/**
* Validate signature based on the signature method used.
*
* @param array $params
* @param string $consumerSecret
* @param string $httpMethod
* @param string $requestUrl
* @param string $tokenSecret
* @return void
* @throws Exception|OauthInputException
*/
protected function _validateSignature($params, $consumerSecret, $httpMethod, $requestUrl, $tokenSecret = null)
{
if (!in_array($params['oauth_signature_method'], self::getSupportedSignatureMethods())) {
throw new OauthInputException('Signature method %1 is not supported', [$params['oauth_signature_method']]);
}
$allowedSignParams = $params;
unset($allowedSignParams['oauth_signature']);
$calculatedSign = $this->_httpUtility->sign($allowedSignParams, $params['oauth_signature_method'], $consumerSecret, $tokenSecret, $httpMethod, $requestUrl);
if ($calculatedSign != $params['oauth_signature']) {
throw new Exception('Invalid signature');
}
}
public function testBuildAuthorizationHeader()
{
$signature = 'valid_signature';
$this->_httpUtilityMock->expects($this->any())->method('sign')->will($this->returnValue($signature));
$this->_setupConsumer(false);
$this->_oauthHelperMock->expects($this->any())->method('generateRandomString')->will($this->returnValue('tyukmnjhgfdcvxstyuioplkmnhtfvert'));
$request = ['oauth_consumer_key' => 'edf957ef88492f0a32eb7e1731e85da2', 'oauth_consumer_secret' => 'asdawwewefrtyh2f0a32eb7e1731e85d', 'oauth_token' => '7c0709f789e1f38a17aa4b9a28e1b06c', 'oauth_token_secret' => 'a6agsfrsfgsrjjjjyy487939244ssggg', 'custom_param1' => 'foo', 'custom_param2' => 'bar'];
$requestUrl = 'http://www.example.com/endpoint';
$oauthHeader = $this->_oauth->buildAuthorizationHeader($request, $requestUrl);
$expectedHeader = 'OAuth oauth_nonce="tyukmnjhgfdcvxstyuioplkmnhtfvert",' . 'oauth_timestamp="",' . 'oauth_version="1.0",oauth_consumer_key="edf957ef88492f0a32eb7e1731e85da2",' . 'oauth_consumer_secret="asdawwewefrtyh2f0a32eb7e1731e85d",' . 'oauth_token="7c0709f789e1f38a17aa4b9a28e1b06c",' . 'oauth_token_secret="a6agsfrsfgsrjjjjyy487939244ssggg",' . 'oauth_signature="valid_signature"';
$this->assertEquals($expectedHeader, $oauthHeader, 'Generated Oauth header is incorrect');
}
/**
* Test two legged authentication
*/
public function testAuthenticateTwoLegged()
{
$testUserKey = 'foo_user';
$testUserSecret = 'bar_secret';
$testUrl = 'http://foo.bar/api/rest/v1/baz';
// Prepare signature and oAuth parameters
$utility = new Zend_Oauth_Http_Utility();
$params = array('oauth_consumer_key' => $testUserKey, 'oauth_nonce' => $utility->generateNonce(), 'oauth_timestamp' => $utility->generateTimestamp(), 'oauth_version' => '1.0', 'oauth_signature_method' => Mage_Oauth_Model_Server::SIGNATURE_PLAIN);
$params['oauth_signature'] = $utility->sign($params, Mage_Oauth_Model_Server::SIGNATURE_PLAIN, $testUserSecret, '', 'GET', $testUrl);
$authHeader = $utility->toAuthorizationHeader($params);
$this->_requestMock->expects($this->at(0))->method('getHeader')->with('Authorization')->will($this->returnValue($authHeader));
$this->_requestMock->expects($this->at(1))->method('getHeader')->with(Zend_Http_Client::CONTENT_TYPE)->will($this->returnValue('application/json'));
$this->_requestMock->expects($this->any())->method('getScheme')->with()->will($this->returnValue(Zend_Controller_Request_Http::SCHEME_HTTP));
$this->_requestMock->expects($this->any())->method('getHttpHost')->with()->will($this->returnValue('foo.bar'));
