public function sign(apiHttpRequest $request)
{
if ($this->developerKey) {
$request->setUrl($request->getUrl() . (strpos($request->getUrl(), '?') === false ? '?' : '&') . 'key=' . urlencode($this->developerKey));
}
return $request;
}
public function sign(apiHttpRequest $request)
{
global $apiConfig;
$sig = "";
if ($this->key) {
if ($this->secret) {
$sig = md5($this->key . $this->secret . (string) time());
}
$request->setUrl($request->getUrl() . (strpos($request->getUrl(), '?') === false ? '?' : '&') . $apiConfig['key_name'] . '=' . urlencode($this->key) . ($sig ? '&' . $apiConfig['signature_name'] . '=' . urlencode($sig) : ''));
/*
* Mod above - static "key" parameter name changed
* to global $apiConfig variable "key_name" add signature
* if secret exists.
*/
}
return $request;
}
/**
* Include an accessToken in a given apiHttpRequest.
* @param apiHttpRequest $request
* @return apiHttpRequest
* @throws apiAuthException
*/
public function sign(apiHttpRequest $request)
{
// add the developer key to the request before signing it
if ($this->developerKey) {
$requestUrl = $request->getUrl();
$requestUrl .= strpos($request->getUrl(), '?') === false ? '?' : '&';
$requestUrl .= 'key=' . urlencode($this->developerKey);
$request->setUrl($requestUrl);
}
// Cannot sign the request without an OAuth access token.
if (null == $this->accessToken) {
return $request;
}
// If the token is set to expire in the next 30 seconds (or has already
// expired), refresh it and set the new token.
$expired = $this->accessToken['created'] + ($this->accessToken['expires_in'] - 30) < time();
if ($expired) {
if (!array_key_exists('refresh_token', $this->accessToken)) {
throw new apiAuthException("The OAuth 2.0 access token has expired, " . "and a refresh token is not available. Refresh tokens are not " . "returned for responses that were auto-approved.");
}
$this->refreshToken($this->accessToken['refresh_token']);
}
// Add the OAuth2 header to the request
$request->setRequestHeaders(array('Authorization' => 'Bearer ' . $this->accessToken['access_token']));
return $request;
}
/**
* Sign the request using OAuth. This uses the consumer token and key
*
* @param string $method the method (get/put/delete/post)
* @param string $url the url to sign (http://site/social/rest/people/1/@me)
* @param array $params the params that should be appended to the url (count=20 fields=foo, etc)
* @param string $postBody for POST/PUT requests, the postBody is included in the signature
* @return string the signed url
*/
public function sign(apiHttpRequest $request)
{
// add the developer key to the request before signing it
if ($this->developerKey) {
$request->setUrl($request->getUrl() . (strpos($request->getUrl(), '?') === false ? '?' : '&') . 'key=' . urlencode($this->developerKey));
}
// and sign the request
$oauthRequest = apiClientOAuthRequest::from_request($request->getMethod(), $request->getBaseUrl(), $request->getQueryParams());
$params = $this->mergeParameters($request->getQueryParams());
foreach ($params as $key => $val) {
if (is_array($val)) {
$val = implode(',', $val);
}
$oauthRequest->set_parameter($key, $val);
}
$oauthRequest->sign_request($this->signatureMethod, $this->consumerToken, $this->accessToken);
$authHeaders = $oauthRequest->to_header();
$headers = $request->getHeaders();
$headers[] = $authHeaders;
$request->setHeaders($headers);
// and add the access token key to it (since it doesn't include the secret, it's still secure to store this in cache)
$request->accessKey = $this->accessToken->key;
return $request;
}
/**
* Sign the request using OAuth. This uses the consumer token and key
*
* @param string $method the method (get/put/delete/post)
* @param string $url the url to sign (http://site/social/rest/people/1/@me)
* @param array $params the params that should be appended to the url (count=20 fields=foo, etc)
* @param string $postBody for POST/PUT requests, the postBody is included in the signature
* @return string the signed url
*/
public function sign(apiHttpRequest $request)
{
// add the developer key to the request before signing it
if ($this->developerKey) {
$url = $request->getUrl();
$url .= (strpos($url, '?') === false ? '?' : '&') . 'key=' . urlencode($this->developerKey);
}
// and sign the request
$oauthRequest = OAuthRequest::from_request($request->getMethod(), $request->getBaseUrl(), $request->getQueryParams());
$params = $this->mergeParameters($request->getQueryParams());
foreach ($params as $key => $val) {
if (is_array($val)) {
$val = implode(',', $val);
}
$oauthRequest->set_parameter($key, $val);
}
$oauthRequest->sign_request($this->signatureMethod, $this->consumerToken, $this->accessToken);
$signedUrl = $oauthRequest->to_url();
// Set an originalUrl property that can be used to cache the resource
$request->originalUrl = $request->getUrl();
// and add the access token key to it (since it doesn't include the secret, it's still secure to store this in cache)
$request->accessKey = $this->accessToken->key;
$request->setUrl($signedUrl);
return $request;
}
public function sign(apiHttpRequest $request) {
// add the developer key to the request before signing it
if ($this->developerKey) {
$request->setUrl($request->getUrl() . ((strpos($request->getUrl(), '?') === false) ? '?' : '&') . 'key=' . urlencode($this->developerKey));
}
// Cannot sign the request without an OAuth access token.
if (null == $this->accessToken) {
return $request;
}
if (($this->accessToken['created'] + ($this->accessToken['expires_in'] - 30)) < time()) {
// if the token is set to expire in the next 30 seconds (or has already expired), refresh it and set the new token
//FIXME this is mostly a copy and paste mashup from the authenticate and setAccessToken functions, should generalize them into a function instead of this mess
$refreshRequest = $this->io->makeRequest(new apiHttpRequest(self::OAUTH2_TOKEN_URI, 'POST', array(), array(
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret,
'refresh_token' => $this->accessToken['refresh_token'],
'grant_type' => 'refresh_token'
)));
if ((int)$refreshRequest->getResponseHttpCode() == 200) {
$token = json_decode($refreshRequest->getResponseBody(), true);
if ($token == null) {
throw new apiAuthException("Could not json decode the access token");
}
if (! isset($token['access_token']) || ! isset($token['expires_in'])) {
throw new apiAuthException("Invalid token format");
}
$this->accessToken['access_token'] = $token['access_token'];
$this->accessToken['expires_in'] = $token['expires_in'];
$this->accessToken['created'] = time();
} else {
$response = $refreshRequest->getResponseBody();
$decodedResponse = json_decode($response, true);
if ($decodedResponse != $response && $decodedResponse != null && $decodedResponse['error']) {
$response = $decodedResponse['error'];
}
throw new apiAuthException("Error refreshing the OAuth2 token, message: '$response'", $refreshRequest->getResponseHttpCode());
}
}
// Add the OAuth2 header to the request
$headers = $request->getHeaders();
$headers[] = "Authorization: OAuth " . $this->accessToken['access_token'];
$request->setHeaders($headers);
return $request;
}
