public static function build_http_body($params)
{
if (!$params) {
return '';
}
// Urlencode both keys and values
$keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
$values = OAuthUtil::urlencode_rfc3986(array_values($params));
$params = array_combine($keys, $values);
// Parameters are sorted by name, using lexicographical byte value ordering.
// Ref: Spec: 9.1.1 (1)
uksort($params, 'strcmp');
$pairs = array();
foreach ($params as $parameter => $value) {
if (is_array($value)) {
// If two or more parameters share the same name, they are sorted by their value
// Ref: Spec: 9.1.1 (1)
// June 12th, 2010 - changed to sort because of issue 164 by hidetaka
sort($value, SORT_STRING);
foreach ($value as $duplicate_value) {
$pairs[] = $parameter . '=' . $duplicate_value;
}
} else {
$pairs[] = $parameter . '=' . $value;
}
}
// For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
// Each name-value pair is separated by an '&' character (ASCII code 38)
return implode('&', $pairs);
}
public function getPostvals($force = false)
{
if (opCalendarApiHandler::GET !== $this->method || $force) {
if (!$this->parameters) {
return null;
}
// Urlencode both keys and values
$keys = OAuthUtil::urlencode_rfc3986(array_keys($this->parameters));
$values = OAuthUtil::urlencode_rfc3986(array_values($this->parameters));
$params = array_combine($keys, $values);
// Parameters are sorted by name, using lexicographical byte value ordering.
// Ref: Spec: 9.1.1 (1)
uksort($params, 'strcmp');
$pairs = array();
foreach ($params as $parameter => $value) {
if (is_array($value)) {
// If two or more parameters share the same name, they are sorted by their value
// Ref: Spec: 9.1.1 (1)
natsort($value);
foreach ($value as $duplicate_value) {
$pairs[] = $parameter . '=' . $duplicate_value;
}
} else {
$pairs[] = $parameter . '=' . $value;
}
}
// For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
// Each name-value pair is separated by an '&' character (ASCII code 38)
return implode('&', $pairs);
}
return null;
}
/**
* oauth_signature is set to the concatenated encoded values of the Consumer Secret and
* Token Secret, separated by a '&' character (ASCII code 38), even if either secret is
* empty. The result MUST be encoded again.
* - Chapter 9.4.1 ("Generating Signatures")
*
* Please note that the second encoding MUST NOT happen in the SignatureMethod, as
* OAuthRequest handles this!
*/
public function build_signature($request, $consumer, $token)
{
$key_parts = array($consumer->secret, $token ? $token->secret : "");
$key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
$key = implode('&', $key_parts);
$request->base_string = $key;
return $key;
}
public function build_signature($request, $consumer, $token)
{
$base_string = $request->get_signature_base_string();
$request->base_string = $base_string;
$key_parts = array($consumer->secret, $token ? $token->secret : "");
$key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
$key = implode('&', $key_parts);
return base64_encode(hash_hmac('sha1', $base_string, $key, true));
}
function api_content(&$a)
{
if ($a->cmd == 'api/oauth/authorize') {
/*
* api/oauth/authorize interact with the user. return a standard page
*/
$a->page['template'] = "minimal";
// get consumer/client from request token
try {
$request = OAuthRequest::from_request();
} catch (Exception $e) {
echo "<pre>";
var_dump($e);
killme();
}
if (x($_POST, 'oauth_yes')) {
$app = oauth_get_client($request);
if (is_null($app)) {
return "Invalid request. Unknown token.";
}
$consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
$verifier = md5($app['secret'] . local_channel());
set_config("oauth", $verifier, local_channel());
if ($consumer->callback_url != null) {
$params = $request->get_parameters();
$glue = "?";
if (strstr($consumer->callback_url, $glue)) {
$glue = "?";
}
goaway($consumer->callback_url . $glue . "oauth_token=" . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuthUtil::urlencode_rfc3986($verifier));
killme();
