/**
* Uses OAuthProvider->checkOAuthRequest() which initiates the callbacks and checks the signature
*
* @return bool|string
*/
public function checkOAuthRequest()
{
try {
$this->Provider->checkOAuthRequest();
} catch (Exception $Exception) {
return OAuthProvider::reportProblem($Exception);
}
return true;
}
/**
* This function check the handlers that we added in the constructor
* and then checks for a valid signature
*/
public function checkRequest()
{
/* now that everything is setup we run the checks */
try {
$this->oauth->checkOAuthRequest();
} catch (OAuthException $E) {
echo OAuthProvider::reportProblem($E);
$this->oauth_error = true;
}
}
public function checkrequest()
{
try {
//runs noncehandler and expects OAUTH_OK and runs consumer handler and expects it to set consumer_secret from db
//calls token handler if OAuthProvider::isRequestTokenEndpoint(false)
$this->oauth->checkOauthRequest();
} catch (OAuthException $e) {
echo OAuthProvider::reportProblem($e);
$this->oauth_error = TRUE;
}
}
public function onRoute(MvcEvent $mvcEvent)
{
$request = $mvcEvent->getRequest();
$response = $mvcEvent->getResponse();
$app = $mvcEvent->getApplication();
$match = $app->getMvcEvent()->getRouteMatch();
$routeName = $match->getMatchedRouteName();
$method = strtolower($request->getMethod());
if (!$this->acl->hasResource($routeName)) {
return;
}
$role = null;
/**
* Infer that if :
* 1. the request is protected under 2 legged oauth,
* then it is a 2 legged oauth request
* 2. the request is protected under 3 legged oauth,
* then it is a 3 legged oauth request
* 3. otherwise it is not protected
*/
if ($this->acl->isAllowed(BgOauthProviderAcl::TWO_LEGGED, $routeName, $method)) {
$role = BgOauthProviderAcl::TWO_LEGGED;
$this->oauthProvider->is2LeggedEndpoint();
} elseif ($this->acl->isAllowed(BgOauthProviderAcl::THREE_LEGGED, $routeName, $method)) {
$role = BgOauthProviderAcl::THREE_LEGGED;
} else {
return;
}
try {
$this->oauthProvider->checkOAuthRequest();
} catch (\OAuthException $e) {
$error = \OAuthProvider::reportProblem($e);
$response->setStatusCode(400);
$response->setContent($error);
$response->getHeaders()->addHeaders(array('WWW-Authenticate' => $error));
return $response;
}
//Unreachable (I think).
if (!$this->acl->isAllowed($role, $routeName, $method)) {
$responseBody = array();
$responseBody['error'] = 'Not Authorised';
$responseBody['request'] = $request->getRequestUri();
$response->setStatusCode(401);
$response->setContent(json_encode($responseBody));
$response->setHeaders($response->getHeaders()->addHeaderLine('Content-Type', 'application/json'));
return $response;
}
}
public function onRoute(MvcEvent $mvcEvent)
{
$request = $mvcEvent->getRequest();
$response = $mvcEvent->getResponse();
/**
* If it's a CLI request - return.
*/
if ($request instanceof \Zend\Console\Request) {
return;
}
$app = $mvcEvent->getApplication();
$match = $app->getMvcEvent()->getRouteMatch();
$routeName = $match->getMatchedRouteName();
$method = strtolower($request->getMethod());
if (!$this->acl->hasResource($routeName)) {
return;
}
$role = null;
/**
* Infer that if :
* 1. the request is protected under 2 legged oauth,
* then it is a 2 legged oauth request
* 2. the request is protected under 3 legged oauth,
* then it is a 3 legged oauth request
* 3. otherwise it is not protected
*/
if ($this->acl->isAllowed(BgOauthProviderAcl::TWO_LEGGED, $routeName, $method)) {
$role = BgOauthProviderAcl::TWO_LEGGED;
$this->oauthProvider->is2LeggedEndpoint();
} elseif ($this->acl->isAllowed(BgOauthProviderAcl::THREE_LEGGED, $routeName, $method)) {
$role = BgOauthProviderAcl::THREE_LEGGED;
} else {
return;
}
try {
$this->oauthProvider->checkOAuthRequest();
} catch (\OAuthException $e) {
$error = \OAuthProvider::reportProblem($e, false);
$response->setStatusCode(Response::STATUS_CODE_401);
$response->setContent($error);
$response->getHeaders()->addHeaders(array('WWW-Authenticate' => $error));
$mvcEvent->setError(self::ERROR);
$mvcEvent->getApplication()->getEventManager()->trigger(MvcEvent::EVENT_DISPATCH_ERROR, $mvcEvent);
return $response;
}
//Success!
