/**
* Finish authorization
*
* Finish the subscription process by converting the received and authorized
* request token into an access token. After that, the subscriber’s profile
* and the subscription are stored in the database.
* Expects an OAuthRequest in query parameters.
* Throws exceptions on failure.
*
* @access public
*/
public function finishAuthorization()
{
OMB_Helper::removeMagicQuotesFromRequest();
$req = OAuthRequest::from_request();
if ($req->get_parameter('oauth_token') != $this->token->key) {
/* That’s not the token I wanted to get authorized. */
throw new OAuthException('The authorized token does not equal ' . 'the submitted token.');
}
if ($req->get_parameter('omb_version') != OMB_VERSION) {
throw new OMB_RemoteServiceException('The remote service uses an ' . 'unsupported OMB version');
}
/* Construct the profile to validate it. */
/* Fix OMB bug. Listener URI is not passed. */
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$params = $_POST;
} else {
$params = $_GET;
}
$params['omb_listener'] = $this->listener_uri;
$listener = OMB_Profile::fromParameters($params, 'omb_listener');
/* Ask the remote service to convert the authorized request token into
an access token. */
$result = $this->performAction(OAUTH_ENDPOINT_ACCESS, array());
if ($result->status != 200) {
throw new OAuthException('Could not get access token');
}
parse_str($result->body, $return);
if (!isset($return['oauth_token']) || !isset($return['oauth_token_secret'])) {
throw new OAuthException('Could not get access token');
}
$this->setToken($return['oauth_token'], $return['oauth_token_secret']);
/* Subscription is finished and valid. Now store the new subscriber and
the subscription in the database. */
$this->datastore->saveProfile($listener);
$this->datastore->saveSubscription($this->listener_uri, $this->listenee_uri, $this->token);
}
/**
* Handle an user authorization request.
*
* Parses an authorization request. This includes OAuth and OMB
* verification.
* Throws exceptions on failures. Returns an OMB_Profile object representing
* the remote user.
*
* The OMB_Profile passed to the constructor of OMB_Service_Provider should
* not represent the user specified in the authorization request, but the
* one currently logged in to the service. This condition being satisfied,
* handleUserAuth will check whether the listener specified in the request
* is identical to the logged in user.
*
* @access public
*
* @return OMB_Profile The profile of the soon-to-be subscribed, i. e.
* remote user
*/
public function handleUserAuth()
{
OMB_Helper::removeMagicQuotesFromRequest();
/* Verify the request token. */
$this->token = $this->datastore->lookup_token(null, "request", $_GET['oauth_token']);
if (is_null($this->token)) {
throw new OAuthException('The given request token has not been ' . 'issued by this service.');
}
/* Verify the OMB part. */
if ($_GET['omb_version'] !== OMB_VERSION) {
throw OMB_RemoteServiceException::forRequest(OAUTH_ENDPOINT_AUTHORIZE, 'Wrong OMB version ' . $_GET['omb_version']);
}
if ($_GET['omb_listener'] !== $this->user->getIdentifierURI()) {
throw OMB_RemoteServiceException::forRequest(OAUTH_ENDPOINT_AUTHORIZE, 'Wrong OMB listener ' . $_GET['omb_listener']);
}
foreach (array('omb_listenee', 'omb_listenee_profile', 'omb_listenee_nickname', 'omb_listenee_license') as $param) {
if (!isset($_GET[$param]) || is_null($_GET[$param])) {
throw OMB_RemoteServiceException::forRequest(OAUTH_ENDPOINT_AUTHORIZE, "Required parameter '{$param}' not found");
}
}
/* Store given callback for later use. */
if (isset($_GET['oauth_callback']) && $_GET['oauth_callback'] !== '') {
$this->callback = $_GET['oauth_callback'];
if (!OMB_Helper::validateURL($this->callback)) {
throw OMB_RemoteServiceException::forRequest(OAUTH_ENDPOINT_AUTHORIZE, 'Invalid callback URL specified');
}
}
$this->remote_user = OMB_Profile::fromParameters($_GET, 'omb_listenee');
return $this->remote_user;
}