/**
  * Uses OAuthProvider->checkOAuthRequest() which initiates the callbacks and checks the signature
  *
  * @return bool|string
  */
 public function checkOAuthRequest()
 {
     try {
         $this->Provider->checkOAuthRequest();
     } catch (Exception $Exception) {
         return OAuthProvider::reportProblem($Exception);
     }
     return true;
 }
 /**
  * This function check the handlers that we added in the constructor
  * and then checks for a valid signature
  */
 public function checkRequest()
 {
     /* now that everything is setup we run the checks */
     try {
         $this->oauth->checkOAuthRequest();
     } catch (OAuthException $E) {
         echo OAuthProvider::reportProblem($E);
         $this->oauth_error = true;
     }
 }
Esempio n. 3
0
 public function checkrequest()
 {
     try {
         //runs noncehandler and expects OAUTH_OK and runs consumer handler and expects it to set consumer_secret from db
         //calls token handler if OAuthProvider::isRequestTokenEndpoint(false)
         $this->oauth->checkOauthRequest();
     } catch (OAuthException $e) {
         echo OAuthProvider::reportProblem($e);
         $this->oauth_error = TRUE;
     }
 }
Esempio n. 4
0
 public function onRoute(MvcEvent $mvcEvent)
 {
     $request = $mvcEvent->getRequest();
     $response = $mvcEvent->getResponse();
     $app = $mvcEvent->getApplication();
     $match = $app->getMvcEvent()->getRouteMatch();
     $routeName = $match->getMatchedRouteName();
     $method = strtolower($request->getMethod());
     if (!$this->acl->hasResource($routeName)) {
         return;
     }
     $role = null;
     /**
      * Infer that if :
      * 1. the request is protected under 2 legged oauth,
      *    then it is a 2 legged oauth request
      * 2. the request is protected under 3 legged oauth,
      *    then it is a 3 legged oauth request
      * 3. otherwise it is not protected
      */
     if ($this->acl->isAllowed(BgOauthProviderAcl::TWO_LEGGED, $routeName, $method)) {
         $role = BgOauthProviderAcl::TWO_LEGGED;
         $this->oauthProvider->is2LeggedEndpoint();
     } elseif ($this->acl->isAllowed(BgOauthProviderAcl::THREE_LEGGED, $routeName, $method)) {
         $role = BgOauthProviderAcl::THREE_LEGGED;
     } else {
         return;
     }
     try {
         $this->oauthProvider->checkOAuthRequest();
     } catch (\OAuthException $e) {
         $error = \OAuthProvider::reportProblem($e);
         $response->setStatusCode(400);
         $response->setContent($error);
         $response->getHeaders()->addHeaders(array('WWW-Authenticate' => $error));
         return $response;
     }
     //Unreachable (I think).
     if (!$this->acl->isAllowed($role, $routeName, $method)) {
         $responseBody = array();
         $responseBody['error'] = 'Not Authorised';
         $responseBody['request'] = $request->getRequestUri();
         $response->setStatusCode(401);
         $response->setContent(json_encode($responseBody));
         $response->setHeaders($response->getHeaders()->addHeaderLine('Content-Type', 'application/json'));
         return $response;
     }
 }
Esempio n. 5
0
 public function onRoute(MvcEvent $mvcEvent)
 {
     $request = $mvcEvent->getRequest();
     $response = $mvcEvent->getResponse();
     /**
      * If it's a CLI request - return.
