function request_and_verify_request_token() { // If there exists any active session, destroy it for simplicity's sake. $this->log_out(); // create a temp user and make a cookie for his record $this->user_id = create_temp_user(); setcookie(COOKIE_NAME, get_session_id_from_user_id($this->user_id)); // At this point, we shouldn't have anything in the DB with a record of this transaction. // Set up the required parameters to recognize an OAuth provider -- known in this OAuthPHP lib as // a record in the oauth_consumer_registry table. $server = array('consumer_key' => CONSUMER_KEY, 'consumer_secret' => CONSUMER_SECRET, 'server_uri' => ROOT_TYPEPAD_API_URL, 'signature_methods' => array('PLAINTEXT'), 'request_token_uri' => $this->get_api_endpoint(TP_OAUTH_REQUEST_TOKEN_URL), 'authorize_uri' => $this->get_api_endpoint(TP_OAUTH_AUTH_URL), 'access_token_uri' => $this->get_api_endpoint(TP_OAUTH_ACCESS_TOKEN_URL)); // See which known services exist for this user $servers = $this->store->listServers('', $this->user_id); // Refresh the known OAuth providers for this user by deleting them if they already exist... foreach ($servers as $server_item) { if ($server_item['consumer_key'] == CONSUMER_KEY && $server_item['user_id'] == $this->user_id) { // debug ("User_id = " . $this->user_id); $this->store->deleteServer(CONSUMER_KEY, $this->user_id); } } // otherwise, create a new record of this OAuth provider. $consumer_key = $this->store->updateServer($server, $this->user_id); /* * These methods from this OAuth PHP lib don't create the right type of GET request... $options = array(); $options[CURLOPT_HTTPHEADER] = $server; $token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id); //, '', 'GET', $options); $token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id, '', 'GET'); */ $r = $this->store->getServer(CONSUMER_KEY, $this->user_id); // This creates a generic Request object, so we'll have to fill in the rest... $oauth = new OAuthRequester($this->get_api_endpoint(TP_OAUTH_REQUEST_TOKEN_URL), '', ''); $oauth->setParam('oauth_callback', CALLBACK_URL); // ..and this adds more parameters, like the timestamp, nonce, version, signature method, etc $oauth->sign($this->user_id, $r); // Begin to build the URL string with the request token endpoint $final_url = $this->get_api_endpoint(TP_OAUTH_REQUEST_TOKEN_URL) . "?"; $parameters = array('timestamp', 'callback', 'nonce', 'consumer_key', 'version', 'signature_method', 'signature'); foreach ($parameters as $parm) { $final_url .= 'oauth_' . $parm . '=' . $oauth->getParam('oauth_' . $parm) . '&'; } /* Now execute the long query that may look something like this: https://www.typepad.com/secure/services/oauth/request_token ? oauth_signature=n3lQROBcPnBZvEgplUzHcgkUCrA%3D & oauth_timestamp=1269811986 & oauth_callback=http%3A%2F%2F127.0.0.1%3A5000%2Flogin-callback & oauth_nonce=853433351 & oauth_consumer_key=c5139cef2985b86d & oauth_version=1.0 & oauth_signature_method=HMAC-SHA1 */ // debug ("Final Url = $final_url"); // and go ahead and execute the request. $handle = fopen($final_url, "rb"); $doc = stream_get_contents($handle); $response_array = explode("&", $doc); // debug ("Response from request = ^" . var_dump($response_array)); // TODO: Verbose error handling // Store the results! $response = array(); foreach ($response_array as $response_str) { $pair = explode("=", $response_str); $response[$pair[0]] = $pair[1]; } // Instead of storing the Request token as a cookie, write it to the db. $this->store->addServerToken(CONSUMER_KEY, 'request', $response['oauth_token'], $response['oauth_token_secret'], $this->user_id, ''); // var_dump($oauth); // debug ("After creating a simple request token, store obj = ^ "); $this->oauth_token = $response['oauth_token']; }
