ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
OAuthRequest.php
Go to the documentation of this file.
1<?php
2
3namespace IMSGlobal\LTI\OAuth;
4
12class OAuthRequest {
13
14 protected $parameters;
15 protected $http_method;
16 protected $http_url;
17 // for debug purposes
18 public $base_string;
19 public static $version = '1.0';
20 public static $POST_INPUT = 'php://input';
21
22 function __construct($http_method, $http_url, $parameters = null) {
23
24 $parameters = ($parameters) ? $parameters : array();
25 $parameters = array_merge( OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
26 $this->parameters = $parameters;
27 $this->http_method = $http_method;
28 $this->http_url = $http_url;
29
30 }
31
32
36 public static function from_request($http_method = null, $http_url = null, $parameters = null) {
37
38 $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
39 ? 'http'
40 : 'https';
41 $http_url = ($http_url) ? $http_url : $scheme .
42 '://' . $_SERVER['SERVER_NAME'] .
43 ':' .
44 $_SERVER['SERVER_PORT'] .
45 $_SERVER['REQUEST_URI'];
46 $http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD'];
47
48 // We weren't handed any parameters, so let's find the ones relevant to
49 // this request.
50 // If you run XML-RPC or similar you should use this to provide your own
51 // parsed parameter-list
52 if (!$parameters) {
53 // Find request headers
54 $request_headers = OAuthUtil::get_headers();
55
56 // Parse the query-string to find GET parameters
57 if (isset($_SERVER['QUERY_STRING'])) {
58 $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
59 } else {
60 $parameters = array();
61 }
62
63 // It's a POST request of the proper content-type, so parse POST
64 // parameters and add those overriding any duplicates from GET
65 if ($http_method == "POST"
66 && isset($request_headers['Content-Type'])
67 && strstr($request_headers['Content-Type'], 'application/x-www-form-urlencoded')) {
68 $post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
69 $parameters = array_merge($parameters, $post_data);
70 }
71
72 // We have a Authorization-header with OAuth data. Parse the header
73 // and add those overriding any duplicates from GET or POST
74 if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
75 $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
76 $parameters = array_merge($parameters, $header_parameters);
77 }
78
79 }
80
81 return new OAuthRequest($http_method, $http_url, $parameters);
82 }
83
87 public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = null) {
88
89 $parameters = ($parameters) ? $parameters : array();
90 $defaults = array('oauth_version' => OAuthRequest::$version,
91 'oauth_nonce' => OAuthRequest::generate_nonce(),
92 'oauth_timestamp' => OAuthRequest::generate_timestamp(),
93 'oauth_consumer_key' => $consumer->key);
94 if ($token)
95 $defaults['oauth_token'] = $token->key;
96
97 $parameters = array_merge($defaults, $parameters);
98
99 return new OAuthRequest($http_method, $http_url, $parameters);
100
101 }
102
103 public function set_parameter($name, $value, $allow_duplicates = true) {
104
105 if ($allow_duplicates && isset($this->parameters[$name])) {
106 // We have already added parameter(s) with this name, so add to the list
107 if (is_scalar($this->parameters[$name])) {
108 // This is the first duplicate, so transform scalar (string)
109 // into an array so we can add the duplicates
110 $this->parameters[$name] = array($this->parameters[$name]);
111 }
112
113 $this->parameters[$name][] = $value;
114 } else {
115 $this->parameters[$name] = $value;
116 }
117 }
118
119 public function get_parameter($name) {
120 return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
121 }
122
123 public function get_parameters() {
124 return $this->parameters;
125 }
126
127 public function unset_parameter($name) {
128 unset($this->parameters[$name]);
129 }
130
135 public function get_signable_parameters() {
136
137 // Grab all parameters
138 $params = $this->parameters;
139
140 // Remove oauth_signature if present
141 // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
142 if (isset($params['oauth_signature'])) {
143 unset($params['oauth_signature']);
144 }
145
146 return OAuthUtil::build_http_query($params);
147
148 }
149
157 public function get_signature_base_string() {
158 $parts = array(
159 $this->get_normalized_http_method(),
160 $this->get_normalized_http_url(),
161 $this->get_signable_parameters()
162 );
163
164 $parts = OAuthUtil::urlencode_rfc3986($parts);
165
166 return implode('&', $parts);
167
168 }
169
173 public function get_normalized_http_method() {
174 return strtoupper($this->http_method);
175 }
176
181 public function get_normalized_http_url() {
182
183 $parts = parse_url($this->http_url);
184
185 $scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
186 $port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
187 $host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
188 $path = (isset($parts['path'])) ? $parts['path'] : '';
189
190 if (($scheme == 'https' && $port != '443')
191 || ($scheme == 'http' && $port != '80')) {
192 $host = "$host:$port";
193 }
194
195 return "$scheme://$host$path";
196
197 }
198
202 public function to_url() {
203
204 $post_data = $this->to_postdata();
205 $out = $this->get_normalized_http_url();
206 if ($post_data) {
207 $out .= '?'.$post_data;
208 }
209
210 return $out;
211
212 }
213
217 public function to_postdata() {
218 return OAuthUtil::build_http_query($this->parameters);
219 }
220
224 public function to_header($realm = null) {
225
226 $first = true;
227 if($realm) {
228 $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
229 $first = false;
230 } else
231 $out = 'Authorization: OAuth';
232
233 $total = array();
234 foreach ($this->parameters as $k => $v) {
235 if (substr($k, 0, 5) != "oauth") continue;
236 if (is_array($v)) {
237 throw new OAuthException('Arrays not supported in headers');
238 }
239 $out .= ($first) ? ' ' : ',';
240 $out .= OAuthUtil::urlencode_rfc3986($k) .