      */
     if ($request instanceof \Zend\Console\Request) {
         return;
     }
     $app = $mvcEvent->getApplication();
     $match = $app->getMvcEvent()->getRouteMatch();
     $routeName = $match->getMatchedRouteName();
     $method = strtolower($request->getMethod());
     if (!$this->acl->hasResource($routeName)) {
         return;
     }
     $role = null;
     /**
      * Infer that if :
      * 1. the request is protected under 2 legged oauth,
      *    then it is a 2 legged oauth request
      * 2. the request is protected under 3 legged oauth,
      *    then it is a 3 legged oauth request
      * 3. otherwise it is not protected
      */
     if ($this->acl->isAllowed(BgOauthProviderAcl::TWO_LEGGED, $routeName, $method)) {
         $role = BgOauthProviderAcl::TWO_LEGGED;
         $this->oauthProvider->is2LeggedEndpoint();
     } elseif ($this->acl->isAllowed(BgOauthProviderAcl::THREE_LEGGED, $routeName, $method)) {
         $role = BgOauthProviderAcl::THREE_LEGGED;
     } else {
         return;
     }
     try {
         $this->oauthProvider->checkOAuthRequest();
     } catch (\OAuthException $e) {
         $error = \OAuthProvider::reportProblem($e, false);
         $response->setStatusCode(Response::STATUS_CODE_401);
         $response->setContent($error);
         $response->getHeaders()->addHeaders(array('WWW-Authenticate' => $error));
         $mvcEvent->setError(self::ERROR);
         $mvcEvent->getApplication()->getEventManager()->trigger(MvcEvent::EVENT_DISPATCH_ERROR, $mvcEvent);
         return $response;
     }
     //Success!
 }
Esempio n. 6
0
 public function __construct($query_get)
 {
     $this->__action = $this->_get_action($query_get);
     try {
         $this->__provider = new OAuthProvider();
         $this->__provider->consumerHandler(array($this, 'lookupConsumer'));
         $this->__provider->timestampNonceHandler(array($this, 'timestampNonceChecker'));
         $this->__provider->tokenHandler(array($this, 'tokenHandler'));
         $this->__provider->setParam('kohana_uri', NULL);
         // Ignore the kohana_uri parameter
         $this->__provider->setRequestTokenPath('/v1/oauth/request_token');
         // No token needed for this end point
         $this->__provider->checkOAuthRequest();
     } catch (OAuthException $E) {
         echo OAuthProvider::reportProblem($E);
         $this->oauth_error = true;
     }
 }
Esempio n. 7
0
 public function endpoint()
 {
     $provider = new MyOAuthProvider();
     //we need to disable a check if it is our first call to requesttoken.
     $c = strtolower($this->args('api_call'));
     if ($c == 'requesttoken') {
         $provider->oauth->isRequestTokenEndpoint(true);
         $this->set('provider', $provider);
     } elseif ($c == 'accesstoken') {
         $this->set('provider', $provider);
     }
     try {
         $provider->oauth->checkOAuthRequest();
         $calls = array('requesttoken', 'accesstoken', 'listqueues', 'queueinfo', 'createqueue', 'listjobs', 'jobinfo', 'grabjob', 'grabslicejob', 'findnewjob', 'dropjob', 'canceljob', 'completejob', 'completeslicejob', 'downloadedjob', 'createjob', 'updatejobprogress', 'listbots', 'botinfo', 'registerbot', 'updatebot', 'updateslicejob', 'webcamupdate', 'getmybots', 'devicescanresults');
         if (in_array($c, $calls)) {
             $this->token = $provider->token;
             // TODO Find out if consumer is even needed
             $this->consumer = $provider->consumer;
             $fname = "api_{$c}";
             $data = $this->{$fname}();
         } else {
             throw new Exception("Specified api_call '{$c}' does not exist.");
         }
         $result = array('status' => 'success', 'data' => $data);
     } catch (OAuthException $e) {
         error_log("Something went wrong with OAuth");
         error_log($e->getMessage());
         error_log(print_r($this->args(), true));
         error_log(print_r($provider->oauth, true));
         error_log(OAuthProvider::reportProblem($e, true));
         $result = array('status' => 'error', 'error' => $e->getMessage());
     } catch (Exception $e) {
         error_log($e->getMessage());
         error_log(print_r($this->args(), true));
         $result = array('status' => 'error', 'error' => $e->getMessage());
     }
     //add in our version.
