/** * Construct the request to be verified * * @param string request * @param string method */ function __construct($uri = null, $method = 'GET') { $this->store = elggconnect_get_oauth_store(); //OAuthStore::instance(); parent::__construct($uri, $method); OAuthRequestLogger::start($this); }
/** * Construct the request to be signed. Parses or appends the parameters in the params url. * When you supply an params array, then the params should not be urlencoded. * When you supply a string, then it is assumed it is of the type application/x-www-form-urlencoded * * @param string request url * @param string method PUT, GET, POST etc. * @param mixed params string (for urlencoded data, or array with name/value pairs) * @param string body optional body for PUT and/or POST requests */ function __construct($request, $method = 'GET', $params = null, $body = null) { $this->store = elggconnect_get_oauth_store(); //OAuthStore::instance(); if (is_string($params)) { parent::__construct($request, $method, $params); } else { parent::__construct($request, $method); if (is_array($params)) { foreach ($params as $name => $value) { $this->setParam($name, $value); } } } // With put/ post we might have a body (not for application/x-www-form-urlencoded requests) if ($method == 'PUT' || $method == 'POST') { $this->setBody($body); } }
/** * Logs the request to the database, sends any cached output. * Also called on shutdown, to make sure we always log the request being handled. */ static function flush() { if (OAuthRequestLogger::$logging) { OAuthRequestLogger::$logging = false; if (is_null(OAuthRequestLogger::$sent)) { // What has been sent to the user-agent? $data = ob_get_contents(); if (strlen($data) > 0) { ob_end_flush(); } elseif (ob_get_level()) { ob_end_clean(); } $hs = headers_list(); $sent = implode("\n", $hs) . "\n\n" . $data; } else { // The request we sent $sent = OAuthRequestLogger::$sent; } if (is_null(OAuthRequestLogger::$received)) { // Build the request we received $hs0 = getallheaders(); $hs = array(); foreach ($hs0 as $h => $v) { $hs[] = "{$h}: {$v}"; } $data = ''; $fh = @fopen('php://input', 'r'); if ($fh) { while (!feof($fh)) { $s = fread($fh, 1024); if (is_string($s)) { $data .= $s; } } fclose($fh); } $received = implode("\n", $hs) . "\n\n" . $data; } else { // The answer we received $received = OAuthRequestLogger::$received; } // The request base string if (OAuthRequestLogger::$request_object) { $base_string = OAuthRequestLogger::$request_object->signatureBaseString(); } else { $base_string = ''; } // Figure out to what keys we want to log this request $keys = array(); if (OAuthRequestLogger::$request_object) { $consumer_key = OAuthRequestLogger::$request_object->getParam('oauth_consumer_key', true); $token = OAuthRequestLogger::$request_object->getParam('oauth_token', true); switch (get_class(OAuthRequestLogger::$request_object)) { // tokens are access/request tokens by a consumer case 'OAuthServer': case 'OAuthRequestVerifier': $keys['ocr_consumer_key'] = $consumer_key; $keys['oct_token'] = $token; break; // tokens are access/request tokens to a server // tokens are access/request tokens to a server case 'OAuthRequester': case 'OAuthRequestSigner': $keys['osr_consumer_key'] = $consumer_key; $keys['ost_token'] = $token; break; } } // Log the request if (OAuthRequestLogger::$store_log) { $store = elggconnect_get_oauth_store(); //OAuthStore::instance(); $store->addLog($keys, $received, $sent, $base_string, OAuthRequestLogger::$note, OAuthRequestLogger::$user_id); } OAuthRequestLogger::$log[] = array('keys' => $keys, 'received' => $received, 'sent' => $sent, 'base_string' => $base_string, 'note' => OAuthRequestLogger::$note); } }
/** * Exchange a request token for an access token. * The exchange is only succesful iff the request token has been authorized. * * Never returns, calls exit() when token is exchanged or when error is returned. */ public function accessToken() { OAuthRequestLogger::start($this); try { $this->verify('request'); $options = array(); $ttl = $this->getParam('xoauth_token_ttl', false); if ($ttl) { $options['token_ttl'] = $ttl; } $store = elggconnect_get_oauth_store(); //OAuthStore::instance(); $token = $store->exchangeConsumerRequestForAccessToken($this->getParam('oauth_token', true), $options); $result = 'oauth_token=' . $this->urlencode($token['token']) . '&oauth_token_secret=' . $this->urlencode($token['token_secret']); if (!empty($token['token_ttl'])) { $result .= '&xoauth_token_ttl=' . $this->urlencode($token['token_ttl']); } header('HTTP/1.1 200 OK'); header('Content-Length: ' . strlen($result)); header('Content-Type: application/x-www-form-urlencoded'); echo $result; } catch (OAuthException $e) { header('HTTP/1.1 401 Access Denied'); header('Content-Type: text/plain'); echo "OAuth Verification Failed: " . $e->getMessage(); } OAuthRequestLogger::flush(); exit; }
/** * Request an access token from the site belonging to consumer_key. * Before this we got an request token, now we want to exchange it for * an access token. * * @param string consumer_key * @param string token * @param int usr_id user requesting the access token * @param string method (optional) change the method of the request, defaults to POST (as it should be) * @param array options (optional) extra options for request, eg token_ttl * @exception OAuthException when no key could be fetched * @exception OAuthException when no server with consumer_key registered */ static function requestAccessToken($consumer_key, $token, $usr_id, $method = 'POST', $options = array()) { OAuthRequestLogger::start(); $store = elggconnect_get_oauth_store(); //OAuthStore::instance(); $r = $store->getServerTokenSecrets($consumer_key, $token, 'request', $usr_id); $uri = $r['access_token_uri']; $token_name = $r['token_name']; // Delete the server request token, this one was for one use only $store->deleteServerToken($consumer_key, $r['token'], 0, true); // Try to exchange our request token for an access token $oauth = new OAuthRequester($uri, $method); if (isset($options['token_ttl']) && is_numeric($options['token_ttl'])) { $oauth->setParam('xoauth_token_ttl', intval($options['token_ttl'])); } OAuthRequestLogger::setRequestObject($oauth); $oauth->sign($usr_id, $r); $text = $oauth->curl_raw(); if (empty($text)) { throw new OAuthException('No answer from the server "' . $uri . '" while requesting a request token'); } $data = $oauth->curl_parse($text); if ($data['code'] != 200) { throw new OAuthException('Unexpected result from the server "' . $uri . '" (' . $data['code'] . ') while requesting a request token'); } $token = array(); $params = explode('&', $data['body']); foreach ($params as $p) { @(list($name, $value) = explode('=', $p, 2)); $token[$oauth->urldecode($name)] = $oauth->urldecode($value); } if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret'])) { $opts = array(); $opts['name'] = $token_name; if (isset($token['xoauth_token_ttl'])) { $opts['token_ttl'] = $token['xoauth_token_ttl']; } $store->addServerToken($consumer_key, 'access', $token['oauth_token'], $token['oauth_token_secret'], $usr_id, $opts); } else { throw new OAuthException('The server "' . $uri . '" did not return the oauth_token or the oauth_token_secret'); } OAuthRequestLogger::flush(); }