/**
* Load oauth parameters from GET or POST
*
* @access public
* @param string $flag default [ FALSE ]
* @return void
*/
public function __construct(array $args)
{
$params = array();
// Load oauth_token from form-encoded body
isset($_SERVER['CONTENT_TYPE']) or $_SERVER['CONTENT_TYPE'] = getenv('CONTENT_TYPE');
// oauth_token already send in authorization header or the encrypt Content-Type is not single-part
if (stripos($_SERVER['CONTENT_TYPE'], 'application/x-www-form-urlencoded') === FALSE) {
throw new Oauth2_Exception_Token('invalid_request');
} else {
// Check all required parameters should NOT be empty
foreach ($args as $key => $val) {
if ($val === TRUE) {
if (isset($_POST[$key]) and $value = Oauth2::urldecode($_POST[$key])) {
$params[$key] = $value;
} else {
throw new Oauth2_Exception_Token('invalid_request');
}
}
}
}
$this->code = $params['code'];
$this->client_id = $params['client_id'];
unset($params['code'], $params['client_id']);
$this->_params = $params;
}
public function action_do()
{
$params = Oauth2::parse_query();
try {
if (empty($params['code']) or isset($params['error'])) {
throw new Oauth2_Exception($params['error']);
}
$token = Remote::get($this->_configs['token_uri'], array(CURLOPT_POST => TRUE, CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded;charset=utf-8'), CURLOPT_POSTFIELDS => Oauth2::build_query(array('grant_type' => $this->_configs['grant_type'], 'code' => $params['code'], 'client_id' => $this->_configs['client_id'], 'redirect_uri' => $this->_configs['redirect_uri'], 'client_secret' => $this->_configs['client_secret']))));
$token = json_decode($token);
if (isset($token->error)) {
throw new Oauth2_Exception($token->error);
}
// Resource in json format
$resource = Remote::get($this->_configs['access_uri'], array(CURLOPT_POST => TRUE, CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded;charset=utf-8'), CURLOPT_POSTFIELDS => Oauth2::build_query(array('oauth_token' => $token->access_token, 'timestamp' => $_SERVER['REQUEST_TIME'], 'refresh_token' => $token->refresh_token, 'expires_in' => $token->expires_in, 'client_id' => $this->_configs['client_id']))));
$this->request->response = $resource;
} catch (Exception $e) {
$error = $e->getMessage();
}
if (isset($error)) {
switch ($error) {
case 'access_denied':
$this->request->response = 'You have denied this request.';
break;
default:
$this->request->response = 'There must be some errors happen in this connection, please contact our web master.' . "[{$error}]";
break;
}
}
}
/**
* Client Requests Access Token
*
* @access public
* @return void
*/
public function action_token()
{
$grant_type = Oauth2::get('grant_type');
try {
if (method_exists($this, $grant_type)) {
$response = $this->{$grant_type}();
} else {
// TODO, if is an absolute URI identifying an assertion format supported by the authorization server
//if(Oauth::is_assertion($grant_type))
//{
// $response = $this->assertion();
// break;
//}
throw new Oauth2_Exception_Token('unsupported_grant_type');
}
// HTTP/1.1 200 OK
$this->request->status = 200;
$this->request->headers['Content-Type'] = $response->format;
} catch (Oauth2_Exception $e) {
$response = $e->getMessage();
/**
* HTTP/1.1 401 (Unauthorized) for "Authorization" request header field
* HTTP/1.1 400 Bad Request for other authentication scheme
*/
$this->request->status = 400;
$this->request->headers['Content-Type'] = 'application/json';
}
$this->request->headers['Expires'] = 'Sat, 26 Jul 1997 05:00:00 GMT';
$this->request->headers['Cache-Control'] = 'no-store, must-revalidate';
$this->request->response = $response;
}
/**
* Load oauth parameters from GET or POST
*
* @access public
* @param string $flag default [ FALSE ]
* @return void
*/
public function __construct(array $args)
{
$params = array();
// Parse the "state" paramter
if (isset($_GET['state']) and $state = Oauth2::urldecode($_GET['state'])) {
$this->state = $state;
unset($_GET['state']);