241 '="' .
242 OAuthUtil::urlencode_rfc3986($v) .
243 '"';
244 $first = false;
245 }
246
247 return $out;
248
249 }
250
251 public function __toString() {
252 return $this->to_url();
253 }
254
255
256 public function sign_request($signature_method, $consumer, $token) {
257
258 $this->set_parameter(
259 "oauth_signature_method",
260 $signature_method->get_name(),
261 false
262 );
263 $signature = $this->build_signature($signature_method, $consumer, $token);
264 $this->set_parameter("oauth_signature", $signature, false);
265
266 }
267
268 public function build_signature($signature_method, $consumer, $token) {
269 $signature = $signature_method->build_signature($this, $consumer, $token);
270 return $signature;
271 }
272
276 private static function generate_timestamp() {
277 return time();
278 }
279
283 private static function generate_nonce() {
284 $mt = microtime();
285 $rand = mt_rand();
286
287 return md5($mt . $rand); // md5s look nicer than numbers
288 }
289
290}
$total
$total
Definition: Utf8Test.php:87
php
An exception for terminatinating execution or to throw for unit testing.
IMSGlobal\LTI\OAuth\OAuthException
Class to represent an OAuth Exception.
Definition: OAuthException.php:12
IMSGlobal\LTI\OAuth\OAuthRequest
Class to represent an OAuth Request.
Definition: OAuthRequest.php:12
IMSGlobal\LTI\OAuth\OAuthRequest\set_parameter
set_parameter($name, $value, $allow_duplicates=true)
Definition: OAuthRequest.php:103
IMSGlobal\LTI\OAuth\OAuthRequest\get_normalized_http_method
get_normalized_http_method()
just uppercases the http method
Definition: OAuthRequest.php:173
IMSGlobal\LTI\OAuth\OAuthRequest\to_header
to_header($realm=null)
builds the Authorization: header
Definition: OAuthRequest.php:224
IMSGlobal\LTI\OAuth\OAuthRequest\get_normalized_http_url
get_normalized_http_url()
parses the url and rebuilds it to be scheme://host/path
Definition: OAuthRequest.php:181
IMSGlobal\LTI\OAuth\OAuthRequest\generate_nonce
static generate_nonce()
util function: current nonce
Definition: OAuthRequest.php:283
IMSGlobal\LTI\OAuth\OAuthRequest\to_url
to_url()
builds a url usable for a GET request
Definition: OAuthRequest.php:202
IMSGlobal\LTI\OAuth\OAuthRequest\__construct
__construct($http_method, $http_url, $parameters=null)
Definition: OAuthRequest.php:22
IMSGlobal\LTI\OAuth\OAuthRequest\from_consumer_and_token
static from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=null)
pretty much a helper function to set up the request
Definition: OAuthRequest.php:87
IMSGlobal\LTI\OAuth\OAuthRequest\get_signable_parameters
get_signable_parameters()
The request parameters, sorted and concatenated into a normalized string.
Definition: OAuthRequest.php:135
IMSGlobal\LTI\OAuth\OAuthRequest\get_signature_base_string
get_signature_base_string()
Returns the base string of this request.
Definition: OAuthRequest.php:157
IMSGlobal\LTI\OAuth\OAuthRequest\from_request
static from_request($http_method=null, $http_url=null, $parameters=null)
attempt to build up a request from what was passed to the server
Definition: OAuthRequest.php:36
IMSGlobal\LTI\OAuth\OAuthRequest\to_postdata
to_postdata()
builds the data one would send in a POST request
Definition: OAuthRequest.php:217
IMSGlobal\LTI\OAuth\OAuthRequest\generate_timestamp
static generate_timestamp()
util function: current timestamp
Definition: OAuthRequest.php:276
IMSGlobal\LTI\OAuth\OAuthRequest\sign_request
sign_request($signature_method, $consumer, $token)
Definition: OAuthRequest.php:256
IMSGlobal\LTI\OAuth\OAuthRequest\build_signature
build_signature($signature_method, $consumer, $token)
Definition: OAuthRequest.php:268
IMSGlobal\LTI\OAuth\OAuthUtil\split_header
static split_header($header, $only_allow_oauth_parameters=true)
Definition: OAuthUtil.php:37
IMSGlobal\LTI\OAuth\OAuthUtil\urlencode_rfc3986
static urlencode_rfc3986($input)
Definition: OAuthUtil.php:14
IMSGlobal\LTI\OAuth\OAuthUtil\build_http_query
static build_http_query($params)
Definition: OAuthUtil.php:127
IMSGlobal\LTI\OAuth\OAuthUtil\parse_parameters
static parse_parameters( $input)
Definition: OAuthUtil.php:95
$consumer
$consumer
Definition: demo.php:30
$name
if($format !==null) $name
Definition: metadata.php:146
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$params
$params
Definition: disable.php:11