/**
* Request a request token from the site belonging to consumer_key
*
* @param string consumer_key
* @param int usr_id
* @exception OAuthException when no key could be fetched
* @exception OAuthException when no server with consumer_key registered
* @return array (authorize_uri, token)
*/
static function requestRequestToken($consumer_key, $usr_id)
{
OAuthRequestLogger::start();
$store = OAuthStore::instance();
$r = $store->getServer($consumer_key);
$uri = $r['request_token_uri'];
$oauth = new OAuthRequester($uri, 'POST');
$oauth->sign($usr_id, $r);
$text = $oauth->curl_raw();
if (empty($text)) {
throw new OAuthException('No answer from the server "' . $uri . '" while requesting a request token');
}
$data = $oauth->curl_parse($text);
if ($data['code'] != 200) {
throw new OAuthException('Unexpected result from the server "' . $uri . '" (' . $data['code'] . ') while requesting a request token');
}
$token = array();
$params = explode('&', $data['body']);
foreach ($params as $p) {
@(list($name, $value) = explode('=', $p, 2));
$token[$name] = $oauth->urldecode($value);
}
if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret'])) {
$store->addServerToken($consumer_key, 'request', $token['oauth_token'], $token['oauth_token_secret'], $usr_id);
} else {
throw new OAuthException('The server "' . $uri . '" did not return the oauth_token or the oauth_token_secret');
}
OAuthRequestLogger::flush();
// Now we can direct a browser to the authorize_uri
return array('authorize_uri' => $r['authorize_uri'], 'token' => $token['oauth_token']);
}
/**
* Given a URL return an OAuth signed URL. This will handle creating a timestamp and nonce
*
* @param string $url the unsigned url
* @param string $method request method GET, POST, PUT, DELETE
* @param string $key oauth key
* @param string $secret oauth secret
* @param array $params querystring or post parameters
* @param string $body the body contents of the request
* @param string $signature_method method used for signature (default = 'HMAC_SHA1')
*/
public static function SignUrl($url, $method, $key, $secret, $params = null, $body = null, $signature_method = 'HMAC_SHA1')
{
$options = array('consumer_key' => $key, 'consumer_secret' => $secret);
$params = $params ? $params : array();
OAuthStore::instance("2Leg", $options);
// Obtain a request object for the request we want to make
$request = new OAuthRequester($url, $method, $params, $body);
$sig = $request->sign($key, null, '');
$data = $request->signatureBaseString();
$url = substr(urldecode($data . '&oauth_signature=' . $request->calculateDataSignature($data, $secret, '', $signature_method)), strlen($method) + 1);
$url = VerySimpleStringUtil::ReplaceFirst('&', '?', $url);
return $url;
}
/**
* Request an access token from the site belonging to consumer_key.
* Before this we got an request token, now we want to exchange it for
* an access token.
*
* @param string consumer_key
* @param string token
* @param int usr_id user requesting the access token
* @param string method (optional) change the method of the request, defaults to POST (as it should be)
* @exception OAuthException when no key could be fetched
* @exception OAuthException when no server with consumer_key registered
*/
static function requestAccessToken($consumer_key, $token, $usr_id, $method = 'POST')
{
//OAuthRequestLogger::start();
$store = OAuthStore::instance('Google');
$r = $store->getServerTokenSecrets($consumer_key, $token, 'request', $usr_id);
$uri = $r['access_token_uri'];
// Delete the server request token, this one was for one use only
$store->deleteServerToken($consumer_key, $r['token'], 0, true);
// Try to exchange our request token for an access token
$oauth = new OAuthRequester($uri, $method);
//OAuthRequestLogger::setRequestObject($oauth);
$oauth->sign($usr_id, $r);
$text = $oauth->curl_raw();
if (empty($text)) {
throw new OAuthException('No answer from the server "' . $uri . '" while requesting a request token');
}
$data = $oauth->curl_parse($text);
if ($data['code'] != 200) {
throw new OAuthException('Unexpected result from the server "' . $uri . '" (' . $data['code'] . ') while requesting a request token');
}
$token = array();
$params = explode('&', $data['body']);
foreach ($params as $p) {
@(list($name, $value) = explode('=', $p, 2));
$token[$oauth->urldecode($name)] = $oauth->urldecode($value);
}
if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret'])) {
$store->addServerToken($consumer_key, 'access', $token['oauth_token'], $token['oauth_token_secret'], $usr_id);
