function omb_oauth_server()
{
static $server = null;
if (!$server) {
$server = new OAuthServer(omb_oauth_datastore());
$server->add_signature_method(omb_hmac_sha1());
}
return $server;
}
/**
* Class handler
*
* @param array $args query arguments
*
* @return nothing
*
**/
function handle($args)
{
parent::handle($args);
try {
$srv = new OMB_Service_Provider(null, omb_oauth_datastore(), omb_oauth_server());
$srv->writeAccessToken();
} catch (Exception $e) {
$this->serverError($e->getMessage());
}
}
function handle($args)
{
parent::handle($args);
try {
$srv = new OMB_Service_Provider(null, omb_oauth_datastore(), omb_oauth_server());
$srv->handleUpdateProfile();
} catch (OMB_RemoteServiceException $rse) {
$msg = $rse->getMessage();
if (preg_match('/Revoked accesstoken/', $msg) || preg_match('/No subscriber/', $msg)) {
$this->clientError($msg, 403);
} else {
$this->clientError($msg);
}
} catch (Exception $e) {
$this->serverError($e->getMessage());
return;
}
}
function handle($args)
{
parent::handle($args);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
/* Use a session token for CSRF protection. */
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$srv = $this->getStoredParams();
// TRANS: Client error displayed when the session token does not match or is not given.
$this->showForm($srv->getRemoteUser(), _('There was a problem ' . 'with your session token. Try again, ' . 'please.'));
return;
}
/* We've shown the form, now post user's choice. */
$this->sendAuthorization();
} else {
if (!common_logged_in()) {
/* Go log in, and then come back. */
common_set_returnto($_SERVER['REQUEST_URI']);
common_redirect(common_local_url('login'));
return;
}
$user = common_current_user();
$profile = $user->getProfile();
if (!$profile) {
common_log_db_error($user, 'SELECT', __FILE__);
// TRANS: Error message displayed when referring to a user without a profile.
$this->serverError(_('User has no profile.'));
return;
}
/* TODO: If no token is passed the user should get a prompt to enter
it according to OAuth Core 1.0. */
try {
$this->validateOmb();
$srv = new OMB_Service_Provider(profile_to_omb_profile($user->uri, $profile), omb_oauth_datastore());
$remote_user = $srv->handleUserAuth();
} catch (Exception $e) {
$this->clearParams();
$this->clientError($e->getMessage());
return;
}
$this->storeParams($srv);
$this->showForm($remote_user);
}
}
public function __construct($urls, $listener_uri = null)
{
$this->services = $urls;
$this->datastore = omb_oauth_datastore();
$this->oauth_consumer = omb_oauth_consumer();
$this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
$this->fetcher->timeout = intval(common_config('omb', 'timeout'));
$this->listener_uri = $listener_uri;
}
function remoteSubscription()
{
if (!$this->nickname) {
$this->showForm(_('No such user.'));
return;
}
$user = User::staticGet('nickname', $this->nickname);
$this->profile_url = $this->trimmed('profile_url');
if (!$this->profile_url) {
$this->showForm(_('No such user.'));
return;
}
if (!common_valid_http_url($this->profile_url)) {
$this->showForm(_('Invalid profile URL (bad format)'));
return;
}
try {
$service = new OMB_Service_Consumer($this->profile_url, common_root_url(), omb_oauth_datastore());
} catch (OMB_InvalidYadisException $e) {
$this->showForm(_('Not a valid profile URL (no YADIS document or ' . 'invalid XRDS defined).'));
return;
}
if ($service->getServiceURI(OAUTH_ENDPOINT_REQUEST) == common_local_url('requesttoken') || User::staticGet('uri', $service->getRemoteUserURI())) {
$this->showForm(_('That’s a local profile! Login to subscribe.'));
return;
}
try {
$service->requestToken();
} catch (OMB_RemoteServiceException $e) {
$this->showForm(_('Couldn’t get a request token.'));
return;
}
/* Create an OMB_Profile from $user. */
$profile = $user->getProfile();
if (!$profile) {
common_log_db_error($user, 'SELECT', __FILE__);
$this->serverError(_('User without matching profile.'));
return;
}
$target_url = $service->requestAuthorization(profile_to_omb_profile($user->uri, $profile), common_local_url('finishremotesubscribe'));
common_ensure_session();
$_SESSION['oauth_authorization_request'] = serialize($service);
/* Redirect to the remote service for authorization. */
common_redirect($target_url, 303);
}
function validateRequest(&$req)
{
# OAuth stuff -- have to copy from OAuth.php since they're
# all private methods, and there's no user-authentication method
$this->checkVersion($req);
$datastore = omb_oauth_datastore();
$consumer = $this->getConsumer($datastore, $req);
$token = $this->getToken($datastore, $req, $consumer);
$this->checkTimestamp($req);
$this->checkNonce($datastore, $req, $consumer, $token);
$this->checkSignature($req, $consumer, $token);
$this->validateOmb($req);
return true;
}
