function get_oauth_user_id() { try { $verifier = new OAuthRequestVerifier(); return $verifier->verify(); } catch (OAuthException2 $e) { return FALSE; } }
/** * **/ public static function verify() { $req = new OAuthRequestVerifier(); $result = $req->verifyExtended('access'); self::$consumer_key = $result['consumer_key']; $query = "SELECT user_id FROM oauth_mapping WHERE oauth_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($result['user_id'])); $user_id = $statement->fetchColumn(); if (!$user_id) { throw new Exception('Precondition failed', 412); } return $user_id; }
private function checkConnection() { if (!isset($this->isvalid)) { Neuron_Auth_OAuthStore::getStore(); if (OAuthRequestVerifier::requestIsSigned()) { try { $this->request = new OAuthRequestVerifier(); $req = $this->request; $user_id = $req->verify(); // If we have an user_id, then login as that user (for this request) if ($user_id) { $this->userid = $user_id; $this->isvalid = true; return true; } } catch (OAuthException $e) { // The request was signed, but failed verification header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: OAuth realm=""'); header('Content-Type: text/plain; charset=utf8'); echo $e->getMessage(); exit; } } } return false; }
public static function getConsummerKey() { self::storeInstance(); if (OAuthRequestVerifier::requestIsSigned()) { try { $req = new OAuthRequestVerifier(); $key = $req->getParam('oauth_consumer_key'); } catch (OAuthException $e) { sfContext::getInstance()->getLogger()->err("oauthSecurityManager::checkAuthorized exception"); sfContext::getInstance()->getLogger()->err("Message: " + $e->getMessage()); $this->sendNotAuthorized(); } } else { sfContext::getInstance()->getLogger()->err("oauthSecurityManager::checkAuthorized request not signed"); $this->sendNotAuthorized(); } return $key; }
/** * Construct the request to be verified * * @param string request * @param string method * @param array params The request parameters * @param string store The session storage class. * @param array store_options The session storage class parameters. * @param array options Extra options: * - allowed_uri_schemes: list of allowed uri schemes. * - disallowed_uri_schemes: list of unallowed uri schemes. * * e.g. Allow only http and https * $options = array( * 'allowed_uri_schemes' => array('http', 'https'), * 'disallowed_uri_schemes' => array() * ); * * e.g. Disallow callto, mailto and file, allow everything else * $options = array( * 'allowed_uri_schemes' => array(), * 'disallowed_uri_schemes' => array('callto', 'mailto', 'file') * ); * * e.g. Allow everything * $options = array( * 'allowed_uri_schemes' => array(), * 'disallowed_uri_schemes' => array() * ); * */ function __construct($uri = null, $method = null, $params = null, $store = 'SESSION', $store_options = array(), $options = array()) { parent::__construct($uri, $method, $params); $this->session = OAuthSession::instance($store, $store_options); if (array_key_exists('allowed_uri_schemes', $options) && is_array($options['allowed_uri_schemes'])) { $this->allowed_uri_schemes = $options['allowed_uri_schemes']; } if (array_key_exists('disallowed_uri_schemes', $options) && is_array($options['disallowed_uri_schemes'])) { $this->disallowed_uri_schemes = $options['disallowed_uri_schemes']; } }
public function direct() { if (OAuthRequestVerifier::requestIsSigned()) { try { $req = new OAuthRequestVerifier(); $authUid = $req->verify(); if ($authUid) { $registry = Zend_Registry::getInstance(); $people = Ml_Model_People::getInstance(); $authedUserInfo = $people->getById($authUid); $registry->set("authedUserInfo", $authedUserInfo); } } catch (OAuthException $e) { //If user authentication fails header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: OAuth realm=""'); header('Content-Type: text/plain; charset=utf8'); throw $e; } } }
case 'oauth': Debug::LogEntry('audit', 'OAuth Webservice call'); Kit::ClassLoader('ServiceOAuth'); $oauth = new ServiceOAuth(); if (method_exists($oauth, $method)) { $oauth->{$method}(); } else { $serviceResponse->ErrorServerError('Unknown Request.'); } break; case 'rest': $serviceResponse->StartTransaction(); // OAuth authorization. if (OAuthRequestVerifier::requestIsSigned()) { try { $request = new OAuthRequestVerifier(); $userID = $request->verify(); if ($userID) { // Create the login control system. $userClass = Config::GetSetting('userModule'); $userClass = explode('.', $userClass); Kit::ClassLoader($userClass[0]); // Create a user. $user = new User($db); // Log this user in. if (!$user->LoginServices($userID)) { $serviceResponse->ErrorServerError('Unknown User.'); } } else { $serviceResponse->ErrorServerError('No user id.'); }
