ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
OAuthStore.php
Go to the documentation of this file.
1 <?php
2 require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
3 
14 class sspmod_oauth_OAuthStore extends OAuthDataStore {
15 
16  private $store;
17  private $config;
18  private $defaultversion = '1.0';
19 
20  protected $_store_tables = array(
21  'consumers' => 'consumer = array with consumer attributes',
22  'nonce' => 'nonce+consumer_key = -boolean-',
23  'requesttorequest' => 'requestToken.key = array(version,callback,consumerKey,)',
24  'authorized' => 'requestToken.key, verifier = array(authenticated-user-attributes)',
25  'access' => 'accessToken.key+consumerKey = accestoken',
26  'request' => 'requestToken.key+consumerKey = requesttoken',
27  );
28 
29  function __construct() {
30  $this->store = new sspmod_core_Storage_SQLPermanentStorage('oauth');
31  $this->config = SimpleSAML_Configuration::getOptionalConfig('module_oauth.php');
32  }
33 
34 
41  public function authorize($requestTokenKey, $data) {
42  $url = null;
43  $verifier = '';
44  $version = $this->defaultversion;
45 
46  // See whether to remember values from the original requestToken request:
47  $request_attributes = $this->store->get('requesttorequest', $requestTokenKey, ''); // must be there ..
48  if ($request_attributes['value']) {
49  // establish version to work with
50  $v = $request_attributes['value']['version'];
51  if ($v) $version = $v;
52 
53  // establish callback to use
54  if ($request_attributes['value']['callback']) {
55  $url = $request_attributes['value']['callback'];
56  }
57  }
58 
59 
60  // Is there a callback registered? This is leading, even over a supplied oauth_callback-parameter
61  $oConsumer = $this->lookup_consumer($request_attributes['value']['consumerKey']);
62 
63  if ($oConsumer && ($oConsumer->callback_url)) $url = $oConsumer->callback_url;
64 
65  $verifier = SimpleSAML\Utils\Random::generateID();
66  $url = \SimpleSAML\Utils\HTTP::addURLParameters($url, array("oauth_verifier"=>$verifier));
67 
68  $this->store->set('authorized', $requestTokenKey, $verifier, $data, $this->config->getValue('requestTokenDuration', 60*30) );
69 
70  return array($url, $verifier);
71  }
72 
81  public function isAuthorized($requestToken, $verifier='') {
82  SimpleSAML\Logger::info('OAuth isAuthorized(' . $requestToken . ')');
83  return $this->store->exists('authorized', $requestToken, $verifier);
84  }
85 
86  public function getAuthorizedData($token, $verifier = '') {
87  SimpleSAML\Logger::info('OAuth getAuthorizedData(' . $token . ')');
88  $data = $this->store->get('authorized', $token, $verifier);
89  return $data['value'];
90  }
91 
92  public function moveAuthorizedData($requestToken, $verifier, $accessTokenKey) {
93  SimpleSAML\Logger::info('OAuth moveAuthorizedData(' . $requestToken . ', ' . $accessTokenKey . ')');
94 
95  // Retrieve authorizedData from authorized.requestToken (with provider verifier)
96  $authorizedData = $this->getAuthorizedData($requestToken, $verifier);
97 
98  // Remove the requesttoken+verifier from authorized store
99  $this->store->remove('authorized', $requestToken, $verifier);
100 
101  // Add accesstoken with authorizedData to authorized store (with empty verifier)
102  // accessTokenKey+consumer => accessToken is already registered in 'access'-table
103  $this->store->set('authorized', $accessTokenKey, '', $authorizedData, $this->config->getValue('accessTokenDuration', 60*60*24));
104  }
105 
106  public function lookup_consumer($consumer_key) {
107  SimpleSAML\Logger::info('OAuth lookup_consumer(' . $consumer_key . ')');
108  if (! $this->store->exists('consumers', $consumer_key, '')) return NULL;
109  $consumer = $this->store->get('consumers', $consumer_key, '');
110 
111  $callback = NULL;
112  if ($consumer['value']['callback_url']) $callback = $consumer['value']['callback_url'];
113 
114  if ($consumer['value']['RSAcertificate']) {
115  return new OAuthConsumer($consumer['value']['key'], $consumer['value']['RSAcertificate'], $callback);
116  } else {
117  return new OAuthConsumer($consumer['value']['key'], $consumer['value']['secret'], $callback);
118  }
119  }
120 
121  function lookup_token($consumer, $tokenType = 'default', $token) {
122  SimpleSAML\Logger::info('OAuth lookup_token(' . $consumer->key . ', ' . $tokenType. ',' . $token . ')');
123  $data = $this->store->get($tokenType, $token, $consumer->key);
124  if ($data == NULL) throw new Exception('Could not find token');
125  return $data['value'];
126  }
127 
128  function lookup_nonce($consumer, $token, $nonce, $timestamp) {
129  SimpleSAML\Logger::info('OAuth lookup_nonce(' . $consumer . ', ' . $token. ',' . $nonce . ')');
130  if ($this->store->exists('nonce', $nonce, $consumer->key)) return TRUE;
