public static function invalidateGadgetCache(GadgetContext $context) { $request = new RemoteContentRequest($context->getUrl()); $cache = Cache::createCache(Shindig_Config::get('data_cache'), 'RemoteContent'); $cacheData = $cache->get($request->toHash()); if ($cacheData) { $uris = array(); $xml = $cacheData->getResponseContent(); $parserClass = Shindig_Config::get('gadget_spec_parser'); $parser = new $parserClass(); $gadgetSpec = $parser->parse($xml, $context); if ($gadgetSpec->locales) { foreach ($gadgetSpec->locales as $locale) { if (!empty($locale['messages'])) { $uris[] = RemoteContentRequest::transformRelativeUrl($locale['messages'], $context->getUrl()); } } } if (is_array($gadgetSpec->preloads)) { foreach ($gadgetSpec->preloads as $preload) { if (!empty($preload['href'])) { $uris[] = RemoteContentRequest::transformRelativeUrl($preload['href'], $context->getUrl()); } } } if (is_array($gadgetSpec->templatesRequireLibraries)) { foreach ($gadgetSpec->templatesRequireLibraries as $libraryUrl) { $uris[] = RemoteContentRequest::transformRelativeUrl($locale['messages'], $context->getUrl()); } } $uris[] = $request->getUrl(); self::invalidateRemoteContents($uris); } }
public function fetchRequest(RemoteContentRequest $request) { $outHeaders = array(); if ($request->hasHeaders()) { $headers = explode("\n", $request->getHeaders()); foreach ($headers as $header) { if (strpos($header, ':')) { $key = trim(substr($header, 0, strpos($header, ':'))); $val = trim(substr($header, strpos($header, ':') + 1)); if (strcmp($key, "User-Agent") != 0 && strcasecmp($key, "Transfer-Encoding") != 0 && strcasecmp($key, "Cache-Control") != 0 && strcasecmp($key, "Expries") != 0 && strcasecmp($key, "Content-Length") != 0) { $outHeaders[$key] = $val; } } } } $outHeaders['User-Agent'] = "Shindig PHP"; $options = array(); $options['timeout'] = Shindig_Config::get('curl_connection_timeout'); // configure proxy $proxyUrl = Shindig_Config::get('proxy'); if (!empty($proxyUrl)) { $options['adapter'] = 'Zend_Http_Client_Adapter_Proxy'; $proxy = parse_url($proxyUrl); if (isset($proxy['host'])) { $options['proxy_host'] = $proxy['host']; } if (isset($proxy['port'])) { $options['proxy_port'] = $proxy['port']; } if (isset($proxy['user'])) { $options['proxy_user'] = $proxy['user']; } if (isset($proxy['pass'])) { $options['proxy_pass'] = $proxy['pass']; } } $client = new Zend_Http_Client(); $client->setConfig($options); $client->setUri($request->getUrl()); $client->setHeaders($outHeaders); if ($request->getContentType()) { $client->setHeaders(Zend_Http_Client::CONTENT_TYPE, $request->getContentType()); } if ($request->isPost()) { $client->setMethod(Zend_Http_Client::POST); $client->setRawData($request->getPostBody()); } else { $client->setMethod(Zend_Http_Client::GET); } $response = $client->request(); $request->setHttpCode($response->getStatus()); $request->setContentType($response->getHeader('Content-Type')); $request->setResponseHeaders($response->getHeaders()); $request->setResponseContent($response->getBody()); $request->setResponseSize(strlen($response->getBody())); return $request; }
/** * Performs a single (RemoteContentRequest) request and fills in the response * in the $request object * * @param RemoteContentRequest $request * @return RemoteContentRequest $request */ public function fetchRequest(RemoteContentRequest $request) { $request->handle = $this->initCurlHandle($request->getUrl()); $this->setHeaders($request); // Execute the request $content = @curl_exec($request->handle); $this->parseResult($request, $content); curl_close($request->handle); unset($request->handle); return $request; }
