public function oauthSign($url, $secret, $token = null)
{
if (!class_exists(__NAMESPACE__ . '\\OAuthSignatureMethod_HMAC_SHA1')) {
$this->loadClass('OAuthSignatureMethod');
$this->loadClass('OAuthSignatureMethod_HMAC_SHA1');
}
$oauth = new OAuthSignatureMethod_HMAC_SHA1();
$sign = $oauth->build_signature($url, $secret, $token);
return $sign;
}
public function getSecurityToken($oauthRequest, $appUrl, $userId, $contentType)
{
$appId = 0;
$consumer = new OAuthConsumer(OpenPNEServiceConfig::OAUTH_CONSUMER_KEY, OpenPNEServiceConfig::OAUTH_CONSUMER_SECRET);
$signatureMethod = new OAuthSignatureMethod_HMAC_SHA1();
$oauthSignature = $oauthRequest->get_parameter('oauth_signature');
if (!$signatureMethod->check_signature($oauthRequest, $consumer, null, $oauthSignature)) {
return null;
}
return new OAuthSecurityToken($userId, $appUrl, $appId, 'openpne');
}
function authenticate()
{
$request = OAuthRequest::from_request();
$consumer_key = $request->get_parameter('oauth_consumer_key');
$signature_method = $request->get_parameter('oauth_signature_method');
$signature = $request->get_parameter('oauth_signature');
if ($signature_method === "HMAC-SHA1") {
$sm = new OAuthSignatureMethod_HMAC_SHA1();
$stmt = $this->db->prepare('SELECT consumerSecret FROM storageConsumers WHERE consumerKey = :key');
$stmt->bindParam(':key', $consumer_key);
$stmt->execute();
$row = $stmt->fetch();
if ($row === FALSE || empty($row)) {
throw new Exception("consumer not found");
}
$consumer_secret = $row['consumerSecret'];
$valid = $sm->check_signature($request, new OAuthConsumer($consumer_key, $consumer_secret), NULL, $signature);
} else {
if ($signature_method === "RSA-SHA1") {
$sm = new MyOAuthSignatureMethod_RSA_SHA1($this->db);
$valid = $sm->check_signature($request, NULL, NULL, $signature);
} else {
throw new Exception("invalid signature method");
}
}
if (!$valid) {
throw new Exception("invalid signature");
} else {
/* SURFconext (contains groupContext) */
$instance_id = $request->get_parameter('opensocial_instance_id');
/* iGoogle and other OpenSocial/Shindig portals/containers */
$owner_id = $request->get_parameter('opensocial_owner_id');
if ($instance_id !== NULL) {
$this->consumerKey = $consumer_key . '_' . $instance_id;
} else {
if ($owner_id !== NULL) {
$this->consumerKey = $consumer_key . '_' . $owner_id;
} else {
$this->consumerKey = $consumer_key;
}
}
}
}
/**
* Verfies a 2 legged OAuth signature. 2 legged OAuth means the security context is of the application,
* and no specific user is associated with it. Most of the logic is done manually and not through the OAuth
* library, since it has no knowledge of- / support for 2 legged OAuth.
*/
private function verify2LeggedOAuth($oauthRequest, $userId, $appUrl, $dataStore)
{
$consumerToken = $dataStore->lookup_consumer($oauthRequest->parameters['oauth_consumer_key']);
$signature_method = new OAuthSignatureMethod_HMAC_SHA1();
$signature_valid = $signature_method->check_signature($oauthRequest, $consumerToken, null, $_GET["oauth_signature"]);
if (!$signature_valid) {
// signature did not check out, abort
return null;
}
return new OAuthSecurityToken($userId, $appUrl, $dataStore->get_app_id($consumerToken), "atutor");
}
function login()
{
/* See: http://developer.yahoo.com/blogs/ydn/posts/2010/04/a_twolegged_oauth_serverclient_example/ */
$sig = getRequest('oauth_signature', TRUE);
$key = getRequest('oauth_consumer_key', TRUE);
$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
$req_method = $_SERVER['REQUEST_METHOD'];
$url = getProtocol() . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
/* check if consumer key is in list of consumers */
$consumers = getConfig($this->config, 'oauth_consumers', TRUE);
if (!array_key_exists($key, $consumers)) {
throw new Exception("oauth consumer key not registered");
}
$consumer = new OAuthConsumer($key, $consumers[$key]);
$req = new OAuthRequest($req_method, $url);
$valid = $sig_method->check_signature($req, $consumer, NULL, $sig);
if (!$valid) {
throw new Exception('invalid oauth signature');
}
$this->userId = getRequest('userId', TRUE);
}
//loads the myspaceid api sdk
require_once "MySpaceID/myspace.php";
$ms_key = "[your onsite app key]";
$ms_secret = "[your onsite app secret]";
print "Hello, this is an onsite app using the MySpaceID PHP SDK.<br>";
//print $_SERVER['REQUEST_URI'] . "<br>";
//print $_GET . "<br>";
//print_r($_GET) . "<br>";
//
// Compute signature of request to verify
//
$method = $_SERVER["REQUEST_METHOD"];
