/**
*
* @param string $consumerKey
* @param string $consumerSecret
* @param osapiStorage $storage
* @param string $cookieKey
* @param osapiProvider $provider
* @param string $localUserId optional
*/
public function __construct($consumerKey, $consumerSecret, osapiStorage $storage, $cookieKey, osapiProvider $provider, $localUserId = null)
{
$this->storage = $storage;
$this->storageKey = 'OAuth2u:' . $consumerKey . ':' . $localUserId;
if (!($this->accessToken = $storage->get($this->storageKey))) {
if (!isset($_COOKIE[$cookieKey])) {
return;
}
$cookie = array();
parse_str($_COOKIE[$cookieKey], $cookie);
setcookie($cookieKey, '', 0, '/');
if (isset($cookie['error'])) {
throw new osapiException($cookie['error']);
}
if (!isset($cookie['access_token'])) {
throw new osapiException('missing access token in cookie');
}
if (isset($cookie['signature']) && isset($cookie['issued_at'])) {
$this->verifySignature($cookie['signature'], $consumerSecret, $cookie['access_token'], $cookie['issued_at'], isset($cookie['user_id']) ? $cookie['user_id'] : '', '');
if (isset($cookie['userId'])) {
$this->userId = $cookie['userId'];
}
}
$this->accessToken = new OAuth2_Token($cookie['access_token'], null, null);
unset($cookie['access_token']);
unset($cookie['signature']);
unset($cookie['issued_at']);
foreach ($cookie as $key => $value) {
$this->accessToken->{'set' . $key}($value);
}
$storage->set($this->storageKey, $this->accessToken);
}
}
/**
* The 3 legged oauth class needs a way to store the access key and token
* it uses the osapiStorage class to do so.
*
* Constructing this class will initiate the 3 legged oauth work flow, including redirecting
* to the OAuth provider's site if required(!)
*
* @param string $consumerKey
* @param string $consumerSecret
* @param osapiStorage $storage storage class to use (file,apc,memcache,mysql)
* @param osapiProvider $provider the provider configuration (required to get the oauth endpoints)
* @param any $localUser the *local* user ID (this is not the user's ID on the social network site, but the user id on YOUR site, this is used to link the oauth access token to a local login)
* @param any $userId the *remote* user ID, you can supply this user id if known but it's completely optional. If set it will be included in the oauth requests in the xoauth_requestor_id field)
* @return osapiOAuth3Legged the logged-in provider instance
*/
public static function performOAuthLogin($consumerKey, $consumerSecret, osapiStorage $storage, osapiProvider $provider, $localUserId = null, $userId = null)
{
$auth = new osapiOAuth3Legged_10a($consumerKey, $consumerSecret, $storage, $provider, $localUserId, $userId);
if (($token = $storage->get($auth->storageKey)) !== false) {
$auth->accessToken = $token;
} else {
if (isset($_GET['oauth_verifier']) && isset($_GET['oauth_token']) && isset($_GET['uid'])) {
$uid = $_GET['uid'];
$secret = $auth->storage->get($auth->storageKey . ":nonce" . $uid);
$auth->storage->delete($auth->storageKey . ":nonce" . $uid);
$token = $auth->upgradeRequestToken($_GET['oauth_token'], $secret, $_GET['oauth_verifier']);
$auth->redirectToOriginal();
} else {
// Initialize the OAuth dance, first request a request token, then kick the client to the authorize URL
// First we store the current URL in our storage, so that when the oauth dance is completed we can return there
$callbackUrl = ($_SERVER['HTTPS'] == 'on' ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$uid = uniqid();
$token = $auth->obtainRequestToken($callbackUrl, $uid);
// print_r($token); exit();
$auth->storage->set($auth->storageKey . ":nonce" . $uid, $token->secret);
$auth->redirectToAuthorization($token);
}
}
return $auth;
}
public function __construct($providerUrl, osapiStorage $storage, osapiHttpProvider $httpProvider = null) {
$this->providerUrl = $providerUrl;
$this->providerName = $this->providerUrl;
if ($httpProvider) {
$this->httpProvider = $httpProvider;
} else {
$this->httpProvider = new osapiCurlProvider();
}
// See if we have any cached XRDS info so we can skip the http request. Cache time is currently hard-coded to 1 day
if (($xrds = $storage->get($this->providerUrl.":xrds", 24 * 60 * 60)) !== false) {
list($requestTokenUrl, $authorizeUrl, $accessTokenUrl, $restEndpoint, $rpcEndpoint, $this->providerName, $isOpenSocial) = $xrds;
} else {
// Start XRDS discovery
$xrds = XrdsSimpleParser::doOAuthDiscovery($this->providerUrl, true, $this->httpProvider);
// OAuth end-points
$requestTokenUrl = $xrds['requestUrl'];
$authorizeUrl = $xrds['authorizeUrl'];
$accessTokenUrl = $xrds['accessUrl'];
if (empty($requestTokenUrl) || empty($authorizeUrl) || empty($accessTokenUrl)) {