/** * Get honest-to-goodness user data. */ private function fetchData() { try { // TODO: it'd be better using $this->realRequest->getContentType(), but not set before hand. Temporary hack. $postBody = $this->realRequest->getPostBody(); $url = $this->realRequest->getUrl(); $msgParams = array(); if (ShindigOAuthUtil::isFormEncoded($this->realRequest->getHeader("Content-Type")) && strlen($postBody) > 0) { $entries = explode('&', $postBody); foreach ($entries as $entry) { $parts = explode('=', $entry); if (count($parts) == 2) { $msgParams[ShindigOAuthUtil::urldecode_rfc3986($parts[0])] = ShindigOAuthUtil::urldecode_rfc3986($parts[1]); } } } $method = $this->realRequest->getMethod(); $msgParams[self::$XOAUTH_APP_URL] = $this->authToken->getAppUrl(); // Build and sign the message. $oauthRequest = $this->newRequestMessageMethod($method, $url, $msgParams); $oauthParams = $this->filterOAuthParams($oauthRequest); $newHeaders = array(); switch ($method) { case 'POST': if (empty($postBody) || count($postBody) == 0) { $postBody = ShindigOAuthUtil::getPostBodyString($oauthParams); } else { $postBody = $postBody . "&" . ShindigOAuthUtil::getPostBodyString($oauthParams); } // To avoid 417 Response from server, adding empty "Expect" header $newHeaders['Expect'] = ''; break; case 'GET': $url = ShindigOAuthUtil::addParameters($url, $oauthParams); break; } // To choose HTTP method client requested, we don't use $this->createRemoteContentRequest() here. $rcr = new RemoteContentRequest($url); $rcr->createRemoteContentRequest($method, $url, $newHeaders, null, $this->realRequest->getOptions()); $rcr->setPostBody($postBody); $remoteFetcherClass = Config::get('remote_content_fetcher'); $fetcher = new $remoteFetcherClass(); $content = $fetcher->fetchRequest($rcr); $statusCode = $content->getHttpCode(); //TODO is there a better way to detect an SP error? For example: http://wiki.oauth.net/ProblemReporting if ($statusCode == 401) { $tokenKey = $this->buildTokenKey(); $this->tokenStore->removeTokenAndSecret($tokenKey); } else { if ($statusCode >= 400 && $statusCode < 500) { $message = $this->parseAuthHeader(null, $content); if ($message->get_parameter(ShindigOAuth::$OAUTH_PROBLEM) != null) { throw new ShindigOAuthProtocolException($message); } } } // Track metadata on the response $this->addResponseMetadata($content); return $content; } catch (Exception $e) { throw new GadgetException("INTERNAL SERVER ERROR: " . $e); } }
private function fetch(RemoteContentRequest $request) { if ($request->getUrl() == 'http://test.chabotc.com/ok.html') { $request->setHttpCode(200); $request->setContentType('text/html; charset=UTF-8'); $request->setResponseContent('OK'); } else { if ($request->getUrl() == 'http://test.chabotc.com/fail.html') { $request->setHttpCode(404); } else { if (preg_match('/http:\\/\\/test\\.chabotc\\.com\\/valid(\\d)\\.html/', $request->getUrl(), $matches) > 0) { if ($this->valid[intval($matches[1])]) { $this->valid[intval($matches[1])] = false; $request->setHttpCode(200); $request->setContentType('text/html; charset=UTF-8'); $request->setResponseContent('OK'); } else { $request->setHttpCode(404); } } else { if (strpos($request->getUrl(), 'http://test.chabotc.com/signing.html') == 0) { $url = parse_url($request->getUrl()); $query = array(); parse_str($url['query'], $query); $request->setHttpCode(200); $request->setContentType('text/html; charset=UTF-8'); if ($query['xoauth_signature_publickey'] && $query['oauth_signature']) { $request->setResponseContent('OK'); } else { $request->setResponseContent('FAILED'); } } } } } }
/** * Get honest-to-goodness user data. */ private function fetchData() { try { $msgParams = OAuthUtil::isFormEncoded($this->realRequest->getContentType()) ? OAuthUtil::urldecodeRFC3986($this->realRequest->getPostBody()) : array(); $method = $this->realRequest->getMethod(); $msgParams[self::$XOAUTH_APP_URL] = $this->authToken->getAppUrl(); // Build and sign the message. $oauthRequest = $this->newRequestMessageMethod($method, $this->realRequest->getUrl(), $msgParams); $rcr = $this->createRemoteContentRequest($this->filterOAuthParams($oauthRequest), $this->realRequest->getMethod(), $this->realRequest->getUrl(), $this->realRequest->getHeaders(), $this->realRequest->getContentType(), $this->realRequest->getPostBody(), $this->realRequest->getOptions()); //TODO is there a better way to detect an SP error? $remoteFetcherClass = Shindig_Config::get('remote_content_fetcher'); $fetcher = new $remoteFetcherClass(); $content = $fetcher->fetchRequest($rcr); $statusCode = $content->getHttpCode(); if ($statusCode >= 400 && $statusCode < 500) { $message = $this->parseAuthHeader(null, $content); if ($message->get_parameter(OAuth::$OAUTH_PROBLEM) != null) { throw new OAuthProtocolException($message); } } // Track metadata on the response $this->addResponseMetadata($content); return $content; } catch (Exception $e) { throw new GadgetException("INTERNAL SERVER ERROR: " . $e); } }