$req = OAuthRequest::from_request($method, $http_url);
$req->del_parameter('oauth_signature');
//print "<br>Req = " . $req;
$sigMethod = new OAuthSignatureMethod_HMAC_SHA1();
$consumer = new OAuthConsumer($ms_key, $ms_secret);
$signature = $sigMethod->build_signature($req, $consumer);
print "<br>Base string = " . $req . base_string;
print "<br>Built Signature = " . $signature . "";
print "<br>Passed in Signature = " . $_GET['oauth_signature'] . "<br>";
if (strcmp($_GET['oauth_signature'], $signature) != 0) {
print "Signatures don't match! Exiting.<br>";
} else {
print "Signatures match!";
// Send notification
$userId = @$_GET['opensocial_viewer_id'];
$ms = new MySpace($ms_key, $ms_secret, null, null, false);
$templateParameters = array('content' => 'Test notification content from php sdk', 'button0_surface' => 'canvas', 'button0_label' => 'Go To App Canvas', 'button1_surface' => 'appProfile', 'button1_label' => 'Go To App Profile');
$rc = $ms->sendNotification('129910', '454304609,28568917', $templateParameters, 'http://api.myspace.com/v1/users/296768296');
echo '<br><br>sendNotification returned ' . $rc;
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Author: Eric Bidelman <*****@*****.**>
*/
$PRIV_KEY_FILE = '/path/to/your/rsa_private_key.pem';
// OAuth library - http://oauth.googlecode.com/svn/code/php/
require_once 'OAuth.php';
// Google's accepted signature methods
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$rsa_method = new OAuthSignatureMethod_RSA_SHA1();
$SIG_METHODS = array($rsa_method->get_name() => $rsa_method, $hmac_method->get_name() => $hmac_method);
/**
* Makes an HTTP request to the specified URL
*
* @param string $http_method The HTTP method (GET, POST, PUT, DELETE)
* @param string $url Full URL of the resource to access
* @param array $extraHeaders (optional) Additional headers to include in each
* request. Elements are header/value pair strings ('Host: example.com')
* @param string $postData (optional) POST/PUT request body
* @param bool $returnResponseHeaders True if resp. headers should be returned.
* @return string Response body from the server
*/
function send_signed_request($http_method, $url, $extraHeaders = null, $postData = null, $returnResponseHeaders = true)
{
function verify_signature($consumer, $token=NULL, $oauth_signature) {
$oauth_signature_method = new OAuthSignatureMethod_HMAC_SHA1();
$oauth_consumer = new OAuthConsumer($consumer->key, $consumer->secret);
$oauth_token = ($token) ? new OAuthToken($token->key, $token->secret) : NULL;
$oauth_request = OAuthRequest::from_request();
$ok = $oauth_signature_method->check_signature($oauth_request, $oauth_consumer, $oauth_token, $oauth_signature);
return $ok;
}
protected function verify2LeggedOAuth($oauthRequest, $userId, $appUrl)
{
$appId = 0;
$consumerKey = $oauthRequest->get_parameter('oauth_consumer_key');
$application = Doctrine::getTable('Application')->findOneByConsumerKey($consumerKey);
if ($application) {
if (!($application->getConsumerSecret() && $application->isHadByMember($userId))) {
return null;
}
$appId = $application->getId();
$consumer = new OAuthConsumer($application->getConsumerKey(), $application->getConsumerSecret());
} else {
$consumer = $this->dataStore->lookup_consumer($consumerKey);
if (!($consumerInformation = $this->getConsumerInformation($consumer))) {
return null;
}
if (!$this->isAdmin) {
if ($consumerInformation->getMemberId() != $userId) {
return null;
}
}
}
$signatureMethod = new OAuthSignatureMethod_HMAC_SHA1();
$oauthSignature = $oauthRequest->get_parameter('oauth_signature');
$signatureValid = $signatureMethod->check_signature($oauthRequest, $consumer, null, $oauthSignature);
if (!$signatureValid) {
return null;
}
return new OAuthSecurityToken($userId, $appUrl, $appId, 'openpne');
}
<?php
require_once "OAuth.php";
$key = "KEY HERE";
$secret = "KEY HERE";
//Build a request object from the current request
$request = OAuthRequest::from_request(null, null, $_REQUEST);
$consumer = new OAuthConsumer($key, $secret, null);
//Initialize signature method
$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
//validate passed oauth signature
$signature = $_GET['oauth_signature'];
$valid_sig = $sig_method->check_signature($request, $consumer, null, $signature);
//check if signature check succeeded
if (!$valid_sig) {
//SIGNATURE INVALID – Produce appropriate error message
} else {
//SIGNATURE IS VALID – Continue with normal program execution
}
?>
