global $CONFIG; /* $cid = get_input('oauth_consumer_key'); $tid = get_input('oauth_token'); $consumEnt = oauth_lookup_consumer_entity($cid); print 'Consumer: ' . $cid; print_r($consumEnt); print_r(oauth_consumer_from_entity($consumEnt)); $tokEnt = oauth_lookup_token_entity($consumEnt, 'request', $tid); print 'Token: ' . $tid; print_r($tokEnt); print_r(oauth_token_from_entity($tokEnt)); */ try { $server = oauth_get_server(); $req = OAuthRequest::from_request(null, null, oauth_get_params()); $token = $server->fetch_access_token($req); // save the nonce $consumerKey = $req->get_parameter('oauth_consumer_key'); $tokenKey = $req->get_parameter('oauth_token'); $nonce = $req->get_parameter('oauth_nonce'); // save our nonce for later checking oauth_save_nonce($consumerKey, $nonce, $tokenKey); echo $token; } catch (OAuthException $e) { header('', true, 401); // return HTTP 401: Not Authorized echo $e->getMessage() . "\n<hr />\n"; die; }
function oauth_pam_handler($credentials = NULL) { global $CONFIG; try { $server = oauth_get_server(); if ($server->this_request_validated) { return true; } // check to see if the request is a valid OAuth request //print_r(oauth_get_params()); $req = OAuthRequest::from_request(null, null, oauth_get_params()); //print $req->get_signature_base_string(); $ct = $server->verify_request($req); // returns a pair of consumer/token $consumer = $ct[0]; $token = $ct[1]; $nonce = $req->get_parameter('oauth_nonce'); // save our nonce for later checking oauth_save_nonce($consumer->key, $nonce, $token->key); } catch (OAuthException $e) { // there was an OAuth exception //print 'OAuth Exception: '; //print_r($e); //die(); return false; } // look up a valid access token $tokEnt = oauth_lookup_token_entity($token->key, 'access', $consumer); if (!$tokEnt) { // no token found, bail //print 'No Token'; return false; } // get the user associated with this token $user = $tokEnt->getOwnerEntity(); // couldn't get the user if (!$user) { //print 'No user'; return false; } // not an actual user if (!$user instanceof ElggUser) { //print 'Not a real user'; return false; } // try logging in the user object here if (!login($user)) { // couldn't log in //print 'Could not log in'; return false; } // if we've made it this far, then we've managed to log the // user in with a valid OAuth credential set // save the fact that we've validated this request already $server->this_request_validated = true; // tell the PAM system that it worked return true; }