private function signRequest(RemoteContentRequest $request) { $url = $request->getUrl(); $method = $request->getMethod(); try { // Parse the request into parameters for OAuth signing, stripping out // any OAuth or OpenSocial parameters injected by the client $parsedUri = parse_url($url); $resource = $url; $contentType = $request->getHeader('Content-Type'); $signBody = stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null; $msgParams = array(); $postParams = array(); if ($request->getPostBody()) { if ($signBody) { // on normal application/x-www-form-urlencoded type post's encode and parse the post vars parse_str($request->getPostBody(), $postParams); $postParams = $this->sanitize($postParams); } else { // on any other content-type of post (application/{json,xml,xml+atom}) use the body signing hash // see http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html for details $msgParams['oauth_body_hash'] = base64_encode(sha1($request->getPostBody(), true)); } } if ($signBody && isset($postParams)) { $msgParams = array_merge($msgParams, $postParams); } $this->addOpenSocialParams($msgParams, $request->getToken(), $request->getOptions()->ownerSigned, $request->getOptions()->viewerSigned); $this->addOAuthParams($msgParams, $request->getToken()); $consumer = new OAuthConsumer(NULL, NULL, NULL); $signatureMethod = new ShindigRsaSha1SignatureMethod($this->privateKeyObject, null); $req_req = OAuthRequest::from_consumer_and_token($consumer, NULL, $method, $resource, $msgParams); $req_req->sign_request($signatureMethod, $consumer, NULL); // Rebuild the query string, including all of the parameters we added. // We have to be careful not to copy POST parameters into the query. // If post and query parameters share a name, they end up being removed // from the query. $forPost = array(); $postData = false; if ($method == 'POST' && $signBody) { foreach ($postParams as $key => $param) { $forPost[$key] = $param; if ($postData === false) { $postData = array(); } $postData[] = OAuthUtil::urlencode_rfc3986($key) . "=" . OAuthUtil::urlencode_rfc3986($param); } if ($postData !== false) { $postData = implode("&", $postData); } } $newQueryParts = array(); foreach ($req_req->get_parameters() as $key => $param) { if (!isset($forPost[$key])) { if (!is_array($param)) { $newQueryParts[] = urlencode($key) . '=' . urlencode($param); } else { foreach ($param as $elem) { $newQueryParts[] = urlencode($key) . '=' . urlencode($elem); } } } $newQuery = implode('&', $newQueryParts); } // Careful here; the OAuth form encoding scheme is slightly different than // the normal form encoding scheme, so we have to use the OAuth library // formEncode method. $url = $parsedUri['scheme'] . '://' . $parsedUri['host'] . (isset($parsedUri['port']) ? ':' . $parsedUri['port'] : '') . (isset($parsedUri['path']) ? $parsedUri['path'] : '') . '?' . $newQuery; $request->setUri($url); if ($signBody) { $request->setPostBody($postData); } } catch (Exception $e) { throw new GadgetException($e); } }
private function verifySignedRequest(RemoteContentRequest $request) { $url = parse_url($request->getUrl()); $query = array(); parse_str($url['query'], $query); $post = array(); $contentType = $request->getHeader('Content-Type'); if (stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null) { parse_str($request->getPostBody(), $post); } else { $this->assertEquals(base64_encode(sha1($request->getPostBody(), true)), $query['oauth_body_hash']); } $oauthRequest = OAuthRequest::from_request($request->getMethod(), $request->getUrl(), array_merge($query, $post)); $signature_method = new MockSignatureMethod(); $signature_valid = $signature_method->check_signature($oauthRequest, null, null, $query['oauth_signature']); $this->assertTrue($signature_valid); }