public function testFlow()
{
$testCase = $this;
$http = new Http(new Callback(function ($request) use($testCase) {
$body = new TempStream(fopen('php://memory', 'r+'));
$response = new Response();
$response->setBody($body);
$testCase->loadController($request, $response);
return $response;
}));
$oauth = new Oauth($http);
// request token
$response = $oauth->requestToken(new Url('http://127.0.0.1/request'), OauthTest::CONSUMER_KEY, OauthTest::CONSUMER_SECRET);
$this->assertInstanceOf('PSX\\Oauth\\Provider\\Data\\Response', $response);
$this->assertEquals(OauthTest::TMP_TOKEN, $response->getToken());
$this->assertEquals(OauthTest::TMP_TOKEN_SECRET, $response->getTokenSecret());
// authorize the user gets redirected and approves the application
// access token
$response = $oauth->accessToken(new Url('http://127.0.0.1/access'), OauthTest::CONSUMER_KEY, OauthTest::CONSUMER_SECRET, OauthTest::TMP_TOKEN, OauthTest::TMP_TOKEN_SECRET, OauthTest::VERIFIER);
$this->assertInstanceOf('PSX\\Oauth\\Provider\\Data\\Response', $response);
$this->assertEquals(OauthTest::TOKEN, $response->getToken());
$this->assertEquals(OauthTest::TOKEN_SECRET, $response->getTokenSecret());
// api request
$url = new Url('http://127.0.0.1/api');
$auth = $oauth->getAuthorizationHeader($url, OauthTest::CONSUMER_KEY, OauthTest::CONSUMER_SECRET, OauthTest::TOKEN, OauthTest::TOKEN_SECRET, 'HMAC-SHA1', 'GET');
$request = new GetRequest($url, array('Authorization' => $auth));
$response = $http->request($request);
$this->assertEquals(200, $response->getStatusCode());
$this->assertEquals('SUCCESS', (string) $response->getBody());
}
protected function doHandle()
{
$extractor = new AuthorizationHeaderExtractor(array('consumerKey', 'signatureMethod', 'signature', 'timestamp', 'nonce', 'version', 'callback'));
$request = $extractor->extract($this->request, new Request());
$consumer = $this->getConsumer($request->getConsumerKey());
if ($consumer instanceof Consumer) {
$signature = Oauth::getSignature($request->getSignatureMethod());
$method = $this->request->getMethod();
$url = $this->request->getUri();
$params = array_merge($request->getRecordInfo()->getData(), $this->request->getUri()->getParameters());
$baseString = Oauth::buildBasestring($method, $url, $params);
if ($signature->verify($baseString, $consumer->getConsumerSecret(), '', $request->getSignature()) !== false) {
$response = $this->getResponse($consumer, $request);
if ($response instanceof Response) {
$response->addParam('oauth_callback_confirmed', true);
$this->setBody($response, WriterInterface::FORM);
} else {
throw new Exception('Invalid response');
}
} else {
throw new Exception('Invalid signature');
}
} else {
throw new Exception('Invalid Consumer Key');
}
}
public function extract(MessageInterface $message, RecordInterface $record)
{
$auth = (string) $message->getHeader('Authorization');
if (!empty($auth)) {
if (strpos($auth, 'OAuth') !== false) {
// get oauth data
$data = array();
$items = explode(',', $auth);
foreach ($items as $v) {
$v = trim($v);
if (substr($v, 0, 6) == 'oauth_') {
$pair = explode('=', $v);
if (isset($pair[0]) && isset($pair[1])) {
$key = substr(strtolower($pair[0]), 6);
$val = trim($pair[1], '"');
$data[$key] = Oauth::urlDecode($val);
}
}
}
// check whether all required values are available
foreach ($this->map as $k => $v) {
if (isset($data[$v])) {
$method = 'set' . ucfirst($k);
if (method_exists($record, $method)) {
$record->{$method}($data[$v]);
} else {
throw new InvalidDataException('Unknown parameter');
}
} elseif (in_array($k, $this->requiredFields)) {
throw new InvalidDataException('Required parameter "' . $v . '" is missing');
}
}
return $record;
} else {
throw new InvalidDataException('Unknown OAuth authentication');
}
} else {
throw new InvalidDataException('Missing Authorization header');
}
}
public function build($baseString, $consumerSecret, $tokenSecret = '')
{
$key = Oauth::urlEncode($consumerSecret) . '&' . Oauth::urlEncode($tokenSecret);
return Oauth::urlEncode($key);
}
