/**
  * Verify the request if it seemed to be signed.
  * 
  * @param string token_type the kind of token needed, defaults to 'access'
  * @exception OAuthException2 thrown when the request did not verify
  * @return boolean	true when signed, false when not signed
  */
 public function verifyIfSigned($token_type = 'access')
 {
     if ($this->getParam('oauth_consumer_key')) {
         LingotekOAuthRequestLogger::start($this);
         $this->verify($token_type);
         $signed = true;
         LingotekOAuthRequestLogger::flush();
     } else {
         $signed = false;
     }
     return $signed;
 }
 /**
  * Set the reply we received
  * 
  * @param string request
  */
 static function setReceived($reply)
 {
     LingotekOAuthRequestLogger::$received = $reply;
 }
 /**
  * Open and close a curl session passing all the options to the curl libs
  * 
  * @param array opts the curl options.
  * @exception OAuthException2 when temporary file for PUT operation could not be created
  * @return string the result of the curl action
  */
 protected function curl_raw($opts = array())
 {
     if (isset($opts[CURLOPT_HTTPHEADER])) {
         $header = $opts[CURLOPT_HTTPHEADER];
     } else {
         $header = array();
     }
     $ch = curl_init();
     $method = $this->getMethod();
     $url = $this->getRequestUrl();
     $header[] = $this->getAuthorizationHeader();
     $query = $this->getQueryString();
     $body = $this->getBody();
     $has_content_type = false;
     foreach ($header as $h) {
         if (strncasecmp($h, 'Content-Type:', 13) == 0) {
             $has_content_type = true;
         }
     }
     if (!is_null($body)) {
         if ($method == 'TRACE') {
             throw new OAuthException2('A body can not be sent with a TRACE operation');
         }
         // PUT and POST allow a request body
         if (!empty($query)) {
             $url .= '?' . $query;
         }
         // Make sure that the content type of the request is ok
         if (!$has_content_type) {
             $header[] = 'Content-Type: application/octet-stream';
             $has_content_type = true;
         }
         // When PUTting, we need to use an intermediate file (because of the curl implementation)
         if ($method == 'PUT') {
             /*
             if (version_compare(phpversion(), '5.2.0') >= 0)
             {
             	// Use the data wrapper to create the file expected by the put method
             	$put_file = fopen('data://application/octet-stream;base64,'.base64_encode($body));
             }
             */
             $put_file = @tmpfile();
             if (!$put_file) {
                 throw new OAuthException2('Could not create tmpfile for PUT operation');
             }
             fwrite($put_file, $body);
             fseek($put_file, 0);
             curl_setopt($ch, CURLOPT_PUT, true);
             curl_setopt($ch, CURLOPT_INFILE, $put_file);
             curl_setopt($ch, CURLOPT_INFILESIZE, strlen($body));
         } else {
             curl_setopt($ch, CURLOPT_POST, true);
             curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
         }
     } else {
         // a 'normal' request, no body to be send
         if ($method == 'POST') {
             if (!$has_content_type) {
                 $header[] = 'Content-Type: application/x-www-form-urlencoded; charset=utf-8';
                 $has_content_type = true;
             }
             curl_setopt($ch, CURLOPT_POST, true);
             curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
         } else {
             if (!empty($query)) {
                 $url .= '?' . $query;
             }
             if ($method != 'GET') {
                 curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
             }
         }
     }
     curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
     curl_setopt($ch, CURLOPT_USERAGENT, 'anyMeta/OAuth 1.0 - ($LastChangedRevision: 174 $)');
     curl_setopt($ch, CURLOPT_URL, $url);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
     curl_setopt($ch, CURLOPT_HEADER, true);
     curl_setopt($ch, CURLOPT_TIMEOUT, 90);
     foreach ($opts as $k => $v) {
         if ($k != CURLOPT_HTTPHEADER) {
             curl_setopt($ch, $k, $v);
         }
     }
     $txt = curl_exec($ch);
     if ($txt === false) {
         $error = curl_error($ch);
         curl_close($ch);
         throw new OAuthException2('CURL error: ' . $error);
     }
     curl_close($ch);
     if (!empty($put_file)) {
         fclose($put_file);
     }
     // Tell the logger what we requested and what we received back
     $data = $method . " {$url}\n" . implode("\n", $header);
     if (is_string($body)) {
         $data .= "\n\n" . $body;
     } else {
         if ($method == 'POST') {
             $data .= "\n\n" . $query;
         }
     }
     LingotekOAuthRequestLogger::setSent($data, $body);
     LingotekOAuthRequestLogger::setReceived($txt);
     return $txt;
 }
 /**
  * Construct from the current request. Useful for checking the signature of a request.
  * When not supplied with any parameters this will use the current request.
  * 
  * @param string	uri				might include parameters
  * @param string	method			GET, PUT, POST etc.
