function verify_token()
{
if (!isset($_REQUEST['nonce']) || !wp_verify_nonce($_REQUEST['nonce'], 'keyring-verify-' . $this->get_name())) {
Keyring::error(__('Invalid/missing verification nonce.', 'keyring'));
exit;
}
// Load up the request token that got us here and globalize it
if ($_REQUEST['state']) {
global $keyring_request_token;
$state = (int) $_REQUEST['state'];
$keyring_request_token = $this->store->get_token(array('id' => $state, 'type' => 'request'));
Keyring_Util::debug('xAuth/Instapaper Loaded Request Token ' . $_REQUEST['state']);
Keyring_Util::debug($keyring_request_token);
// Remove request token, don't need it any more.
$this->store->delete(array('id' => $state, 'type' => 'request'));
}
if (!strlen($_POST['username'])) {
$url = Keyring_Util::admin_url($this->get_name(), array('action' => 'request', 'error' => 'empty', 'kr_nonce' => wp_create_nonce('keyring-request')));
Keyring_Util::debug($url);
wp_safe_redirect($url);
exit;
}
$body = array('x_auth_mode' => 'client_auth', 'x_auth_password' => $_POST['password'], 'x_auth_username' => $_POST['username']);
ksort($body);
$this->set_token(new Keyring_Access_Token($this->get_name(), null, array()));
$res = $this->request($this->access_token_url, array('method' => $this->access_token_method, 'raw_response' => true, 'body' => $body));
Keyring_Util::debug('OAuth1 Access Token Response');
Keyring_Util::debug($res);
// We will get a 401 if they entered an incorrect user/pass combo. ::request
// will then return a Keyring_Error
if (Keyring_Util::is_error($res)) {
$url = Keyring_Util::admin_url($this->get_name(), array('action' => 'request', 'error' => '401', 'kr_nonce' => wp_create_nonce('keyring-request')));
Keyring_Util::debug($url);
wp_safe_redirect($url);
exit;
}
parse_str($res, $token);
$meta = array_merge(array('username' => $_POST['username']), $this->build_token_meta($token));
$access_token = new Keyring_Access_Token($this->get_name(), new OAuthToken($token['oauth_token'], $token['oauth_token_secret']), $meta);
$access_token = apply_filters('keyring_access_token', $access_token);
// If we didn't get a 401, then we'll assume it's OK
$id = $this->store_token($access_token);
$this->verified($id, $keyring_request_token);
}
function request($url, array $params = array())
{
Keyring_Util::debug($url);
if ($this->requires_token() && empty($this->token)) {
return new Keyring_Error('keyring-request-error', __('No token'));
}
$token = $this->token ? $this->token : null;
if (!is_null($token)) {
if ($this->authorization_header) {
// type can be OAuth, Bearer, ...
$params['headers']['Authorization'] = $this->authorization_header . ' ' . (string) $token;
} else {
$url = add_query_arg(array($this->authorization_parameter => urlencode((string) $token)), $url);
}
}
$raw_response = false;
if (isset($params['raw_response'])) {
$raw_response = (bool) $params['raw_response'];
unset($params['raw_response']);
}
$method = 'GET';
if (isset($params['method'])) {
$method = strtoupper($params['method']);
unset($params['method']);
}
Keyring_Util::debug('OAuth2 Params');
Keyring_Util::debug($params);
switch (strtoupper($method)) {
case 'GET':
$res = wp_remote_get($url, $params);
break;
case 'POST':
$params = array_merge(array('sslverify' => false), $params);
$res = wp_remote_post($url, $params);
break;
default:
$params = array_merge(array('method' => $method, 'sslverify' => false), $params);
$res = wp_remote_request($url, $params);
break;
}
Keyring_Util::debug('OAuth2 Response');
Keyring_Util::debug($res);
$this->set_request_response_code(wp_remote_retrieve_response_code($res));
if (in_array(wp_remote_retrieve_response_code($res), array(200, 201, 202))) {
if ($raw_response) {
return wp_remote_retrieve_body($res);
} else {
return $this->parse_response(wp_remote_retrieve_body($res));
}
} else {
return new Keyring_Error('keyring-request-error', $res);
}
}
function verified($id, $request_token = null)
{
$c = get_called_class();
// If something else needs to be done, do it
do_action('keyring_connection_verified', $c::NAME, $id, $request_token);
// Back to Keyring admin, with ?service=SERVICE&created=UNIQUE_ID&kr_nonce=NONCE
$kr_nonce = wp_create_nonce('keyring-created');
$url = apply_filters('keyring_verified_redirect', Keyring_Util::admin_url($c::NAME, array('action' => 'created', 'id' => $id, 'kr_nonce' => $kr_nonce)), $c::NAME);
Keyring_Util::debug('Verified connection, redirect to ' . $url);
wp_safe_redirect($url);
exit;
}
static function connect_to($service, $for)
{
Keyring_Util::debug('Connect to: ' . $service);
// Redirect into Keyring's auth handler if a valid service is provided
