예제 #1
0
 /**
  * Method to get the OAuth message string for signing.
  *
  * @return  array  The filtered params
  *
  * @since   1.0
  */
 public function processVars()
 {
     // Get a JURI instance for the request URL.
     $uri = new JURI($this->_app->get('uri.request'));
     // Initialise params array.
     $params = array();
     // Iterate over the reserved parameters and look for them in the POST variables.
     foreach (MOauth2ProtocolRequest::getReservedParameters() as $k) {
         if ($this->_input->get->getString('oauth_' . $k, false)) {
             $params['OAUTH_' . strtoupper($k)] = trim($this->_input->get->getString('oauth_' . $k));
         }
     }
     // Make sure that any found oauth_signature is not included.
     unset($params['signature']);
     // Ensure the parameters are in order by key.
     ksort($params);
     return $params;
 }
예제 #2
0
 /**
  * Parse the request POST variables for OAuth parameters.
  *
  * @return  mixed  Array of OAuth 2.0 parameters if found or boolean false otherwise.
  *
  * @since   1.0
  */
 public function processVars()
 {
     // If we aren't handling a post request with urlencoded vars then there is nothing to do.
     if (strtoupper($this->_input->getMethod()) != 'POST' || !strpos($this->_input->server->get('CONTENT_TYPE', ''), 'x-www-form-urlencoded')) {
         return false;
     }
     // Initialise variables.
     $parameters = array();
     // Iterate over the reserved parameters and look for them in the POST variables.
     foreach (MOauth2ProtocolRequest::getReservedParameters() as $k) {
         if ($this->_input->post->getString('oauth_' . $k, false)) {
             $parameters['OAUTH_' . strtoupper($k)] = trim($this->_input->post->getString('oauth_' . $k));
         }
     }
     // If we didn't find anything return false.
     if (empty($parameters)) {
         return false;
     }
     return $parameters;
 }
예제 #3
0
 /**
  * Parse an OAuth authorization header and set any found OAuth parameters.
  *
  * @param   string  $header  Authorization header.
  *
  * @return  mixed  Array of OAuth 1.2 parameters if found or boolean false otherwise.
  *
  * @since   1.0
  */
 public function processAuthorizationHeader($header)
 {
     // Initialise variables.
     $parameters = array();
     $server = $_SERVER;
     $headers = array();
     foreach ($server as $key => $value) {
         if (0 === strpos($key, 'HTTP_')) {
             $headers[substr($key, 5)] = $value;
         } elseif (in_array($key, array('CONTENT_LENGTH', 'CONTENT_MD5', 'CONTENT_TYPE'))) {
             $headers[strtolower($key)] = $value;
         }
     }
     if (isset($server['PHP_AUTH_USER'])) {
         $headers['PHP_AUTH_USER'] = $server['PHP_AUTH_USER'];
         $headers['PHP_AUTH_PW'] = isset($server['PHP_AUTH_PW']) ? $server['PHP_AUTH_PW'] : '';
     } else {
         /*
          * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default
          * For this workaround to work, add this line to your .htaccess file:
          * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
          *
          * A sample .htaccess file:
          * RewriteEngine On
          * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
          * RewriteCond %{REQUEST_FILENAME} !-f
          * RewriteRule ^(.*)$ app.php [QSA,L]
          */
         $authorizationHeader = null;
         if (isset($server['HTTP_AUTHORIZATION'])) {
             $authorizationHeader = $server['HTTP_AUTHORIZATION'];
         } elseif (isset($server['REDIRECT_HTTP_AUTHORIZATION'])) {
             $authorizationHeader = $server['REDIRECT_HTTP_AUTHORIZATION'];
         } elseif (function_exists('apache_request_headers')) {
             $requestHeaders = apache_request_headers();
             // Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
             $requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
             if (isset($requestHeaders['Authorization'])) {
                 $authorizationHeader = trim($requestHeaders['Authorization']);
             }
         }
         if (null !== $authorizationHeader) {
             $headers['AUTHORIZATION'] = $authorizationHeader;
             // Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
             if (0 === stripos($authorizationHeader, 'basic')) {
                 $exploded = explode(':', base64_decode(substr($authorizationHeader, 6)));
                 if (count($exploded) == 2) {
                     list($headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']) = $exploded;
                 }
             }
         }
     }
     // PHP_AUTH_USER/PHP_AUTH_PW
     if (isset($headers['PHP_AUTH_USER'])) {
         $headers['AUTHORIZATION'] = 'Basic ' . base64_encode($headers['PHP_AUTH_USER'] . ':' . $headers['PHP_AUTH_PW']);
     }
     // PHP_USER/PHP_PW
     if (isset($headers['PHP_USER']) && empty($headers['AUTHORIZATION'])) {
         $headers['AUTHORIZATION'] = 'Basic ' . base64_encode($headers['PHP_USER'] . ':' . $headers['PHP_PW']);
     }
     // Iterate over the reserved parameters and look for them in the POST variables.
     foreach (MOauth2ProtocolRequest::getReservedParameters() as $k) {
         $name = 'HTTP_OAUTH_' . strtoupper($k);
         if (isset($server[$name])) {
             $headers[$name] = trim($server[$name]);
         }
     }
     // If we didn't find anything return false.
     if (empty($headers)) {
         return false;
     }
     return $headers;
 }