public function flow() { if (isset($_GET['oauth_token'])) { $consumerKey = $_GET['oauth_consumer_key']; $consumerSecret = $_GET['oauth_consumer_secret']; $token = $_GET['oauth_token']; $tokenSecret = $_GET['oauth_token_secret']; $verifier = $_GET['oauth_verifier']; try { $consumer = getDb()->getCredential($token); $oauth = new OAuth($consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION); $oauth->setVersion('1.0a'); $oauth->setToken($token, $tokenSecret); $accessToken = $oauth->getAccessToken(sprintf('%s://%s/v1/oauth/token/access', $this->utility->getProtocol(false), $_SERVER['HTTP_HOST']), null, $verifier); $accessToken['oauth_consumer_key'] = $consumerKey; $accessToken['oauth_consumer_secret'] = $consumerSecret; setcookie('oauth', http_build_query($accessToken)); if (!isset($accessToken['oauth_token']) || !isset($accessToken['oauth_token_secret'])) { echo sprintf('Invalid response when getting an access token: %s', http_build_query($accessToken)); } else { echo sprintf('You exchanged a request token for an access token<br><a href="?reloaded=1">Reload to make an OAuth request</a>', $accessToken['oauth_token'], $accessToken['oauth_token_secret']); } } catch (OAuthException $e) { $message = OAuthProvider::reportProblem($e); getLogger()->info($message); OPException::raise(new OPAuthorizationOAuthException($message)); } } else { if (!isset($_GET['reloaded'])) { $callback = sprintf('%s://%s/v1/oauth/flow', $this->utility->getProtocol(false), $_SERVER['HTTP_HOST']); $name = isset($_GET['name']) ? $_GET['name'] : 'OAuth Test Flow'; echo sprintf('<a href="%s://%s/v1/oauth/authorize?oauth_callback=%s&name=%s">Create a new client id</a>', $this->utility->getProtocol(false), $_SERVER['HTTP_HOST'], urlencode($callback), urlencode($name)); } else { try { parse_str($_COOKIE['oauth']); $consumer = getDb()->getCredential($oauth_token); $oauth = new OAuth($oauth_consumer_key, $oauth_consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION); $oauth->setToken($oauth_token, $oauth_token_secret); $oauth->fetch(sprintf('http://%s/v1/oauth/test?oauth_consumer_key=%s', $_SERVER['HTTP_HOST'], $oauth_consumer_key)); $response_info = $oauth->getLastResponseInfo(); header("Content-Type: {$response_info["content_type"]}"); echo $oauth->getLastResponse(); } catch (OAuthException $e) { $message = OAuthProvider::reportProblem($e); getLogger()->info($message); OPException::raise(new OPAuthorizationOAuthException($message)); } } } }
/** * @see OAuthHanlder::GetSignedRequestParameters() */ public function GetSignedRequestParameters($credentials, $url, $method = NULL) { if (empty($method)) { $method = 'POST'; } $params = array(); $params['oauth_consumer_key'] = $credentials['oauth_consumer_key']; $params['oauth_token'] = $credentials['oauth_token']; $params['oauth_signature_method'] = 'HMAC-SHA1'; $params['oauth_timestamp'] = time(); $params['oauth_nonce'] = uniqid(); $params['oauth_version'] = '1.0a'; $oauth = new OAuth($credentials['oauth_consumer_key'], $credentials['oauth_consumer_secret'], OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION); $oauth->setRequestEngine(OAUTH_REQENGINE_CURL); $oauth->setVersion('1.0a'); $oauth->setToken($credentials['oauth_token'], $credentials['oauth_token_secret']); $oauth->setTimestamp($params['oauth_timestamp']); $oauth->setNonce($params['oauth_nonce']); $oauth->setVersion($params['oauth_version']); $signature = $oauth->generateSignature(self::$OAUTH_METHOD_ENUMS[$method], $url); $params['oauth_signature'] = $signature; return $params; }
/** * Constructs a new OAuth client object. * @param array $credentials the credentials to use * @param string $authorizationType the authorization type to use * @return OAuth a new OAuth client */ private function GetClient($credentials, $authorizationType = NULL) { $client = new OAuth($credentials['oauth_consumer_key'], $credentials['oauth_consumer_secret'], OAUTH_SIG_METHOD_HMACSHA1, $authorizationType); $client->setRequestEngine(OAUTH_REQENGINE_CURL); $client->setVersion('1.0a'); if (isset($credentials['oauth_token']) && isset($credentials['oauth_token_secret'])) { $client->setToken($credentials['oauth_token'], $credentials['oauth_token_secret']); } // SSL settings. if (defined('SSL_VERIFY_PEER') && SSL_VERIFY_PEER) { $client->setSSLChecks(OAUTH_SSLCHECK_PEER); } else { $client->setSSLChecks(OAUTH_SSLCHECK_NONE); } if (defined('SSL_VERIFY_HOST') && SSL_VERIFY_HOST) { if ($client->sslChecks == OAUTH_SSLCHECK_PEER) { $client->setSSLChecks(OAUTH_SSLCHECK_BOTH); } else { $client->setSSLChecks(OAUTH_SSLCHECK_HOST); } } if (defined('SSL_CA_PATH') && SSL_CA_PATH != '') { // The second parameter must be explicitly set to NULL due to a bug in // version 1.2.2 and earlier. See https://bugs.php.net/bug.php?id=60226 $client->setCAPath(SSL_CA_PATH, NULL); } if (defined('SSL_CA_FILE') && SSL_CA_FILE != '') { $client->setCAPath(NULL, SSL_CA_FILE); } return $client; }