/** * Check if the request signature corresponds to the one calculated for the request. * * @param OAuthRequest request * @param string base_string data to be signed, usually the base string, can be a request body * @param string consumer_secret * @param string token_secret * @param string signature from the request, still urlencoded * @return string */ public function verify(IOauthSignable $request, Secrets $secrets, $signature, $data = null) { $a = $request->oauthurldecode($signature); $b = $request->oauthurldecode($this->signature($request, $request->getSignatureBaseString(), $secrets, $data)); // We have to compare the decoded values $valA = base64_decode($a); $valB = base64_decode($b); // Crude binary comparison return rawurlencode($valA) == rawurlencode($valB); }
/** * Exchange a request token for an access token. * The exchange is only succesful iff the request token has been authorized. * * Never returns, calls exit() when token is exchanged or when error is returned. */ public function accessToken() { try { $this->verifyRequest(self::TOKEN_TYPE_REQUEST); $options = array(); $ttl = $this->request->get('xoauth_token_ttl'); if ($ttl) { $options['token_ttl'] = $ttl; } $verifier = $this->request->get('oauth_verifier'); if ($verifier) { $options['verifier'] = $verifier; } $store = $this->store; $token = $store->exchangeConsumerRequestForAccessToken($this->request->getParam('oauth_token', true), $options); /** @var /Foundation/Oauth/Secrets $token */ $content = array("oauth_token" => $token->token, "oauth_token_secret" => $token->token_secret); if ($token->ttl) { $content['xoauth_token_ttl'] = $token->ttl; } $this->response->setContent(http_build_query($content)); $this->response->setStatusCode(200, ""); $this->response->setContentType("application/x-www-form-urlencoded"); } catch (OauthException $e) { $this->response->setStatusCode(401, "OAuth Verification Failed: " . $e->getMessage()); } return $this->response; }
/** * Check if the request signature is the same as the one calculated for the request. * * @param IOauthSignable request * @param string base_string * @param string consumer_secret * @param string token_secret * @param string signature * @return string */ public function verify(IOauthSignable $request, Secrets $secrets, $signature, $data = null) { $decoded_sig = base64_decode($request->oauthurldecode($signature)); // Fetch the public key cert based on the request $cert = $this->fetch_public_cert($request, $secrets); // Pull the public key ID from the certificate $publickeyid = openssl_get_publickey($cert); // Check the computed signature against the one passed in the query $ok = openssl_verify($data !== null ? $data : $request->getSignatureBaseString(), $decoded_sig, $publickeyid); // Release the key resource openssl_free_key($publickeyid); return $ok == 1; }
/** * Check if the request signature corresponds to the one calculated for the request. * * @param OAuthRequest request * @param string base_string data to be signed, usually the base string, can be a request body * @param string consumer_secret * @param string token_secret * @param string signature from the request, still urlencoded * @return string */ public function verify(IOauthSignable $request, Secrets $secrets, $signature, $data = null) { $a = $request->oauthurldecode($signature); $b = $request->oauthurldecode($this->signature($request, $secrets, $data)); return $request->oauthurldecode($a) == $request->oauthurldecode($b); }