}
public function __construct($query_get)
{
$this->__action = $this->_get_action($query_get);
try {
$this->__provider = new OAuthProvider();
$this->__provider->consumerHandler(array($this, 'lookupConsumer'));
$this->__provider->timestampNonceHandler(array($this, 'timestampNonceChecker'));
$this->__provider->tokenHandler(array($this, 'tokenHandler'));
$this->__provider->setParam('kohana_uri', NULL);
// Ignore the kohana_uri parameter
$this->__provider->setRequestTokenPath('/v1/oauth/request_token');
// No token needed for this end point
$this->__provider->checkOAuthRequest();
} catch (OAuthException $E) {
echo OAuthProvider::reportProblem($E);
$this->oauth_error = true;
}
}
public function endpoint()
{
$provider = new MyOAuthProvider();
//we need to disable a check if it is our first call to requesttoken.
$c = strtolower($this->args('api_call'));
if ($c == 'requesttoken') {
$provider->oauth->isRequestTokenEndpoint(true);
$this->set('provider', $provider);
} elseif ($c == 'accesstoken') {
$this->set('provider', $provider);
}
try {
$provider->oauth->checkOAuthRequest();
$calls = array('requesttoken', 'accesstoken', 'listqueues', 'queueinfo', 'createqueue', 'listjobs', 'jobinfo', 'grabjob', 'grabslicejob', 'findnewjob', 'dropjob', 'canceljob', 'completejob', 'completeslicejob', 'downloadedjob', 'createjob', 'updatejobprogress', 'listbots', 'botinfo', 'registerbot', 'updatebot', 'updateslicejob', 'webcamupdate', 'getmybots', 'devicescanresults');
if (in_array($c, $calls)) {
$this->token = $provider->token;
// TODO Find out if consumer is even needed
$this->consumer = $provider->consumer;
$fname = "api_{$c}";
$data = $this->{$fname}();
} else {
throw new Exception("Specified api_call '{$c}' does not exist.");
}
$result = array('status' => 'success', 'data' => $data);
} catch (OAuthException $e) {
error_log("Something went wrong with OAuth");
error_log($e->getMessage());
error_log(print_r($this->args(), true));
error_log(print_r($provider->oauth, true));
error_log(OAuthProvider::reportProblem($e, true));
$result = array('status' => 'error', 'error' => $e->getMessage());
} catch (Exception $e) {
error_log($e->getMessage());
error_log(print_r($this->args(), true));
$result = array('status' => 'error', 'error' => $e->getMessage());
}
//add in our version.
$result['_api_version'] = self::$api_version;
echo JSON::encode($result);
exit;
}
public function flow()
{
if (isset($_GET['oauth_token'])) {
$consumerKey = $_GET['oauth_consumer_key'];
$consumerSecret = $_GET['oauth_consumer_secret'];
$token = $_GET['oauth_token'];
$tokenSecret = $_GET['oauth_token_secret'];
$verifier = $_GET['oauth_verifier'];
try {
$consumer = getDb()->getCredential($token);
$oauth = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION);
$oauth->setVersion('1.0a');
$oauth->setToken($token, $tokenSecret);
$accessToken = $oauth->getAccessToken(sprintf('%s://%s/v1/oauth/token/access', $this->utility->getProtocol(false), $_SERVER['HTTP_HOST']), null, $verifier);
$accessToken['oauth_consumer_key'] = $consumerKey;
$accessToken['oauth_consumer_secret'] = $consumerSecret;
setcookie('oauth', http_build_query($accessToken));
if (!isset($accessToken['oauth_token']) || !isset($accessToken['oauth_token_secret'])) {
echo sprintf('Invalid response when getting an access token: %s', http_build_query($accessToken));
} else {
echo sprintf('You exchanged a request token for an access token<br><a href="?reloaded=1">Reload to make an OAuth request</a>', $accessToken['oauth_token'], $accessToken['oauth_token_secret']);
}
} catch (OAuthException $e) {
$message = OAuthProvider::reportProblem($e);
getLogger()->info($message);
OPException::raise(new OPAuthorizationOAuthException($message));
}
} else {
if (!isset($_GET['reloaded'])) {
$callback = sprintf('%s://%s/v1/oauth/flow', $this->utility->getProtocol(false), $_SERVER['HTTP_HOST']);
$name = isset($_GET['name']) ? $_GET['name'] : 'OAuth Test Flow';
echo sprintf('<a href="%s://%s/v1/oauth/authorize?oauth_callback=%s&name=%s">Create a new client id</a>', $this->utility->getProtocol(false), $_SERVER['HTTP_HOST'], urlencode($callback), urlencode($name));
} else {
try {
parse_str($_COOKIE['oauth']);
$consumer = getDb()->getCredential($oauth_token);
$oauth = new OAuth($oauth_consumer_key, $oauth_consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION);
$oauth->setToken($oauth_token, $oauth_token_secret);
$oauth->fetch(sprintf('http://%s/v1/oauth/test?oauth_consumer_key=%s', $_SERVER['HTTP_HOST'], $oauth_consumer_key));
$response_info = $oauth->getLastResponseInfo();
header("Content-Type: {$response_info["content_type"]}");
echo $oauth->getLastResponse();
} catch (OAuthException $e) {
