public static function build_http_body($params) { if (!$params) { return ''; } // Urlencode both keys and values $keys = OAuthUtil::urlencode_rfc3986(array_keys($params)); $values = OAuthUtil::urlencode_rfc3986(array_values($params)); $params = array_combine($keys, $values); // Parameters are sorted by name, using lexicographical byte value ordering. // Ref: Spec: 9.1.1 (1) uksort($params, 'strcmp'); $pairs = array(); foreach ($params as $parameter => $value) { if (is_array($value)) { // If two or more parameters share the same name, they are sorted by their value // Ref: Spec: 9.1.1 (1) // June 12th, 2010 - changed to sort because of issue 164 by hidetaka sort($value, SORT_STRING); foreach ($value as $duplicate_value) { $pairs[] = $parameter . '=' . $duplicate_value; } } else { $pairs[] = $parameter . '=' . $value; } } // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61) // Each name-value pair is separated by an '&' character (ASCII code 38) return implode('&', $pairs); }
public function getPostvals($force = false) { if (opCalendarApiHandler::GET !== $this->method || $force) { if (!$this->parameters) { return null; } // Urlencode both keys and values $keys = OAuthUtil::urlencode_rfc3986(array_keys($this->parameters)); $values = OAuthUtil::urlencode_rfc3986(array_values($this->parameters)); $params = array_combine($keys, $values); // Parameters are sorted by name, using lexicographical byte value ordering. // Ref: Spec: 9.1.1 (1) uksort($params, 'strcmp'); $pairs = array(); foreach ($params as $parameter => $value) { if (is_array($value)) { // If two or more parameters share the same name, they are sorted by their value // Ref: Spec: 9.1.1 (1) natsort($value); foreach ($value as $duplicate_value) { $pairs[] = $parameter . '=' . $duplicate_value; } } else { $pairs[] = $parameter . '=' . $value; } } // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61) // Each name-value pair is separated by an '&' character (ASCII code 38) return implode('&', $pairs); } return null; }
/** * oauth_signature is set to the concatenated encoded values of the Consumer Secret and * Token Secret, separated by a '&' character (ASCII code 38), even if either secret is * empty. The result MUST be encoded again. * - Chapter 9.4.1 ("Generating Signatures") * * Please note that the second encoding MUST NOT happen in the SignatureMethod, as * OAuthRequest handles this! */ public function build_signature($request, $consumer, $token) { $key_parts = array($consumer->secret, $token ? $token->secret : ""); $key_parts = OAuthUtil::urlencode_rfc3986($key_parts); $key = implode('&', $key_parts); $request->base_string = $key; return $key; }
public function build_signature($request, $consumer, $token) { $base_string = $request->get_signature_base_string(); $request->base_string = $base_string; $key_parts = array($consumer->secret, $token ? $token->secret : ""); $key_parts = OAuthUtil::urlencode_rfc3986($key_parts); $key = implode('&', $key_parts); return base64_encode(hash_hmac('sha1', $base_string, $key, true)); }
function api_content(&$a) { if ($a->cmd == 'api/oauth/authorize') { /* * api/oauth/authorize interact with the user. return a standard page */ $a->page['template'] = "minimal"; // get consumer/client from request token try { $request = OAuthRequest::from_request(); } catch (Exception $e) { echo "<pre>"; var_dump($e); killme(); } if (x($_POST, 'oauth_yes')) { $app = oauth_get_client($request); if (is_null($app)) { return "Invalid request. Unknown token."; } $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']); $verifier = md5($app['secret'] . local_channel()); set_config("oauth", $verifier, local_channel()); if ($consumer->callback_url != null) { $params = $request->get_parameters(); $glue = "?"; if (strstr($consumer->callback_url, $glue)) { $glue = "?"; } goaway($consumer->callback_url . $glue . "oauth_token=" . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuthUtil::urlencode_rfc3986($verifier)); killme(); } $tpl = get_markup_template("oauth_authorize_done.tpl"); $o = replace_macros($tpl, array('$title' => t('Authorize application connection'), '$info' => t('Return to your app and insert this Securty Code:'), '$code' => $verifier)); return $o; } if (!local_channel()) { //TODO: we need login form to redirect to this page notice(t('Please login to continue.') . EOL); return login(false, 'api-login', $request->get_parameters()); } //FKOAuth1::loginUser(4); $app = oauth_get_client($request); if (is_null($app)) { return "Invalid request. Unknown token."; } $tpl = get_markup_template('oauth_authorize.tpl'); $o = replace_macros($tpl, array('$title' => t('Authorize application connection'), '$app' => $app, '$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'), '$yes' => t('Yes'), '$no' => t('No'))); //echo "<pre>"; var_dump($app); killme(); return $o; } echo api_call($a); killme(); }
