protected function validateState(tubepress_spi_http_oauth2_Oauth2ProviderInterface $provider) { if (!$provider->isStateUsed()) { return; } $currentUrl = $this->_urlFactory->fromCurrent(); $stateFromProvider = $currentUrl->getQuery()->get('state'); if (!$stateFromProvider) { $this->bail(sprintf('%s did not supply state. Possible replay attack.', $provider->getDisplayName())); } $sessionKey = $this->_getSessionKey($provider); if (!isset($_SESSION[$sessionKey])) { $this->bail(sprintf('No stored state for %s. Try again.', $provider->getDisplayName())); } if ($_SESSION[$sessionKey] !== $stateFromProvider) { $this->bail(sprintf('State from %s did not match our saved state. Possible reply attack. Please try again.', $provider->getDisplayName())); } return; }
private function _checkResponseForError(tubepress_spi_http_oauth2_Oauth2ProviderInterface $provider, tubepress_api_http_message_ResponseInterface $response) { if (intval($response->getStatusCode()) === 200) { return; } if (intval($response->getStatusCode()) === 400) { $body = $response->getBody()->toString(); $decoded = json_decode($body, true); if (is_array($decoded) && isset($decoded['error'])) { throw new RuntimeException(sprintf('%s responded with an HTTP 400: %s', $provider->getDisplayName(), $decoded['error'])); } } throw new RuntimeException(sprintf('%s responded with an HTTP %s: %s', $provider->getDisplayName(), $response->getStatusCode(), $response->getBody()->toString())); }