public function run_update_method($token = null) { $response = new OAuth2\Response(); if (!isset($token['user_id']) || $token['user_id'] == 0) { $response->setError(400, 'invalid_request', 'Missing or invalid access token'); $response->send(); exit; } $user_id =& $token['user_id']; if (!current_user_can('edit_user', $user_id)) { $response->setError(400, 'invalid_request', 'You are not allowed to edit this user'); $response->send(); exit; } $user_id = wp_update_user(array('ID' => $user_id, 'display_name' => sanitize_text_field($_POST['name']))); if (is_wp_error($user_id)) { // There was an error, probably that user doesn't exist. $response->setError(400, 'invalid_request', 'There was an error updating me'); $response->send(); exit; } else { $return = array('success' => 'updated-me'); $response = new OAuth2\Response($return); $response->send(); exit; } }
/** * @covers OAuth2\Response::content_type() * @covers OAuth2\Response::parse() */ public function testParseResponse() { // parses application/x-www-form-urlencoded body $headers = array('Content-Type' => 'application/x-www-form-urlencoded'); $body = 'foo=bar&answer=42'; $this->response = new \OAuth2\Response(new \GuzzleHttp\Message\Response(200, $headers, \GuzzleHttp\Stream\Stream::factory($body))); $parsedResponse = $this->response->parse(); $this->assertEquals(2, count(array_keys($parsedResponse))); $this->assertEquals('bar', $parsedResponse['foo']); $this->assertEquals(42, $parsedResponse['answer']); // parses application/json body $headers = array('Content-Type' => 'application/json'); $body = json_encode(array('foo' => 'bar', 'answer' => 42)); $this->response = new \OAuth2\Response(new \GuzzleHttp\Message\Response(200, $headers, \GuzzleHttp\Stream\Stream::factory($body))); $parsedResponse = $this->response->parse(); $this->assertEquals(2, count(array_keys($parsedResponse))); $this->assertEquals('bar', $parsedResponse['foo']); $this->assertEquals(42, $parsedResponse['answer']); // doesn't try to parse other content-types $headers = array('Content-Type' => 'text/html'); $body = '<!DOCTYPE html><html><head></head><body></body></html>'; $this->response = new \OAuth2\Response(new \GuzzleHttp\Message\Response(200, $headers, \GuzzleHttp\Stream\Stream::factory($body))); $this->assertNull($this->response->parse()); }
/** * DEFAULT ME METHOD - DO NOT REMOVE DIRECTLY * This is the default resource call "/oauth/me". Do not edit or remove. */ function _wo_method_me($token = null) { if (!isset($token['user_id']) || $token['user_id'] == 0) { $response = new OAuth2\Response(); $response->setError(400, 'invalid_request', 'Missing or invalid access token'); $response->send(); exit; } $user = get_user_by('id', $token['user_id']); $me_data = (array) $user->data; unset($me_data['user_pass']); unset($me_data['user_activation_key']); unset($me_data['user_url']); /** * @since 3.0.5 * OpenID Connect looks for the field "email". * Sooooo. We shall provide it. (at least for Moodle) */ $me_data['email'] = $me_data['user_email']; $response = new OAuth2\Response($me_data); $response->send(); exit; }
/** * DEFAULT ME METHOD - DO NOT REMOVE DIRECTLY * This is the default resource call "/oauth/me". Do not edit or remove. */ function _wo_method_me($token = null) { /** * Added 3.0.2 to handle access tokens not asigned to user */ if (!isset($token['user_id']) || $token['user_id'] == 0) { $response = new OAuth2\Response(); $response->setError(400, 'invalid_request', 'Missing or invalid access token'); $response->send(); exit; } $user_id =& $token['user_id']; global $wpdb; $me_data = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}users WHERE ID={$user_id}", ARRAY_A); /** prevent sensative data - makes me happy ;) */ unset($me_data['user_pass']); unset($me_data['user_activation_key']); unset($me_data['user_url']); /** * @since 3.0.5 * OpenID Connect looks for the field "email". * Sooooo. We shall provide it. (at least for Moodle) */ $me_data['email'] = $me_data['user_email']; $response = new OAuth2\Response($me_data); $response->send(); exit; }