     $result['_api_version'] = self::$api_version;
     echo JSON::encode($result);
     exit;
 }
Esempio n. 8
0
 public function flow()
 {
     if (isset($_GET['oauth_token'])) {
         $consumerKey = $_GET['oauth_consumer_key'];
         $consumerSecret = $_GET['oauth_consumer_secret'];
         $token = $_GET['oauth_token'];
         $tokenSecret = $_GET['oauth_token_secret'];
         $verifier = $_GET['oauth_verifier'];
         try {
             $consumer = getDb()->getCredential($token);
             $oauth = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION);
             $oauth->setVersion('1.0a');
             $oauth->setToken($token, $tokenSecret);
             $accessToken = $oauth->getAccessToken(sprintf('%s://%s/v1/oauth/token/access', $this->utility->getProtocol(false), $_SERVER['HTTP_HOST']), null, $verifier);
             $accessToken['oauth_consumer_key'] = $consumerKey;
             $accessToken['oauth_consumer_secret'] = $consumerSecret;
             setcookie('oauth', http_build_query($accessToken));
             if (!isset($accessToken['oauth_token']) || !isset($accessToken['oauth_token_secret'])) {
                 echo sprintf('Invalid response when getting an access token: %s', http_build_query($accessToken));
             } else {
                 echo sprintf('You exchanged a request token for an access token<br><a href="?reloaded=1">Reload to make an OAuth request</a>', $accessToken['oauth_token'], $accessToken['oauth_token_secret']);
             }
         } catch (OAuthException $e) {
             $message = OAuthProvider::reportProblem($e);
             getLogger()->info($message);
             OPException::raise(new OPAuthorizationOAuthException($message));
         }
     } else {
         if (!isset($_GET['reloaded'])) {
             $callback = sprintf('%s://%s/v1/oauth/flow', $this->utility->getProtocol(false), $_SERVER['HTTP_HOST']);
             $name = isset($_GET['name']) ? $_GET['name'] : 'OAuth Test Flow';
             echo sprintf('<a href="%s://%s/v1/oauth/authorize?oauth_callback=%s&name=%s">Create a new client id</a>', $this->utility->getProtocol(false), $_SERVER['HTTP_HOST'], urlencode($callback), urlencode($name));
         } else {
             try {
                 parse_str($_COOKIE['oauth']);
                 $consumer = getDb()->getCredential($oauth_token);
                 $oauth = new OAuth($oauth_consumer_key, $oauth_consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION);
                 $oauth->setToken($oauth_token, $oauth_token_secret);
                 $oauth->fetch(sprintf('http://%s/v1/oauth/test?oauth_consumer_key=%s', $_SERVER['HTTP_HOST'], $oauth_consumer_key));
                 $response_info = $oauth->getLastResponseInfo();
                 header("Content-Type: {$response_info["content_type"]}");
                 echo $oauth->getLastResponse();
             } catch (OAuthException $e) {
                 $message = OAuthProvider::reportProblem($e);
                 getLogger()->info($message);
                 OPException::raise(new OPAuthorizationOAuthException($message));
             }
         }
     }
 }
Esempio n. 9
0
 public function getErrorAsString()
 {
     return OAuthProvider::reportProblem($this->oauthException);
 }
<?php

include 'common.inc.php';
try {
    $provider = new OAuthProvider($params);
    /* the endpoint which issues a request token is special, it doesn't take an oauth_token and hence there's no call to the tokenHandler() */
    $provider->isRequestTokenEndpoint(true);
    /* OAuthProvider will call this callback with the $provider object as an argument, you can throw errors from that handler and set the $provider->consumer_key if all is good */
    $provider->consumerHandler('lookupConsumer');
    /* similar to consumerHandler, throw errors related to the timestamp/nonce in this callback */
    $provider->timestampNonceHandler('timestampNonceChecker');
    /* this is the meat of request authorization, the first argument is the URL of this endpoint as the outside world sees it
     * the optional second argument is the HTTP method, GET, POST, etc ... the provider will try to detect this via $_SERVER["REQUEST_METHOD"] (usually reliable) when it's not set */
