuthRequestVerifier();
$key = $req->getParam('oauth_consumer_key');
} catch (OAuthException $e) {
sfContext::getInstance()->getLogger()->err("oauthSecurityManager::checkAuthorized exception");
sfContext::getInstance()->getLogger()->err("Message: " + $e->getMessage());
$this->sendNotAuthorized();
}
} else {
sfContext::getInstance()->getLogger()->err("oauthSecurityManager::checkAuthorized request not signed");
$this->sendNotAuthorized();
}
return $key;
}
/**
* Construct the request to be verified
*
* @param string request
* @param string method
* @param array params The request parameters
* @param string store The session storage class.
* @param array store_options The session storage class parameters.
* @param array options Extra options:
* - allowed_uri_schemes: list of allowed uri schemes.
* - disallowed_uri_schemes: list of unallowed uri schemes.
*
* e.g. Allow only http and https
* $options = array(
* 'allowed_uri_schemes' => array('http', 'https'),
* 'disallowed_uri_schemes' => array()
* );
*
* e.g. Disallow callto, mailto and file, allow everything else
* $options = array(
* 'allowed_uri_schemes' => array(),
* 'disallowed_uri_schemes' => array('callto', 'mailto', 'file')
* );
*
* e.g. Allow everything
* $options = array(
* 'allowed_uri_schemes' => array(),
* 'disallowed_uri_schemes' => array()
* );
*
*/
function __construct($uri = null, $method = null, $params = null, $store = 'SESSION', $store_options = array(), $options = array())
{
parent::__construct($uri, $method, $params);
$this->session = OAuthSession::instance($store, $store_options);
if (array_key_exists('allowed_uri_schemes', $options) && is_array($options['allowed_uri_schemes'])) {
$this->allowed_uri_schemes = $options['allowed_uri_schemes'];
}
if (array_key_exists('disallowed_uri_schemes', $options) && is_array($options['disallowed_uri_schemes'])) {
$this->disallowed_uri_schemes = $options['disallowed_uri_schemes'];
}
}
public function direct()
{
if (OAuthRequestVerifier::requestIsSigned()) {
try {
$req = new OAuthRequestVerifier();
$authUid = $req->verify();
if ($authUid) {
$registry = Zend_Registry::getInstance();
$people = Ml_Model_People::getInstance();
$authedUserInfo = $people->getById($authUid);
$registry->set("authedUserInfo", $authedUserInfo);
}
} catch (OAuthException $e) {
//If user authentication fails
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: OAuth realm=""');
header('Content-Type: text/plain; charset=utf8');
throw $e;
}
}
}
case 'oauth':
Debug::LogEntry('audit', 'OAuth Webservice call');
Kit::ClassLoader('ServiceOAuth');
$oauth = new ServiceOAuth();
if (method_exists($oauth, $method)) {
$oauth->{$method}();
} else {
$serviceResponse->ErrorServerError('Unknown Request.');
}
break;
case 'rest':
$serviceResponse->StartTransaction();
// OAuth authorization.
if (OAuthRequestVerifier::requestIsSigned()) {
try {
$request = new OAuthRequestVerifier();
$userID = $request->verify();
if ($userID) {
// Create the login control system.
$userClass = Config::GetSetting('userModule');
$userClass = explode('.', $userClass);
Kit::ClassLoader($userClass[0]);
// Create a user.
$user = new User($db);
// Log this user in.
if (!$user->LoginServices($userID)) {
$serviceResponse->ErrorServerError('Unknown User.');
}
} else {
$serviceResponse->ErrorServerError('No user id.');
}
/**
* Construct the request to be verified
*
* @param string request
* @param string method
* @param array params The request parameters
* @param string store The session storage class.
* @param array store_options The session storage class parameters.