/** * Intercept all OAuth2\Client::getResponse() calls and mock their responses */ public function mockGetResponse() { // retrieve arguments $args = func_get_args(); // map routes $map = array(); $map['GET']['/success'] = array('status' => 200, 'headers' => array('Content-Type' => 'text/awesome'), 'body' => 'yay'); $map['GET']['/reflect'] = array('status' => 200, 'headers' => array(), 'body' => $args[0]->getBody()); $map['POST']['/reflect'] = array('status' => 200, 'headers' => array(), 'body' => $args[0]->getBody()); $map['GET']['/unauthorized'] = array('status' => 401, 'headers' => array('Content-Type' => 'application/json'), 'body' => json_encode(array('error' => $this->errorValue, 'error_description' => $this->errorDescriptionValue))); $map['GET']['/conflict'] = array('status' => 409, 'headers' => array('Content-Type' => 'text/plain'), 'body' => 'not authorized'); $map['GET']['/redirect'] = array('status' => 302, 'headers' => array('Content-Type' => 'text/plain', 'location' => '/success'), 'body' => ''); $map['POST']['/redirect'] = array('status' => 303, 'headers' => array('Content-Type' => 'text/plain', 'location' => '/reflect'), 'body' => ''); $map['GET']['/error'] = array('status' => 500, 'headers' => array(), 'body' => ''); $map['GET']['/empty_get'] = array('status' => 200, 'headers' => array(), 'body' => ''); // match response $response = $map[$args[0]->getMethod()][$args[0]->getPath()]; // wrap response in an OAuth2\Response object $response = new \OAuth2\Response(new \GuzzleHttp\Message\Response($response['status'], $response['headers'], \GuzzleHttp\Stream\Stream::factory($response['body'])), $args[1]); // handle response if (in_array($response->status(), range(200, 299))) { return $response; } else { if (in_array($response->status(), range(300, 399))) { // Increment redirect count $this->client->options['redirect_count'] = isset($this->client->options['redirect_count']) ? $this->client->options['redirect_count'] : 0; $this->client->options['redirect_count'] += 1; if ($this->client->options['redirect_count'] > $args[0]->getConfig()['redirect']['max']) { return $response; } // Retrieve data $method = $response->status() === 303 ? 'GET' : $args[0]->getMethod(); $headers = $response->headers(); $location = $headers['location']; // Redirect request $request = $this->client->createRequest($method, $location[0], ['body' => $response->body()]); return $this->client->getResponse($request); } else { if (in_array($response->status(), range(400, 599))) { $e = new \OAuth2\Error($response); if ($args[0]->getConfig()['exceptions'] || $this->client->options['request_opts']['exceptions']) { throw $e; } $response->error = $e; return $response; } else { throw new \OAuth2\Error($response); } } } }
$ext_methods = apply_filters("wo_endpoints", null); // Check to see if the method exists in the filter if (array_key_exists($method, $ext_methods)) { // If the method is is set to public, lets just run the method without if (isset($ext_methods[$method]['public']) && $ext_methods[$method]['public']) { call_user_func_array($ext_methods[$method]['func'], $_REQUEST); exit; } $response = new OAuth2\Response(); if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) { $response->setError(400, 'invalid_request', 'Missing or invalid parameter(s)'); $response->send(); exit; } $token = $server->getAccessTokenData(OAuth2\Request::createFromGlobals()); if (is_null($token)) { $server->getResponse()->send(); exit; } do_action('wo_endpoint_user_authenticated', array($token)); call_user_func_array($ext_methods[$method]['func'], array($token)); exit; } /** * Server error response. End of line * @since 3.1.0 */ $response = new OAuth2\Response(); $response->setError(400, 'invalid_request', 'Unknown request'); $response->send(); exit;
protected function _generateControllerResponse(XenForo_Controller $controller, OAuth2\Response $response) { if ($response->isRedirection()) { return $controller->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $response->getHttpHeader('Location')); } $params = $response->getParameters(); $params['_statusCode'] = $response->getStatusCode(); $params['_headers'] = $response->getHttpHeaders(); if ($controller instanceof bdApi_ControllerApi_Abstract) { return $controller->responseData('bdApi_ViewApi_OAuth', $params); } else { if ($response->isClientError()) { return $controller->responseError($response->getParameter('error_description'), $response->getStatusCode()); } else { $controller->getRouteMatch()->setResponseType('json'); return $controller->responseView('bdApi_ViewPublic_OAuth', '', $params); } } }