/**
* Validate signature based on the signature method used.
*
* @param array $params
* @param string $consumerSecret
* @param string $httpMethod
* @param string $requestUrl
* @param string $tokenSecret
* @return void
* @throws Exception|OauthInputException
*/
protected function _validateSignature($params, $consumerSecret, $httpMethod, $requestUrl, $tokenSecret = null)
{
if (!in_array($params['oauth_signature_method'], self::getSupportedSignatureMethods())) {
throw new OauthInputException('Signature method %1 is not supported', [$params['oauth_signature_method']]);
}
$allowedSignParams = $params;
unset($allowedSignParams['oauth_signature']);
$calculatedSign = $this->_httpUtility->sign($allowedSignParams, $params['oauth_signature_method'], $consumerSecret, $tokenSecret, $httpMethod, $requestUrl);
if ($calculatedSign != $params['oauth_signature']) {
throw new Exception('Invalid signature');
}
}
/**
* Test two legged authentication
*/
public function testAuthenticateTwoLegged()
{
$testUserKey = 'foo_user';
$testUserSecret = 'bar_secret';
$testUrl = 'http://foo.bar/api/rest/v1/baz';
// Prepare signature and oAuth parameters
$utility = new Zend_Oauth_Http_Utility();
$params = array('oauth_consumer_key' => $testUserKey, 'oauth_nonce' => $utility->generateNonce(), 'oauth_timestamp' => $utility->generateTimestamp(), 'oauth_version' => '1.0', 'oauth_signature_method' => Mage_Oauth_Model_Server::SIGNATURE_PLAIN);
$params['oauth_signature'] = $utility->sign($params, Mage_Oauth_Model_Server::SIGNATURE_PLAIN, $testUserSecret, '', 'GET', $testUrl);
$authHeader = $utility->toAuthorizationHeader($params);
$this->_requestMock->expects($this->at(0))->method('getHeader')->with('Authorization')->will($this->returnValue($authHeader));
$this->_requestMock->expects($this->at(1))->method('getHeader')->with(Zend_Http_Client::CONTENT_TYPE)->will($this->returnValue('application/json'));
$this->_requestMock->expects($this->any())->method('getScheme')->with()->will($this->returnValue(Zend_Controller_Request_Http::SCHEME_HTTP));
$this->_requestMock->expects($this->any())->method('getHttpHost')->with()->will($this->returnValue('foo.bar'));
$this->_requestMock->expects($this->any())->method('getRequestUri')->with()->will($this->returnValue('/api/rest/v1/baz'));
$userMock = $this->getMockBuilder('Mage_Webapi_Model_Acl_User')->setMethods(array('loadByKey', 'getId', 'getSecret'))->disableOriginalConstructor()->getMock();
$this->_consumerFactoryMock->expects($this->once())->method('create')->will($this->returnValue($userMock));
$userMock->expects($this->once())->method('loadByKey')->with($testUserKey)->will($this->returnSelf());
$userMock->expects($this->once())->method('getId')->with()->will($this->returnValue(1));
$userMock->expects($this->once())->method('getSecret')->with()->will($this->returnValue($testUserSecret));
$this->assertEquals($userMock, $this->_server->authenticateTwoLegged());
}
/**
* Validate signature
*
* @throws Mage_Oauth_Exception
*/
protected function _validateSignature()
{
$util = new Zend_Oauth_Http_Utility();
$calculatedSign = $util->sign(array_merge($this->_params, $this->_protocolParams), $this->_protocolParams['oauth_signature_method'], $this->_consumer->getSecret(), $this->_token->getSecret(), $this->_request->getMethod(), $this->_request->getScheme() . '://' . $this->_request->getHttpHost() . $this->_request->getRequestUri());
if ($calculatedSign != $this->_protocolParams['oauth_signature']) {
$this->_throwException('', self::ERR_SIGNATURE_INVALID);
}
}
/**
* Validate OAuth request
* @param Zend_Uri_Http $url Request URL, will use current if null
* @param array $params Additional parameters
* @return bool
* @throws Zend_Oauth_Exception
*/
