Example #1
0
 /**
  * Load oauth parameters from GET or POST
  *
  * @access	public
  * @param	string	$flag	default [ FALSE ]
  * @return	void
  */
 public function __construct(array $args)
 {
     $params = array();
     // Load oauth_token from form-encoded body
     isset($_SERVER['CONTENT_TYPE']) or $_SERVER['CONTENT_TYPE'] = getenv('CONTENT_TYPE');
     // oauth_token already send in authorization header or the encrypt Content-Type is not single-part
     if (stripos($_SERVER['CONTENT_TYPE'], 'application/x-www-form-urlencoded') === FALSE) {
         throw new Oauth2_Exception_Token('invalid_request');
     } else {
         // Check all required parameters should NOT be empty
         foreach ($args as $key => $val) {
             if ($val === TRUE) {
                 if (isset($_POST[$key]) and $value = Oauth2::urldecode($_POST[$key])) {
                     $params[$key] = $value;
                 } else {
                     throw new Oauth2_Exception_Token('invalid_request');
                 }
             }
         }
     }
     $this->code = $params['code'];
     $this->client_id = $params['client_id'];
     unset($params['code'], $params['client_id']);
     $this->_params = $params;
 }
Example #2
0
 public function action_do()
 {
     $params = Oauth2::parse_query();
     try {
         if (empty($params['code']) or isset($params['error'])) {
             throw new Oauth2_Exception($params['error']);
         }
         $token = Remote::get($this->_configs['token_uri'], array(CURLOPT_POST => TRUE, CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded;charset=utf-8'), CURLOPT_POSTFIELDS => Oauth2::build_query(array('grant_type' => $this->_configs['grant_type'], 'code' => $params['code'], 'client_id' => $this->_configs['client_id'], 'redirect_uri' => $this->_configs['redirect_uri'], 'client_secret' => $this->_configs['client_secret']))));
         $token = json_decode($token);
         if (isset($token->error)) {
             throw new Oauth2_Exception($token->error);
         }
         // Resource in json format
         $resource = Remote::get($this->_configs['access_uri'], array(CURLOPT_POST => TRUE, CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded;charset=utf-8'), CURLOPT_POSTFIELDS => Oauth2::build_query(array('oauth_token' => $token->access_token, 'timestamp' => $_SERVER['REQUEST_TIME'], 'refresh_token' => $token->refresh_token, 'expires_in' => $token->expires_in, 'client_id' => $this->_configs['client_id']))));
         $this->request->response = $resource;
     } catch (Exception $e) {
         $error = $e->getMessage();
     }
     if (isset($error)) {
         switch ($error) {
             case 'access_denied':
                 $this->request->response = 'You have denied this request.';
                 break;
             default:
                 $this->request->response = 'There must be some errors happen in this connection, please contact our web master.' . "[{$error}]";
                 break;
         }
     }
 }
Example #3
0
 /**
  * Client Requests Access Token
  *
  * @access    public
  * @return    void
  */
 public function action_token()
 {
     $grant_type = Oauth2::get('grant_type');
     try {
         if (method_exists($this, $grant_type)) {
             $response = $this->{$grant_type}();
         } else {
             // TODO, if is an absolute URI identifying an assertion format supported by the authorization server
             //if(Oauth::is_assertion($grant_type))
             //{
             //    $response = $this->assertion();
             //    break;
             //}
             throw new Oauth2_Exception_Token('unsupported_grant_type');
         }
         // HTTP/1.1 200 OK
         $this->request->status = 200;
         $this->request->headers['Content-Type'] = $response->format;
     } catch (Oauth2_Exception $e) {
         $response = $e->getMessage();
         /**
          * HTTP/1.1 401 (Unauthorized) for "Authorization" request header field
          * HTTP/1.1 400 Bad Request for other authentication scheme
          */
         $this->request->status = 400;
         $this->request->headers['Content-Type'] = 'application/json';
     }
     $this->request->headers['Expires'] = 'Sat, 26 Jul 1997 05:00:00 GMT';
     $this->request->headers['Cache-Control'] = 'no-store, must-revalidate';
     $this->request->response = $response;
 }
Example #4
0
 /**
  * Load oauth parameters from GET or POST
  *
  * @access	public
  * @param	string	$flag	default [ FALSE ]
  * @return	void
  */
 public function __construct(array $args)
 {
     $params = array();
     // Parse the "state" paramter
     if (isset($_GET['state']) and $state = Oauth2::urldecode($_GET['state'])) {