*/
function __construct($uri = null, $method = null, $params = null, $store = 'SESSION', $store_options = array())
{
parent::__construct($uri, $method, $params);
$this->session = OAuthSession::instance($store, $store_options);
}
function oauth_test()
{
error_reporting(E_ALL);
header('Content-Type: text/plain; charset=utf-8');
echo "Performing OAuth module tests.\n\n";
echo "See also: http://wiki.oauth.net/TestCases\n\n";
assert_options(ASSERT_CALLBACK, 'oauth_assert_handler');
assert_options(ASSERT_WARNING, 0);
$req = new OAuthRequest('http://www.example.com', 'GET');
echo "***** Parameter Encoding *****\n\n";
assert('$req->urlencode(\'abcABC123\') == \'abcABC123\'');
assert('$req->urlencode(\'-._~\') == \'-._~\'');
assert('$req->urlencode(\'%\') == \'%25\'');
assert('$req->urlencode(\'&=*\') == \'%26%3D%2A\'');
assert('$req->urlencode(\'&=*\') == \'%26%3D%2A\'');
assert('$req->urlencode("\\n") == \'%0A\'');
assert('$req->urlencode(" ") == \'%20\'');
assert('$req->urlencode("\\x7f") == \'%7F\'');
echo "***** Normalize Request Parameters *****\n\n";
$req = new OAuthRequest('http://example.com/?name', 'GET');
assert('$req->getNormalizedParams() == \'name=\'');
$req = new OAuthRequest('http://example.com/?a=b', 'GET');
assert('$req->getNormalizedParams() == \'a=b\'');
$req = new OAuthRequest('http://example.com/?a=b&c=d', 'GET');
assert('$req->getNormalizedParams() == \'a=b&c=d\'');
// At this moment we don't support two parameters with the same name
// so I changed this test case to "a=" and "b=" and not "a=" and "a="
$req = new OAuthRequest('http://example.com/?b=x!y&a=x+y', 'GET');
assert('$req->getNormalizedParams() == \'a=x%20y&b=x%21y\'');
$req = new OAuthRequest('http://example.com/?x!y=a&x=a', 'GET');
assert('$req->getNormalizedParams() == \'x=a&x%21y=a\'');
echo "***** Base String *****\n\n";
$req = new OAuthRequest('http://example.com/?n=v', 'GET');
assert('$req->signatureBaseString() == \'GET&http%3A%2F%2Fexample.com%2F&n%3Dv\'');
$req = new OAuthRequest('https://photos.example.net/request_token', 'POST', 'oauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_timestamp=1191242090&oauth_nonce=hsu94j3884jdopsl&oauth_signature_method=PLAINTEXT&oauth_signature=ignored', array('X-OAuth-Test' => true));
assert('$req->signatureBaseString() == \'POST&https%3A%2F%2Fphotos.example.net%2Frequest_token&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dhsu94j3884jdopsl%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1191242090%26oauth_version%3D1.0\'');
$req = new OAuthRequest('http://photos.example.net/photos?file=vacation.jpg&size=original&oauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_token=nnch734d00sl2jdk&oauth_timestamp=1191242096&oauth_nonce=kllo9940pd9333jh&oauth_signature=ignored&oauth_signature_method=HMAC-SHA1', 'GET');
assert('$req->signatureBaseString() == \'GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal\'');
echo "***** HMAC-SHA1 *****\nRequest signing\n";
OAuthStore::instance('MySQL', array('conn' => false));
$req = new OAuthRequestSigner('http://photos.example.net/photos?file=vacation.jpg&size=original', 'GET');
assert('$req->urldecode($req->calculateDataSignature(\'bs\', \'cs\', \'\', \'HMAC-SHA1\')) == \'egQqG5AJep5sJ7anhXju1unge2I=\'');
assert('$req->urldecode($req->calculateDataSignature(\'bs\', \'cs\', \'ts\', \'HMAC-SHA1\')) == \'VZVjXceV7JgPq/dOTnNmEfO0Fv8=\'');
$secrets = array('consumer_key' => 'dpf43f3p2l4k3l03', 'consumer_secret' => 'kd94hf93k423kf44', 'token' => 'nnch734d00sl2jdk', 'token_secret' => 'pfkkdhi9sl3r4s00', 'signature_methods' => array('HMAC-SHA1'), 'nonce' => 'kllo9940pd9333jh', 'timestamp' => '1191242096');
$req->sign(0, $secrets);
assert('$req->getParam(\'oauth_signature\', true) == \'tR3+Ty81lMeYAr/Fid0kMTYa/WM=\'');
echo "***** HMAC-SHA1 *****\nRequest verification\n";
$req = new OAuthRequestVerifier('http://photos.example.net/photos?file=vacation.jpg&size=original' . '&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_token=nnch734d00sl2jdk' . '&oauth_signature_method=HMAC-SHA1&oauth_nonce=kllo9940pd9333jh' . '&oauth_timestamp=1191242096&oauth_version=1.0' . '&oauth_signature=' . rawurlencode('tR3+Ty81lMeYAr/Fid0kMTYa/WM='), 'GET');
