OAuthServer

The All In One SEO Pack OAuthServer class.

Defined (1)

The class is defined in the following location(s).

/inc/extlib/OAuth.php  
  1. class OAuthServer { 
  2. protected $timestamp_threshold = 300; // in seconds, five minutes 
  3. protected $version = '1.0'; // hi blaine 
  4. protected $signature_methods = array(); 
  5.  
  6. protected $data_store; 
  7.  
  8. function __construct($data_store) { 
  9. $this->data_store = $data_store; 
  10.  
  11. public function add_signature_method($signature_method) { 
  12. $this->signature_methods[$signature_method->get_name()] = 
  13. $signature_method; 
  14.  
  15. // high level functions 
  16.  
  17. /** 
  18. * process a request_token request 
  19. * returns the request token on success 
  20. */ 
  21. public function fetch_request_token(&$request) { 
  22. $this->get_version($request); 
  23.  
  24. $consumer = $this->get_consumer($request); 
  25.  
  26. // no token required for the initial token request 
  27. $token = NULL; 
  28.  
  29. $this->check_signature($request, $consumer, $token); 
  30.  
  31. // Rev A change 
  32. $callback = $request->get_parameter('oauth_callback'); 
  33. $new_token = $this->data_store->new_request_token($consumer, $callback); 
  34.  
  35. return $new_token; 
  36.  
  37. /** 
  38. * process an access_token request 
  39. * returns the access token on success 
  40. */ 
  41. public function fetch_access_token(&$request) { 
  42. $this->get_version($request); 
  43.  
  44. $consumer = $this->get_consumer($request); 
  45.  
  46. // requires authorized request token 
  47. $token = $this->get_token($request, $consumer, "request"); 
  48.  
  49. $this->check_signature($request, $consumer, $token); 
  50.  
  51. // Rev A change 
  52. $verifier = $request->get_parameter('oauth_verifier'); 
  53. $new_token = $this->data_store->new_access_token($token, $consumer, $verifier); 
  54.  
  55. return $new_token; 
  56.  
  57. /** 
  58. * verify an api call, checks all the parameters 
  59. */ 
  60. public function verify_request(&$request) { 
  61. $this->get_version($request); 
  62. $consumer = $this->get_consumer($request); 
  63. $token = $this->get_token($request, $consumer, "access"); 
  64. $this->check_signature($request, $consumer, $token); 
  65. return array($consumer, $token); 
  66.  
  67. // Internals from here 
  68. /** 
  69. * version 1 
  70. */ 
  71. private function get_version(&$request) { 
  72. $version = $request->get_parameter("oauth_version"); 
  73. if (!$version) { 
  74. // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.  
  75. // Chapter 7.0 ("Accessing Protected Ressources") 
  76. $version = '1.0'; 
  77. if ($version !== $this->version) { 
  78. throw new OAuthException("OAuth version '$version' not supported"); 
  79. return $version; 
  80.  
  81. /** 
  82. * figure out the signature with some defaults 
  83. */ 
  84. private function get_signature_method($request) { 
  85. $signature_method = $request instanceof OAuthRequest  
  86. ? $request->get_parameter("oauth_signature_method") 
  87. : NULL; 
  88.  
  89. if (!$signature_method) { 
  90. // According to chapter 7 ("Accessing Protected Ressources") the signature-method 
  91. // parameter is required, and we can't just fallback to PLAINTEXT 
  92. throw new OAuthException('No signature method parameter. This parameter is required'); 
  93.  
  94. if (!in_array($signature_method,  
  95. array_keys($this->signature_methods))) { 
  96. throw new OAuthException( 
  97. "Signature method '$signature_method' not supported " . 
  98. "try one of the following: " . 
  99. implode(", ", array_keys($this->signature_methods)) 
  100. ); 
  101. return $this->signature_methods[$signature_method]; 
  102.  
  103. /** 
  104. * try to find the consumer for the provided request's consumer key 
  105. */ 
  106. private function get_consumer($request) { 
  107. $consumer_key = $request instanceof OAuthRequest  
  108. ? $request->get_parameter("oauth_consumer_key") 
  109. : NULL; 
  110.  
  111. if (!$consumer_key) { 
  112. throw new OAuthException("Invalid consumer key"); 
  113.  
  114. $consumer = $this->data_store->lookup_consumer($consumer_key); 
  115. if (!$consumer) { 
  116. throw new OAuthException("Invalid consumer"); 
  117.  
  118. return $consumer; 
  119.  
  120. /** 
  121. * try to find the token for the provided request's token key 
  122. */ 
  123. private function get_token($request, $consumer, $token_type="access") { 
  124. $token_field = $request instanceof OAuthRequest 
  125. ? $request->get_parameter('oauth_token') 
  126. : NULL; 
  127.  
  128. $token = $this->data_store->lookup_token( 
  129. $consumer, $token_type, $token_field 
  130. ); 
  131. if (!$token) { 
  132. throw new OAuthException("Invalid $token_type token: $token_field"); 
  133. return $token; 
  134.  
  135. /** 
  136. * all-in-one function to check the signature on a request 
  137. * should guess the signature method appropriately 
  138. */ 
  139. private function check_signature($request, $consumer, $token) { 
  140. // this should probably be in a different method 
  141. $timestamp = $request instanceof OAuthRequest 
  142. ? $request->get_parameter('oauth_timestamp') 
  143. : NULL; 
  144. $nonce = $request instanceof OAuthRequest 
  145. ? $request->get_parameter('oauth_nonce') 
  146. : NULL; 
  147.  
  148. $this->check_timestamp($timestamp); 
  149. $this->check_nonce($consumer, $token, $nonce, $timestamp); 
  150.  
  151. $signature_method = $this->get_signature_method($request); 
  152.  
  153. $signature = $request->get_parameter('oauth_signature'); 
  154. $valid_sig = $signature_method->check_signature( 
  155. $request,  
  156. $consumer,  
  157. $token,  
  158. $signature 
  159. ); 
  160.  
  161. if (!$valid_sig) { 
  162. throw new OAuthException("Invalid signature"); 
  163.  
  164. /** 
  165. * check that the timestamp is new enough 
  166. */ 
  167. private function check_timestamp($timestamp) { 
  168. if( ! $timestamp ) 
  169. throw new OAuthException( 
  170. 'Missing timestamp parameter. The parameter is required' 
  171. ); 
  172.  
  173. // verify that timestamp is recentish 
  174. $now = time(); 
  175. if (abs($now - $timestamp) > $this->timestamp_threshold) { 
  176. throw new OAuthException( 
  177. "Expired timestamp, yours $timestamp, ours $now" 
  178. ); 
  179.  
  180. /** 
  181. * check that the nonce is not repeated 
  182. */ 
  183. private function check_nonce($consumer, $token, $nonce, $timestamp) { 
  184. if( ! $nonce ) 
  185. throw new OAuthException( 
  186. 'Missing nonce parameter. The parameter is required' 
  187. ); 
  188.  
  189. // verify that the nonce is uniqueish 
  190. $found = $this->data_store->lookup_nonce( 
  191. $consumer,  
  192. $token,  
  193. $nonce,  
  194. $timestamp 
  195. ); 
  196. if ($found) { 
  197. throw new OAuthException("Nonce already used: $nonce");