public function generateaccesstoken() { if ($this->oauth_error) { return FALSE; } $access_token = md5(OAuthProvider::generateToken(20, FALSE)); $access_token_secret = md5(OAuthProvider::generateToken(20, FALSE)); $token = token::findbytoken($this->oauth->token); if (is_object($token)) { $token->changetoaccesstoken($access_token, $access_token_secret); return "access_token=" . $token->gettoken() . "&access_token_secret=" . $token->gettokensecret(); } $this->oauth_error = TRUE; return FALSE; }
public static function generateToken() { return sha1(OAuthProvider::generateToken(20)); }
/** * This function generates a verifier and returns it */ public function generateVerifier() { $verifier = sha1(OAuthProvider::generateToken(20, true)); return $verifier; }
/** * Short description for 'access_token' * * Long description (if any) ... * * @return unknown Return description (if any) ... */ private function access_token() { if (empty($this->_provider)) { $this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9'); $this->_response->setErrorMessage('oauth_problem=bad oauth provider', 501, 'Internal Server Error'); return; } JLoader::import('Hubzero.User.Password'); $xauth_request = false; $header = ''; if (isset($_SERVER['HTTP_AUTHORIZATION'])) { $header = $_SERVER['HTTP_AUTHORIZATION']; } // @FIXME: header check is inexact and could give false positives // @FIXME: pecl oauth provider doesn't handle x_auth in header // @FIXME: api application should convert xauth variables in // header to form/query data as workaround // @FIXME: this code is here for future use if/when pecl oauth // provider is fixed // if (isset($_GET['x_auth_mode']) || isset($_GET['x_auth_username']) || isset($_GET['x_auth_password']) || isset($_POST['x_auth_mode']) || isset($_POST['x_auth_username']) || isset($_POST['x_auth_password']) || strpos($header, 'x_auth_mode') !== false || strpos($header, 'x_auth_username') !== false || strpos($header, 'x_auth_mode') !== false) { $xauth_request = true; } if ($xauth_request) { if ($this->_provider->getConsumerData()->xauth == '0') { $this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9'); $this->_response->setErrorMessage('oauth_problem=permission_denied', 401, 'Unauthorized0'); return; } if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') { $this->_response->setErrorMessage('SSL Required', 403, 'Forbidden'); return; } if (isset($this->_provider->x_auth_mode)) { $x_auth_mode = $this->_provider->x_auth_mode; } else { if (isset($_POST['x_auth_mode'])) { $x_auth_mode = $_POST['x_auth_mode']; } else { if (isset($_GET['x_auth_mode'])) { $x_auth_mode = $_GET['x_auth_mode']; } else { $x_auth_mode = ''; } } } if (isset($this->_provider->x_auth_username)) { $x_auth_username = $this->_provider->x_auth_username; } else { if (isset($_POST['x_auth_username'])) { $x_auth_username = $_POST['x_auth_username']; } else { if (isset($_GET['x_auth_username'])) { $x_auth_username = $_GET['x_auth_username']; } else { $x_auth_username = ''; } } } if (isset($this->_provider->x_auth_password)) { $x_auth_password = $this->_provider->x_auth_password; } else { if (isset($_POST['x_auth_password'])) { $x_auth_password = $_POST['x_auth_password']; } else { if (isset($_GET['x_auth_password'])) { $x_auth_password = $_GET['x_auth_password']; } else { $x_auth_password = ''; } } } if ($x_auth_mode != 'client_auth') { $this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9'); $this->_response->setErrorMessage('oauth_problem=permission_denied', 400, 'Bad Request'); return; } $match = \Hubzero\User\Password::passwordMatches($x_auth_username, $x_auth_password, true); if (!