throw new osapiException("Could not discover the required OAuth end-points");
}
$rddXml = $xrds['rdd'];
// PortableContacts end-point, optional
$pocoUrl = XrdsSimpleParser::getServiceByType($rddXml, 'http://portablecontacts.net/spec/1.0');
if (empty($pocoUrl)) $pocoUrl = null;
// These are not official end-point names, only partuza supports them currently, a proposal has been send to the spec list
$restEndpoint = XrdsSimpleParser::getServiceByType($rddXml, 'http://ns.opensocial.org/rest/0.8');
$rpcEndpoint = XrdsSimpleParser::getServiceByType($rddXml, 'http://ns.opensocial.org/rpc/0.8');
if (empty($restEndpoint) && empty($rpcEndpoint)) {
// no experimental simple end points found, try to find the rest base based on the people end-point
$peopleEndpoint = XrdsSimpleParser::getServiceByType($rddXml, 'http://ns.opensocial.org/people/0.8');
$restEndpoint = str_replace('/people', '', $peopleEndpoint);
}
$isOpenSocial = true;
if (empty($restEndpoint) && empty($rpcEndpoint) && empty($pocoUrl)) {
throw new osapiException("No supported social end-points found");
} elseif (empty($restEndpoint) && empty($rpcEndpoint) && !empty($pocoUrl)) {
$isOpenSocial = false;
$restEndpoint = $pocoUrl;
$rpcEndpoint = null;
}
// Store the results in cache so we can skip it next time
$storage->set($this->providerUrl.":xrds", array((string)$requestTokenUrl, (string)$authorizeUrl, (string)$accessTokenUrl, (string)$restEndpoint, (string)$rpcEndpoint, (string)$this->providerName, (int)$isOpenSocial));
}
// Construct our selves based on the XRDS discovered end-points
parent::__construct($requestTokenUrl, $authorizeUrl, $accessTokenUrl, $restEndpoint, $rpcEndpoint, $this->providerName, $isOpenSocial);
}
/**
* call an api endpoint. automatically adds needed authorization headers with access token or parameters
*
* @param string $endpoint
* @param string $method default 'GET'
* @param array $uriParameters optional
* @param mixed $postBody optional, can be string or array
* @return string
*/
public function callApiEndpoint($endpoint, $method = 'GET', array $uriParameters = array(), $postBody = null)
{
$token = $this->_dataStore->get($this->_storageKey);
//check if token is invalid
if ($token->getLifeTime() && $token->getLifeTime() < time()) {
$token = $this->refreshAccessToken($token);
}
if ($method !== 'GET') {
if (is_array($postBody)) {
$postBody['oauth_token'] = $token->getAccessToken();
$parameters = http_build_query($postBody);
} else {
$postBody .= '&oauth_token=' . urlencode($token->getAccessToken());
$parameters = $postBody;
}
} else {
$uriParameters['oauth_token'] = $token->getAccessToken();
}
if (!empty($uriParameters)) {
$endpoint .= (strpos($endpoint, '?') !== false ? '&' : '?') . http_build_query($uriParameters);
}
$parameters = null;
$header = array('Authorization: OAuth ' . $token->getAccessToken());
$http = new OAuth2_HttpClient($endpoint, $method, $parameters, $header);
$http->execute();
return $http->getResponse();
}
/**
* Redirects the page to the original url, prior to OAuth initialization. This removes the extraneous
* parameters from the URL, adding latency, but increasing user-friendliness.
*/
public function redirectToOriginal()
{
$originalUrl = $this->storage->get($this->storageKey . ":originalUrl");
if ($originalUrl && !empty($originalUrl)) {
// The url was retrieve successfully, remove the temporary original url from storage, and redirect
$this->storage->delete($this->storageKey . ":originalUrl");
header("Location: {$originalUrl}");
}
}
public static function performOAuthLogin($consumerKey, $consumerSecret, osapiStorage $storage, osapiProvider $provider, $localUserId = null, $userId = null)
{
$auth = new osapiOAuth3Legged($consumerKey, $consumerSecret, $storage, $provider, $localUserId, $userId);
if (($token = $storage->get($auth->storageKey)) !== false) {
$auth->accessToken = $token;
} else {
if (isset($_GET['oauth_continue'])) {
$token = $auth->upgradeRequestToken($_GET['token'], $_GET['key']);
$auth->redirectToOriginal();
} else {
// Initialize the OAuth dance, first request a request token, then kick the client to the authorize URL
// First we store the current URL in our storage, so that when the oauth dance is completed we can return there
$callbackUrl = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$token = $auth->obtainRequestToken($callbackUrl);
$callbackUrl .= (strpos($_SERVER['REQUEST_URI'], '?') !== false ? '&' : '?') . 'oauth_continue=1&token=' . $token->key . '&key=' . urldecode($token->secret);
$auth->redirectToAuthorization($token, $callbackUrl);
}
}
return $auth;
}