}
// Check all required parameters should NOT be empty
foreach ($args as $key => $val) {
if ($val === TRUE) {
if (isset($_GET[$key]) and $value = Oauth2::urldecode($_GET[$key])) {
$params[$key] = $value;
} else {
$e = new Oauth2_Exception_Authorize('invalid_request');
$e->redirect_uri = isset($params['redirect_uri']) ? $params['redirect_uri'] : Oauth2::urldecode($_GET['redirect_uri']);
$e->state = $this->state;
throw $e;
}
}
}
$this->client_id = $params['client_id'];
$this->redirect_uri = $params['redirect_uri'];
// Remove all required parameters
unset($params['client_id'], $params['redirect_uri']);
$this->_params = $params;
}
public function build(Oauth2_Token $token)
{
$signature = Oauth2::urlencode($token->client_secret);
if (!empty($token->token_secret)) {
$signature .= '&' . Oauth2::urlencode($token->token_secret);
}
return $signature;
}
public function build(Oauth2_Token $token)
{
$key = Oauth2::urlencode($token->client_secret);
if (!empty($token->token_secret)) {
$key .= '&' . Oauth2::urlencode($token->token_secret);
}
return base64_encode(hash_hmac('sha1', parent::$identifier, $key, TRUE));
}
public function login()
{
define('BASEPATH', '1');
$name = $this->_get('name');
$app = C($name);
//new Oauth2();
include realpath('iVanvicms/_Core/Extend/Vendor/Oauth/Oauth2.php');
$status = Oauth2::provider($name, $app);
dump($status);
}
/**
* state
* OPTIONAL. An opaque value used by the client to maintain state
* between the request and callback. The authorization server
* includes this value when redirecting the user-agent back to the
* client.
*
* scope
* OPTIONAL. The scope of the access request expressed as a list
* of space-delimited strings. The value of the "scope" parameter
* is defined by the authorization server. If the value contains
* multiple space-delimited strings, their order does not matter,
* and each string adds an additional access range to the
* requested scope.
*
* @access public
* @return void
*/
public function __construct($args = NULL)
{
$params = Oauth2::parse_query();
$this->client_id = Arr::get($params, 'client_id');
$this->redirect_uri = Arr::get($params, 'redirect_uri');
// OPTIONAL. An opaque value used by the client to maintain state between the request and callback.
if (NULL !== ($state = Arr::get($params, 'state'))) {
$this->state = $state;
}
// OPTIONAL. The scope of the access request expressed as a list of space-delimited strings.
if (NULL !== ($scope = Arr::get($params, 'scope'))) {
$this->scope = $scope;
}
}
/**
* format
* OPTIONAL. The response format requested by the client. Value
* MUST be one of "json", "xml", or "form".
*/
public function __construct($args = NULL)
{
$params = Oauth2::parse_query();
$this->client_id = Arr::get($params, 'client_id');
$this->client_secret = Arr::get($params, 'client_secret');
$this->refresh_token = Arr::get($params, 'refresh_token');
// OPTIONAL. An opaque value used by the client to maintain state between the request and callback.
if (NULL !== ($state = Arr::get($params, 'state'))) {
$this->state = $state;
}
if (NULL !== ($format = Arr::get($params, 'format'))) {
$this->format = $format;
}
if (empty($this->client_id) or empty($this->client_secret) or empty($this->refresh_token)) {
throw new Oauth2_Exception_Token('invalid_request');
}
}
/**
* scope
* OPTIONAL. The scope of the access request expressed as a list
* of space-delimited strings. The value of the "scope" parameter
* is defined by the authorization server. If the value contains
* multiple space-delimited strings, their order does not matter,
* and each string adds an additional access range to the
* requested scope.
* format
* OPTIONAL. The response format requested by the client. Value
* MUST be one of "json", "xml", or "form". Alternatively, the
* client MAY use the HTTP "Accept" header field with the desired
* media type. Defaults to "json" if omitted and no "Accept"
* header field is present.