} else {
throw new OAuthException('The server "' . $uri . '" did not return the oauth_token or the oauth_token_secret');
}
//OAuthRequestLogger::flush();
}
/**
* Request a request token from the site belonging to consumer_key
*
* @param string consumer_key
* @param int usr_id
* @param array params (optional) extra arguments for when requesting the request token
* @param string method (optional) change the method of the request, defaults to POST (as it should be)
* @param array options (optional) options like name and token_ttl
* @param array curl_options optional extra options for curl request
* @exception OAuthException2 when no key could be fetched
* @exception OAuthException2 when no server with consumer_key registered
* @return array (authorize_uri, token)
*/
static function requestRequestToken($consumer_key, $usr_id, $params = null, $method = 'POST', $options = array(), $curl_options = array(), $oauth_as_header = true)
{
OAuthRequestLogger::start();
if (isset($options['token_ttl']) && is_numeric($options['token_ttl'])) {
$params['xoauth_token_ttl'] = intval($options['token_ttl']);
}
$store = OAuthStore::instance();
$r = $store->getServer($consumer_key, $usr_id);
$uri = $r['request_token_uri'];
$oauth = new OAuthRequester($uri, $method, $params);
$oauth->setOAuthAsHeaders($oauth_as_header);
$oauth->sign($usr_id, $r, '', 'requestToken');
$text = $oauth->curl_raw($curl_options);
if (empty($text)) {
throw new OAuthException2('No answer from the server "' . $uri . '" while requesting a request token');
}
$data = $oauth->curl_parse($text);
if ($data['code'] != 200 && $data['code'] != 201) {
throw new OAuthException2('Unexpected result from the server "' . $uri . '" (' . $data['code'] . ') while requesting a request token');
}
$token = array();
$params = explode('&', $data['body']);
foreach ($params as $p) {
@(list($name, $value) = explode('=', $p, 2));
$token[$name] = $oauth->urldecode($value);
}
if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret'])) {
$opts = array();
if (isset($options['name'])) {
$opts['name'] = $options['name'];
}
if (isset($token['xoauth_token_ttl'])) {
$opts['token_ttl'] = $token['xoauth_token_ttl'];
}
$store->addServerToken($consumer_key, 'request', $token['oauth_token'], $token['oauth_token_secret'], $usr_id, $opts);
} else {
throw new OAuthException2('The server "' . $uri . '" did not return the oauth_token or the oauth_token_secret');
}
OAuthRequestLogger::flush();
// Now we can direct a browser to the authorize_uri
return array('authorize_uri' => $r['authorize_uri'], 'token' => $token['oauth_token']);
}
function request_and_verify_request_token()
{
// If there exists any active session, destroy it for simplicity's sake.
$this->log_out();
// create a temp user and make a cookie for his record
$this->user_id = create_temp_user();
setcookie(COOKIE_NAME, get_session_id_from_user_id($this->user_id));
// At this point, we shouldn't have anything in the DB with a record of this transaction.
// Set up the required parameters to recognize an OAuth provider -- known in this OAuthPHP lib as
// a record in the oauth_consumer_registry table.
$server = array('consumer_key' => CONSUMER_KEY, 'consumer_secret' => CONSUMER_SECRET, 'server_uri' => ROOT_TYPEPAD_API_URL, 'signature_methods' => array('PLAINTEXT'), 'request_token_uri' => $this->get_api_endpoint(TP_OAUTH_REQUEST_TOKEN_URL), 'authorize_uri' => $this->get_api_endpoint(TP_OAUTH_AUTH_URL), 'access_token_uri' => $this->get_api_endpoint(TP_OAUTH_ACCESS_TOKEN_URL));
// See which known services exist for this user
$servers = $this->store->listServers('', $this->user_id);
// Refresh the known OAuth providers for this user by deleting them if they already exist...
foreach ($servers as $server_item) {
if ($server_item['consumer_key'] == CONSUMER_KEY && $server_item['user_id'] == $this->user_id) {
// debug ("User_id = " . $this->user_id);
$this->store->deleteServer(CONSUMER_KEY, $this->user_id);
}
}
// otherwise, create a new record of this OAuth provider.
$consumer_key = $this->store->updateServer($server, $this->user_id);
/*
* These methods from this OAuth PHP lib don't create the right type of GET request...
$options = array();
$options[CURLOPT_HTTPHEADER] = $server;
$token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id); //, '', 'GET', $options);
$token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id, '', 'GET');
*/
$r = $this->store->getServer(CONSUMER_KEY, $this->user_id);
// This creates a generic Request object, so we'll have to fill in the rest...