         $this->state = $state;
         unset($_GET['state']);
     }
     // Check all required parameters should NOT be empty
     foreach ($args as $key => $val) {
         if ($val === TRUE) {
             if (isset($_GET[$key]) and $value = Oauth2::urldecode($_GET[$key])) {
                 $params[$key] = $value;
             } else {
                 $e = new Oauth2_Exception_Authorize('invalid_request');
                 $e->redirect_uri = isset($params['redirect_uri']) ? $params['redirect_uri'] : Oauth2::urldecode($_GET['redirect_uri']);
                 $e->state = $this->state;
                 throw $e;
             }
         }
     }
     $this->client_id = $params['client_id'];
     $this->redirect_uri = $params['redirect_uri'];
     // Remove all required parameters
     unset($params['client_id'], $params['redirect_uri']);
     $this->_params = $params;
 }
Example #5
0
 public function build(Oauth2_Token $token)
 {
     $signature = Oauth2::urlencode($token->client_secret);
     if (!empty($token->token_secret)) {
         $signature .= '&' . Oauth2::urlencode($token->token_secret);
     }
     return $signature;
 }
Example #6
0
 public function build(Oauth2_Token $token)
 {
     $key = Oauth2::urlencode($token->client_secret);
     if (!empty($token->token_secret)) {
         $key .= '&' . Oauth2::urlencode($token->token_secret);
     }
     return base64_encode(hash_hmac('sha1', parent::$identifier, $key, TRUE));
 }
Example #7
0
 public function login()
 {
     define('BASEPATH', '1');
     $name = $this->_get('name');
     $app = C($name);
     //new Oauth2();
     include realpath('iVanvicms/_Core/Extend/Vendor/Oauth/Oauth2.php');
     $status = Oauth2::provider($name, $app);
     dump($status);
 }
Example #8
0
 /**
  * state
  *      OPTIONAL.  An opaque value used by the client to maintain state
  *      between the request and callback.  The authorization server
  *      includes this value when redirecting the user-agent back to the
  *      client.
  *
  * scope
  *      OPTIONAL.  The scope of the access request expressed as a list
  *      of space-delimited strings.  The value of the "scope" parameter
  *      is defined by the authorization server.  If the value contains
  *      multiple space-delimited strings, their order does not matter,
  *      and each string adds an additional access range to the
  *      requested scope.
  *
  * @access    public
  * @return    void
  */
 public function __construct($args = NULL)
 {
     $params = Oauth2::parse_query();
     $this->client_id = Arr::get($params, 'client_id');
     $this->redirect_uri = Arr::get($params, 'redirect_uri');
     // OPTIONAL.  An opaque value used by the client to maintain state between the request and callback.
     if (NULL !== ($state = Arr::get($params, 'state'))) {
         $this->state = $state;
     }
     // OPTIONAL.  The scope of the access request expressed as a list of space-delimited strings.
     if (NULL !== ($scope = Arr::get($params, 'scope'))) {
         $this->scope = $scope;
     }
 }
Example #9
0
 /**
  * format
  *      OPTIONAL.  The response format requested by the client.  Value
  *      MUST be one of "json", "xml", or "form".
  */
 public function __construct($args = NULL)
 {
     $params = Oauth2::parse_query();
     $this->client_id = Arr::get($params, 'client_id');
     $this->client_secret = Arr::get($params, 'client_secret');
     $this->refresh_token = Arr::get($params, 'refresh_token');
     // OPTIONAL.  An opaque value used by the client to maintain state between the request and callback.
     if (NULL !== ($state = Arr::get($params, 'state'))) {
         $this->state = $state;
     }
     if (NULL !== ($format = Arr::get($params, 'format'))) {
         $this->format = $format;
     }
     if (empty($this->client_id) or empty($this->client_secret) or empty($this->refresh_token)) {
         throw new Oauth2_Exception_Token('invalid_request');
     }
 }
Example #10
0
 /**
  * scope
  *      OPTIONAL.  The scope of the access request expressed as a list
  *      of space-delimited strings.  The value of the "scope" parameter
  *      is defined by the authorization server.  If the value contains
  *      multiple space-delimited strings, their order does not matter,
  *      and each string adds an additional access range to the
  *      requested scope.
  * format
  *      OPTIONAL.  The response format requested by the client.  Value
  *      MUST be one of "json", "xml", or "form".  Alternatively, the
  *      client MAY use the HTTP "Accept" header field with the desired
  *      media type.  Defaults to "json" if omitted and no "Accept"
  *      header field is present.