*/
public function __construct($args = NULL)
{
$params = Oauth2::parse_query();
$this->client_id = Arr::get($params, 'client_id');
$this->client_secret = Arr::get($params, 'client_secret');
$this->username = Arr::get($params, 'username');
$this->password = Arr::get($params, 'password');
// OPTIONAL. An opaque value used by the client to maintain state between the request and callback.
if (NULL !== ($state = Arr::get($params, 'state'))) {
$this->state = $state;
}
// OPTIONAL. The scope of the access request expressed as a list of space-delimited strings.
if (NULL !== ($scope = Arr::get($params, 'scope'))) {
$this->scope = $scope;
}
// OPTIONAL. The scope of the access request expressed as a list of space-delimited strings.
if (NULL !== ($format = Arr::get($params, 'format'))) {
$this->format = $format;
}
if (empty($this->client_id) or empty($this->client_secret) or empty($this->username) or empty($this->password)) {
throw new Oauth2_Exception('invalid_request');
}
}
public function query()
{
if (empty($this->error)) {
$form = get_object_vars($this);
foreach ($form as $key => $val) {
if (empty($val)) {
unset($form[$key]);
}
}
} else {
$form = array('error' => $this->error);
if (property_exists($this, 'error_description') and $this->error_description) {
$form['error_description'] = $this->error_description;
}
if (property_exists($this, 'error_uri') and $this->error_uri) {
$form['error_uri'] = $this->error_uri;
}
if (property_exists($this, 'state') and $this->state) {
$form['state'] = $this->state;
}
}
return Oauth2::build_query($form);
}
/**
* MUST verify that the verification code, client identity, client secret,
* and redirection URI are all valid and match its stored association.
*
* @access public
* @return Oauth_Token
* @todo impletement timestamp, nonce, signature checking
*/
public function access_token($client)
{
$response = new Oauth2_Token();
if (isset($this->_params['format'])) {
$response->format = $this->_params['format'];
}
//if(isset($this->_params['nonce']) AND $client['nonce'] !== $this->_params['nonce'])
//{
// throw new Oauth_Exception_Access('invalid_request');
//}
if ($client['access_token'] !== $this->oauth_token) {
throw new Oauth2_Exception_Access('invalid_token');
}
if (isset($this->_params['scope']) and !empty($client['scope'])) {
if (!in_array($this->_params['scope'], explode(' ', $client['scope']))) {
throw new Oauth2_Exception_Access('insufficient_scope');
}
}
if (isset($this->_params['timestamp']) and $client['timestamp'] < $this->_params['timestamp']) {
throw new Oauth2_Exception_Access('invalid_token');
}
// Verify the signature
if (!empty($this->_params['signature']) and !empty($this->_params['algorithm'])) {
$uri = URL::base(FALSE, TRUE) . Request::$instance->uri;
$string = Oauth2::normalize(Request::$method, $uri, $this->_params);
$this->_params['algorithm'] = strtolower($this->_params['algorithm']);
if ($this->_params['algorithm'] === 'rsa-sha1' or $this->_params['algorithm'] === 'hmac-sha1') {
$response->public_cert = $client['ssh_key'];
$response->private_cert = $this->_params['signature'];
}
if (!Oauth2::signature($this->_params['algorithm'], $string)->check($response, $this->_params['signature'])) {
throw new Oauth2_Exception_Access('invalid_signature');
}
}
return $response;
}
public static function access_denied_uri($redirect = NULL)
{
$params = Oauth2::parse_query();
if (!$redirect) {
$redirect = Arr::get($params, 'redirect_uri');
}
if ($state = Arr::get($params, 'state')) {
$state = '&state=' . $state;
}
return $redirect . '?error=access_denied' . $state;
}
$oStmt = $oDb->prepare("DELETE FROM tasks WHERE id = :id");
$oStmt->bindParam("id", $id);
$oStmt->execute();
echo json_encode(array("rows" => $oStmt->rowCount()));
});
// oauth2 code
$oApp->get("/login", function () use($oApp) {
// see if this is the original redirect or if it's the callback
$sCode = $oApp->request->params('code');
// get the uri to redirect to
$sUrl = "http";
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
$sUrl .= "s";
}
$sUrl .= "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
$oAuth = new \Oauth2($sUrl);
if ($sCode == null) {
$oApp->response->redirect($oAuth->redirectUrl());
} else {
$oAuth->handleCode($sCode);
$oApp->response->redirect("/");
}
});
$oApp->get("/currentUser", new \Auth(), function () use($oApp) {
echo json_encode($_SESSION['CurrentUser']);
});
$oApp->get("/logout", function () {
session_start();
unset($_SESSION["CurrentUser"]);
});
$oApp->run();