public function handle(RequestInterface $request, ResponseInterface $response, FilterChainInterface $filterChain)
{
$authorization = $request->getHeader('Authorization');
if (!empty($authorization)) {
$parts = explode(' ', $authorization, 2);
$type = isset($parts[0]) ? $parts[0] : null;
$data = isset($parts[1]) ? $parts[1] : null;
if ($type == 'OAuth' && !empty($data)) {
$params = Authentication::decodeParameters($data);
$params = array_map(array('\\PSX\\Oauth', 'urlDecode'), $params);
// realm is not used in the base string
unset($params['realm']);
if (!isset($params['oauth_consumer_key'])) {
throw new BadRequestException('Consumer key not set');
}
if (!isset($params['oauth_token'])) {
throw new BadRequestException('Token not set');
}
if (!isset($params['oauth_signature_method'])) {
throw new BadRequestException('Signature method not set');
}
if (!isset($params['oauth_signature'])) {
throw new BadRequestException('Signature not set');
}
$consumer = call_user_func_array($this->consumerCallback, array($params['oauth_consumer_key'], $params['oauth_token']));
if ($consumer instanceof Consumer) {
$signature = Oauth::getSignature($params['oauth_signature_method']);
$method = $request->getMethod();
$url = $request->getUri();
$params = array_merge($params, $request->getUri()->getParameters());
if (strpos($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) {
$body = (string) $request->getBody();
$data = array();
parse_str($body, $data);
$params = array_merge($params, $data);
}
$baseString = Oauth::buildBasestring($method, $url, $params);
if ($signature->verify($baseString, $consumer->getConsumerSecret(), $consumer->getTokenSecret(), $params['oauth_signature']) !== false) {
$this->callSuccess($response);
$filterChain->handle($request, $response);
} else {
$this->callFailure($response);
}
} else {
$this->callFailure($response);
}
} else {
$this->callMissing($response);
}
} else {
$this->callMissing($response);
}
}
/**
* Tests url encoding
*
* @see http://wiki.oauth.net/w/page/12238556/TestCases
*/
public function testParameterEncoding()
{
$values = array('abcABC123' => 'abcABC123', '-._~' => '-._~', '%' => '%25', '+' => '%2B', '&=*' => '%26%3D%2A', "\n" => '%0A', " " => '%20');
foreach ($values as $k => $v) {
$this->assertEquals($v, Oauth::urlEncode($k));
}
}
public function build($baseString, $consumerSecret, $tokenSecret = '')
{
$key = Oauth::urlEncode($consumerSecret) . '&' . Oauth::urlEncode($tokenSecret);
$signature = base64_encode(hash_hmac('sha1', $baseString, $key, true));
return $signature;
}
/**
* Compares whether the $signature is valid by creating a new signature
* and comparing them with $signature
*
* @param string $baseString
* @param string $consumerSecret
* @param string $tokenSecret
* @param string $signature
* @return boolean
*/
public function verify($baseString, $consumerSecret, $tokenSecret = '', $signature)
{
$lft = Oauth::urlDecode($signature);
$rgt = Oauth::urlDecode($this->build($baseString, $consumerSecret, $tokenSecret));
return strcasecmp($lft, $rgt) == 0;
}
public function testMissingWrongType()
{
$handle = new OauthAuthentication(function ($consumerKey, $token) {
if ($consumerKey == self::CONSUMER_KEY && $token == self::TOKEN) {
return new Consumer(self::CONSUMER_KEY, self::CONSUMER_SECRET, self::TOKEN, self::TOKEN_SECRET);
}
});
$oauth = new Oauth(new Http());
$value = $oauth->getAuthorizationHeader(new Url('http://localhost/index.php'), self::CONSUMER_KEY, self::CONSUMER_SECRET, self::TOKEN, self::TOKEN_SECRET);
$request = new Request(new Url('http://localhost/index.php'), 'GET', array('Authorization' => 'Foo'));
$response = new Response();
$filterChain = $this->getMockFilterChain();
$filterChain->expects($this->never())->method('handle');
try {
$handle->handle($request, $response, $filterChain);
$this->fail('Must throw an Exception');
} catch (UnauthorizedException $e) {
$this->assertEquals(401, $e->getStatusCode());
$this->assertEquals('Oauth', $e->getType());
$this->assertEquals(array('realm' => 'psx'), $e->getParameters());
}
}