public function build_signature($request, $consumer, $token) { global $OAuth_last_computed_signature; $OAuth_last_computed_signature = false; $base_string = $request->get_signature_base_string(); $request->base_string = $base_string; $key_parts = array($consumer->secret, $token ? $token->secret : ""); $key_parts = OAuthUtil::urlencode_rfc3986($key_parts); $key = implode('&', $key_parts); $computed_signature = base64_encode(hash_hmac('sha256', $base_string, $key, true)); $OAuth_last_computed_signature = $computed_signature; return $computed_signature; }
public function build_signature($request, $consumer, $token) { $sig = array(OAuthUtil::urlencode_rfc3986($consumer->secret)); if ($token) { array_push($sig, OAuthUtil::urlencode_rfc3986($token->secret)); } else { array_push($sig, ''); } $raw = implode("&", $sig); // for debug purposes $request->base_string = $raw; return OAuthUtil::urlencode_rfc3986($raw); }
public function build_signature($request, $consumer, $token) { $base_string = $request->get_signature_base_string(); $base_string = preg_replace_callback("/(%[A-Za-z0-9]{2})/", array($this, "replace_callback"), $base_string); //convert base string to lowercase $request->base_string = $base_string; $key_parts = array($consumer->secret, $token ? $token->secret : ""); $key_parts = OAuthUtil::urlencode_rfc3986($key_parts); $key = implode('&', $key_parts); $key = preg_replace_callback("/(%[A-Za-z0-9]{2})/", array($this, "replace_callback"), $key); //convert to lowercase return base64_encode(hash_hmac('sha1', $base_string, $key, true)); }
public function testUrlencode() { // Tests taken from // http://wiki.oauth.net/TestCases ("Parameter Encoding") $this->assertEquals('abcABC123', OAuthUtil::urlencode_rfc3986('abcABC123')); $this->assertEquals('-._~', OAuthUtil::urlencode_rfc3986('-._~')); $this->assertEquals('%25', OAuthUtil::urlencode_rfc3986('%')); $this->assertEquals('%2B', OAuthUtil::urlencode_rfc3986('+')); $this->assertEquals('%0A', OAuthUtil::urlencode_rfc3986("\n")); $this->assertEquals('%20', OAuthUtil::urlencode_rfc3986(' ')); $this->assertEquals('%7F', OAuthUtil::urlencode_rfc3986("")); //$this->assertEquals('%C2%80', OAuthUtil::urlencode_rfc3986("\x00\x80")); //$this->assertEquals('%E3%80%81', OAuthUtil::urlencode_rfc3986("\x30\x01")); // Last two checks disabled because of lack of UTF-8 support, or lack // of knowledge from me (morten.fangel) on how to use it properly.. // A few tests to ensure code-coverage $this->assertEquals('', OAuthUtil::urlencode_rfc3986(NULL)); $this->assertEquals('', OAuthUtil::urlencode_rfc3986(new stdClass())); }
public static function access_token($request) { $token = self::$server->fetch_access_token($request); header('Content-Type: application/x-www-form-urlencoded'); return sprintf('oauth_token=%s&oauth_token_secret=%s', OAuthUtil::urlencode_rfc3986($token->key), OAuthUtil::urlencode_rfc3986($token->secret)); }
/** * Request authorization * * Returns an URL which equals to an authorization request. The end user * should be redirected to this location to perform authorization. * The $finish_url should be a local resource which invokes * OMB_Consumer::finishAuthorization on request. * * @param OMB_Profile $profile An OMB_Profile object representing the * soon-to-be subscribed (i. e. local) user * @param string $finish_url Target location after successful * authorization * * @access public * * @return string An URL representing an authorization request */ public function requestAuthorization($profile, $finish_url) { if ($this->performLegacyAuthRequest) { $params = $profile->asParameters('omb_listenee', false); $params['omb_listener'] = $this->listener_uri; $params['oauth_callback'] = $finish_url; $url = $this->prepareAction(OAUTH_ENDPOINT_AUTHORIZE, $params, 'GET')->to_url(); } else { $params = array('oauth_callback' => $finish_url, 'oauth_token' => $this->token->key, 'omb_version' => OMB_VERSION, 'omb_listener' => $this->listener_uri); $params = array_merge($profile->asParameters('omb_listenee', false), $params); /* Build result URL. */ $url = $this->services[OAUTH_ENDPOINT_AUTHORIZE] . (strrpos($url, '?') === false ? '?' : '&'); foreach ($params as $k => $v) { $url .= OAuthUtil::urlencode_rfc3986($k) . '=' . OAuthUtil::urlencode_rfc3986($v) . '&'; } } $this->listenee_uri = $profile->getIdentifierURI(); return $url; }
