/** * Load oauth parameters from GET or POST * * @access public * @param string $flag default [ FALSE ] * @return void */ public function __construct(array $args) { $params = array(); // Load oauth_token from form-encoded body isset($_SERVER['CONTENT_TYPE']) or $_SERVER['CONTENT_TYPE'] = getenv('CONTENT_TYPE'); // oauth_token already send in authorization header or the encrypt Content-Type is not single-part if (stripos($_SERVER['CONTENT_TYPE'], 'application/x-www-form-urlencoded') === FALSE) { throw new Oauth2_Exception_Token('invalid_request'); } else { // Check all required parameters should NOT be empty foreach ($args as $key => $val) { if ($val === TRUE) { if (isset($_POST[$key]) and $value = Oauth2::urldecode($_POST[$key])) { $params[$key] = $value; } else { throw new Oauth2_Exception_Token('invalid_request'); } } } } $this->code = $params['code']; $this->client_id = $params['client_id']; unset($params['code'], $params['client_id']); $this->_params = $params; }
/** * Load oauth parameters from GET or POST * * @access public * @param string $flag default [ FALSE ] * @return void */ public function __construct(array $args) { $params = array(); // Parse the "state" paramter if (isset($_GET['state']) and $state = Oauth2::urldecode($_GET['state'])) { $this->state = $state; unset($_GET['state']); } // Check all required parameters should NOT be empty foreach ($args as $key => $val) { if ($val === TRUE) { if (isset($_GET[$key]) and $value = Oauth2::urldecode($_GET[$key])) { $params[$key] = $value; } else { $e = new Oauth2_Exception_Authorize('invalid_request'); $e->redirect_uri = isset($params['redirect_uri']) ? $params['redirect_uri'] : Oauth2::urldecode($_GET['redirect_uri']); $e->state = $this->state; throw $e; } } } $this->client_id = $params['client_id']; $this->redirect_uri = $params['redirect_uri']; // Remove all required parameters unset($params['client_id'], $params['redirect_uri']); $this->_params = $params; }
/** * Load request parameters from Authorization header, URI-Query parameters, Form-Encoded Body * * @access public * @param string $args default [ NULL ] * @return void */ public function __construct(array $args) { $params = array(); // Load oauth_token from form-encoded body isset($_SERVER['CONTENT_TYPE']) or $_SERVER['CONTENT_TYPE'] = getenv('CONTENT_TYPE'); // oauth_token already send in authorization header or the encrypt Content-Type is not single-part if (stripos($_SERVER['CONTENT_TYPE'], 'application/x-www-form-urlencoded') === FALSE) { throw new Oauth2_Exception_Token('invalid_request'); } else { if (isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) { $_POST += array('client_id' => $_SERVER['PHP_AUTH_USER'], 'client_secret' => $_SERVER['PHP_AUTH_PW']); } // TODO Digest HTTP authentication //else if( ! empty($_SERVER['PHP_AUTH_DIGEST']) AND $digest = parent::parse_digest($_SERVER['PHP_AUTH_DIGEST'])) //{ // $_POST += array('client_id' => $digest['username'], 'client_secret' => $digest['']); //} // Check all required parameters should NOT be empty foreach ($args as $key => $val) { if ($val === TRUE) { if (isset($_POST[$key]) and $value = Oauth2::urldecode($_POST[$key])) { $params[$key] = $value; } else { throw new Oauth2_Exception_Token('invalid_request'); } } } } $this->_params = $params; }
/** * Load request parameters from Authorization header, URI-Query parameters or Form-Encoded Body * * @access public * @param string $args parameters are required, `array('oauth_token' => TRUE,)` * @return void */ public function __construct(array $args) { $params = array(); /** * Load oauth token from authorization header */ isset($_SERVER['HTTP_AUTHORIZATION']) or $_SERVER['HTTP_AUTHORIZATION'] = getenv('HTTP_AUTHORIZATION'); if (substr($_SERVER['HTTP_AUTHORIZATION'], 0, 12) === 'OAuth token=') { $offset = 0; $pattern = '/(([-_a-z]*)=("([^"]*)"|([^,]*)),?)/'; while (preg_match($pattern, $_SERVER['HTTP_AUTHORIZATION'], $matches, PREG_OFFSET_CAPTURE, $offset) > 0) { $match = $matches[0]; $name = $matches[2][0]; $offset = $match[1] + strlen($match[0]); if ($value = Oauth2::urldecode(isset($matches[5]) ? $matches[5][0] : $matches[4][0])) { $params[$name] = $value; } } } // Replace the name of token to oauth_token if (isset($params['token'])) { $params['oauth_token'] = $params['token']; unset($params['token']); // Check all required parameters should NOT be empty foreach ($args as $key => $val) { if ($val === TRUE) { if (!empty($params[$key])) { throw new Oauth2_Exception_Access('invalid_request'); } } } } /** * Load oauth_token from form-encoded body */ if (isset($_POST['oauth_token'])) { isset($_SERVER['CONTENT_TYPE']) or $_SERVER['CONTENT_TYPE'] = getenv('CONTENT_TYPE'); // oauth_token already send in authorization header or the encrypt Content-Type is not single-part if (isset($params['oauth_token']) or stripos($_SERVER['CONTENT_TYPE'], 'application/x-www-form-urlencoded') === FALSE) { throw new Oauth2_Exception_Access('invalid_request'); } else { // Check all required parameters should NOT be empty foreach ($args as $key => $val) { if ($val === TRUE) { if (isset($_POST[$key]) and $value = Oauth2::urldecode($_POST[$key])) { $params[$key] = $value; } else { throw new Oauth2_Exception_Access('invalid_request'); } } } } } /** * Load oauth_token from uri-query component */ if (isset($_GET['oauth_token'])) { // oauth_token already send in authorization header or form-encoded body if (isset($params['oauth_token'])) { throw new Oauth2_Exception_Access('invalid_request'); } else { // Check all required parameters should NOT be empty foreach ($args as $key => $val) { if ($val === TRUE) { if (isset($_GET[$key]) and $value = Oauth2::urldecode($_GET[$key])) { $params[$key] = $value; } else { throw new Oauth2_Exception_Access('invalid_request'); } } } } } if (empty($params)) { throw new Oauth2_Exception_Access('invalid_request'); } $this->oauth_token = $params['oauth_token']; unset($params['oauth_token']); $this->_params = $params; }
/** * Utility function for turning the Authorization: header into parameters * has to do some unescaping * Can filter out any non-oauth parameters if needed (default behaviour) * * @access public * @param string $headers * @param string $oauth_only default [ TRUE ] * @return array */ public static function parse_header() { $offset = 0; $params = array(); $pattern = '/(([-_a-z]*)=("([^"]*)"|([^,]*)),?)/'; if (isset($_SERVER['HTTP_AUTHORIZATION']) && substr($_SERVER['HTTP_AUTHORIZATION'], 0, 12) === 'Token token=') { while (preg_match($pattern, $_SERVER['HTTP_AUTHORIZATION'], $matches, PREG_OFFSET_CAPTURE, $offset) > 0) { $match = $matches[0]; $name = $matches[2][0]; $content = isset($matches[5]) ? $matches[5][0] : $matches[4][0]; $params[$name] = Oauth2::urldecode($content); $offset = $match[1] + strlen($match[0]); } } unset($params['realm']); return $params; }