/**
* Method to get the OAuth message string for signing.
*
* @return array The filtered params
*
* @since 1.0
*/
public function processVars()
{
// Get a JURI instance for the request URL.
$uri = new JURI($this->_app->get('uri.request'));
// Initialise params array.
$params = array();
// Iterate over the reserved parameters and look for them in the POST variables.
foreach (ROauth2ProtocolRequest::getReservedParameters() as $k) {
if ($this->_input->get->getString('oauth_' . $k, false)) {
$params['OAUTH_' . strtoupper($k)] = trim($this->_input->get->getString('oauth_' . $k));
}
}
// Make sure that any found oauth_signature is not included.
unset($params['signature']);
// Ensure the parameters are in order by key.
ksort($params);
return $params;
}
/**
* Parse the request POST variables for OAuth parameters.
*
* @return mixed Array of OAuth 2.0 parameters if found or boolean false otherwise.
*
* @since 1.0
*/
public function processVars()
{
// If we aren't handling a post request with urlencoded vars then there is nothing to do.
if (strtoupper($this->_input->getMethod()) != 'POST' || !strpos($this->_input->server->get('CONTENT_TYPE', ''), 'x-www-form-urlencoded')) {
return false;
}
// Initialise variables.
$parameters = array();
// Iterate over the reserved parameters and look for them in the POST variables.
foreach (ROauth2ProtocolRequest::getReservedParameters() as $k) {
if ($this->_input->post->getString('oauth_' . $k, false)) {
$parameters['OAUTH_' . strtoupper($k)] = trim($this->_input->post->getString('oauth_' . $k));
}
}
// If we didn't find anything return false.
if (empty($parameters)) {
return false;
}
return $parameters;
}
/**
* Parse an OAuth authorization header and set any found OAuth parameters.
*
* @param string $header Authorization header.
*
* @return mixed Array of OAuth 1.2 parameters if found or boolean false otherwise.
*
* @since 1.0
*/
public function processAuthorizationHeader($header)
{
// Initialise variables.
$parameters = array();
$server = $_SERVER;
$headers = array();
foreach ($server as $key => $value) {
if (0 === strpos($key, 'HTTP_')) {
$headers[substr($key, 5)] = $value;
} elseif (in_array($key, array('CONTENT_LENGTH', 'CONTENT_MD5', 'CONTENT_TYPE'))) {
$headers[strtolower($key)] = $value;
}
}
if (isset($server['PHP_AUTH_USER'])) {
$headers['PHP_AUTH_USER'] = $server['PHP_AUTH_USER'];
$headers['PHP_AUTH_PW'] = isset($server['PHP_AUTH_PW']) ? $server['PHP_AUTH_PW'] : '';
} else {
/*
* php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default
* For this workaround to work, add this line to your .htaccess file:
* RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
*
* A sample .htaccess file:
* RewriteEngine On
* RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
* RewriteCond %{REQUEST_FILENAME} !-f
* RewriteRule ^(.*)$ app.php [QSA,L]
*/
$authorizationHeader = null;
if (isset($server['HTTP_AUTHORIZATION'])) {
$authorizationHeader = $server['HTTP_AUTHORIZATION'];
} elseif (isset($server['REDIRECT_HTTP_AUTHORIZATION'])) {
$authorizationHeader = $server['REDIRECT_HTTP_AUTHORIZATION'];
} elseif (function_exists('apache_request_headers')) {
$requestHeaders = apache_request_headers();
// Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
$requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
if (isset($requestHeaders['Authorization'])) {
$authorizationHeader = trim($requestHeaders['Authorization']);
}
}
if (null !== $authorizationHeader) {
$headers['AUTHORIZATION'] = $authorizationHeader;
// Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
if (0 === stripos($authorizationHeader, 'basic')) {
$exploded = explode(':', base64_decode(substr($authorizationHeader, 6)));
if (count($exploded) == 2) {
list($headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']) = $exploded;
}
}
}
}
// PHP_AUTH_USER/PHP_AUTH_PW
if (isset($headers['PHP_AUTH_USER'])) {
$headers['AUTHORIZATION'] = 'Basic ' . base64_encode($headers['PHP_AUTH_USER'] . ':' . $headers['PHP_AUTH_PW']);
}
// PHP_USER/PHP_PW
if (isset($headers['PHP_USER']) && empty($headers['AUTHORIZATION'])) {
$headers['AUTHORIZATION'] = 'Basic ' . base64_encode($headers['PHP_USER'] . ':' . $headers['PHP_PW']);
}
// Iterate over the reserved parameters and look for them in the POST variables.
foreach (ROauth2ProtocolRequest::getReservedParameters() as $k) {
$name = 'HTTP_OAUTH_' . strtoupper($k);
if (isset($server[$name])) {
$headers[$name] = trim($server[$name]);
}
}
// If we didn't find anything return false.
if (empty($headers)) {
return false;
}
return $headers;
}