$req->verifySignature('kd94hf93k423kf44', 'pfkkdhi9sl3r4s00');
echo "\n";
echo "***** Yahoo! test case ******\n\n";
OAuthStore::instance('MySQL', array('conn' => false));
$req = new OAuthRequestSigner('http://example.com:80/photo', 'GET');
$req->setParam('title', 'taken with a 30% orange filter');
$req->setParam('file', 'mountain & water view');
$req->setParam('format', 'jpeg');
$req->setParam('include', array('date', 'aperture'));
$secrets = array('consumer_key' => '1234=asdf=4567', 'consumer_secret' => 'erks823*43=asd&123ls%23', 'token' => 'asdf-4354=asew-5698', 'token_secret' => 'dis9$#$Js009%==', 'signature_methods' => array('HMAC-SHA1'), 'nonce' => '3jd834jd9', 'timestamp' => '12303202302');
$req->sign(0, $secrets);
// echo "Basestring:\n",$req->signatureBaseString(), "\n\n";
//echo "queryString:\n",$req->getQueryString(), "\n\n";
assert('$req->getQueryString() == \'title=taken%20with%20a%2030%25%20orange%20filter&file=mountain%20%26%20water%20view&format=jpeg&include=date&include=aperture\'');
//echo "oauth_signature:\n",$req->getParam('oauth_signature', true),"\n\n";
assert('$req->getParam(\'oauth_signature\', true) == \'jMdUSR1vOr3SzNv3gZ5DDDuGirA=\'');
echo "\n\nFinished.\n";
}
public function getParam($name, $default = '')
{
$req = new OAuthRequestVerifier();
$value = $req->getParam($name);
if (empty($value)) {
$value = Yii::app()->request->getParam($name, $default);
}
return $value;
}
/**
* This function checks if the request is CORS valid, if not checks for an authentication and setup the auth routes
*/
function checkOAuth()
{
global $validOrigins;
if (isset($_SERVER['HTTP_ORIGIN']) && in_array($_SERVER['HTTP_ORIGIN'], $validOrigins)) {
return;
}
//Command to generate the Request Tokens
$this->addRouteCommand(new RouteCommand("POST", "auth", "requestToken", function ($params = NULL) {
if (empty($_POST["userId"])) {
$this->showError(400);
}
$store = OAuthStore::instance('PDO', array('conn' => DBController::$db));
$key = $store->updateConsumer($_POST, $_POST["userId"], true);
$c = $store->getConsumer($key, $_POST["userId"]);
$result["key"] = $c["consumer_key"];
$result["secret"] = $c["consumer_secret"];
$this->showResult($result);
}, array("userId"), "Request a new token"));
// Create a new instance of OAuthStore and OAuthServer
$store = OAuthStore::instance('PDO', array('conn' => DBController::$db));
$server = new OAuthServer();
ResterUtils::Log(">> CHECKING OAUTH " . $_SERVER['REQUEST_METHOD']);
if (OAuthRequestVerifier::requestIsSigned()) {
//If the request is signed, allow from any source
header('Access-Control-Allow-Origin: *');
try {
$req = new OAuthRequestVerifier();
$id = $req->verify(false);
ResterUtils::Log("*** API USER " . $id . " ***");
} catch (OAuthException2 $e) {
// The request was signed, but failed verification
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: OAuth realm=""');
header('Content-Type: text/plain; charset=utf8');
ResterUtils::Log(">> OAUTH ERROR >> " . $e->getMessage());
exit;
}
} else {
ResterUtils::Log(">> OAUTH: Unsigned request");
if (isset($validOrigins)) {
foreach ($validOrigins as $origin) {
ResterUtils::Log(">> ADD ORIGIN: " . $origin);
header('Access-Control-Allow-Origin: ' . $origin);
}
} else {
//TODO; CHECK ORIGIN
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: OAuth realm=""');
header('Content-Type: text/plain; charset=utf8');
echo "Authentication error";
ResterUtils::Log(">> OAUTH ERROR >> Request not signed");
ResterUtils::Log("*** AUTH ERROR *** ===>");
exit;
}
//$this->showError(401);
}
}
<!--API Resource to be accessed by the Client-->
<?php
require_once '../include/common.php';
if (OAuthRequestVerifier::requestIsSigned()) {
try {
$req = new OAuthRequestVerifier();
$id = $req->verify();
// echo "hey";
if ($id) {
echo 'Hello ' . $id;
}
} catch (OAuthException $e) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: OAuth realm=""');
header('Content-Type: text/plain; charset=utf8');
echo $e->getMessage();
exit;
}
}