/** * Construct the request to be verified * * @param string request * @param string method * @param array params The request parameters * @param string store The session storage class. * @param array store_options The session storage class parameters. */ function __construct($uri = null, $method = null, $params = null, $store = 'SESSION', $store_options = array()) { parent::__construct($uri, $method, $params); $this->session = OAuthSession::instance($store, $store_options); }
function oauth_test() { error_reporting(E_ALL); header('Content-Type: text/plain; charset=utf-8'); echo "Performing OAuth module tests.\n\n"; echo "See also: http://wiki.oauth.net/TestCases\n\n"; assert_options(ASSERT_CALLBACK, 'oauth_assert_handler'); assert_options(ASSERT_WARNING, 0); $req = new OAuthRequest('http://www.example.com', 'GET'); echo "***** Parameter Encoding *****\n\n"; assert('$req->urlencode(\'abcABC123\') == \'abcABC123\''); assert('$req->urlencode(\'-._~\') == \'-._~\''); assert('$req->urlencode(\'%\') == \'%25\''); assert('$req->urlencode(\'&=*\') == \'%26%3D%2A\''); assert('$req->urlencode(\'&=*\') == \'%26%3D%2A\''); assert('$req->urlencode("\\n") == \'%0A\''); assert('$req->urlencode(" ") == \'%20\''); assert('$req->urlencode("\\x7f") == \'%7F\''); echo "***** Normalize Request Parameters *****\n\n"; $req = new OAuthRequest('http://example.com/?name', 'GET'); assert('$req->getNormalizedParams() == \'name=\''); $req = new OAuthRequest('http://example.com/?a=b', 'GET'); assert('$req->getNormalizedParams() == \'a=b\''); $req = new OAuthRequest('http://example.com/?a=b&c=d', 'GET'); assert('$req->getNormalizedParams() == \'a=b&c=d\''); // At this moment we don't support two parameters with the same name // so I changed this test case to "a=" and "b=" and not "a=" and "a=" $req = new OAuthRequest('http://example.com/?b=x!y&a=x+y', 'GET'); assert('$req->getNormalizedParams() == \'a=x%20y&b=x%21y\''); $req = new OAuthRequest('http://example.com/?x!y=a&x=a', 'GET'); assert('$req->getNormalizedParams() == \'x=a&x%21y=a\''); echo "***** Base String *****\n\n"; $req = new OAuthRequest('http://example.com/?n=v', 'GET'); assert('$req->signatureBaseString() == \'GET&http%3A%2F%2Fexample.com%2F&n%3Dv\''); $req = new OAuthRequest('https://photos.example.net/request_token', 'POST', 'oauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_timestamp=1191242090&oauth_nonce=hsu94j3884jdopsl&oauth_signature_method=PLAINTEXT&oauth_signature=ignored', array('X-OAuth-Test' => true)); assert('$req->signatureBaseString() == \'POST&https%3A%2F%2Fphotos.example.net%2Frequest_token&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dhsu94j3884jdopsl%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1191242090%26oauth_version%3D1.0\''); $req = new OAuthRequest('http://photos.example.net/photos?file=vacation.jpg&size=original&oauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_token=nnch734d00sl2jdk&oauth_timestamp=1191242096&oauth_nonce=kllo9940pd9333jh&oauth_signature=ignored&oauth_signature_method=HMAC-SHA1', 'GET'); assert('$req->signatureBaseString() == \'GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal\''); echo "***** HMAC-SHA1 *****\nRequest signing\n"; OAuthStore::instance('MySQL', array('conn' => false)); $req = new OAuthRequestSigner('http://photos.example.net/photos?file=vacation.jpg&size=original', 'GET'); assert('$req->urldecode($req->calculateDataSignature(\'bs\', \'cs\', \'\', \'HMAC-SHA1\')) == \'egQqG5AJep5sJ7anhXju1unge2I=\''); assert('$req->urldecode($req->calculateDataSignature(\'bs\', \'cs\', \'ts\', \'HMAC-SHA1\')) == \'VZVjXceV7JgPq/dOTnNmEfO0Fv8=\''); $secrets = array('consumer_key' => 'dpf43f3p2l4k3l03', 'consumer_secret' => 'kd94hf93k423kf44', 'token' => 'nnch734d00sl2jdk', 'token_secret' => 'pfkkdhi9sl3r4s00', 'signature_methods' => array('HMAC-SHA1'), 'nonce' => 'kllo9940pd9333jh', 'timestamp' => '1191242096'); $req->sign(0, $secrets); assert('$req->getParam(\'oauth_signature\', true) == \'tR3+Ty81lMeYAr/Fid0kMTYa/WM=\''); echo "***** HMAC-SHA1 *****\nRequest