/**
* Run the security call and see what falls out.
*
* @param \Raml\SecurityScheme $securityscheme_obj The security scheme to process the call data for
* @param \V1\APICall $apicall_obj The APICall object
*
* @return bool True on success, or false on fail
*/
public function run(\Raml\SecurityScheme $securityscheme_obj, \V1\APICall $apicall_obj)
{
/**
* @link https://en.wikipedia.org/wiki/Basic_access_authentication
*/
$credentials = $apicall_obj->get_credentials();
// Make sure that we have the required data.
if (empty($credentials['BASIC_USERNAME']) || empty($credentials['BASIC_PASSWORD'])) {
return false;
}
$encoded_credentials = 'Basic ' . base64_encode($credentials['BASIC_USERNAME'] . ':' . $credentials['BASIC_PASSWORD']);
$apicall_obj->set_header('Authorization', $encoded_credentials);
return true;
}
/**
* Run the request
*
* @param \Raml\SecurityScheme $securityscheme_obj The security scheme to process the call data for
* @param \V1\APICall $apicall_obj The APICall object
*
* @return mixed The object we just completed or an array describing the next step in the security process
*/
public function run(\Raml\SecurityScheme $securityscheme_obj, \V1\APICall $apicall_obj)
{
$settings = $securityscheme_obj->getSettings()->asArray();
$credentials = $apicall_obj->get_credentials();
$settings['authorization'] = empty($settings['authorization']) ? 'header' : \Str::lower($settings['authorization']);
// Verify that we have the required credentials for the request.
if (empty($credentials['OAUTH_CONSUMER_KEY']) || empty($credentials['OAUTH_CONSUMER_SECRET']) || empty($credentials['OAUTH_USER_ID'])) {
$this->error = true;
return $this;
}
// Store the proper credentials in the DB.
$this->store_credentials($credentials);
// Pull data from the cache for the current request, allowing for multiple authentications for the customer.
$this->cache_id = hash('sha256', $credentials['OAUTH_CONSUMER_KEY'] . $credentials['OAUTH_CONSUMER_SECRET'] . $credentials['OAUTH_USER_ID']);
$credentials = array_replace($this->get_cache(), $credentials);
// Where should we set the authorization data?
switch ($settings['authorizeLocation']) {
case 'header':
$authorize_location = OAUTH_AUTH_TYPE_AUTHORIZATION;
break;
case 'query':
$authorize_location = OAUTH_AUTH_TYPE_URI;
break;
case 'body':
$authorize_location = OAUTH_AUTH_TYPE_FORM;
break;
case 'none':
$authorize_location = OAUTH_AUTH_TYPE_NONE;
break;
}
try {
// Create the PECL installed OAuth object.
$oauth = new \OAuth($credentials['OAUTH_CONSUMER_KEY'], $credentials['OAUTH_CONSUMER_SECRET'], $settings['signatureMethod'], $authorize_location);
if (\Fuel::$env !== 'production') {
$oauth->enableDebug();
}
if (empty($credentials['OAUTH_ACCESS_TOKEN']) || empty($credentials['OAUTH_ACCESS_TOKEN_SECRET'])) {
// Get our access token and secret.
if (($credentials = $this->get_access_tokens($oauth, $settings, $credentials)) === false) {
$this->error = true;
return $this;
}
// Authentication of my second leg (Yup. It's hairy, so it must be mine.)
if (!empty($credentials['errors'])) {
return $credentials;
}
}
$oauth->setToken($credentials['OAUTH_ACCESS_TOKEN'], $credentials['OAUTH_ACCESS_TOKEN_SECRET']);
// Collect parameters to build our signature
$params = null;
if ($apicall_obj->get_body_type() === 'application/x-www-form-urlencoded') {
// If we need to handle string bodies later, we will.
if (is_array($apicall_obj->get_method_params())) {
$params = http_build_query($apicall_obj->get_method_params(), null, '&', PHP_QUERY_RFC3986) . '&';
}
}
$params .= http_build_query($apicall_obj->get_query_params(), null, '&') . '&' . ($params .= http_build_query($apicall_obj->get_headers(), null, '&'));
$header = $oauth->getRequestHeader($apicall_obj->get_method(), $apicall_obj->get_url(), $params);
$apicall_obj->set_header('Authorization', $header);
return true;
} catch (\OAuthException $e) {
// Something went wrong, so destroy the cache so it can get fixed.
$this->delete_cache();
// Let the script automatically continue searching for security methods.
$this->error = true;
return $this;
}
}
