ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
OAuthStore.php
Go to the documentation of this file.
1<?php
2require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
3
14class sspmod_oauth_OAuthStore extends OAuthDataStore {
15
16 private $store;
17 private $config;
18 private $defaultversion = '1.0';
19
20 protected $_store_tables = array(
21 'consumers' => 'consumer = array with consumer attributes',
22 'nonce' => 'nonce+consumer_key = -boolean-',
23 'requesttorequest' => 'requestToken.key = array(version,callback,consumerKey,)',
24 'authorized' => 'requestToken.key, verifier = array(authenticated-user-attributes)',
25 'access' => 'accessToken.key+consumerKey = accestoken',
26 'request' => 'requestToken.key+consumerKey = requesttoken',
27 );
28
29 function __construct() {
30 $this->store = new sspmod_core_Storage_SQLPermanentStorage('oauth');
31 $this->config = SimpleSAML_Configuration::getOptionalConfig('module_oauth.php');
32 }
33
34
41 public function authorize($requestTokenKey, $data) {
42 $url = null;
43 $verifier = '';
44 $version = $this->defaultversion;
45
46 // See whether to remember values from the original requestToken request:
47 $request_attributes = $this->store->get('requesttorequest', $requestTokenKey, ''); // must be there ..
48 if ($request_attributes['value']) {
49 // establish version to work with
50 $v = $request_attributes['value']['version'];
51 if ($v) $version = $v;
52
53 // establish callback to use
54 if ($request_attributes['value']['callback']) {
55 $url = $request_attributes['value']['callback'];
56 }
57 }
58
59
60 // Is there a callback registered? This is leading, even over a supplied oauth_callback-parameter
61 $oConsumer = $this->lookup_consumer($request_attributes['value']['consumerKey']);
62
63 if ($oConsumer && ($oConsumer->callback_url)) $url = $oConsumer->callback_url;
64
65 $verifier = SimpleSAML\Utils\Random::generateID();
66 $url = \SimpleSAML\Utils\HTTP::addURLParameters($url, array("oauth_verifier"=>$verifier));
67
68 $this->store->set('authorized', $requestTokenKey, $verifier, $data, $this->config->getValue('requestTokenDuration', 60*30) );
69
70 return array($url, $verifier);
71 }
72
81 public function isAuthorized($requestToken, $verifier='') {
82 SimpleSAML\Logger::info('OAuth isAuthorized(' . $requestToken . ')');
83 return $this->store->exists('authorized', $requestToken, $verifier);
84 }
85
86 public function getAuthorizedData($token, $verifier = '') {
87 SimpleSAML\Logger::info('OAuth getAuthorizedData(' . $token . ')');
88 $data = $this->store->get('authorized', $token, $verifier);
89 return $data['value'];
90 }
91
92 public function moveAuthorizedData($requestToken, $verifier, $accessTokenKey) {
93 SimpleSAML\Logger::info('OAuth moveAuthorizedData(' . $requestToken . ', ' . $accessTokenKey . ')');
94
95 // Retrieve authorizedData from authorized.requestToken (with provider verifier)
96 $authorizedData = $this->getAuthorizedData($requestToken, $verifier);
97
98 // Remove the requesttoken+verifier from authorized store
99 $this->store->remove('authorized', $requestToken, $verifier);
100
101 // Add accesstoken with authorizedData to authorized store (with empty verifier)
102 // accessTokenKey+consumer => accessToken is already registered in 'access'-table
103 $this->store->set('authorized', $accessTokenKey, '', $authorizedData, $this->config->getValue('accessTokenDuration', 60*60*24));
104 }
105
106 public function lookup_consumer($consumer_key) {
107 SimpleSAML\Logger::info('OAuth lookup_consumer(' . $consumer_key . ')');
108 if (! $this->store->exists('consumers', $consumer_key, '')) return NULL;
109 $consumer = $this->store->get('consumers', $consumer_key, '');
110
111 $callback = NULL;
112 if ($consumer['value']['callback_url']) $callback = $consumer['value']['callback_url'];
113
114 if ($consumer['value']['RSAcertificate']) {
115 return new OAuthConsumer($consumer['value']['key'], $consumer['value']['RSAcertificate'], $callback);
116 } else {
117 return new OAuthConsumer($consumer['value']['key'], $consumer['value']['secret'], $callback);
118 }
119 }
120
121 function lookup_token($consumer, $tokenType = 'default', $token) {
122 SimpleSAML\Logger::info('OAuth lookup_token(' . $consumer->key . ', ' . $tokenType. ',' . $token . ')');
123 $data = $this->store->get($tokenType, $token, $consumer->key);
124 if ($data == NULL) throw new Exception('Could not find token');
125 return $data['value'];
126 }
127
128 function lookup_nonce($consumer, $token, $nonce, $timestamp) {
129 SimpleSAML\Logger::info('OAuth lookup_nonce(' . $consumer . ', ' . $token. ',' . $nonce . ')');
130 if ($this->store->exists('nonce', $nonce, $consumer->key)) return TRUE;
131 $this->store->set('nonce', $nonce, $consumer->key, TRUE, $this->config->getValue('nonceCache', 60*60*24*14));
