/**
* Verifies the OAuth request signature, sets the auth user
* and access type (read-only or read-write)
*
* @param OAuthRequest $request the OAuth Request
*
* @return nothing
*/
function checkOAuthRequest($request)
{
$datastore = new ApiStatusNetOAuthDataStore();
$server = new OAuthServer($datastore);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($hmac_method);
try {
$server->verify_request($request);
$consumer = $request->get_parameter('oauth_consumer_key');
$access_token = $request->get_parameter('oauth_token');
$app = Oauth_application::getByConsumerKey($consumer);
if (empty($app)) {
common_log(LOG_WARNING, 'Couldn\'t find the OAuth app for consumer key: ' . $consumer);
throw new OAuthException('No application for that consumer key.');
}
// set the source attr
$this->source = $app->name;
$appUser = Oauth_application_user::staticGet('token', $access_token);
if (!empty($appUser)) {
// If access_type == 0 we have either a request token
// or a bad / revoked access token
if ($appUser->access_type != 0) {
// Set the access level for the api call
$this->access = $appUser->access_type & Oauth_application::$writeAccess ? self::READ_WRITE : self::READ_ONLY;
// Set the auth user
if (Event::handle('StartSetApiUser', array(&$user))) {
$this->auth_user = User::staticGet('id', $appUser->profile_id);
Event::handle('EndSetApiUser', array($user));
}
$msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " . "application '%s' (id: %d) with %s access.";
common_log(LOG_INFO, sprintf($msg, $this->auth_user->nickname, $this->auth_user->id, $app->name, $app->id, ($this->access = self::READ_WRITE) ? 'read-write' : 'read-only'));
} else {
throw new OAuthException('Bad access token.');
}
} else {
// Also should not happen
throw new OAuthException('No user for that token.');
}
} catch (OAuthException $e) {
common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage());
$this->clientError($e->getMessage(), 401, $this->format);
exit;
}
}
/**
* Verifies the OAuth request signature, sets the auth user
* and access type (read-only or read-write)
*
* @param OAuthRequest $request the OAuth Request
*
* @return nothing
*/
function checkOAuthRequest($request)
{
$datastore = new ApiStatusNetOAuthDataStore();
$server = new OAuthServer($datastore);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($hmac_method);
try {
$server->verify_request($request);
$consumer = $request->get_parameter('oauth_consumer_key');
$access_token = $request->get_parameter('oauth_token');
$app = Oauth_application::getByConsumerKey($consumer);
if (empty($app)) {
common_log(LOG_WARNING, 'API OAuth - Couldn\'t find the OAuth app for consumer key: ' . $consumer);
// TRANS: OAuth exception thrown when no application is found for a given consumer key.
throw new OAuthException(_('No application for that consumer key.'));
}
// set the source attr
if ($app->name != 'anonymous') {
$this->source = $app->name;
}
$appUser = Oauth_application_user::staticGet('token', $access_token);
if (!empty($appUser)) {
// If access_type == 0 we have either a request token
// or a bad / revoked access token
if ($appUser->access_type != 0) {
// Set the access level for the api call
$this->access = $appUser->access_type & Oauth_application::$writeAccess ? self::READ_WRITE : self::READ_ONLY;
// Set the auth user
if (Event::handle('StartSetApiUser', array(&$user))) {
$user = User::staticGet('id', $appUser->profile_id);
if (!empty($user)) {
if (!$user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
}
$this->auth_user = $user;
// FIXME: setting the value returned by common_current_user()
// There should probably be a better method for this. common_set_user()
// does lots of session stuff.
global $_cur;
$_cur = $this->auth_user;
Event::handle('EndSetApiUser', array($user));
}
$msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " . "application '%s' (id: %d) with %s access.";
common_log(LOG_INFO, sprintf($msg, $this->auth_user->nickname, $this->auth_user->id, $app->name, $app->id, ($this->access = self::READ_WRITE) ? 'read-write' : 'read-only'));
} else {
// TRANS: OAuth exception given when an incorrect access token was given for a user.
throw new OAuthException(_('Bad access token.'));
}
} else {
// Also should not happen.
// TRANS: OAuth exception given when no user was found for a given token (no token was found).
throw new OAuthException(_('No user for that token.'));
}
} catch (OAuthException $e) {
$this->logAuthFailure($e->getMessage());
common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage());
$this->clientError($e->getMessage(), 401, $this->format);
exit;
}
}