public function checkOAuthRequest(Zend_Uri_Http $url = null, $params = array())
{
if (empty($url)) {
$this->url = $this->getRequestUrl();
} else {
$this->url = clone $url;
}
// We'll ignore query for the pruposes of URL matching
$this->url->setQuery('');
if (isset($_SERVER['REQUEST_METHOD'])) {
$method = $_SERVER['REQUEST_METHOD'];
} elseif (isset($_SERVER['HTTP_METHOD'])) {
$method = $_SERVER['HTTP_METHOD'];
} else {
$method = 'GET';
}
$params = $this->assembleParams($method, $params);
$this->checkSignatureMethod($params['oauth_signature_method']);
$this->checkRequiredParams($params);
$this->timestamp = $params['oauth_timestamp'];
$this->nonce = $params['oauth_nonce'];
$this->consumer_key = $params['oauth_consumer_key'];
if (!is_callable($this->nonceHandler)) {
throw new Zend_Oauth_Exception("Nonce handler not callable", self::BAD_NONCE);
}
$res = call_user_func($this->nonceHandler, $this);
if ($res != self::OK) {
throw new Zend_Oauth_Exception("Invalid request", $res);
}
if (!is_callable($this->consumerHandler)) {
throw new Zend_Oauth_Exception("Consumer handler not callable", self::CONSUMER_KEY_UNKNOWN);
}
$res = call_user_func($this->consumerHandler, $this);
// this will set $this->consumer_secret if OK
if ($res != self::OK) {
throw new Zend_Oauth_Exception("Consumer key invalid", $res);
}
if ($this->needsToken()) {
$this->token = $params['oauth_token'];
$this->verifier = $params['oauth_verifier'];
if (!is_callable($this->tokenHandler)) {
throw new Zend_Oauth_Exception("Token handler not callable", self::TOKEN_REJECTED);
}
$res = call_user_func($this->tokenHandler, $this);
// this will set $this->token_secret if OK
if ($res != self::OK) {
throw new Zend_Oauth_Exception("Token invalid", $res);
}
}
$util = new Zend_Oauth_Http_Utility();
$req_sign = $params['oauth_signature'];
unset($params['oauth_signature']);
$our_sign = $util->sign($params, $params['oauth_signature_method'], $this->consumer_secret, $this->token_secret, $method, $this->url->getUri());
if ($req_sign != $our_sign) {
// TODO: think how to extract signature base string
$this->problem = $our_sign;
throw new Zend_Oauth_Exception("Invalid signature", self::INVALID_SIGNATURE);
}
return true;
}
/**
* Send a request
* @param String $method Methodname
* @param Array $queryParams GET parameters
* @return Array
*/
public function request($method, array $queryParams)
{
$queryParams['format'] = self::RESPONSE_FORMAT;
if (!substr($method, 0, 5) != 'vimeo') {
$method = 'vimeo.' . $method;
}
$queryParams['method'] = $method;
$queryString = http_build_query($queryParams);
$url = self::VIMEO_API_URL . '?' . $queryString;
$oAuthHttpUtility = new Zend_Oauth_Http_Utility();
$params = array('oauth_consumer_key' => $this->getConsumerKey(), 'oauth_nonce' => $oAuthHttpUtility->generateNonce(), 'oauth_timestamp' => $oAuthHttpUtility->generateTimestamp(), 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_version' => '1.0');
if ($this->getAccessToken()) {
$params['oauth_token'] = $this->getAccessToken();
}
$params['oauth_signature'] = $oAuthHttpUtility->sign(array_merge($queryParams, $params), 'HMAC-SHA1', $this->getConsumerSecret(), $this->getAccessTokenSecret(), Zend_Oauth::GET, self::VIMEO_API_URL);
$httpClient = $this->getHttpClient()->setHeaders('Authorization', $oAuthHttpUtility->toAuthorizationHeader($params))->setMethod(Zend_Http_Client::GET)->setUri($url);
$response = $httpClient->request()->getBody();
$response = json_decode($response, true);
if ($response['stat'] == 'fail') {
$error = 'An unknown error occurred at Vimeo.';
if (!empty($response['err']['expl'])) {
$error = $response['err']['expl'];
}
throw new Garp_Service_Vimeo_Exception($response['err']['expl']);
}
return $response;
}