132 return FALSE;
133 }
134
135 function new_request_token($consumer, $callback = null, $version = null) {
136 SimpleSAML\Logger::info('OAuth new_request_token(' . $consumer . ')');
137
138 $lifetime = $this->config->getValue('requestTokenDuration', 60*30);
139
140 $token = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
141 $token->callback = $callback; // OAuth1.0-RevA
142 $this->store->set('request', $token->key, $consumer->key, $token, $lifetime);
143
144 // also store in requestToken->key => array('callback'=>CallbackURL, 'version'=>oauth_version
145 $request_attributes = array(
146 'callback' => $callback,
147 'version' => ($version?$version:$this->defaultversion),
148 'consumerKey' => $consumer->key,
149 );
150 $this->store->set('requesttorequest', $token->key, '', $request_attributes, $lifetime);
151
152 // also store in requestToken->key => Consumer->key (enables consumer-lookup during reqToken-authorization stage)
153 $this->store->set('requesttoconsumer', $token->key, '', $consumer->key, $lifetime);
154
155 return $token;
156 }
157
158 function new_access_token($requestToken, $consumer, $verifier = null) {
159 SimpleSAML\Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
160 $accestoken = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
161 $this->store->set('access', $accestoken->key, $consumer->key, $accestoken, $this->config->getValue('accessTokenDuration', 60*60*24) );
162 return $accestoken;
163 }
164
170 public function lookup_consumer_by_requestToken($requestTokenKey) {
171 SimpleSAML\Logger::info('OAuth lookup_consumer_by_requestToken(' . $requestTokenKey . ')');
172 if (! $this->store->exists('requesttorequest', $requestTokenKey, '')) return NULL;
173
174 $request = $this->store->get('requesttorequest', $requestTokenKey, '');
175 $consumerKey = $request['value']['consumerKey'];
176 if (! $consumerKey) {
177 return NULL;
178 }
179
180 $consumer = $this->store->get('consumers', $consumerKey['value'], '');
181 return $consumer['value'];
182 }
183
184
185
186}
$timestamp
foreach($mandatory_scripts as $file) $timestamp
Definition: buildRTE.php:81
php
An exception for terminatinating execution or to throw for unit testing.
OAuthToken
OAuth PECL extension includes an OAuth Exception class, so we need to wrap the definition of this cla...
Definition: OAuth.php:37
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201
SimpleSAML\Utils\Random\generateID
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26
SimpleSAML_Configuration\getOptionalConfig
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:239
sspmod_core_Storage_SQLPermanentStorage
Definition: SQLPermanentStorage.php:12
sspmod_oauth_OAuthStore
Definition: OAuthStore.php:14
sspmod_oauth_OAuthStore\lookup_token
lookup_token($consumer, $tokenType='default', $token)
Definition: OAuthStore.php:121
sspmod_oauth_OAuthStore\isAuthorized
isAuthorized($requestToken, $verifier='')
Perform lookup whether a given token exists in the list of authorized tokens; if a verifier is passed...
Definition: OAuthStore.php:81
sspmod_oauth_OAuthStore\getAuthorizedData
getAuthorizedData($token, $verifier='')
Definition: OAuthStore.php:86
sspmod_oauth_OAuthStore\$store
$store
Definition: OAuthStore.php:16
sspmod_oauth_OAuthStore\lookup_consumer_by_requestToken
lookup_consumer_by_requestToken($requestTokenKey)
Return OAuthConsumer-instance that a given requestToken was issued to.
Definition: OAuthStore.php:170
sspmod_oauth_OAuthStore\lookup_consumer
lookup_consumer($consumer_key)
Definition: OAuthStore.php:106
sspmod_oauth_OAuthStore\lookup_nonce
lookup_nonce($consumer, $token, $nonce, $timestamp)
Definition: OAuthStore.php:128
sspmod_oauth_OAuthStore\new_request_token
new_request_token($consumer, $callback=null, $version=null)
Definition: OAuthStore.php:135
sspmod_oauth_OAuthStore\__construct
__construct()
Definition: OAuthStore.php:29
sspmod_oauth_OAuthStore\moveAuthorizedData
moveAuthorizedData($requestToken, $verifier, $accessTokenKey)
Definition: OAuthStore.php:92
sspmod_oauth_OAuthStore\$_store_tables
$_store_tables
Definition: OAuthStore.php:20
sspmod_oauth_OAuthStore\$defaultversion
$defaultversion
Definition: OAuthStore.php:18
sspmod_oauth_OAuthStore\new_access_token
new_access_token($requestToken, $consumer, $verifier=null)
Definition: OAuthStore.php:158
sspmod_oauth_OAuthStore\authorize
authorize($requestTokenKey, $data)
Attach the data to the token, and establish the Callback URL and verifier.
Definition: OAuthStore.php:41
sspmod_oauth_OAuthStore\$config
$config
Definition: OAuthStore.php:17
$requestToken
$requestToken
Definition: demo.php:33
$consumer
$consumer
Definition: demo.php:30
SimpleSAML
Attribute-related utility methods.
$url
$url
Definition: proxy_ylocal.php:28