function new_access_token($token, $consumer, $verifier = null) { // return a new access token attached to this consumer // for the user associated with this token if the request token // is authorized // should also invalidate the request token $reqToken = oauth_lookup_token_entity($token->key, 'request', $consumer); if ($reqToken) { if ($reqToken->getOwner() && $verifier == $reqToken->verifier) { // it's been signed by a user // if there's a verifier on the token, it matches the one we were handed (or both are null) $key = md5(time()); $secret = time() + time(); $acc = new OAuthToken($key, md5(md5($secret))); $tokEnt = oauth_save_access_token($reqToken, $acc); return $acc; } else { // otherwise, delete the request token entity $tokEnt->delete(); throw new OAuthException('Invalid request token (not signed by a user): ' . $token); } } else { throw new OAuthException('Invalid request token (not found): ' . $token); } }
<?php global $CONFIG; // must be logged in to use this page gatekeeper(); $user = get_loggedin_user(); // TODO: check against oauth-based login to disable one token signing another $tokenKey = get_input('oauth_token'); $tokEnt = oauth_lookup_token_entity($tokenKey, 'request'); if ($tokEnt) { // sign the token and tie it to this user $tokEnt->owner_guid = $user->getGUID(); $tokEnt->container_guid = $user->getGUID(); $tokEnt->save(); // get our consumer $consumEnt = oauth_lookup_consumer_entity($tokEnt->consumerKey); if ($consumEnt->revA) { // Rev A requires we create a verifier $verifier = oauth_generate_verifier(); $tokEnt->verifier = $verifier; $url = $tokEnt->callbackUrl; // make sure the callback url is a proper extension of the registered one if it exists if ($consumEnt->callbackUrl) { if (!$url || !strstr($url, $consumEnt->callbackUrl)) { $url = $consumEnt->callbackUrl; } } if ($url && $url != 'oob') { // Pick the correct separator to use $separator = "?"; if (strpos($url, "?") !== false) {
$token = get_input('oauth_token'); $callback = get_input('oauth_callback'); $area2 = ''; $tokEnt = oauth_lookup_token_entity($token, 'request'); if ($tokEnt && !$tokEnt->getOwner()) { // new authorization $consumEnt = oauth_lookup_consumer_entity($tokEnt->consumerKey); $area2 .= elgg_view_title(elgg_echo('oauth:authorize:new')); $form = elgg_view('oauth/authform', array('consumer' => $consumEnt, 'token' => $tokEnt, 'callback' => $callback)); $area2 .= $form; } else { // show response messages if needed $authorized = get_input('authorized', false); $verifier = get_input('oauth_verifier', false); if ($authorized) { $tokEnt = oauth_lookup_token_entity($authorized); $consumEnt = oauth_lookup_consumer_entity($tokEnt->consumerKey); // note that the authorize action has already taken care of the callback URL for us $area2 .= elgg_view_title(elgg_echo('oauth:authorize:success')); $authTxt = elgg_view('oauth/continue', array('consumer' => $consumEnt, 'verifier' => $verifier)); $area2 .= $authTxt; } // show existing tokens // get the entities for the current user $toks = elgg_get_entities(array('types' => 'object', 'subtypes' => 'oauthtoken', 'owner_guids' => $user->getGUID())); // $toks = get_entities('object', 'oauthtoken', $user->getGUID()); // split tokens into server and consumer tokens $cToks = array(); $sToks = array(); foreach ($toks as $tok) { $consumEnt = oauth_lookup_consumer_entity($tok->consumerKey);
<?php global $CONFIG; try { $server = oauth_get_server(); $req = OAuthRequest::from_request(null, null, oauth_get_params()); $token = $server->fetch_request_token($req); $consumEnt = oauth_lookup_consumer_entity($req->get_parameter('oauth_consumer_key')); $tokEnt = oauth_lookup_token_entity($token->key, 'request', $consumEnt); if ($consumEnt->revA) { // make sure the callback url is a proper extension of the registered one if it exists if ($consumEnt->callbackUrl) { if (!$tokEnt->callbackUrl || !strstr($tokEnt->callbackUrl, $consumEnt->callbackUrl)) { throw new OAuthException('Callback URL does not match registered value'); } } } // save the nonce $consumerKey = $req->get_parameter('oauth_consumer_key'); $nonce = $req->get_parameter('oauth_nonce'); // save our nonce for later checking oauth_save_nonce($consumerKey, $nonce); echo $token; if ($consumEnt->revA) { // add the callback confirmed tag echo '&oauth_callback_confirmed=true'; } } catch (OAuthException $e) { header('', true, 401); // return HTTP 401: Not Authorized echo $e->getMessage() . "\n<hr />\n";
function oauth_pam_handler($credentials = NULL) { global $CONFIG; try { $server = oauth_get_server(); if ($server->this_request_validated) { return true; } // check to see if the request is a valid OAuth request //print_r(oauth_get_params()); $req = OAuthRequest::from_request(null, null, oauth_get_params()); //print $req->get_signature_base_string(); $ct = $server->verify_request($req); // returns a pair of consumer/token $consumer = $ct[0]; $token = $ct[1]; $nonce = $req->get_parameter('oauth_nonce'); // save our nonce for later checking oauth_save_nonce($consumer->key, $nonce, $token->key); } catch (OAuthException $e) { // there was an OAuth exception //print 'OAuth Exception: '; //print_r($e); //die(); return false; } // look up a valid access token $tokEnt = oauth_lookup_token_entity($token->key, 'access', $consumer); if (!$tokEnt) { // no token found, bail //print 'No Token'; return false; } // get the user associated with this token $user = $tokEnt->getOwnerEntity(); // couldn't get the user if (!$user) { //print 'No user'; return false; } // not an actual user if (!$user instanceof ElggUser) { //print 'Not a real user'; return false; } // try logging in the user object here if (!login($user)) { // couldn't log in //print 'Could not log in'; return false; } // if we've made it this far, then we've managed to log the // user in with a valid OAuth credential set // save the fact that we've validated this request already $server->this_request_validated = true; // tell the PAM system that it worked return true; }