Esempio n. 1
0
 public function run_update_method($token = null)
 {
     $response = new OAuth2\Response();
     if (!isset($token['user_id']) || $token['user_id'] == 0) {
         $response->setError(400, 'invalid_request', 'Missing or invalid access token');
         $response->send();
         exit;
     }
     $user_id =& $token['user_id'];
     if (!current_user_can('edit_user', $user_id)) {
         $response->setError(400, 'invalid_request', 'You are not allowed to edit this user');
         $response->send();
         exit;
     }
     $user_id = wp_update_user(array('ID' => $user_id, 'display_name' => sanitize_text_field($_POST['name'])));
     if (is_wp_error($user_id)) {
         // There was an error, probably that user doesn't exist.
         $response->setError(400, 'invalid_request', 'There was an error updating me');
         $response->send();
         exit;
     } else {
         $return = array('success' => 'updated-me');
         $response = new OAuth2\Response($return);
         $response->send();
         exit;
     }
 }
Esempio n. 2
0
 /**
  * @covers OAuth2\Response::content_type()
  * @covers OAuth2\Response::parse()
  */
 public function testParseResponse()
 {
     // parses application/x-www-form-urlencoded body
     $headers = array('Content-Type' => 'application/x-www-form-urlencoded');
     $body = 'foo=bar&answer=42';
     $this->response = new \OAuth2\Response(new \GuzzleHttp\Message\Response(200, $headers, \GuzzleHttp\Stream\Stream::factory($body)));
     $parsedResponse = $this->response->parse();
     $this->assertEquals(2, count(array_keys($parsedResponse)));
     $this->assertEquals('bar', $parsedResponse['foo']);
     $this->assertEquals(42, $parsedResponse['answer']);
     // parses application/json body
     $headers = array('Content-Type' => 'application/json');
     $body = json_encode(array('foo' => 'bar', 'answer' => 42));
     $this->response = new \OAuth2\Response(new \GuzzleHttp\Message\Response(200, $headers, \GuzzleHttp\Stream\Stream::factory($body)));
     $parsedResponse = $this->response->parse();
     $this->assertEquals(2, count(array_keys($parsedResponse)));
     $this->assertEquals('bar', $parsedResponse['foo']);
     $this->assertEquals(42, $parsedResponse['answer']);
     // doesn't try to parse other content-types
     $headers = array('Content-Type' => 'text/html');
     $body = '<!DOCTYPE html><html><head></head><body></body></html>';
     $this->response = new \OAuth2\Response(new \GuzzleHttp\Message\Response(200, $headers, \GuzzleHttp\Stream\Stream::factory($body)));
     $this->assertNull($this->response->parse());
 }
Esempio n. 3
0
/**
 * DEFAULT ME METHOD - DO NOT REMOVE DIRECTLY
 * This is the default resource call "/oauth/me". Do not edit or remove.
 */
function _wo_method_me($token = null)
{
    if (!isset($token['user_id']) || $token['user_id'] == 0) {
        $response = new OAuth2\Response();
        $response->setError(400, 'invalid_request', 'Missing or invalid access token');
        $response->send();
        exit;
    }
    $user = get_user_by('id', $token['user_id']);
    $me_data = (array) $user->data;
    unset($me_data['user_pass']);
    unset($me_data['user_activation_key']);
    unset($me_data['user_url']);
    /**
     * @since  3.0.5 
     * OpenID Connect looks for the field "email".
     * Sooooo. We shall provide it. (at least for Moodle)
     */
    $me_data['email'] = $me_data['user_email'];
    $response = new OAuth2\Response($me_data);
    $response->send();
    exit;
}
Esempio n. 4
0
/**
 * DEFAULT ME METHOD - DO NOT REMOVE DIRECTLY
 * This is the default resource call "/oauth/me". Do not edit or remove.
 */
function _wo_method_me($token = null)
{
    /** 
     * Added 3.0.2 to handle access tokens not asigned to user
     */
    if (!isset($token['user_id']) || $token['user_id'] == 0) {
        $response = new OAuth2\Response();
        $response->setError(400, 'invalid_request', 'Missing or invalid access token');
        $response->send();
        exit;
    }
    $user_id =& $token['user_id'];
    global $wpdb;
    $me_data = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}users WHERE ID={$user_id}", ARRAY_A);
    /** prevent sensative data - makes me happy ;) */
    unset($me_data['user_pass']);
    unset($me_data['user_activation_key']);
    unset($me_data['user_url']);
    /**
     * @since  3.0.5 
     * OpenID Connect looks for the field "email".