public static function build_http_query($params) { if (!$params) { return ''; } $keys = OAuthUtil::urlencode_rfc3986(array_keys($params)); $values = OAuthUtil::urlencode_rfc3986(array_values($params)); $params = array_combine($keys, $values); uksort($params, 'strcmp'); $pairs = array(); foreach ($params as $parameter => $value) { if (is_array($value)) { natsort($value); foreach ($value as $duplicate_value) { $pairs[] = $parameter . '=' . $duplicate_value; } } else { $pairs[] = $parameter . '=' . $value; } } return implode('&', $pairs); }
function buildCallbackUrl($url, $params) { foreach ($params as $k => $v) { $url = $this->appendQueryVar($url, OAuthUtil::urlencode_rfc3986($k), OAuthUtil::urlencode_rfc3986($v)); } return $url; }
/** * Ta metoda buduje URL przyjmujący żądania logowania użytkownika. Jeśli nie chcesz korzystać ze standardowo oferowanych * tutaj elementów (->button()) możesz samodzielnie zbudować element logowania używając tej metody jako źródła adresu * docelowego. * * @return string */ public function nkConnectLoginUri() { return "https://nk.pl/oauth2/login" . "?client_id=" . $this->getConfig()->key . "&response_type=code" . "&redirect_uri=" . OAuthUtil::urlencode_rfc3986($this->redirectUri()) . "&scope=" . implode(',', $this->getConfig()->permissions) . "&state=" . $this->getOtp(); }
/** * Signs the request and adds the OAuth signature. This runs all the request * parameter preparation methos. * * @param string $method the HTTP being used. ex POST, GET, HEAD etc * @param string $url the request URL without query string parameters. * @param array $params the request parameters as an array of key=value pairs * @param string $useauth whether to use authentication when making the request. */ private function sign($method, $url, $params, $useauth) { $this->prepare_method($method); $this->prepare_url($url); $this->prepare_params($params); // we don't sign anything is we're not using auth if ($useauth) { $this->prepare_base_string(); $this->prepare_signing_key(); $this->auth_params['oauth_signature'] = OAuthUtil::urlencode_rfc3986(base64_encode(hash_hmac('sha1', $this->base_string, $this->signing_key, true))); } $this->prepare_auth_header(); }
/** * builds the Authorization: header */ public function to_header() { $out = 'Authorization: OAuth realm=""'; $total = array(); foreach ($this->parameters as $k => $v) { if (substr($k, 0, 5) != "oauth") { continue; } if (is_array($v)) { throw new OAuthException('Arrays not supported in headers'); } $out .= ',' . OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"'; } return $out; }
private function signRequest(RemoteContentRequest $request) { $url = $request->getUrl(); $method = $request->getMethod(); try { // Parse the request into parameters for OAuth signing, stripping out // any OAuth or OpenSocial parameters injected by the client $parsedUri = parse_url($url); $resource = $url; $contentType = $request->getHeader('Content-Type'); $signBody = stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null; $msgParams = array(); $postParams = array(); if ($request->getPostBody()) { if ($signBody) { // on normal application/x-www-form-urlencoded type post's encode and parse the post vars parse_str($request->getPostBody(), $postParams); $postParams = $this->sanitize($postParams); } else { // on any other content-type of post (application/{json,xml,xml+atom}) use the body signing hash // see http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html for details $msgParams['oauth_body_hash'] = base64_encode(sha1($request->getPostBody(), true)); } } if ($signBody && isset($postParams)) { $msgParams = array_merge($msgParams, $postParams); } $this->addOpenSocialParams($msgParams, $request->getToken(), $request->getOptions()->ownerSigned, $request->getOptions()->viewerSigned); $this->addOAuthParams($msgParams, $request->getToken()); $consumer = new OAuthConsumer(NULL, NULL, NULL); $signatureMethod = new ShindigRsaSha1SignatureMethod($this->privateKeyObject, null); $req_req = OAuthRequest::from_consumer_and_token($consumer, NULL, $method, $resource, $msgParams); $req_req->sign_request($signatureMethod, $consumer, NULL); // Rebuild the query string, including all of the parameters we added. // We have to be careful not to copy POST parameters into the query. // If post and query parameters share a name, they end up being removed // from the query. $forPost = array(); $postData = false; if ($method == 'POST' && $signBody) { foreach ($postParams as $key => $param) { $forPost[$key] = $param; if ($postData === false) { $postData = array(); } $postData[] = OAuthUtil::urlencode_rfc3986($key) . "=" . OAuthUtil::urlencode_rfc3986($param); } if ($postData !