  */
 public function __construct($args = NULL)
 {
     $params = Oauth2::parse_query();
     $this->client_id = Arr::get($params, 'client_id');
     $this->client_secret = Arr::get($params, 'client_secret');
     $this->username = Arr::get($params, 'username');
     $this->password = Arr::get($params, 'password');
     // OPTIONAL.  An opaque value used by the client to maintain state between the request and callback.
     if (NULL !== ($state = Arr::get($params, 'state'))) {
         $this->state = $state;
     }
     // OPTIONAL.  The scope of the access request expressed as a list of space-delimited strings.
     if (NULL !== ($scope = Arr::get($params, 'scope'))) {
         $this->scope = $scope;
     }
     // OPTIONAL.  The scope of the access request expressed as a list of space-delimited strings.
     if (NULL !== ($format = Arr::get($params, 'format'))) {
         $this->format = $format;
     }
     if (empty($this->client_id) or empty($this->client_secret) or empty($this->username) or empty($this->password)) {
         throw new Oauth2_Exception('invalid_request');
     }
 }
Example #11
0
 public function query()
 {
     if (empty($this->error)) {
         $form = get_object_vars($this);
         foreach ($form as $key => $val) {
             if (empty($val)) {
                 unset($form[$key]);
             }
         }
     } else {
         $form = array('error' => $this->error);
         if (property_exists($this, 'error_description') and $this->error_description) {
             $form['error_description'] = $this->error_description;
         }
         if (property_exists($this, 'error_uri') and $this->error_uri) {
             $form['error_uri'] = $this->error_uri;
         }
         if (property_exists($this, 'state') and $this->state) {
             $form['state'] = $this->state;
         }
     }
     return Oauth2::build_query($form);
 }
Example #12
0
 /**
  * MUST verify that the verification code, client identity, client secret,
  * and redirection URI are all valid and match its stored association.
  *
  * @access  public
  * @return  Oauth_Token
  * @todo    impletement timestamp, nonce, signature checking
  */
 public function access_token($client)
 {
     $response = new Oauth2_Token();
     if (isset($this->_params['format'])) {
         $response->format = $this->_params['format'];
     }
     //if(isset($this->_params['nonce']) AND $client['nonce'] !== $this->_params['nonce'])
     //{
     //    throw new Oauth_Exception_Access('invalid_request');
     //}
     if ($client['access_token'] !== $this->oauth_token) {
         throw new Oauth2_Exception_Access('invalid_token');
     }
     if (isset($this->_params['scope']) and !empty($client['scope'])) {
         if (!in_array($this->_params['scope'], explode(' ', $client['scope']))) {
             throw new Oauth2_Exception_Access('insufficient_scope');
         }
     }
     if (isset($this->_params['timestamp']) and $client['timestamp'] < $this->_params['timestamp']) {
         throw new Oauth2_Exception_Access('invalid_token');
     }
     // Verify the signature
     if (!empty($this->_params['signature']) and !empty($this->_params['algorithm'])) {
         $uri = URL::base(FALSE, TRUE) . Request::$instance->uri;
         $string = Oauth2::normalize(Request::$method, $uri, $this->_params);
         $this->_params['algorithm'] = strtolower($this->_params['algorithm']);
         if ($this->_params['algorithm'] === 'rsa-sha1' or $this->_params['algorithm'] === 'hmac-sha1') {
             $response->public_cert = $client['ssh_key'];
             $response->private_cert = $this->_params['signature'];
         }
         if (!Oauth2::signature($this->_params['algorithm'], $string)->check($response, $this->_params['signature'])) {
             throw new Oauth2_Exception_Access('invalid_signature');
         }
     }
     return $response;
 }
Example #13
0
 public static function access_denied_uri($redirect = NULL)
 {
     $params = Oauth2::parse_query();
     if (!$redirect) {
         $redirect = Arr::get($params, 'redirect_uri');
     }
     if ($state = Arr::get($params, 'state')) {
         $state = '&state=' . $state;
     }
     return $redirect . '?error=access_denied' . $state;
 }
Example #14
0
    $oStmt = $oDb->prepare("DELETE FROM tasks WHERE id = :id");
    $oStmt->bindParam("id", $id);
    $oStmt->execute();
    echo json_encode(array("rows" => $oStmt->rowCount()));
});
// oauth2 code
$oApp->get("/login", function () use($oApp) {
    // see if this is the original redirect or if it's the callback
    $sCode = $oApp->request->params('code');
    // get the uri to redirect to
    $sUrl = "http";
    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
        $sUrl .= "s";
    }
    $sUrl .= "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
    $oAuth = new \Oauth2($sUrl);
    if ($sCode == null) {
        $oApp->response->redirect($oAuth->redirectUrl());
    } else {
        $oAuth->handleCode($sCode);
        $oApp->response->redirect("/");
    }
});
$oApp->get("/currentUser", new \Auth(), function () use($oApp) {
    echo json_encode($_SESSION['CurrentUser']);
});
$oApp->get("/logout", function () {
    session_start();
    unset($_SESSION["CurrentUser"]);
});
$oApp->run();