$this->_requestMock->expects($this->any())->method('getRequestUri')->with()->will($this->returnValue('/api/rest/v1/baz'));
$userMock = $this->getMockBuilder('Mage_Webapi_Model_Acl_User')->setMethods(array('loadByKey', 'getId', 'getSecret'))->disableOriginalConstructor()->getMock();
$this->_consumerFactoryMock->expects($this->once())->method('create')->will($this->returnValue($userMock));
$userMock->expects($this->once())->method('loadByKey')->with($testUserKey)->will($this->returnSelf());
$userMock->expects($this->once())->method('getId')->with()->will($this->returnValue(1));
$userMock->expects($this->once())->method('getSecret')->with()->will($this->returnValue($testUserSecret));
$this->assertEquals($userMock, $this->_server->authenticateTwoLegged());
}
/**
* Get base signature string
*
* @param array $params
* @param null|string $method
* @param null|string $url
* @return string
*/
protected function _getBaseSignatureString(array $params, $method = null, $url = null)
{
$encodedParams = array();
foreach ($params as $key => $value) {
$encodedParams[Zend_Oauth_Http_Utility::urlEncode($key)] = Zend_Oauth_Http_Utility::urlEncode($value);
}
$baseStrings = array();
if (isset($method)) {
$baseStrings[] = strtoupper($method);
}
if (isset($url)) {
// should normalise later
$baseStrings[] = Zend_Oauth_Http_Utility::urlEncode($this->normaliseBaseSignatureUrl($url));
}
if (isset($encodedParams['oauth_signature'])) {
unset($encodedParams['oauth_signature']);
}
$baseStrings[] = Zend_Oauth_Http_Utility::urlEncode($this->_toByteValueOrderedQueryString($encodedParams));
return implode('&', $baseStrings);
}
public function testUrlEncodeCorrectlyEncodesU3001()
{
$string = '、';
$this->assertEquals('%E3%80%81', Zend_Oauth_Http_Utility::urlEncode($string));
}
/**
* Generates a valid OAuth Authorization header based on the provided
* parameters and realm.
*
* @param array $params
* @param string $realm
* @return string
*/
protected function _toAuthorizationHeader(array $params, $realm = null)
{
$headerValue = array();
$headerValue[] = 'OAuth realm="' . $realm . '"';
foreach ($params as $key => $value) {
if (!preg_match("/^oauth_/", $key)) {
continue;
}
$headerValue[] = Zend_Oauth_Http_Utility::urlEncode($key) . '="' . Zend_Oauth_Http_Utility::urlEncode($value) . '"';
}
return implode(",", $headerValue);
}
/**
* Validate signature
*
* @throws Mage_Oauth_Exception
*/
protected function _validateSignature()
{
$util = new Zend_Oauth_Http_Utility();
$calculatedSign = $util->sign(array_merge($this->_params, $this->_protocolParams), $this->_protocolParams['oauth_signature_method'], $this->_consumer->getSecret(), $this->_token->getSecret(), $this->_request->getMethod(), $this->_request->getScheme() . '://' . $this->_request->getHttpHost() . $this->_request->getRequestUri());
if ($calculatedSign != $this->_protocolParams['oauth_signature']) {
$this->_throwException('', self::ERR_SIGNATURE_INVALID);
}
}
/**
* Convert Token to a string, specifically a raw encoded query string.
*
* @return string
*/
public function toString()
{
return $this->_httpUtility->toEncodedQueryString($this->_params);
}
/**
* Get OAuth 'Authentication' header string
*
* @return string
*/
public function getOauthHeader()
{
$this->_oauthParams['oauth_timestamp'] = time();
$this->_oauthParams['oauth_nonce'] = md5(uniqid(rand(), true));
// http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/5/spec.html
// Haven't fully implemented that spec, but the idea is the same.
