function new_access_token($token, $consumer, $verifier = null)
{
// return a new access token attached to this consumer
// for the user associated with this token if the request token
// is authorized
// should also invalidate the request token
$reqToken = oauth_lookup_token_entity($token->key, 'request', $consumer);
if ($reqToken) {
if ($reqToken->getOwner() && $verifier == $reqToken->verifier) {
// it's been signed by a user
// if there's a verifier on the token, it matches the one we were handed (or both are null)
$key = md5(time());
$secret = time() + time();
$acc = new OAuthToken($key, md5(md5($secret)));
$tokEnt = oauth_save_access_token($reqToken, $acc);
return $acc;
} else {
// otherwise, delete the request token entity
$tokEnt->delete();
throw new OAuthException('Invalid request token (not signed by a user): ' . $token);
}
} else {
throw new OAuthException('Invalid request token (not found): ' . $token);
}
}
<?php
global $CONFIG;
// must be logged in to use this page
gatekeeper();
$user = get_loggedin_user();
// TODO: check against oauth-based login to disable one token signing another
$tokenKey = get_input('oauth_token');
$tokEnt = oauth_lookup_token_entity($tokenKey, 'request');
if ($tokEnt) {
// sign the token and tie it to this user
$tokEnt->owner_guid = $user->getGUID();
$tokEnt->container_guid = $user->getGUID();
$tokEnt->save();
// get our consumer
$consumEnt = oauth_lookup_consumer_entity($tokEnt->consumerKey);
if ($consumEnt->revA) {
// Rev A requires we create a verifier
$verifier = oauth_generate_verifier();
$tokEnt->verifier = $verifier;
$url = $tokEnt->callbackUrl;
// make sure the callback url is a proper extension of the registered one if it exists
if ($consumEnt->callbackUrl) {
if (!$url || !strstr($url, $consumEnt->callbackUrl)) {
$url = $consumEnt->callbackUrl;
}
}
if ($url && $url != 'oob') {
// Pick the correct separator to use
$separator = "?";
if (strpos($url, "?") !== false) {
$token = get_input('oauth_token');
$callback = get_input('oauth_callback');
$area2 = '';
$tokEnt = oauth_lookup_token_entity($token, 'request');
if ($tokEnt && !$tokEnt->getOwner()) {
// new authorization
$consumEnt = oauth_lookup_consumer_entity($tokEnt->consumerKey);
$area2 .= elgg_view_title(elgg_echo('oauth:authorize:new'));
$form = elgg_view('oauth/authform', array('consumer' => $consumEnt, 'token' => $tokEnt, 'callback' => $callback));
$area2 .= $form;
} else {
// show response messages if needed
$authorized = get_input('authorized', false);
$verifier = get_input('oauth_verifier', false);
if ($authorized) {
$tokEnt = oauth_lookup_token_entity($authorized);
$consumEnt = oauth_lookup_consumer_entity($tokEnt->consumerKey);
// note that the authorize action has already taken care of the callback URL for us
$area2 .= elgg_view_title(elgg_echo('oauth:authorize:success'));
$authTxt = elgg_view('oauth/continue', array('consumer' => $consumEnt, 'verifier' => $verifier));
$area2 .= $authTxt;
}
// show existing tokens
// get the entities for the current user
$toks = elgg_get_entities(array('types' => 'object', 'subtypes' => 'oauthtoken', 'owner_guids' => $user->getGUID()));
// $toks = get_entities('object', 'oauthtoken', $user->getGUID());
// split tokens into server and consumer tokens
$cToks = array();
$sToks = array();
foreach ($toks as $tok) {
$consumEnt = oauth_lookup_consumer_entity($tok->consumerKey);
<?php
global $CONFIG;
try {
$server = oauth_get_server();
$req = OAuthRequest::from_request(null, null, oauth_get_params());
$token = $server->fetch_request_token($req);
$consumEnt = oauth_lookup_consumer_entity($req->get_parameter('oauth_consumer_key'));
$tokEnt = oauth_lookup_token_entity($token->key, 'request', $consumEnt);
if ($consumEnt->revA) {
// make sure the callback url is a proper extension of the registered one if it exists
if ($consumEnt->callbackUrl) {
if (!$tokEnt->callbackUrl || !strstr($tokEnt->callbackUrl, $consumEnt->callbackUrl)) {
throw new OAuthException('Callback URL does not match registered value');
}
}
}
// save the nonce
$consumerKey = $req->get_parameter('oauth_consumer_key');
$nonce = $req->get_parameter('oauth_nonce');
// save our nonce for later checking
oauth_save_nonce($consumerKey, $nonce);
echo $token;
if ($consumEnt->revA) {
// add the callback confirmed tag
echo '&oauth_callback_confirmed=true';
}
} catch (OAuthException $e) {
header('', true, 401);
// return HTTP 401: Not Authorized
echo $e->getMessage() . "\n<hr />\n";
function oauth_pam_handler($credentials = NULL)
{
global $CONFIG;
try {
$server = oauth_get_server();
if ($server->this_request_validated) {
return true;
}
// check to see if the request is a valid OAuth request
//print_r(oauth_get_params());
$req = OAuthRequest::from_request(null, null, oauth_get_params());
//print $req->get_signature_base_string();
$ct = $server->verify_request($req);
// returns a pair of consumer/token
$consumer = $ct[0];
$token = $ct[1];
$nonce = $req->get_parameter('oauth_nonce');
// save our nonce for later checking
oauth_save_nonce($consumer->key, $nonce, $token->key);
} catch (OAuthException $e) {
// there was an OAuth exception
//print 'OAuth Exception: ';
//print_r($e);
//die();
return false;
}
// look up a valid access token
$tokEnt = oauth_lookup_token_entity($token->key, 'access', $consumer);
if (!$tokEnt) {
// no token found, bail
//print 'No Token';
return false;
}
// get the user associated with this token
$user = $tokEnt->getOwnerEntity();
// couldn't get the user
if (!$user) {
//print 'No user';
return false;
}
// not an actual user
if (!$user instanceof ElggUser) {
//print 'Not a real user';
return false;
}
// try logging in the user object here
if (!login($user)) {
// couldn't log in
//print 'Could not log in';
return false;
}
// if we've made it this far, then we've managed to log the
// user in with a valid OAuth credential set
// save the fact that we've validated this request already
$server->this_request_validated = true;
// tell the PAM system that it worked
return true;
}