}
$tpl = get_markup_template("oauth_authorize_done.tpl");
$o = replace_macros($tpl, array('$title' => t('Authorize application connection'), '$info' => t('Return to your app and insert this Securty Code:'), '$code' => $verifier));
return $o;
}
if (!local_channel()) {
//TODO: we need login form to redirect to this page
notice(t('Please login to continue.') . EOL);
return login(false, 'api-login', $request->get_parameters());
}
//FKOAuth1::loginUser(4);
$app = oauth_get_client($request);
if (is_null($app)) {
return "Invalid request. Unknown token.";
}
$tpl = get_markup_template('oauth_authorize.tpl');
$o = replace_macros($tpl, array('$title' => t('Authorize application connection'), '$app' => $app, '$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'), '$yes' => t('Yes'), '$no' => t('No')));
//echo "<pre>"; var_dump($app); killme();
return $o;
}
echo api_call($a);
killme();
}
public function build_signature($request, $consumer, $token)
{
global $OAuth_last_computed_signature;
$OAuth_last_computed_signature = false;
$base_string = $request->get_signature_base_string();
$request->base_string = $base_string;
$key_parts = array($consumer->secret, $token ? $token->secret : "");
$key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
$key = implode('&', $key_parts);
$computed_signature = base64_encode(hash_hmac('sha256', $base_string, $key, true));
$OAuth_last_computed_signature = $computed_signature;
return $computed_signature;
}
public function build_signature($request, $consumer, $token)
{
$sig = array(OAuthUtil::urlencode_rfc3986($consumer->secret));
if ($token) {
array_push($sig, OAuthUtil::urlencode_rfc3986($token->secret));
} else {
array_push($sig, '');
}
$raw = implode("&", $sig);
// for debug purposes
$request->base_string = $raw;
return OAuthUtil::urlencode_rfc3986($raw);
}
public function build_signature($request, $consumer, $token)
{
$base_string = $request->get_signature_base_string();
$base_string = preg_replace_callback("/(%[A-Za-z0-9]{2})/", array($this, "replace_callback"), $base_string);
//convert base string to lowercase
$request->base_string = $base_string;
$key_parts = array($consumer->secret, $token ? $token->secret : "");
$key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
$key = implode('&', $key_parts);
$key = preg_replace_callback("/(%[A-Za-z0-9]{2})/", array($this, "replace_callback"), $key);
//convert to lowercase
return base64_encode(hash_hmac('sha1', $base_string, $key, true));
}
public function testUrlencode()
{
// Tests taken from
// http://wiki.oauth.net/TestCases ("Parameter Encoding")
$this->assertEquals('abcABC123', OAuthUtil::urlencode_rfc3986('abcABC123'));
$this->assertEquals('-._~', OAuthUtil::urlencode_rfc3986('-._~'));
$this->assertEquals('%25', OAuthUtil::urlencode_rfc3986('%'));
$this->assertEquals('%2B', OAuthUtil::urlencode_rfc3986('+'));
$this->assertEquals('%0A', OAuthUtil::urlencode_rfc3986("\n"));
$this->assertEquals('%20', OAuthUtil::urlencode_rfc3986(' '));
$this->assertEquals('%7F', OAuthUtil::urlencode_rfc3986(""));
//$this->assertEquals('%C2%80', OAuthUtil::urlencode_rfc3986("\x00\x80"));
//$this->assertEquals('%E3%80%81', OAuthUtil::urlencode_rfc3986("\x30\x01"));
// Last two checks disabled because of lack of UTF-8 support, or lack
// of knowledge from me (morten.fangel) on how to use it properly..
// A few tests to ensure code-coverage
$this->assertEquals('', OAuthUtil::urlencode_rfc3986(NULL));
$this->assertEquals('', OAuthUtil::urlencode_rfc3986(new stdClass()));
}
public static function access_token($request)
{
$token = self::$server->fetch_access_token($request);
header('Content-Type: application/x-www-form-urlencoded');
return sprintf('oauth_token=%s&oauth_token_secret=%s', OAuthUtil::urlencode_rfc3986($token->key), OAuthUtil::urlencode_rfc3986($token->secret));
}
/**
* Request authorization
*
* Returns an URL which equals to an authorization request. The end user
* should be redirected to this location to perform authorization.
