/** * Handle a request for temporary OAuth credentials * * Make sure the request is kosher, then emit a set of temporary * credentials -- AKA an unauthorized request token. * * @param array $args array of arguments * * @return void */ function handle($args) { parent::handle($args); $datastore = new ApiStatusNetOAuthDataStore(); $server = new OAuthServer($datastore); $hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); $server->add_signature_method($hmac_method); try { $req = OAuthRequest::from_request(); // verify callback if (!$this->verifyCallback($req->get_parameter('oauth_callback'))) { throw new OAuthException("You must provide a valid URL or 'oob' in oauth_callback.", 400); } // check signature and issue a new request token $token = $server->fetch_request_token($req); common_log(LOG_INFO, sprintf("API OAuth - Issued request token %s for consumer %s with oauth_callback %s", $token->key, $req->get_parameter('oauth_consumer_key'), "'" . $req->get_parameter('oauth_callback') . "'")); // return token to the client $this->showRequestToken($token); } catch (OAuthException $e) { common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage()); // Return 401 for for bad credentials or signature problems, // and 400 for missing or unsupported parameters $code = $e->getCode(); $this->clientError($e->getMessage(), empty($code) ? 401 : $code, 'text'); } }
/** * Class handler. * * @param array $args array of arguments * * @return void */ function handle($args) { parent::handle($args); $datastore = new ApiStatusNetOAuthDataStore(); $server = new OAuthServer($datastore); $hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); $server->add_signature_method($hmac_method); $atok = $app = null; // XXX: Insist that oauth_token and oauth_verifier be populated? // Spec doesn't say they MUST be. try { $req = OAuthRequest::from_request(); $this->reqToken = $req->get_parameter('oauth_token'); $this->verifier = $req->get_parameter('oauth_verifier'); $app = $datastore->getAppByRequestToken($this->reqToken); $atok = $server->fetch_access_token($req); } catch (Exception $e) { common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage()); common_debug(var_export($req, true)); $code = $e->getCode(); $this->clientError($e->getMessage(), empty($code) ? 401 : $code, 'text'); return; } if (empty($atok)) { // Token exchange failed -- log it $msg = sprintf('API OAuth - Failure exchanging OAuth request token for access token, ' . 'request token = %s, verifier = %s', $this->reqToken, $this->verifier); common_log(LOG_WARNING, $msg); // TRANS: Client error given from the OAuth API when the request token or verifier is invalid. $this->clientError(_('Invalid request token or verifier.'), 400, 'text'); } else { common_log(LOG_INFO, sprintf("Issued access token '%s' for application %d (%s).", $atok->key, $app->id, $app->name)); $this->showAccessToken($atok); } }
/** * Class handler. * * @param array $args array of arguments * * @return void */ function handle($args) { parent::handle($args); $datastore = new ApiStatusNetOAuthDataStore(); $server = new OAuthServer($datastore); $hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); $server->add_signature_method($hmac_method); try { $req = OAuthRequest::from_request(); $token = $server->fetch_request_token($req); print $token; } catch (OAuthException $e) { common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage()); header('HTTP/1.1 401 Unauthorized'); header('Content-Type: text/html; charset=utf-8'); print $e->getMessage() . "\n"; } }
/** * Class handler. * * @param array $args array of arguments * * @return void */ function handle($args) { parent::handle($args); $datastore = new ApiStatusNetOAuthDataStore(); $server = new OAuthServer($datastore); $hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); $server->add_signature_method($hmac_method); $atok = null; try { $req = OAuthRequest::from_request(); $atok = $server->fetch_access_token($req); } catch (OAuthException $e) { common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage()); common_debug(var_export($req, true)); $this->outputError($e->getMessage()); return; } if (empty($atok)) { common_debug('couldn\'t get access token.'); print "Token exchange failed. Has the request token been authorized?\n"; } else { print $atok; } }
/** * Determine whether the request is an OAuth request. * This is to avoid doign any unnecessary DB lookups. * * @return mixed the OAuthRequest or false */ function getOAuthRequest() { ApiOauthAction::cleanRequest(); $req = OAuthRequest::from_request(); $consumer = $req->get_parameter('oauth_consumer_key'); $accessToken = $req->get_parameter('oauth_token'); // XXX: Is it good enough to assume it's not meant to be an // OAuth request if there is no consumer or token? --Z if (empty($consumer) || empty($accessToken)) { return false; } return $req; }
function showScripts() { parent::showScripts(); if (!common_logged_in()) { $this->autofocus('nickname'); } }