    $provider->checkOAuthRequest("http://localhost/request_token.php", PHP_SAPI == "cli" ? OAUTH_HTTP_METHOD_GET : NULL);
} catch (OAuthException $E) {
    /* when you catch OAuthException and echo OAuthProvider::reportProblem with it, you'll get the problem reporting extension described here:
     * http://wiki.oauth.net/ProblemReporting for free, it also sets the most appropriate HTTP response code */
    echo OAuthProvider::reportProblem($E);
}
 public function accessTokenAction()
 {
     $oauthProvider = $this->oauthProvider;
     $response = $this->getResponse();
     try {
         $oauthProvider->checkOAuthRequest();
         $accessToken = $oauthProvider->saveAccessToken();
         $responseUrl = array();
         $responseUrl['oauth_token'] = $accessToken->getToken();
         $responseUrl['oauth_token_secret'] = $accessToken->getTokenSecret();
         $response->setContent(http_build_query($responseUrl));
     } catch (\OAuthException $e) {
         $error = \OAuthProvider::reportProblem($e);
         $response->setStatusCode(400);
         $response->setContent($error);
         $response->getHeaders()->addHeaders(array('WWW-Authenticate' => $error));
     }
     return $response;
 }
Esempio n. 12
0
 public function setUpOAuthAndDb($db)
 {
     $this->db = $db;
     try {
         $this->provider = new OAuthProvider();
         $this->provider->consumerHandler(array($this, 'lookupConsumer'));
         $this->provider->timestampNonceHandler(array($this, 'timestampNonceChecker'));
         $this->provider->tokenHandler(array($this, 'tokenHandler'));
         $this->provider->setRequestTokenPath('/v2/oauth/request_token');
         // No token needed for this end point
         $this->provider->checkOAuthRequest();
     } catch (OAuthException $E) {
         error_log(OAuthProvider::reportProblem($E));
         return false;
     }
     return true;
 }
Esempio n. 13
0
 /**
  * Attempt to validate the incoming LTI request.
  */
 public function __construct()
 {
     try {
         $this->oauthProvider = new OAuthProvider();
         $this->oauthProvider->consumerHandler(array($this, 'consumerHandler'));
         $this->oauthProvider->timestampNonceHandler(array($this, 'timestampNonceHandler'));
         $this->oauthProvider->isRequestTokenEndpoint(true);
         $this->oauthProvider->setParam('url', NULL);
         $this->oauthProvider->checkOAuthRequest();
     } catch (OAuthException $e) {
         LTI::log(OAuthProvider::reportProblem($e));
         switch ($e->getCode()) {
             case OAUTH_BAD_NONCE:
                 wp_die(__('This LTI request has expired. Please return to your application and restart the launch process.'), __('LTI Error'));
                 break;
             case OAUTH_BAD_TIMESTAMP:
                 wp_die(__('This request is too old. Please return to your application and restart the launch process.'), __('LTI Error'));
                 break;
             case OAUTH_CONSUMER_KEY_UNKNOWN:
                 wp_die(__('Consumer key is unknown, or has been temporarily disabled. Please check your consumer key settings and restart the launch process.'), __('LTI Error'));
                 break;
             case OAUTH_CONSUMER_KEY_REFUSED:
                 wp_die(__('The consumer key was refused. Please check your configuration and follow up with the LTI provider for support.'), __('LTI Error'));
                 break;
             case OAUTH_INVALID_SIGNATURE:
                 wp_die(__('The request signature is invalid, or does not match the signature computed.'), __('LTI Error'));
                 break;
             case OAUTH_PARAMETER_ABSENT:
                 wp_die(__('A required launch parameter was not provided.'), __('LTI Error'));
                 break;
             case OAUTH_SIGNATURE_METHOD_REJECTED:
                 wp_die(__('The signature method was not accepted by the service provider.'), __('LTI Error'));
                 break;
             default:
                 // We really shouldn't get any of the other OAuthProvider error codes.
                 // log this.
                 wp_die(__('General launch error. Please follow up with the tool provider to consult any logs to further diagnose the issue.'), __('LTI Error'));
                 break;
         }
     }
 }