// TODO: The server should validate this hash to be more secure
$this->_oauthParams['oauth_body_hash'] = $this->_getRequestHash();
$this->_generateOauthSignature('POST');
$headerValue = array();
foreach ($this->_oauthParams as $key => $value) {
$headerValue[] = Zend_Oauth_Http_Utility::urlEncode($key) . '="' . Zend_Oauth_Http_Utility::urlEncode($value) . '"';
}
return implode(",", $headerValue);
}
/**
* Validate OAuth request
* @param Zend_Uri_Http $url Request URL, will use current if null
* @param array $params Additional parameters
* @return bool
* @throws Zend_Oauth_Exception
*/
public function checkOAuthRequest(Zend_Uri_Http $url = null, $params = array())
{
if (empty($url)) {
$this->url = $this->getRequestUrl();
} else {
$this->url = clone $url;
}
// We'll ignore query for the pruposes of URL matching
$this->url->setQuery('');
if (isset($_SERVER['REQUEST_METHOD'])) {
$method = $_SERVER['REQUEST_METHOD'];
} elseif (isset($_SERVER['HTTP_METHOD'])) {
$method = $_SERVER['HTTP_METHOD'];
} else {
$method = 'GET';
}
$params = $this->assembleParams($method, $params);
$this->checkSignatureMethod($params['oauth_signature_method']);
$this->checkRequiredParams($params);
$this->timestamp = $params['oauth_timestamp'];
$this->nonce = $params['oauth_nonce'];
$this->consumer_key = $params['oauth_consumer_key'];
if (!is_callable($this->nonceHandler)) {
throw new Zend_Oauth_Exception("Nonce handler not callable", self::BAD_NONCE);
}
$res = call_user_func($this->nonceHandler, $this);
if ($res != self::OK) {
throw new Zend_Oauth_Exception("Invalid request", $res);
}
if (!is_callable($this->consumerHandler)) {
throw new Zend_Oauth_Exception("Consumer handler not callable", self::CONSUMER_KEY_UNKNOWN);
}
$res = call_user_func($this->consumerHandler, $this);
// this will set $this->consumer_secret if OK
if ($res != self::OK) {
throw new Zend_Oauth_Exception("Consumer key invalid", $res);
}
if ($this->needsToken()) {
$this->token = $params['oauth_token'];
$this->verifier = $params['oauth_verifier'];
if (!is_callable($this->tokenHandler)) {
throw new Zend_Oauth_Exception("Token handler not callable", self::TOKEN_REJECTED);
}
$res = call_user_func($this->tokenHandler, $this);
// this will set $this->token_secret if OK
if ($res != self::OK) {
throw new Zend_Oauth_Exception("Token invalid", $res);
}
}
$util = new Zend_Oauth_Http_Utility();
$req_sign = $params['oauth_signature'];
unset($params['oauth_signature']);
$our_sign = $util->sign($params, $params['oauth_signature_method'], $this->consumer_secret, $this->token_secret, $method, $this->url->getUri());
if ($req_sign != $our_sign) {
// TODO: think how to extract signature base string
$this->problem = $our_sign;
throw new Zend_Oauth_Exception("Invalid signature", self::INVALID_SIGNATURE);
}
return true;
}
require_once 'Zend/Oauth.php';
require_once 'Zend/Oauth/Config.php';
require_once 'Zend/Oauth/Token/Access.php';
require_once 'Zend/Mail/Protocol/Imap.php';
require_once 'Zend/Mail/Storage/Imap.php';
/**
* Setup OAuth
*/
$options = array('requestScheme' => Zend_Oauth::REQUEST_SCHEME_HEADER, 'version' => '1.0', 'signatureMethod' => 'HMAC-SHA1', 'consumerKey' => $TWO_LEGGED_CONSUMER_KEY, 'consumerSecret' => $TWO_LEGGED_CONSUMER_SECRET_HMAC);
$config = new Zend_Oauth_Config();
$config->setOptions($options);
$config->setToken(new Zend_Oauth_Token_Access());
$config->setRequestMethod('GET');
$url = 'https://mail.google.com/mail/b/' . $TWO_LEGGED_EMAIL_ADDRESS . '/imap/';
$urlWithXoauth = $url . '?xoauth_requestor_id=' . urlencode($TWO_LEGGED_EMAIL_ADDRESS);
$httpUtility = new Zend_Oauth_Http_Utility();
/**
* Get an unsorted array of oauth params,
* including the signature based off those params.