$oauth = new OAuthRequester($this->get_api_endpoint(TP_OAUTH_REQUEST_TOKEN_URL), '', '');
$oauth->setParam('oauth_callback', CALLBACK_URL);
// ..and this adds more parameters, like the timestamp, nonce, version, signature method, etc
$oauth->sign($this->user_id, $r);
// Begin to build the URL string with the request token endpoint
$final_url = $this->get_api_endpoint(TP_OAUTH_REQUEST_TOKEN_URL) . "?";
$parameters = array('timestamp', 'callback', 'nonce', 'consumer_key', 'version', 'signature_method', 'signature');
foreach ($parameters as $parm) {
$final_url .= 'oauth_' . $parm . '=' . $oauth->getParam('oauth_' . $parm) . '&';
}
/* Now execute the long query that may look something like this:
https://www.typepad.com/secure/services/oauth/request_token ?
oauth_signature=n3lQROBcPnBZvEgplUzHcgkUCrA%3D &
oauth_timestamp=1269811986 &
oauth_callback=http%3A%2F%2F127.0.0.1%3A5000%2Flogin-callback &
oauth_nonce=853433351 &
oauth_consumer_key=c5139cef2985b86d &
oauth_version=1.0 &
oauth_signature_method=HMAC-SHA1
*/
// debug ("Final Url = $final_url");
// and go ahead and execute the request.
$handle = fopen($final_url, "rb");
$doc = stream_get_contents($handle);
$response_array = explode("&", $doc);
// debug ("Response from request = ^" . var_dump($response_array));
// TODO: Verbose error handling
// Store the results!
$response = array();
foreach ($response_array as $response_str) {
$pair = explode("=", $response_str);
$response[$pair[0]] = $pair[1];
}
// Instead of storing the Request token as a cookie, write it to the db.
$this->store->addServerToken(CONSUMER_KEY, 'request', $response['oauth_token'], $response['oauth_token_secret'], $this->user_id, '');
// var_dump($oauth);
// debug ("After creating a simple request token, store obj = ^ ");
$this->oauth_token = $response['oauth_token'];
}
if ($_GET['login']) {
/*
* Initial login handler (accessed by specifying login=1). Unlike most OAuth
* APIs, the KA API skips the "authorize" step, and instead guides the user
* through the login process directly from /api/auth/request_token . That
* endpoint redirects to a login page, which redirects back to a
* loginCallback of our choosing. Since this is a different flow from what
* the OAuth library expects, we need to have oauth-php sign the request
* without submitting it (since it's expecting to directly get a token
* back), then redirect the user to the resulting URL.
*/
$requestTokenParams = array('oauth_callback' => $loginCallback);
$userId = 0;
$server = $store->getServer($consumerKey, $userId);
$request = new OAuthRequester($requestTokenUrl, 'GET', $requestTokenParams);
$request->sign($userId, $server, '', 'requestToken');
$queryParams = $request->getQueryString(false);
header('Location: ' . $requestTokenUrl . '?' . $queryParams);
} elseif ($_GET['oauth_token']) {
/*
* Login callback. After the user logs in, they are redirected back to this
* page with the oauth_token field specified. We then can use that token (as
* well as some other request params) to get an access token to use
*
* Once the access token is obtained, we immediately redirect to the main
* logged-in page to allow the user to make requests.
*/
$oauthToken = $_GET['oauth_token'];
$oauthTokenSecret = $_GET['oauth_token_secret'];
$store->addServerToken($consumerKey, 'request', $oauthToken, $oauthTokenSecret, 0);
$accessTokenParams = array('oauth_verifier' => $_GET['oauth_verifier'], 'oauth_callback' => $loginCallback);
$consumer_key = $store->updateServer($server, $user_id);
/*
* These don't create the right type of GET request.
$options = array();
$options[CURLOPT_HTTPHEADER] = $server;
$token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id); //, '', 'GET', $options);
$token = OAuthRequester::requestRequestToken(CONSUMER_KEY, $user_id, '', 'GET');
*/
$r = $store->getServer(CONSUMER_KEY, $user_id);
// This creates a generic Request object.
$oauth = new OAuthRequester($endpoint_strs['oauth-request-token-endpoint'], '', '');
// $oauth->setParam('oauth_callback', 'http://127.0.0.1/claire/oauth/beta.php');
$oauth->setParam('oauth_callback', CALLBACK_URL);
// ..and this adds more parameters, like the timestamp, nonce, version, signature method, etc
$oauth->sign($user_id, $r);
// $final_url = "https://www.typepad.com/secure/services/oauth/request_token?";
$final_url = $endpoint_strs['oauth-request-token-endpoint'] . "?";
$parameters = array('timestamp', 'callback', 'nonce', 'consumer_key', 'version', 'signature_method', 'signature');
foreach ($parameters as $parm) {
$final_url .= 'oauth_' . $parm . '=' . $oauth->getParam('oauth_' . $parm) . '&';
}
/* Now execute the long query that may look something like this:
https://www.typepad.com/secure/services/oauth/request_token ?
oauth_signature=n3lQROBcPnBZvEgplUzHcgkUCrA%3D &
oauth_timestamp=1269811986 &
oauth_callback=http%3A%2F%2F127.0.0.1%3A5000%2Flogin-callback &
oauth_nonce=853433351 &
oauth_consumer_key=c5139cef2985b86d &
oauth_version=1.0 &