     * Sooooo. We shall provide it. (at least for Moodle)
     */
    $me_data['email'] = $me_data['user_email'];
    $response = new OAuth2\Response($me_data);
    $response->send();
    exit;
}
Esempio n. 5
0
 /**
  * Intercept all OAuth2\Client::getResponse() calls and mock their responses
  */
 public function mockGetResponse()
 {
     // retrieve arguments
     $args = func_get_args();
     // map routes
     $map = array();
     $map['GET']['/success'] = array('status' => 200, 'headers' => array('Content-Type' => 'text/awesome'), 'body' => 'yay');
     $map['GET']['/reflect'] = array('status' => 200, 'headers' => array(), 'body' => $args[0]->getBody());
     $map['POST']['/reflect'] = array('status' => 200, 'headers' => array(), 'body' => $args[0]->getBody());
     $map['GET']['/unauthorized'] = array('status' => 401, 'headers' => array('Content-Type' => 'application/json'), 'body' => json_encode(array('error' => $this->errorValue, 'error_description' => $this->errorDescriptionValue)));
     $map['GET']['/conflict'] = array('status' => 409, 'headers' => array('Content-Type' => 'text/plain'), 'body' => 'not authorized');
     $map['GET']['/redirect'] = array('status' => 302, 'headers' => array('Content-Type' => 'text/plain', 'location' => '/success'), 'body' => '');
     $map['POST']['/redirect'] = array('status' => 303, 'headers' => array('Content-Type' => 'text/plain', 'location' => '/reflect'), 'body' => '');
     $map['GET']['/error'] = array('status' => 500, 'headers' => array(), 'body' => '');
     $map['GET']['/empty_get'] = array('status' => 200, 'headers' => array(), 'body' => '');
     // match response
     $response = $map[$args[0]->getMethod()][$args[0]->getPath()];
     // wrap response in an OAuth2\Response object
     $response = new \OAuth2\Response(new \GuzzleHttp\Message\Response($response['status'], $response['headers'], \GuzzleHttp\Stream\Stream::factory($response['body'])), $args[1]);
     // handle response
     if (in_array($response->status(), range(200, 299))) {
         return $response;
     } else {
         if (in_array($response->status(), range(300, 399))) {
             // Increment redirect count
             $this->client->options['redirect_count'] = isset($this->client->options['redirect_count']) ? $this->client->options['redirect_count'] : 0;
             $this->client->options['redirect_count'] += 1;
             if ($this->client->options['redirect_count'] > $args[0]->getConfig()['redirect']['max']) {
                 return $response;
             }
             // Retrieve data
             $method = $response->status() === 303 ? 'GET' : $args[0]->getMethod();
             $headers = $response->headers();
             $location = $headers['location'];
             // Redirect request
             $request = $this->client->createRequest($method, $location[0], ['body' => $response->body()]);
             return $this->client->getResponse($request);
         } else {
             if (in_array($response->status(), range(400, 599))) {
                 $e = new \OAuth2\Error($response);
                 if ($args[0]->getConfig()['exceptions'] || $this->client->options['request_opts']['exceptions']) {
                     throw $e;
                 }
                 $response->error = $e;
                 return $response;
             } else {
                 throw new \OAuth2\Error($response);
             }
         }
     }
 }
Esempio n. 6
0
$ext_methods = apply_filters("wo_endpoints", null);
// Check to see if the method exists in the filter
if (array_key_exists($method, $ext_methods)) {
    // If the method is is set to public, lets just run the method without
    if (isset($ext_methods[$method]['public']) && $ext_methods[$method]['public']) {
        call_user_func_array($ext_methods[$method]['func'], $_REQUEST);
        exit;
    }
    $response = new OAuth2\Response();
    if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) {
        $response->setError(400, 'invalid_request', 'Missing or invalid parameter(s)');
        $response->send();
        exit;
    }
    $token = $server->getAccessTokenData(OAuth2\Request::createFromGlobals());
    if (is_null($token)) {
        $server->getResponse()->send();
        exit;
    }
    do_action('wo_endpoint_user_authenticated', array($token));
    call_user_func_array($ext_methods[$method]['func'], array($token));
    exit;
}
/**
 * Server error response. End of line
 * @since 3.1.0
 */
$response = new OAuth2\Response();
$response->setError(400, 'invalid_request', 'Unknown request');
$response->send();
exit;
Esempio n. 7
0
 protected function _generateControllerResponse(XenForo_Controller $controller, OAuth2\Response $response)
 {
     if ($response->isRedirection()) {
         return $controller->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $response->getHttpHeader('Location'));
     }
     $params = $response->getParameters();
     $params['_statusCode'] = $response->getStatusCode();
     $params['_headers'] = $response->getHttpHeaders();
     if ($controller instanceof bdApi_ControllerApi_Abstract) {
         return $controller->responseData('bdApi_ViewApi_OAuth', $params);
     } else {
         if ($response->isClientError()) {
             return $controller->responseError($response->getParameter('error_description'), $response->getStatusCode());
         } else {
             $controller->getRouteMatch()->setResponseType('json');
             return $controller->responseView('bdApi_ViewPublic_OAuth', '', $params);
         }
     }
 }