  * @param string	parameters		additional post parameters, urlencoded (RFC1738)
  * @param array		headers			headers for request
  * @param string	body			optional body of the OAuth request (POST or PUT)
  */
 function __construct($uri = null, $method = null, $parameters = '', $headers = array(), $body = null)
 {
     if (is_object($_SERVER)) {
         // Tainted arrays - the normal stuff in anyMeta
         if (!$method) {
             $method = $_SERVER->REQUEST_METHOD->getRawUnsafe();
         }
         if (empty($uri)) {
             $uri = $_SERVER->REQUEST_URI->getRawUnsafe();
         }
     } else {
         // non anyMeta systems
         if (!$method) {
             if (isset($_SERVER['REQUEST_METHOD'])) {
                 $method = $_SERVER['REQUEST_METHOD'];
             } else {
                 $method = 'GET';
             }
         }
         $proto = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 'https' : 'http';
         if (empty($uri)) {
             if (strpos($_SERVER['REQUEST_URI'], "://") !== false) {
                 $uri = $_SERVER['REQUEST_URI'];
             } else {
                 $uri = sprintf('%s://%s%s', $proto, $_SERVER['HTTP_HOST'], $_SERVER['REQUEST_URI']);
             }
         }
     }
     $headers = LingotekOAuthRequestLogger::getAllHeaders();
     $this->method = strtoupper($method);
     // If this is a post then also check the posted variables
     if (strcasecmp($method, 'POST') == 0) {
         // TODO: what to do with 'multipart/form-data'?
         if ($this->getRequestContentType() == 'multipart/form-data') {
             // Get the posted body (when available)
             if (!isset($headers['X-OAuth-Test'])) {
                 $parameters .= $this->getRequestBodyOfMultipart();
             }
         }
         if ($this->getRequestContentType() == 'application/x-www-form-urlencoded') {
             // Get the posted body (when available)
             if (!isset($headers['X-OAuth-Test'])) {
                 $parameters .= $this->getRequestBody();
             }
         } else {
             $body = $this->getRequestBody();
         }
     } else {
         if (strcasecmp($method, 'PUT') == 0) {
             $body = $this->getRequestBody();
         }
     }
     $this->method = strtoupper($method);
     $this->headers = $headers;
     // Store the values, prepare for oauth
     $this->uri = $uri;
     $this->body = $body;
     $this->parseUri($parameters);
     $this->parseHeaders();
     $this->transcodeParams();
 }
예제 #5
0
 /**
  * Try to fetch an XRDS file at the given location.  Sends an accept header preferring the xrds file.
  * 
  * @param string uri
  * @return array	(head,body), false on an error
  */
 protected static function curl($uri)
 {
     $ch = curl_init();
     curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/xrds+xml, */*;q=0.1'));
     curl_setopt($ch, CURLOPT_USERAGENT, 'anyMeta/OAuth 1.0 - (OAuth Discovery $LastChangedRevision: 45 $)');
     curl_setopt($ch, CURLOPT_URL, $uri);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
     curl_setopt($ch, CURLOPT_HEADER, true);
     curl_setopt($ch, CURLOPT_TIMEOUT, 30);
     $txt = curl_exec($ch);
     curl_close($ch);
     // Tell the logger what we requested and what we received back
     $data = "GET {$uri}";
     LingotekOAuthRequestLogger::setSent($data, "");
     LingotekOAuthRequestLogger::setReceived($txt);
     return $txt;
 }
 function __construct($message)
 {
     Exception::__construct($message);
     LingotekOAuthRequestLogger::addNote('OAuthException2: ' . $message);
 }
 /**
  * Exchange a request token for an access token.
  * The exchange is only succesful iff the request token has been authorized.
  * 
  * Never returns, calls exit() when token is exchanged or when error is returned.
  */
 public function accessToken()
 {
     LingotekOAuthRequestLogger::start($this);
     try {
         $this->verify('request');
         $options = array();
         $ttl = $this->getParam('xoauth_token_ttl', false);
         if ($ttl) {
             $options['token_ttl'] = $ttl;
         }
         $verifier = $this->getParam('oauth_verifier', false);
         if ($verifier) {
             $options['verifier'] = $verifier;
         }
         $store = OAuthStore::instance();
         $token = $store->exchangeConsumerRequestForAccessToken($this->getParam('oauth_token', true), $options);
         $result = 'oauth_token=' . $this->urlencode($token['token']) . '&oauth_token_secret=' . $this->urlencode($token['token_secret']);
         if (!empty($token['token_ttl'])) {
             $result .= '&xoauth_token_ttl=' . $this->urlencode($token['token_ttl']);
         }
         header('HTTP/1.1 200 OK');
         header('Content-Length: ' . strlen($result));
         header('Content-Type: application/x-www-form-urlencoded');
         echo $result;
     } catch (OAuthException2 $e) {
         header('HTTP/1.1 401 Access Denied');
         header('Content-Type: text/plain');
         echo "OAuth Verification Failed: " . $e->getMessage();
     }
     LingotekOAuthRequestLogger::flush();
     exit;
 }