* The $finish_url should be a local resource which invokes
* OMB_Consumer::finishAuthorization on request.
*
* @param OMB_Profile $profile An OMB_Profile object representing the
* soon-to-be subscribed (i. e. local) user
* @param string $finish_url Target location after successful
* authorization
*
* @access public
*
* @return string An URL representing an authorization request
*/
public function requestAuthorization($profile, $finish_url)
{
if ($this->performLegacyAuthRequest) {
$params = $profile->asParameters('omb_listenee', false);
$params['omb_listener'] = $this->listener_uri;
$params['oauth_callback'] = $finish_url;
$url = $this->prepareAction(OAUTH_ENDPOINT_AUTHORIZE, $params, 'GET')->to_url();
} else {
$params = array('oauth_callback' => $finish_url, 'oauth_token' => $this->token->key, 'omb_version' => OMB_VERSION, 'omb_listener' => $this->listener_uri);
$params = array_merge($profile->asParameters('omb_listenee', false), $params);
/* Build result URL. */
$url = $this->services[OAUTH_ENDPOINT_AUTHORIZE] . (strrpos($url, '?') === false ? '?' : '&');
foreach ($params as $k => $v) {
$url .= OAuthUtil::urlencode_rfc3986($k) . '=' . OAuthUtil::urlencode_rfc3986($v) . '&';
}
}
$this->listenee_uri = $profile->getIdentifierURI();
return $url;
}
public static function build_http_query($params)
{
if (!$params) {
return '';
}
$keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
$values = OAuthUtil::urlencode_rfc3986(array_values($params));
$params = array_combine($keys, $values);
uksort($params, 'strcmp');
$pairs = array();
foreach ($params as $parameter => $value) {
if (is_array($value)) {
natsort($value);
foreach ($value as $duplicate_value) {
$pairs[] = $parameter . '=' . $duplicate_value;
}
} else {
$pairs[] = $parameter . '=' . $value;
}
}
return implode('&', $pairs);
}
function buildCallbackUrl($url, $params)
{
foreach ($params as $k => $v) {
$url = $this->appendQueryVar($url, OAuthUtil::urlencode_rfc3986($k), OAuthUtil::urlencode_rfc3986($v));
}
return $url;
}
/**
* Ta metoda buduje URL przyjmujący żądania logowania użytkownika. Jeśli nie chcesz korzystać ze standardowo oferowanych
* tutaj elementów (->button()) możesz samodzielnie zbudować element logowania używając tej metody jako źródła adresu
* docelowego.
*
* @return string
*/
public function nkConnectLoginUri()
{
return "https://nk.pl/oauth2/login" . "?client_id=" . $this->getConfig()->key . "&response_type=code" . "&redirect_uri=" . OAuthUtil::urlencode_rfc3986($this->redirectUri()) . "&scope=" . implode(',', $this->getConfig()->permissions) . "&state=" . $this->getOtp();
}
/**
* Signs the request and adds the OAuth signature. This runs all the request
* parameter preparation methos.
*
* @param string $method the HTTP being used. ex POST, GET, HEAD etc
* @param string $url the request URL without query string parameters.
* @param array $params the request parameters as an array of key=value pairs
* @param string $useauth whether to use authentication when making the request.
*/
private function sign($method, $url, $params, $useauth)
{
$this->prepare_method($method);
$this->prepare_url($url);
$this->prepare_params($params);
// we don't sign anything is we're not using auth
if ($useauth) {
$this->prepare_base_string();
$this->prepare_signing_key();
$this->auth_params['oauth_signature'] = OAuthUtil::urlencode_rfc3986(base64_encode(hash_hmac('sha1', $this->base_string, $this->signing_key, true)));
}
$this->prepare_auth_header();
}
/**
* builds the Authorization: header
*/
public function to_header() {
$out = 'Authorization: OAuth realm=""';
$total = array();
foreach ($this->parameters as $k => $v) {
if (substr($k, 0, 5) != "oauth") {
continue;
}
if (is_array($v)) {
throw new OAuthException('Arrays not supported in headers');
}
$out .= ',' .
