Esempio n. 1
0
 /**
  * Check if the request signature corresponds to the one calculated for the request.
  * 
  * @param OAuthRequest request
  * @param string base_string	data to be signed, usually the base string, can be a request body
  * @param string consumer_secret
  * @param string token_secret
  * @param string signature		from the request, still urlencoded
  * @return string
  */
 public function verify(IOauthSignable $request, Secrets $secrets, $signature, $data = null)
 {
     $a = $request->oauthurldecode($signature);
     $b = $request->oauthurldecode($this->signature($request, $request->getSignatureBaseString(), $secrets, $data));
     // We have to compare the decoded values
     $valA = base64_decode($a);
     $valB = base64_decode($b);
     // Crude binary comparison
     return rawurlencode($valA) == rawurlencode($valB);
 }
Esempio n. 2
0
 /**
  * Exchange a request token for an access token.
  * The exchange is only succesful iff the request token has been authorized.
  *
  * Never returns, calls exit() when token is exchanged or when error is returned.
  */
 public function accessToken()
 {
     try {
         $this->verifyRequest(self::TOKEN_TYPE_REQUEST);
         $options = array();
         $ttl = $this->request->get('xoauth_token_ttl');
         if ($ttl) {
             $options['token_ttl'] = $ttl;
         }
         $verifier = $this->request->get('oauth_verifier');
         if ($verifier) {
             $options['verifier'] = $verifier;
         }
         $store = $this->store;
         $token = $store->exchangeConsumerRequestForAccessToken($this->request->getParam('oauth_token', true), $options);
         /** @var /Foundation/Oauth/Secrets $token */
         $content = array("oauth_token" => $token->token, "oauth_token_secret" => $token->token_secret);
         if ($token->ttl) {
             $content['xoauth_token_ttl'] = $token->ttl;
         }
         $this->response->setContent(http_build_query($content));
         $this->response->setStatusCode(200, "");
         $this->response->setContentType("application/x-www-form-urlencoded");
     } catch (OauthException $e) {
         $this->response->setStatusCode(401, "OAuth Verification Failed: " . $e->getMessage());
     }
     return $this->response;
 }
Esempio n. 3
0
 /**
  * Check if the request signature is the same as the one calculated for the request.
  * 
  * @param IOauthSignable request
  * @param string base_string
  * @param string consumer_secret
  * @param string token_secret
  * @param string signature
  * @return string  
  */
 public function verify(IOauthSignable $request, Secrets $secrets, $signature, $data = null)
 {
     $decoded_sig = base64_decode($request->oauthurldecode($signature));
     // Fetch the public key cert based on the request
     $cert = $this->fetch_public_cert($request, $secrets);
     // Pull the public key ID from the certificate
     $publickeyid = openssl_get_publickey($cert);
     // Check the computed signature against the one passed in the query
     $ok = openssl_verify($data !== null ? $data : $request->getSignatureBaseString(), $decoded_sig, $publickeyid);
     // Release the key resource
     openssl_free_key($publickeyid);
     return $ok == 1;
 }
Esempio n. 4
0
 /**
  * Check if the request signature corresponds to the one calculated for the request.
  * 
  * @param OAuthRequest request
  * @param string base_string	data to be signed, usually the base string, can be a request body
  * @param string consumer_secret
  * @param string token_secret
  * @param string signature		from the request, still urlencoded
  * @return string
  */
 public function verify(IOauthSignable $request, Secrets $secrets, $signature, $data = null)
 {
     $a = $request->oauthurldecode($signature);
     $b = $request->oauthurldecode($this->signature($request, $secrets, $data));
     return $request->oauthurldecode($a) == $request->oauthurldecode($b);
 }