$kr_nonce = wp_create_nonce('keyring-request');
$request_nonce = wp_create_nonce('keyring-request-' . $service);
wp_safe_redirect(Keyring_Util::admin_url($service, array('action' => 'request', 'kr_nonce' => $kr_nonce, 'nonce' => $request_nonce, 'for' => $for)));
exit;
}
function request($url, array $params = array())
{
if ($this->requires_token() && empty($this->token)) {
return new Keyring_Error('keyring-request-error', __('No token', 'keyring'));
}
$raw_response = false;
if (isset($params['raw_response'])) {
$raw_response = (bool) $params['raw_response'];
unset($params['raw_response']);
}
$method = 'GET';
if (isset($params['method'])) {
$method = strtoupper($params['method']);
unset($params['method']);
}
$sign_parameters = true;
if (isset($params['sign_parameters'])) {
$sign_parameters = (bool) $params['sign_parameters'];
unset($params['sign_parameters']);
}
// Should be an OAuthToken object
$token = $this->token->token ? $this->token->token : null;
Keyring_Util::debug($token);
$sign_vars = false;
if (isset($params['body']) && $sign_parameters) {
if (is_string($params['body'])) {
wp_parse_str($params['body'], $sign_vars);
} else {
if (is_array($params['body'])) {
$sign_vars = $params['body'];
}
}
}
$req = $this->prepare_request($token, $method, $url, $sign_vars);
$request_url = (string) $req;
if ($this->token && $this->authorization_header) {
$header = $req->to_header($this->authorization_realm);
// Gives a complete header string, not just the second half
$bits = explode(': ', $header, 2);
$params['headers']['Authorization'] = $bits[1];
// This hack was introduced for Instapaper (http://stackoverflow.com/a/9645033/1507683), which is overly strict on
// header formatting, but it doesn't seem to cause problems anywhere else.
$params['headers']['Authorization'] = str_replace('",', '", ', $params['headers']['Authorization']);
Keyring_Util::debug('OAuth1 Authorization Header');
Keyring_Util::debug($params['headers']['Authorization']);
// oauth_verifier was probably added directly to the URL, need to manually remove it
$request_url = remove_query_arg('oauth_verifier', $url);
}
$query = '';
$parsed = parse_url($request_url);
if (!empty($parsed['query']) && 'POST' == $method) {
$request_url = str_replace('?' . $parsed['query'], '', $request_url);
$query = $parsed['query'];
}
Keyring_Util::debug("OAuth1 Request URL: {$request_url}");
switch ($method) {
case 'GET':
Keyring_Util::debug('OAuth1 GET ' . $request_url);
$res = wp_remote_get($request_url, $params);
break;
case 'POST':
$params = array_merge(array('body' => $query, 'sslverify' => false), $params);
Keyring_Util::debug('OAuth1 POST ' . $request_url);
Keyring_Util::debug($params);
$res = wp_remote_post($request_url, $params);
break;
case 'PUT':
$params = array_merge(array('method' => 'PUT'), $params);
$res = wp_remote_request($request_url, $params);
break;
default:
Keyring::error(__('Unsupported method specified.', 'keyring'));
exit;
}
Keyring_Util::debug($res);
$this->set_request_response_code(wp_remote_retrieve_response_code($res));
if (200 == wp_remote_retrieve_response_code($res) || 201 == wp_remote_retrieve_response_code($res)) {
if ($raw_response) {
return wp_remote_retrieve_body($res);
} else {
return $this->parse_response(wp_remote_retrieve_body($res));
}
} else {
return new Keyring_Error('keyring-request-error', $res);
}
}
function request($url, array $params = array())
{
if ($this->requires_token() && empty($this->token)) {
return new Keyring_Error('keyring-request-error', __('No token'));
}
if ($this->requires_token()) {
$params['headers'] = array('Authorization' => 'Basic ' . $this->token);
}
$method = 'GET';
if (isset($params['method'])) {
$method = strtoupper($params['method']);
unset($params['method']);
}
$raw_response = false;
if (isset($params['raw_response'])) {
$raw_response = (bool) $params['raw_response'];
unset($params['raw_response']);
}
Keyring_Util::debug("HTTP Basic {$method} {$url}");
Keyring_Util::debug($params);
switch (strtoupper($method)) {
case 'GET':
$res = wp_remote_get($url, $params);
break;
case 'POST':
$res = wp_remote_post($url, $params);
break;
default:
Keyring::error(__('Unsupported method specified for verify_token.', 'keyring'));
exit;
}
Keyring_Util::debug($res);
$this->set_request_response_code(wp_remote_retrieve_response_code($res));
if (200 == wp_remote_retrieve_response_code($res) || 201 == wp_remote_retrieve_response_code($res)) {
if ($raw_response) {
return wp_remote_retrieve_body($res);
} else {
return $this->parse_response(wp_remote_retrieve_body($res));
}
} else {
return new Keyring_Error('keyring-request-error', $res);
}
}