OAuthUtil::urlencode_rfc3986($k) .
'="' .
OAuthUtil::urlencode_rfc3986($v) .
'"';
}
return $out;
}
private function signRequest(RemoteContentRequest $request)
{
$url = $request->getUrl();
$method = $request->getMethod();
try {
// Parse the request into parameters for OAuth signing, stripping out
// any OAuth or OpenSocial parameters injected by the client
$parsedUri = parse_url($url);
$resource = $url;
$contentType = $request->getHeader('Content-Type');
$signBody = stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null;
$msgParams = array();
$postParams = array();
if ($request->getPostBody()) {
if ($signBody) {
// on normal application/x-www-form-urlencoded type post's encode and parse the post vars
parse_str($request->getPostBody(), $postParams);
$postParams = $this->sanitize($postParams);
} else {
// on any other content-type of post (application/{json,xml,xml+atom}) use the body signing hash
// see http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html for details
$msgParams['oauth_body_hash'] = base64_encode(sha1($request->getPostBody(), true));
}
}
if ($signBody && isset($postParams)) {
$msgParams = array_merge($msgParams, $postParams);
}
$this->addOpenSocialParams($msgParams, $request->getToken(), $request->getOptions()->ownerSigned, $request->getOptions()->viewerSigned);
$this->addOAuthParams($msgParams, $request->getToken());
$consumer = new OAuthConsumer(NULL, NULL, NULL);
$signatureMethod = new ShindigRsaSha1SignatureMethod($this->privateKeyObject, null);
$req_req = OAuthRequest::from_consumer_and_token($consumer, NULL, $method, $resource, $msgParams);
$req_req->sign_request($signatureMethod, $consumer, NULL);
// Rebuild the query string, including all of the parameters we added.
// We have to be careful not to copy POST parameters into the query.
// If post and query parameters share a name, they end up being removed
// from the query.
$forPost = array();
$postData = false;
if ($method == 'POST' && $signBody) {
foreach ($postParams as $key => $param) {
$forPost[$key] = $param;
if ($postData === false) {
$postData = array();
}
$postData[] = OAuthUtil::urlencode_rfc3986($key) . "=" . OAuthUtil::urlencode_rfc3986($param);
}
if ($postData !== false) {
$postData = implode("&", $postData);
}
}
$newQueryParts = array();
foreach ($req_req->get_parameters() as $key => $param) {
if (!isset($forPost[$key])) {
if (!is_array($param)) {
$newQueryParts[] = urlencode($key) . '=' . urlencode($param);
} else {
foreach ($param as $elem) {
$newQueryParts[] = urlencode($key) . '=' . urlencode($elem);
}
}
}
$newQuery = implode('&', $newQueryParts);
}
// Careful here; the OAuth form encoding scheme is slightly different than
// the normal form encoding scheme, so we have to use the OAuth library
// formEncode method.