== false) { $postData = implode("&", $postData); } } $newQueryParts = array(); foreach ($req_req->get_parameters() as $key => $param) { if (!isset($forPost[$key])) { if (!is_array($param)) { $newQueryParts[] = urlencode($key) . '=' . urlencode($param); } else { foreach ($param as $elem) { $newQueryParts[] = urlencode($key) . '=' . urlencode($elem); } } } $newQuery = implode('&', $newQueryParts); } // Careful here; the OAuth form encoding scheme is slightly different than // the normal form encoding scheme, so we have to use the OAuth library // formEncode method. $url = $parsedUri['scheme'] . '://' . $parsedUri['host'] . (isset($parsedUri['port']) ? ':' . $parsedUri['port'] : '') . (isset($parsedUri['path']) ? $parsedUri['path'] : '') . '?' . $newQuery; $request->setUri($url); if ($signBody) { $request->setPostBody($postData); } } catch (Exception $e) { throw new GadgetException($e); } }
static function urlencodeRFC3986($input) { return OAuthUtil::urlencode_rfc3986($input); }
/** * builds the Authorization: header */ public function to_header($realm = null) { $first = true; if ($realm) { $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"'; $first = false; } else { $out = 'Authorization: OAuth'; } $total = array(); foreach ($this->parameters as $k => $v) { if (substr($k, 0, 5) != "oauth") { continue; } if (is_array($v)) { throw new OAuthExceptionPHP('Arrays not supported in headers'); } $out .= $first ? ' ' : ','; $out .= OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"'; $first = false; } return $out; }
/** * Creates string of post variables */ public static function to_postdata($data) { $total = array(); foreach ($data as $k => $v) { if (is_array($v)) { foreach ($v as $va) { $total[] = OAuthUtil::urlencode_rfc3986($k) . "[]=" . OAuthUtil::urlencode_rfc3986($va); } } else { $total[] = OAuthUtil::urlencode_rfc3986($k) . "=" . OAuthUtil::urlencode_rfc3986($v); } } $out = implode("&", $total); return $out; }
/** * Returns the normalized signature base string of this request * @param string $http_method * @param string $url * @param array $params * The base string is defined as the method, the url and the * parameters (normalized), each urlencoded and the concated with &. * @see http://oauth.net/core/1.0/#rfc.section.A.5.1 */ private function signature_base_string($http_method, $url, $params) { //Parse URL - see http://php.net/manual/en/function.parse-str.php $query_str = parse_url($url, PHP_URL_QUERY); if ($query_str) { $parsed_query = $this->oauth_parse_str($query_str); // merge params from the url with params array from caller $params = array_merge($params, $parsed_query); } // Strip out oauth_signature from params array if isset if (isset($params['oauth_signature'])) { unset($params['oauth_signature']); } // Create a double encoded param signature base string $base_string = OAuthUtil::urlencode_rfc3986(strtoupper($http_method)) . '&' . OAuthUtil::urlencode_rfc3986($this->normalize_url($url)) . '&' . OAuthUtil::urlencode_rfc3986($this->oauth_http_build_query($params)); return $base_string; }
/** * builds the Authorization: header */ public function to_header_internal($start) { $out = $start; $comma = ','; $total = array(); foreach ($this->parameters as $k => $v) { if (substr($k, 0, 5) != "oauth") { continue; } if (is_array($v)) { throw new OAuthException('Arrays not supported in headers'); } $out .= $comma . OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"'; $comma = ','; } return $out; }
/** * generates the basic string serialization of a token that a server * would respond to request_token and access_token calls with */ function to_string() { return "oauth_token=" . OAuthUtil::urlencode_rfc3986($this->key) . "&oauth_token_secret=" . OAuthUtil::urlencode_rfc3986($this->secret); }
/** * builds the Authorization: header */ public function to_header($realm = null) { $first = true; if ($realm) { $out = 'OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"'; $first = false; } else { $out = 'OAuth'; } foreach ($this->parameters as $k => $v) { if (substr($k, 0, 5) != "oauth") { continue; } if (is_array($v)) { continue; } $out .= $first ? ' ' : ','; $out .= OAuthUtil::urlencode_rfc3986($k) . '="' . OAuthUtil::urlencode_rfc3986($v) . '"'; $first = false; } return array('Authorization' => $out); //- hacked into this to make it return an array. 15/11/2014. }