$message = OAuthProvider::reportProblem($e);
getLogger()->info($message);
OPException::raise(new OPAuthorizationOAuthException($message));
}
}
}
}
public function getErrorAsString()
{
return OAuthProvider::reportProblem($this->oauthException);
}
<?php
include 'common.inc.php';
try {
$provider = new OAuthProvider($params);
/* the endpoint which issues a request token is special, it doesn't take an oauth_token and hence there's no call to the tokenHandler() */
$provider->isRequestTokenEndpoint(true);
/* OAuthProvider will call this callback with the $provider object as an argument, you can throw errors from that handler and set the $provider->consumer_key if all is good */
$provider->consumerHandler('lookupConsumer');
/* similar to consumerHandler, throw errors related to the timestamp/nonce in this callback */
$provider->timestampNonceHandler('timestampNonceChecker');
/* this is the meat of request authorization, the first argument is the URL of this endpoint as the outside world sees it
* the optional second argument is the HTTP method, GET, POST, etc ... the provider will try to detect this via $_SERVER["REQUEST_METHOD"] (usually reliable) when it's not set */
$provider->checkOAuthRequest("http://localhost/request_token.php", PHP_SAPI == "cli" ? OAUTH_HTTP_METHOD_GET : NULL);
} catch (OAuthException $E) {
/* when you catch OAuthException and echo OAuthProvider::reportProblem with it, you'll get the problem reporting extension described here:
* http://wiki.oauth.net/ProblemReporting for free, it also sets the most appropriate HTTP response code */
echo OAuthProvider::reportProblem($E);
}
public function accessTokenAction()
{
$oauthProvider = $this->oauthProvider;
$response = $this->getResponse();
try {
$oauthProvider->checkOAuthRequest();
$accessToken = $oauthProvider->saveAccessToken();
$responseUrl = array();
$responseUrl['oauth_token'] = $accessToken->getToken();
$responseUrl['oauth_token_secret'] = $accessToken->getTokenSecret();
$response->setContent(http_build_query($responseUrl));
} catch (\OAuthException $e) {
$error = \OAuthProvider::reportProblem($e);
$response->setStatusCode(400);
$response->setContent($error);
$response->getHeaders()->addHeaders(array('WWW-Authenticate' => $error));
}
return $response;
}
public function setUpOAuthAndDb($db)
{
$this->db = $db;
try {
$this->provider = new OAuthProvider();
$this->provider->consumerHandler(array($this, 'lookupConsumer'));
$this->provider->timestampNonceHandler(array($this, 'timestampNonceChecker'));
$this->provider->tokenHandler(array($this, 'tokenHandler'));
$this->provider->setRequestTokenPath('/v2/oauth/request_token');
// No token needed for this end point
$this->provider->checkOAuthRequest();
} catch (OAuthException $E) {
error_log(OAuthProvider::reportProblem($E));
return false;
}
return true;
}
/**
* Attempt to validate the incoming LTI request.
*/
public function __construct()
{
try {
$this->oauthProvider = new OAuthProvider();
$this->oauthProvider->consumerHandler(array($this, 'consumerHandler'));
$this->oauthProvider->timestampNonceHandler(array($this, 'timestampNonceHandler'));
$this->oauthProvider->isRequestTokenEndpoint(true);
$this->oauthProvider->setParam('url', NULL);
$this->oauthProvider->checkOAuthRequest();
} catch (OAuthException $e) {
LTI::log(OAuthProvider::reportProblem($e));
switch ($e->getCode()) {
case OAUTH_BAD_NONCE:
wp_die(__('This LTI request has expired. Please return to your application and restart the launch process.'), __('LTI Error'));
break;
case OAUTH_BAD_TIMESTAMP:
wp_die(__('This request is too old. Please return to your application and restart the launch process.'), __('LTI Error'));
break;
case OAUTH_CONSUMER_KEY_UNKNOWN:
wp_die(__('Consumer key is unknown, or has been temporarily disabled. Please check your consumer key settings and restart the launch process.'), __('LTI Error'));
break;
case OAUTH_CONSUMER_KEY_REFUSED:
wp_die(__('The consumer key was refused. Please check your configuration and follow up with the LTI provider for support.'), __('LTI Error'));
break;
case OAUTH_INVALID_SIGNATURE:
wp_die(__('The request signature is invalid, or does not match the signature computed.'), __('LTI Error'));
break;
case OAUTH_PARAMETER_ABSENT:
wp_die(__('A required launch parameter was not provided.'), __('LTI Error'));
break;
case OAUTH_SIGNATURE_METHOD_REJECTED:
wp_die(__('The signature method was not accepted by the service provider.'), __('LTI Error'));
break;
default:
// We really shouldn't get any of the other OAuthProvider error codes.
// log this.
wp_die(__('General launch error. Please follow up with the tool provider to consult any logs to further diagnose the issue.'), __('LTI Error'));
break;
}
}
}