$match) { $this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9'); $this->_response->setErrorMessage('oauth_problem=permission_denied', 401, 'Unauthorized'); return; } $useraccount = User::getInstance(JUserHelper::getUserId($x_auth_username)); $db = App::get('db'); $db->setQuery("SELECT token,token_secret FROM #__oauthp_tokens WHERE consumer_id=" . $db->Quote($this->_provider->getConsumerData()->id) . " AND user_id =" . $db->Quote($useraccount->get('id')) . " LIMIT 1;"); $result = $db->loadObject(); if ($result === false) { $this->_response->setErrorMessage(500, 'Internal Server Error'); return; } if (!is_object($result)) { if ($this->_provider->getConsumerData()->xauth_grant < 1) { $this->_response->setErrorMessage(501, 'Internal Server Error'); return; } $token = sha1(OAuthProvider::generateToken(20, false)); $token_secret = sha1(OAuthProvider::generateToken(20, false)); $db = App::get('db'); $db->setQuery("INSERT INTO #__oauthp_tokens (consumer_id,user_id,state,token,token_secret,callback_url) VALUE (" . $db->Quote($this->_provider->getConsumerData()->id) . "," . $db->Quote($useraccount->get('id')) . "," . "'1'," . $db->Quote($token) . "," . $db->Quote($token_secret) . "," . $db->Quote($this->_provider->getConsumerData()->callback_url) . ");"); if (!$db->query()) { $this->_response->setErrorMessage(502, 'Internal Server Error'); return; } if ($db->getAffectedRows() < 1) { $this->_response->setErrorMessage(503, 'Internal Server Error'); return; } $this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9'); $this->_response->setMessage("oauth_token=" . $token . "&oauth_token_secret=" . $token_secret, 200, "OK"); } else { $this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9'); $this->_response->setMessage("oauth_token=" . $result->token . "&oauth_token_secret=" . $result->token_secret, 200, "OK"); } return; } else { $this->_response->setErrorMessage(503, 'Internal Server Error'); return; // @FIXME: we don't support 3-legged auth yet // lookup request token to access token, give out access token // check verifier // check used flag $this->_response->setResponseProvides('application/x-www-form-urlencoded,text/html;q=0.9'); $this->_response->setMessage("oauth_token=" . $token . "&oauth_token_secret=" . $token_secret, 200, "OK"); return; } }
/** * Retrieves a token for use in registering this Known site with a hub. Tokens last for 10 minutes. * @return string */ function getRegistrationToken() { if (empty(site()->config->hub_settings)) { site()->config->hub_settings = []; } if (!empty(site()->config->hub_settings['registration_token'])) { if (!empty(site()->config->hub_settings['registration_token_expiry'])) { if (site()->config->hub_settings['registration_token_expiry'] > time() - 600) { return site()->config->hub_settings['registration_token']; } } } $token_generator = new \OAuthProvider([]); $token = $token_generator->generateToken(32); $config = site()->config; $config->hub_settings['registration_token'] = bin2hex($token); $config->hub_settings['registration_token_expiry'] = time(); $config->save(); site()->config = $config; return site()->config->hub_settings['registration_token']; }
/** * Wrapper around OAuthProvider::generateToken to add sha1 hashing at one place * @static * @param bool $sha1 * @return string */ public static function generateToken() { $token = OAuthProvider::generateToken(40, true); return sha1($token); }
/** * Create a new random token * * We pass through sha1() to return a 40 character token. * * @param string $type * The type of token to generate either: 'key', 'secret' */ public static function generateToken($type) { $token = OAuthProvider::generateToken(LTI_OAUTH_TOKEN_LENGTH); $args = array('post_type' => 'lti_consumer', 'meta_value' => sha1($token)); switch ($type) { case 'key': $args['meta_key'] = LTI_META_KEY_NAME; break; case 'secret': $args['meta_key'] = LTI_SECRET_KEY_NAME; break; } $posts = get_posts($args); // Loop until our token is unique for this meta value. while (!empty($posts)) { $token = OAuthProvider::generateToken(LTI_OAUTH_TOKEN_LENGTH); $args['meta_value'] = sha1($token); $posts = get_posts($args); } return sha1($token); }