*/
$params = $httpUtility->assembleParams($url, $config, array('xoauth_requestor_id' => $TWO_LEGGED_EMAIL_ADDRESS));
/**
* Sort parameters based on their names, as required
* by OAuth.
*/
ksort($params);
/**
* Construct a comma-deliminated,ordered,quoted list of
* OAuth params as required by XOAUTH.
*
* Example: oauth_param1="foo",oauth_param2="bar"
/**
* Send a request
* @param String $method Methodname
* @param Array $queryParams GET parameters
* @return Array
*/
public function request($method, array $queryParams)
{
$queryParams['format'] = self::RESPONSE_FORMAT;
if (!substr($method, 0, 5) != 'vimeo') {
$method = 'vimeo.' . $method;
}
$queryParams['method'] = $method;
$queryString = http_build_query($queryParams);
$url = self::VIMEO_API_URL . '?' . $queryString;
$oAuthHttpUtility = new Zend_Oauth_Http_Utility();
$params = array('oauth_consumer_key' => $this->getConsumerKey(), 'oauth_nonce' => $oAuthHttpUtility->generateNonce(), 'oauth_timestamp' => $oAuthHttpUtility->generateTimestamp(), 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_version' => '1.0');
if ($this->getAccessToken()) {
$params['oauth_token'] = $this->getAccessToken();
}
$params['oauth_signature'] = $oAuthHttpUtility->sign(array_merge($queryParams, $params), 'HMAC-SHA1', $this->getConsumerSecret(), $this->getAccessTokenSecret(), Zend_Oauth::GET, self::VIMEO_API_URL);
$httpClient = $this->getHttpClient()->setHeaders('Authorization', $oAuthHttpUtility->toAuthorizationHeader($params))->setMethod(Zend_Http_Client::GET)->setUri($url);
$response = $httpClient->request()->getBody();
$response = json_decode($response, true);
if ($response['stat'] == 'fail') {
$error = 'An unknown error occurred at Vimeo.';
if (!empty($response['err']['expl'])) {
$error = $response['err']['expl'];
}
throw new Garp_Service_Vimeo_Exception($response['err']['expl']);
}
return $response;
}
$consumer->redirect();
} else {
// Have Request Token already, Get Access Token
$_SESSION['ACCESS_TOKEN'] = serialize($consumer->getAccessToken($_GET, unserialize($_SESSION['REQUEST_TOKEN'])));
header('Location: ' . getCurrentUrl(false));
exit;
}
} else {
// Retrieve mail using Access Token
$accessToken = unserialize($_SESSION['ACCESS_TOKEN']);
$config = new Zend_Oauth_Config();
$config->setOptions($options);
$config->setToken($accessToken);
$config->setRequestMethod('GET');
$url = 'https://mail.google.com/mail/b/' . $email_address . '/imap/';
$httpUtility = new Zend_Oauth_Http_Utility();
/**
* Get an unsorted array of oauth params,
* including the signature based off those params.
*/
$params = $httpUtility->assembleParams($url, $config);
/**
* Sort parameters based on their names, as required
* by OAuth.
*/
ksort($params);
/**
* Construct a comma-deliminated,ordered,quoted list of
* OAuth params as required by XOAUTH.
*
* Example: oauth_param1="foo",oauth_param2="bar"