/** * Request an access token from the site belonging to consumer_key. * Before this we got an request token, now we want to exchange it for * an access token. * * @param string consumer_key * @param string token * @param int usr_id user requesting the access token * @param string method (optional) change the method of the request, defaults to POST (as it should be) * @param array options (optional) extra options for request, eg token_ttl * @param array curl_options optional extra options for curl request * * @exception OAuthException2 when no key could be fetched * @exception OAuthException2 when no server with consumer_key registered */ static function requestAccessToken($consumer_key, $token, $usr_id, $method = 'POST', $options = array(), $curl_options = array()) { OAuthRequestLogger::start(); $store = OAuthStore::instance(); $r = $store->getServerTokenSecrets($consumer_key, $token, 'request', $usr_id); $uri = $r['access_token_uri']; $token_name = $r['token_name']; // Delete the server request token, this one was for one use only $store->deleteServerToken($consumer_key, $r['token'], 0, true); // Try to exchange our request token for an access token $oauth = new OAuthRequester($uri, $method); if (isset($options['oauth_verifier'])) { $oauth->setParam('oauth_verifier', $options['oauth_verifier']); } if (isset($options['token_ttl']) && is_numeric($options['token_ttl'])) { $oauth->setParam('xoauth_token_ttl', intval($options['token_ttl'])); } OAuthRequestLogger::setRequestObject($oauth); $oauth->sign($usr_id, $r); $text = $oauth->curl_raw($curl_options); if (empty($text)) { throw new OAuthException2('No answer from the server "' . $uri . '" while requesting a request token'); } $data = $oauth->curl_parse($text); if ($data['code'] != 200) { throw new OAuthException2('Unexpected result from the server "' . $uri . '" (' . $data['code'] . ') while requesting a request token'); } $token = array(); $params = explode('&', $data['body']); foreach ($params as $p) { @(list($name, $value) = explode('=', $p, 2)); $token[$oauth->urldecode($name)] = $oauth->urldecode($value); } if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret'])) { $opts = array(); $opts['name'] = $token_name; if (isset($token['xoauth_token_ttl'])) { $opts['token_ttl'] = $token['xoauth_token_ttl']; } $store->addServerToken($consumer_key, 'access', $token['oauth_token'], $token['oauth_token_secret'], $usr_id, $opts); } else { throw new OAuthException2('The server "' . $uri . '" did not return the oauth_token or the oauth_token_secret'); } OAuthRequestLogger::flush(); }
} } $consumer_key = $store->updateServer($server, $user_id); /* * These don't create the right type of GET request. $options = array(); $options[CURLOPT_HTTPHEADER] = $server; $token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id); //, '', 'GET', $options); $token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id, '', 'GET'); */ $r = $store->getServer(CONSUMER_KEY, $user_id); // This creates a generic Request object. $oauth = new OAuthRequester($endpoint_strs['oauth-request-token-endpoint'], '', ''); // $oauth->setParam('oauth_callback', 'http://127.0.0.1/claire/oauth/beta.php'); $oauth->setParam('oauth_callback', CALLBACK_URL); // ..and this adds more parameters, like the timestamp, nonce, version, signature method, etc $oauth->sign($user_id, $r); // $final_url = "https://www.typepad.com/secure/services/oauth/request_token?"; $final_url = $endpoint_strs['oauth-request-token-endpoint'] . "?"; $parameters = array('timestamp', 'callback', 'nonce', 'consumer_key', 'version', 'signature_method', 'signature'); foreach ($parameters as $parm) { $final_url .= 'oauth_' . $parm . '=' . $oauth->getParam('oauth_' . $parm) . '&'; } /* Now execute the long query that may look something like this: https://www.typepad.com/secure/services/oauth/request_token ? oauth_signature=n3lQROBcPnBZvEgplUzHcgkUCrA%3D & oauth_timestamp=1269811986 & oauth_callback=http%3A%2F%2F127.0.0.1%3A5000%2Flogin-callback & oauth_nonce=853433351 &