verification\n"; $req = new OAuthRequestVerifier('http://photos.example.net/photos?file=vacation.jpg&size=original' . '&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_token=nnch734d00sl2jdk' . '&oauth_signature_method=HMAC-SHA1&oauth_nonce=kllo9940pd9333jh' . '&oauth_timestamp=1191242096&oauth_version=1.0' . '&oauth_signature=' . rawurlencode('tR3+Ty81lMeYAr/Fid0kMTYa/WM='), 'GET'); $req->verifySignature('kd94hf93k423kf44', 'pfkkdhi9sl3r4s00'); echo "\n"; echo "***** Yahoo! test case ******\n\n"; OAuthStore::instance('MySQL', array('conn' => false)); $req = new OAuthRequestSigner('http://example.com:80/photo', 'GET'); $req->setParam('title', 'taken with a 30% orange filter'); $req->setParam('file', 'mountain & water view'); $req->setParam('format', 'jpeg'); $req->setParam('include', array('date', 'aperture')); $secrets = array('consumer_key' => '1234=asdf=4567', 'consumer_secret' => 'erks823*43=asd&123ls%23', 'token' => 'asdf-4354=asew-5698', 'token_secret' => 'dis9$#$Js009%==', 'signature_methods' => array('HMAC-SHA1'), 'nonce' => '3jd834jd9', 'timestamp' => '12303202302'); $req->sign(0, $secrets); // echo "Basestring:\n",$req->signatureBaseString(), "\n\n"; //echo "queryString:\n",$req->getQueryString(), "\n\n"; assert('$req->getQueryString() == \'title=taken%20with%20a%2030%25%20orange%20filter&file=mountain%20%26%20water%20view&format=jpeg&include=date&include=aperture\''); //echo "oauth_signature:\n",$req->getParam('oauth_signature', true),"\n\n"; assert('$req->getParam(\'oauth_signature\', true) == \'jMdUSR1vOr3SzNv3gZ5DDDuGirA=\''); echo "\n\nFinished.\n"; }
public function getParam($name, $default = '') { $req = new OAuthRequestVerifier(); $value = $req->getParam($name); if (empty($value)) { $value = Yii::app()->request->getParam($name, $default); } return $value; }
/** * This function checks if the request is CORS valid, if not checks for an authentication and setup the auth routes */ function checkOAuth() { global $validOrigins; if (isset($_SERVER['HTTP_ORIGIN']) && in_array($_SERVER['HTTP_ORIGIN'], $validOrigins)) { return; } //Command to generate the Request Tokens $this->addRouteCommand(new RouteCommand("POST", "auth", "requestToken", function ($params = NULL) { if (empty($_POST["userId"])) { $this->showError(400); } $store = OAuthStore::instance('PDO', array('conn' => DBController::$db)); $key = $store->updateConsumer($_POST, $_POST["userId"], true); $c = $store->getConsumer($key, $_POST["userId"]); $result["key"] = $c["consumer_key"]; $result["secret"] = $c["consumer_secret"]; $this->showResult($result); }, array("userId"), "Request a new token")); // Create a new instance of OAuthStore and OAuthServer $store = OAuthStore::instance('PDO', array('conn' => DBController::$db)); $server = new OAuthServer(); ResterUtils::Log(">> CHECKING OAUTH " . $_SERVER['REQUEST_METHOD']); if (OAuthRequestVerifier::requestIsSigned()) { //If the request is signed, allow from any source header('Access-Control-Allow-Origin: *'); try { $req = new OAuthRequestVerifier(); $id = $req->verify(false); ResterUtils::Log("*** API USER " . $id . " ***"); } catch (OAuthException2 $e) { // The request was signed, but failed verification header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: OAuth realm=""'); header('Content-Type: text/plain; charset=utf8'); ResterUtils::Log(">> OAUTH ERROR >> " . $e->getMessage()); exit; } } else { ResterUtils::Log(">> OAUTH: Unsigned request"); if (isset($validOrigins)) { foreach ($validOrigins as $origin) { ResterUtils::Log(">> ADD ORIGIN: " . $origin); header('Access-Control-Allow-Origin: ' . $origin); } } else { //TODO; CHECK ORIGIN header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: OAuth realm=""'); header('Content-Type: text/plain; charset=utf8'); echo "Authentication error"; ResterUtils::Log(">> OAUTH ERROR >> Request not signed"); ResterUtils::Log("*** AUTH ERROR *** ===>"); exit; } //$this->showError(401); } }
<!--API Resource to be accessed by the Client--> <?php require_once '../include/common.php'; if (OAuthRequestVerifier::requestIsSigned()) { try { $req = new OAuthRequestVerifier(); $id = $req->verify(); // echo "hey"; if ($id) { echo 'Hello ' . $id; } } catch (OAuthException $e) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: OAuth realm=""'); header('Content-Type: text/plain; charset=utf8'); echo $e->getMessage(); exit; } }