$url = $parsedUri['scheme'] . '://' . $parsedUri['host'] . (isset($parsedUri['port']) ? ':' . $parsedUri['port'] : '') . (isset($parsedUri['path']) ? $parsedUri['path'] : '') . '?' . $newQuery;
$request->setUri($url);
if ($signBody) {
$request->setPostBody($postData);
}
} catch (Exception $e) {
throw new GadgetException($e);
}
}
static function urlencodeRFC3986($input)
{
return OAuthUtil::urlencode_rfc3986($input);
}
/**
* builds the Authorization: header
*/
public function to_header($realm = null)
{
$first = true;
if ($realm) {
$out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
$first = false;
} else {
$out = 'Authorization: OAuth';
}
$total = array();
foreach ($this->parameters as $k => $v) {
if (substr($k, 0, 5) != "oauth") {
continue;
}
if (is_array($v)) {
throw new OAuthExceptionPHP('Arrays not supported in headers');
}
$out .= $first ? ' ' : ',';
$out .= OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"';
$first = false;
}
return $out;
}
/**
* Creates string of post variables
*/
public static function to_postdata($data)
{
$total = array();
foreach ($data as $k => $v) {
if (is_array($v)) {
foreach ($v as $va) {
$total[] = OAuthUtil::urlencode_rfc3986($k) . "[]=" . OAuthUtil::urlencode_rfc3986($va);
}
} else {
$total[] = OAuthUtil::urlencode_rfc3986($k) . "=" . OAuthUtil::urlencode_rfc3986($v);
}
}
$out = implode("&", $total);
return $out;
}
/**
* Returns the normalized signature base string of this request
* @param string $http_method
* @param string $url
* @param array $params
* The base string is defined as the method, the url and the
* parameters (normalized), each urlencoded and the concated with &.
* @see http://oauth.net/core/1.0/#rfc.section.A.5.1
*/
private function signature_base_string($http_method, $url, $params)
{
//Parse URL - see http://php.net/manual/en/function.parse-str.php
$query_str = parse_url($url, PHP_URL_QUERY);
if ($query_str) {
$parsed_query = $this->oauth_parse_str($query_str);
// merge params from the url with params array from caller
$params = array_merge($params, $parsed_query);
}
// Strip out oauth_signature from params array if isset
if (isset($params['oauth_signature'])) {
unset($params['oauth_signature']);
}
// Create a double encoded param signature base string
$base_string = OAuthUtil::urlencode_rfc3986(strtoupper($http_method)) . '&' . OAuthUtil::urlencode_rfc3986($this->normalize_url($url)) . '&' . OAuthUtil::urlencode_rfc3986($this->oauth_http_build_query($params));
return $base_string;
}
/**
* builds the Authorization: header
*/
public function to_header_internal($start)
{
$out = $start;
$comma = ',';
$total = array();
foreach ($this->parameters as $k => $v) {
if (substr($k, 0, 5) != "oauth") {
continue;
}
if (is_array($v)) {
throw new OAuthException('Arrays not supported in headers');
}
$out .= $comma . OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"';
$comma = ',';
}
return $out;
}
/**
* generates the basic string serialization of a token that a server
* would respond to request_token and access_token calls with
*/
function to_string()
{
return "oauth_token=" . OAuthUtil::urlencode_rfc3986($this->key) . "&oauth_token_secret=" . OAuthUtil::urlencode_rfc3986($this->secret);
}
/**
* builds the Authorization: header
*/
public function to_header($realm = null)
{
$first = true;
if ($realm) {
$out = 'OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
$first = false;
} else {
$out = 'OAuth';
}
foreach ($this->parameters as $k => $v) {
if (substr($k, 0, 5) != "oauth") {
continue;
}
if (is_array($v)) {
continue;
}
$out .= $first ? ' ' : ',';
$out .= OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"';
$first = false;
}
return array('Authorization' => $out);
//- hacked into this to make it return an array. 15/11/2014.
}
public static function build_http_query($params)
{
if (!$params) {
return '';
}
//note Urlencode both keys and values
$keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
$values = OAuthUtil::urlencode_rfc3986(array_values($params));
$params = array_combine($keys, $values);
//note Parameters are sorted by name, using lexicographical byte value ordering.
//note Ref: Spec: 9.1.1 (1)
uksort($params, 'strcmp');
$pairs = array();
foreach ($params as $parameter => $value) {
if (is_array($value)) {
//note If two or more parameters share the same name, they are sorted by their value
//note Ref: Spec: 9.1.1 (1)
natsort($value);
foreach ($value as $duplicate_value) {
$pairs[] = $parameter . '=' . $duplicate_value;
}
} else {
$pairs[] = $parameter . '=' . $value;
}
}
//note For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
//note Each name-value pair is separated by an '&' character (ASCII code 38)
return implode('&', $pairs);
}
/**
* Continue the OAuth dance after user authorization
*
* Performs the appropriate actions after user answered the authorization
* request.
