function get_oauth_user_id() { try { $verifier = new OAuthRequestVerifier(); return $verifier->verify(); } catch (OAuthException2 $e) { return FALSE; } }
public function direct() { if (OAuthRequestVerifier::requestIsSigned()) { try { $req = new OAuthRequestVerifier(); $authUid = $req->verify(); if ($authUid) { $registry = Zend_Registry::getInstance(); $people = Ml_Model_People::getInstance(); $authedUserInfo = $people->getById($authUid); $registry->set("authedUserInfo", $authedUserInfo); } } catch (OAuthException $e) { //If user authentication fails header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: OAuth realm=""'); header('Content-Type: text/plain; charset=utf8'); throw $e; } } }
public static function checkAuthorized() { self::storeInstance(); if (OAuthRequestVerifier::requestIsSigned()) { try { $req = new OAuthRequestVerifier(); $userId = $req->verify(); // If we have an user_id, then login as that user (for this request) if ($userId) { $user = SfGuardUserPeer::retrieveByPK($userId); sfContext::getInstance()->getUser()->signin($user); } } catch (OAuthException $e) { sfContext::getInstance()->getLogger()->err("oauthSecurityManager::checkAuthorized exception"); sfContext::getInstance()->getLogger()->err("Message: " + $e->getMessage()); $this->sendNotAuthorized(); } } else { sfContext::getInstance()->getLogger()->err("oauthSecurityManager::checkAuthorized request not signed"); $this->sendNotAuthorized(); } return $userId; }
public function authorization() { if (OAuthRequestVerifier::requestIsSigned()) { try { $req = new OAuthRequestVerifier(); $user_id = $req->verify(); // If we have an user_id, then login as that user (for this request) if ($user_id) { self::setUid($user_id); //这是 oauth 访问 self::$_oauth = true; // **** Add your own code here **** } } catch (OAuthException $e) { $msg = $e->getMessage(); throw new CHttpException(401, $msg); exit; } } else { $msg = "Can't verify request, missing oauth_consumer_key or oauth_token"; throw new CHttpException(401, $msg); exit; } }
Debug::LogEntry('audit', 'OAuth Webservice call'); Kit::ClassLoader('ServiceOAuth'); $oauth = new ServiceOAuth(); if (method_exists($oauth, $method)) { $oauth->{$method}(); } else { $serviceResponse->ErrorServerError('Unknown Request.'); } break; case 'rest': $serviceResponse->StartTransaction(); // OAuth authorization. if (OAuthRequestVerifier::requestIsSigned()) { try { $request = new OAuthRequestVerifier(); $userID = $request->verify(); if ($userID) { // Create the login control system. $userClass = Config::GetSetting('userModule'); $userClass = explode('.', $userClass); Kit::ClassLoader($userClass[0]); // Create a user. $user = new User($db); // Log this user in. if (!$user->LoginServices($userID)) { $serviceResponse->ErrorServerError('Unknown User.'); } } else { $serviceResponse->ErrorServerError('No user id.'); } } catch (OAuthException $e) {
/** * This function checks if the request is CORS valid, if not checks for an authentication and setup the auth routes */ function checkOAuth() { global $validOrigins; if (isset($_SERVER['HTTP_ORIGIN']) && in_array($_SERVER['HTTP_ORIGIN'], $validOrigins)) { return; } //Command to generate the Request Tokens $this->addRouteCommand(new RouteCommand("POST", "auth", "requestToken", function ($params = NULL) { if (empty($_POST["userId"])) { $this->showError(400); } $store = OAuthStore::instance('PDO', array('conn' => DBController::$db)); $key = $store->updateConsumer($_POST, $_POST["userId"], true); $c = $store->getConsumer($key, $_POST["userId"]); $result["key"] = $c["consumer_key"]; $result["secret"] = $c["consumer_secret"]; $this->showResult($result); }, array("userId"), "Request a new token")); // Create a new instance of OAuthStore and OAuthServer $store = OAuthStore::instance('PDO', array('conn' => DBController::$db)); $server = new OAuthServer(); ResterUtils::Log(">> CHECKING OAUTH " . $_SERVER['REQUEST_METHOD']); if (OAuthRequestVerifier::requestIsSigned()) { //If the request is signed, allow from any source header('Access-Control-Allow-Origin: *'); try { $req = new OAuthRequestVerifier(); $id = $req->verify(false); ResterUtils::Log("*** API USER " . $id . " ***"); } catch (OAuthException2 $e) { // The request was signed, but failed verification header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: OAuth realm=""'); header('Content-Type: text/plain; charset=utf8'); ResterUtils::Log(">> OAUTH ERROR >> " . $e->getMessage()); exit; } } else { ResterUtils::Log(">> OAUTH: Unsigned request"); if (isset($validOrigins)) { foreach ($validOrigins as $origin) { ResterUtils::Log(">> ADD ORIGIN: " . $origin); header('Access-Control-Allow-Origin: ' . $origin); } } else { //TODO; CHECK ORIGIN header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: OAuth realm=""'); header('Content-Type: text/plain; charset=utf8'); echo "Authentication error"; ResterUtils::Log(">> OAUTH ERROR >> Request not signed"); ResterUtils::Log("*** AUTH ERROR *** ===>"); exit; } //$this->showError(401); } }
public function authorization() { // $data = $_REQUEST; // $data = OAuthRequestLogger::getAllHeaders(); // $data = $_SERVER; // $data = $_ENV; // $headers = array_merge($_ENV, $_SERVER); // $retarr = array(); // foreach ($headers as $key => $val) { // //we need this header // if (strpos(strtolower($key), 'content-type') !== FALSE) // continue; // if (strtoupper(substr($key, 0, 5)) != "HTTP_") // unset($headers[$key]); // $headers[$key] = 'xxxxxxxxxxxxxxxxx'; // } // Normalize this array to Cased-Like-This structure. // foreach ($headers AS $key => $value) { // $key = preg_replace('/^HTTP_/i', '', $key); // $key = str_replace( // " ", // "-", // ucwords(strtolower(str_replace(array("-", "_"), " ", $key))) // ); // $retarr[$key] = $value; // } // ksort($retarr); // self::d($data); // exit(); if (OAuthRequestVerifier::requestIsSigned()) { // $data = $_SERVER; // self::d($data); // exit(); try { $req = new OAuthRequestVerifier(); $user_id = $req->verify(); // If we have an user_id, then login as that user (for this request) if ($user_id) { self::setUid($user_id); //This is oauth Access self::$_oauth = true; // **** Add your own code here **** } else { } } catch (OAuthException $e) { $msg = $e->getMessage(); throw new CHttpException(401, $msg); exit; } } else { // $data = $_REQUEST; // $data = OAuthRequestLogger::getAllHeaders(); // $data = $_SERVER; // self::d($data); // exit(); $msg = "Can't verify request, missing oauth_consumer_key or oauth_token"; throw new CHttpException(401, $msg); exit; } }
<!--API Resource to be accessed by the Client--> <?php require_once '../include/common.php'; if (OAuthRequestVerifier::requestIsSigned()) { try { $req = new OAuthRequestVerifier(); $id = $req->verify(); // echo "hey"; if ($id) { echo 'Hello ' . $id; } } catch (OAuthException $e) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: OAuth realm=""'); header('Content-Type: text/plain; charset=utf8'); echo $e->getMessage(); exit; } }