public static function build_http_query($params) { if (!$params) { return ''; } //note Urlencode both keys and values $keys = OAuthUtil::urlencode_rfc3986(array_keys($params)); $values = OAuthUtil::urlencode_rfc3986(array_values($params)); $params = array_combine($keys, $values); //note Parameters are sorted by name, using lexicographical byte value ordering. //note Ref: Spec: 9.1.1 (1) uksort($params, 'strcmp'); $pairs = array(); foreach ($params as $parameter => $value) { if (is_array($value)) { //note If two or more parameters share the same name, they are sorted by their value //note Ref: Spec: 9.1.1 (1) natsort($value); foreach ($value as $duplicate_value) { $pairs[] = $parameter . '=' . $duplicate_value; } } else { $pairs[] = $parameter . '=' . $value; } } //note For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61) //note Each name-value pair is separated by an '&' character (ASCII code 38) return implode('&', $pairs); }
/** * Continue the OAuth dance after user authorization * * Performs the appropriate actions after user answered the authorization * request. * * @param bool $accepted Whether the user granted authorization * * @access public * * @return array A two-component array with the values: * - callback The callback URL or null if none given * - token The authorized request token or null if not * authorized. */ public function continueUserAuth($accepted) { $callback = $this->callback; if (!$accepted) { $this->datastore->revoke_token($this->token->key); $this->token = null; } else { $this->datastore->authorize_token($this->token->key); $this->datastore->saveProfile($this->remote_user); $this->datastore->saveSubscription($this->user->getIdentifierURI(), $this->remote_user->getIdentifierURI(), $this->token); if (!is_null($this->callback)) { /* Callback wants to get some informations as well. */ $params = $this->user->asParameters('omb_listener', false); $params['oauth_token'] = $this->token->key; $params['omb_version'] = OMB_VERSION; $callback .= parse_url($this->callback, PHP_URL_QUERY) ? '&' : '?'; foreach ($params as $k => $v) { $callback .= OAuthUtil::urlencode_rfc3986($k) . '=' . OAuthUtil::urlencode_rfc3986($v) . '&'; } } } return array($callback, $this->token); }
function api_oauth_access_token(&$a, $type) { try { $oauth = new FKOAuth1(); $req = OAuthRequest::from_request(); $r = $oauth->fetch_access_token($req); } catch (Exception $e) { echo "error=" . OAuthUtil::urlencode_rfc3986($e->getMessage()); killme(); } echo $r; killme(); }
function sendAuthorization() { $req = $this->getStoredRequest(); if (!$req) { $this->clientError(_('No authorization request!')); return; } $callback = $req->get_parameter('oauth_callback'); if ($this->arg('accept')) { if (!$this->authorizeToken($req)) { $this->clientError(_('Error authorizing token')); } if (!$this->saveRemoteProfile($req)) { $this->clientError(_('Error saving remote profile')); } if (!$callback) { $this->showAcceptMessage($req->get_parameter('oauth_token')); } else { $params = array(); $params['oauth_token'] = $req->get_parameter('oauth_token'); $params['omb_version'] = OMB_VERSION_01; $user = User::staticGet('uri', $req->get_parameter('omb_listener')); $profile = $user->getProfile(); if (!$profile) { common_log_db_error($user, 'SELECT', __FILE__); $this->serverError(_('User without matching profile')); return; } $params['omb_listener_nickname'] = $user->nickname; $params['omb_listener_profile'] = common_local_url('showstream', array('nickname' => $user->nickname)); if (!is_null($profile->fullname)) { $params['omb_listener_fullname'] = $profile->fullname; } if (!is_null($profile->homepage)) { $params['omb_listener_homepage'] = $profile->homepage; } if (!is_null($profile->bio)) { $params['omb_listener_bio'] = $profile->bio; } if (!is_null($profile->location)) { $params['omb_listener_location'] = $profile->location; } $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE); if ($avatar) { $params['omb_listener_avatar'] = $avatar->url; } $parts = array(); foreach ($params as $k => $v) { $parts[] = $k . '=' . OAuthUtil::urlencode_rfc3986($v); } $query_string = implode('&', $parts); $parsed = parse_url($callback); $url = $callback . ($parsed['query'] ? '&' : '?') . $query_string; common_redirect($url, 303); } } else { if (!$callback) { $this->showRejectMessage(); } else { # XXX: not 100% sure how to signal failure... just redirect without token? common_redirect($callback, 303); } } }