public function getSecurityToken($oauthRequest, $appUrl, $userId, $contentType)
{
$appId = 0;
$consumer = new OAuthConsumer(OpenPNEServiceConfig::OAUTH_CONSUMER_KEY, OpenPNEServiceConfig::OAUTH_CONSUMER_SECRET);
$signatureMethod = new OAuthSignatureMethod_HMAC_SHA1();
$oauthSignature = $oauthRequest->get_parameter('oauth_signature');
if (!$signatureMethod->check_signature($oauthRequest, $consumer, null, $oauthSignature)) {
return null;
}
return new OAuthSecurityToken($userId, $appUrl, $appId, 'openpne');
}
function authenticate()
{
$request = OAuthRequest::from_request();
$consumer_key = $request->get_parameter('oauth_consumer_key');
$signature_method = $request->get_parameter('oauth_signature_method');
$signature = $request->get_parameter('oauth_signature');
if ($signature_method === "HMAC-SHA1") {
$sm = new OAuthSignatureMethod_HMAC_SHA1();
$stmt = $this->db->prepare('SELECT consumerSecret FROM storageConsumers WHERE consumerKey = :key');
$stmt->bindParam(':key', $consumer_key);
$stmt->execute();
$row = $stmt->fetch();
if ($row === FALSE || empty($row)) {
throw new Exception("consumer not found");
}
$consumer_secret = $row['consumerSecret'];
$valid = $sm->check_signature($request, new OAuthConsumer($consumer_key, $consumer_secret), NULL, $signature);
} else {
if ($signature_method === "RSA-SHA1") {
$sm = new MyOAuthSignatureMethod_RSA_SHA1($this->db);
$valid = $sm->check_signature($request, NULL, NULL, $signature);
} else {
throw new Exception("invalid signature method");
}
}
if (!$valid) {
throw new Exception("invalid signature");
} else {
/* SURFconext (contains groupContext) */
$instance_id = $request->get_parameter('opensocial_instance_id');
/* iGoogle and other OpenSocial/Shindig portals/containers */
$owner_id = $request->get_parameter('opensocial_owner_id');
if ($instance_id !== NULL) {
$this->consumerKey = $consumer_key . '_' . $instance_id;
} else {
if ($owner_id !== NULL) {
$this->consumerKey = $consumer_key . '_' . $owner_id;
} else {
$this->consumerKey = $consumer_key;
}
}
}
}
function login()
{
/* See: http://developer.yahoo.com/blogs/ydn/posts/2010/04/a_twolegged_oauth_serverclient_example/ */
$sig = getRequest('oauth_signature', TRUE);
$key = getRequest('oauth_consumer_key', TRUE);
$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
$req_method = $_SERVER['REQUEST_METHOD'];
$url = getProtocol() . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
/* check if consumer key is in list of consumers */
$consumers = getConfig($this->config, 'oauth_consumers', TRUE);
if (!array_key_exists($key, $consumers)) {
throw new Exception("oauth consumer key not registered");
}
$consumer = new OAuthConsumer($key, $consumers[$key]);
$req = new OAuthRequest($req_method, $url);
$valid = $sig_method->check_signature($req, $consumer, NULL, $sig);
if (!$valid) {
throw new Exception('invalid oauth signature');
}
$this->userId = getRequest('userId', TRUE);
}
/**
* Verfies a 2 legged OAuth signature. 2 legged OAuth means the security context is of the application,
* and no specific user is associated with it. Most of the logic is done manually and not through the OAuth
* library, since it has no knowledge of- / support for 2 legged OAuth.
*/
private function verify2LeggedOAuth($oauthRequest, $userId, $appUrl, $dataStore)
{
$consumerToken = $dataStore->lookup_consumer($oauthRequest->parameters['oauth_consumer_key']);
$signature_method = new OAuthSignatureMethod_HMAC_SHA1();
$signature_valid = $signature_method->check_signature($oauthRequest, $consumerToken, null, $_GET["oauth_signature"]);
if (!$signature_valid) {
// signature did not check out, abort
return null;
}
return new OAuthSecurityToken($userId, $appUrl, $dataStore->get_app_id($consumerToken), "partuza");
}
function verify_signature($consumer, $token=NULL, $oauth_signature) {
$oauth_signature_method = new OAuthSignatureMethod_HMAC_SHA1();
$oauth_consumer = new OAuthConsumer($consumer->key, $consumer->secret);
$oauth_token = ($token) ? new OAuthToken($token->key, $token->secret) : NULL;
$oauth_request = OAuthRequest::from_request();
$ok = $oauth_signature_method->check_signature($oauth_request, $oauth_consumer, $oauth_token, $oauth_signature);
return $ok;
}
protected function verify2LeggedOAuth($oauthRequest, $userId, $appUrl)
{
$appId = 0;
$consumerKey = $oauthRequest->get_parameter('oauth_consumer_key');
$application = Doctrine::getTable('Application')->findOneByConsumerKey($consumerKey);
if ($application) {
if (!($application->getConsumerSecret() && $application->isHadByMember($userId))) {
return null;
}
$appId = $application->getId();
$consumer = new OAuthConsumer($application->getConsumerKey(), $application->getConsumerSecret());
} else {
$consumer = $this->dataStore->lookup_consumer($consumerKey);
if (!($consumerInformation = $this->getConsumerInformation($consumer))) {
return null;
}
if (!$this->isAdmin) {
if ($consumerInformation->getMemberId() != $userId) {
return null;
}
}
}
$signatureMethod = new OAuthSignatureMethod_HMAC_SHA1();
$oauthSignature = $oauthRequest->get_parameter('oauth_signature');
$signatureValid = $signatureMethod->check_signature($oauthRequest, $consumer, null, $oauthSignature);
if (!$signatureValid) {
return null;
}
return new OAuthSecurityToken($userId, $appUrl, $appId, 'openpne');
}
<?php
require_once "OAuth.php";
$key = "KEY HERE";
$secret = "KEY HERE";
//Build a request object from the current request
$request = OAuthRequest::from_request(null, null, $_REQUEST);
$consumer = new OAuthConsumer($key, $secret, null);
//Initialize signature method
$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
//validate passed oauth signature
$signature = $_GET['oauth_signature'];
$valid_sig = $sig_method->check_signature($request, $consumer, null, $signature);
//check if signature check succeeded
if (!$valid_sig) {
//SIGNATURE INVALID – Produce appropriate error message
} else {
//SIGNATURE IS VALID – Continue with normal program execution
}
?>