*
* @param bool $accepted Whether the user granted authorization
*
* @access public
*
* @return array A two-component array with the values:
* - callback The callback URL or null if none given
* - token The authorized request token or null if not
* authorized.
*/
public function continueUserAuth($accepted)
{
$callback = $this->callback;
if (!$accepted) {
$this->datastore->revoke_token($this->token->key);
$this->token = null;
} else {
$this->datastore->authorize_token($this->token->key);
$this->datastore->saveProfile($this->remote_user);
$this->datastore->saveSubscription($this->user->getIdentifierURI(), $this->remote_user->getIdentifierURI(), $this->token);
if (!is_null($this->callback)) {
/* Callback wants to get some informations as well. */
$params = $this->user->asParameters('omb_listener', false);
$params['oauth_token'] = $this->token->key;
$params['omb_version'] = OMB_VERSION;
$callback .= parse_url($this->callback, PHP_URL_QUERY) ? '&' : '?';
foreach ($params as $k => $v) {
$callback .= OAuthUtil::urlencode_rfc3986($k) . '=' . OAuthUtil::urlencode_rfc3986($v) . '&';
}
}
}
return array($callback, $this->token);
}
function api_oauth_access_token(&$a, $type)
{
try {
$oauth = new FKOAuth1();
$req = OAuthRequest::from_request();
$r = $oauth->fetch_access_token($req);
} catch (Exception $e) {
echo "error=" . OAuthUtil::urlencode_rfc3986($e->getMessage());
killme();
}
echo $r;
killme();
}
function sendAuthorization()
{
$req = $this->getStoredRequest();
if (!$req) {
$this->clientError(_('No authorization request!'));
return;
}
$callback = $req->get_parameter('oauth_callback');
if ($this->arg('accept')) {
if (!$this->authorizeToken($req)) {
$this->clientError(_('Error authorizing token'));
}
if (!$this->saveRemoteProfile($req)) {
$this->clientError(_('Error saving remote profile'));
}
if (!$callback) {
$this->showAcceptMessage($req->get_parameter('oauth_token'));
} else {
$params = array();
$params['oauth_token'] = $req->get_parameter('oauth_token');
$params['omb_version'] = OMB_VERSION_01;
$user = User::staticGet('uri', $req->get_parameter('omb_listener'));
$profile = $user->getProfile();
if (!$profile) {
common_log_db_error($user, 'SELECT', __FILE__);
$this->serverError(_('User without matching profile'));
return;
}
$params['omb_listener_nickname'] = $user->nickname;
$params['omb_listener_profile'] = common_local_url('showstream', array('nickname' => $user->nickname));
if (!is_null($profile->fullname)) {
$params['omb_listener_fullname'] = $profile->fullname;
}
if (!is_null($profile->homepage)) {
$params['omb_listener_homepage'] = $profile->homepage;
}
if (!is_null($profile->bio)) {
$params['omb_listener_bio'] = $profile->bio;
}
if (!is_null($profile->location)) {
$params['omb_listener_location'] = $profile->location;
}
$avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE);
if ($avatar) {
$params['omb_listener_avatar'] = $avatar->url;
}
$parts = array();
foreach ($params as $k => $v) {
$parts[] = $k . '=' . OAuthUtil::urlencode_rfc3986($v);
}
$query_string = implode('&', $parts);
$parsed = parse_url($callback);
$url = $callback . ($parsed['query'] ? '&' : '?') . $query_string;
common_redirect($url, 303);
}
} else {
if (!$callback) {
$this->showRejectMessage();
} else {
# XXX: not 100% sure how to signal failure... just redirect without token?
common_redirect($callback, 303);
}
}
}