131  $this->store->set('nonce', $nonce, $consumer->key, TRUE, $this->config->getValue('nonceCache', 60*60*24*14));
132  return FALSE;
133  }
134 
135  function new_request_token($consumer, $callback = null, $version = null) {
136  SimpleSAML\Logger::info('OAuth new_request_token(' . $consumer . ')');
137 
138  $lifetime = $this->config->getValue('requestTokenDuration', 60*30);
139 
140  $token = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
141  $token->callback = $callback; // OAuth1.0-RevA
142  $this->store->set('request', $token->key, $consumer->key, $token, $lifetime);
143 
144  // also store in requestToken->key => array('callback'=>CallbackURL, 'version'=>oauth_version
145  $request_attributes = array(
146  'callback' => $callback,
147  'version' => ($version?$version:$this->defaultversion),
148  'consumerKey' => $consumer->key,
149  );
150  $this->store->set('requesttorequest', $token->key, '', $request_attributes, $lifetime);
151 
152  // also store in requestToken->key => Consumer->key (enables consumer-lookup during reqToken-authorization stage)
153  $this->store->set('requesttoconsumer', $token->key, '', $consumer->key, $lifetime);
154 
155  return $token;
156  }
157 
158  function new_access_token($requestToken, $consumer, $verifier = null) {
159  SimpleSAML\Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
160  $accestoken = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
161  $this->store->set('access', $accestoken->key, $consumer->key, $accestoken, $this->config->getValue('accessTokenDuration', 60*60*24) );
162  return $accestoken;
163  }
164 
170  public function lookup_consumer_by_requestToken($requestTokenKey) {
171  SimpleSAML\Logger::info('OAuth lookup_consumer_by_requestToken(' . $requestTokenKey . ')');
172  if (! $this->store->exists('requesttorequest', $requestTokenKey, '')) return NULL;
173 
174  $request = $this->store->get('requesttorequest', $requestTokenKey, '');
175  $consumerKey = $request['value']['consumerKey'];
176  if (! $consumerKey) {
177  return NULL;
178  }
179 
180  $consumer = $this->store->get('consumers', $consumerKey['value'], '');
181  return $consumer['value'];
182  }
183 
184 
185 
186 }
SimpleSAML\Utils\Random\generateID
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26
OAuthToken
OAuth PECL extension includes an OAuth Exception class, so we need to wrap the definition of this cla...
Definition: OAuth.php:37
sspmod_oauth_OAuthStore\lookup_token
lookup_token($consumer, $tokenType='default', $token)
Definition: OAuthStore.php:121
sspmod_oauth_OAuthStore\new_access_token
new_access_token($requestToken, $consumer, $verifier=null)
Definition: OAuthStore.php:158
sspmod_oauth_OAuthStore\isAuthorized
isAuthorized($requestToken, $verifier='')
Perform lookup whether a given token exists in the list of authorized tokens; if a verifier is passed...
Definition: OAuthStore.php:81
sspmod_oauth_OAuthStore\lookup_consumer_by_requestToken
lookup_consumer_by_requestToken($requestTokenKey)
Return OAuthConsumer-instance that a given requestToken was issued to.
Definition: OAuthStore.php:170
sspmod_oauth_OAuthStore\getAuthorizedData
getAuthorizedData($token, $verifier='')
Definition: OAuthStore.php:86
$requestToken
$requestToken
Definition: demo.php:33
sspmod_oauth_OAuthStore\$_store_tables
$_store_tables
Definition: OAuthStore.php:20
SimpleSAML
Attribute-related utility methods.
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201
sspmod_oauth_OAuthStore\new_request_token
new_request_token($consumer, $callback=null, $version=null)
Definition: OAuthStore.php:135
sspmod_oauth_OAuthStore\lookup_nonce
lookup_nonce($consumer, $token, $nonce, $timestamp)
Definition: OAuthStore.php:128
sspmod_oauth_OAuthStore\lookup_consumer
lookup_consumer($consumer_key)
Definition: OAuthStore.php:106
sspmod_oauth_OAuthStore\moveAuthorizedData
moveAuthorizedData($requestToken, $verifier, $accessTokenKey)
Definition: OAuthStore.php:92
sspmod_oauth_OAuthStore\$config
$config
Definition: OAuthStore.php:17
$consumer
$consumer
Definition: demo.php:30
sspmod_oauth_OAuthStore\authorize
authorize($requestTokenKey, $data)
Attach the data to the token, and establish the Callback URL and verifier.
Definition: OAuthStore.php:41
sspmod_oauth_OAuthStore\$defaultversion
$defaultversion
Definition: OAuthStore.php:18
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$timestamp
foreach($mandatory_scripts as $file) $timestamp
Definition: buildRTE.php:81
sspmod_core_Storage_SQLPermanentStorage
Definition: SQLPermanentStorage.php:12
sspmod_oauth_OAuthStore
Definition: OAuthStore.php:14
SimpleSAML_Configuration\getOptionalConfig
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:239
$url
$url
Definition: proxy_ylocal.php:28
sspmod_oauth_OAuthStore\$store
$store
Definition: OAuthStore.php:16
sspmod_oauth_OAuthStore\__construct
__construct()
Definition: OAuthStore.php:29