ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
OAuthStore.php
Go to the documentation of this file.
1<?php
2require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
3
14class sspmod_oauth_OAuthStore extends OAuthDataStore
15{
16 private $store;
17 private $config;
18 private $defaultversion = '1.0';
19
20 protected $_store_tables = array(
21 'consumers' => 'consumer = array with consumer attributes',
22 'nonce' => 'nonce+consumer_key = -boolean-',
23 'requesttorequest' => 'requestToken.key = array(version,callback,consumerKey,)',
24 'authorized' => 'requestToken.key, verifier = array(authenticated-user-attributes)',
25 'access' => 'accessToken.key+consumerKey = accesstoken',
26 'request' => 'requestToken.key+consumerKey = requesttoken',
27 );
28
29
30 public function __construct()
31 {
32 $this->store = new sspmod_core_Storage_SQLPermanentStorage('oauth');
33 $this->config = SimpleSAML_Configuration::getOptionalConfig('module_oauth.php');
34 }
35
36
43 public function authorize($requestTokenKey, $data)
44 {
45 $url = null;
46
47 // See whether to remember values from the original requestToken request:
48 $request_attributes = $this->store->get('requesttorequest', $requestTokenKey, '');
49 // must be there ..
50 if ($request_attributes['value']) {
51 // establish callback to use
52 if ($request_attributes['value']['callback']) {
53 $url = $request_attributes['value']['callback'];
54 }
55 }
56
57 // Is there a callback registered? This is leading, even over a supplied oauth_callback-parameter
58 $oConsumer = $this->lookup_consumer($request_attributes['value']['consumerKey']);
59
60 if ($oConsumer && ($oConsumer->callback_url)) {
61 $url = $oConsumer->callback_url;
62 }
63
64 $verifier = SimpleSAML\Utils\Random::generateID();
65 $url = \SimpleSAML\Utils\HTTP::addURLParameters($url, array("oauth_verifier"=>$verifier));
66
67 $this->store->set('authorized', $requestTokenKey, $verifier, $data, $this->config->getValue('requestTokenDuration', 60*30));
68
69 return array($url, $verifier);
70 }
71
80 public function isAuthorized($requestToken, $verifier = '')
81 {
82 SimpleSAML\Logger::info('OAuth isAuthorized(' . $requestToken . ')');
83 return $this->store->exists('authorized', $requestToken, $verifier);
84 }
85
86 public function getAuthorizedData($token, $verifier = '')
87 {
88 SimpleSAML\Logger::info('OAuth getAuthorizedData(' . $token . ')');
89 $data = $this->store->get('authorized', $token, $verifier);
90 return $data['value'];
91 }
92
93 public function moveAuthorizedData($requestToken, $verifier, $accessTokenKey)
94 {
95 SimpleSAML\Logger::info('OAuth moveAuthorizedData(' . $requestToken . ', ' . $accessTokenKey . ')');
96
97 // Retrieve authorizedData from authorized.requestToken (with provider verifier)
98 $authorizedData = $this->getAuthorizedData($requestToken, $verifier);
99
100 // Remove the requesttoken+verifier from authorized store
101 $this->store->remove('authorized', $requestToken, $verifier);
102
103 // Add accesstoken with authorizedData to authorized store (with empty verifier)
104 // accessTokenKey+consumer => accessToken is already registered in 'access'-table
105 $this->store->set('authorized', $accessTokenKey, '', $authorizedData, $this->config->getValue('accessTokenDuration', 60*60*24));
106 }
107
108 public function lookup_consumer($consumer_key)
109 {
110 SimpleSAML\Logger::info('OAuth lookup_consumer(' . $consumer_key . ')');
111 if (!$this->store->exists('consumers', $consumer_key, '')) {
112 return null;
113 }
114 $consumer = $this->store->get('consumers', $consumer_key, '');
115
116 $callback = null;
117 if ($consumer['value']['callback_url']) {
118 $callback = $consumer['value']['callback_url'];
119 }
120
121 if ($consumer['value']['RSAcertificate']) {
122 return new OAuthConsumer($consumer['value']['key'], $consumer['value']['RSAcertificate'], $callback);
123 } else {
124 return new OAuthConsumer($consumer['value']['key'], $consumer['value']['secret'], $callback);
125 }
126 }
127
128 function lookup_token($consumer, $tokenType = 'default', $token)
129 {
130 SimpleSAML\Logger::info('OAuth lookup_token(' . $consumer->key . ', ' . $tokenType. ',' . $token . ')');
131 $data = $this->store->get($tokenType, $token, $consumer->key);
132 if ($data == null) {
133 throw new Exception('Could not find token');
134 }
135 return $data['value'];
136 }
137
138 function lookup_nonce($consumer, $token, $nonce, $timestamp)
139 {
140 SimpleSAML\Logger::info('OAuth lookup_nonce(' . $consumer . ', ' . $token. ',' . $nonce . ')');
141 if ($this->store->exists('nonce', $nonce, $consumer->key)) {
142 return true;
143 }
144 $this->store->set('nonce', $nonce, $consumer->key, true, $this->config->getValue('nonceCache', 60*60*24*14));
145 return false;
146 }
147
148 function new_request_token($consumer, $callback = null, $version = null)
149 {
150 SimpleSAML\Logger::info('OAuth new_request_token(' . $consumer . ')');
151
152 $lifetime = $this->config->getValue('requestTokenDuration', 60*30);
153
154 $token = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
155 $token->callback = $callback; // OAuth1.0-RevA
156 $this->store->set('request', $token->key, $consumer->key, $token, $lifetime);
157
158 // also store in requestToken->key => array('callback'=>CallbackURL, 'version'=>oauth_version
159 $request_attributes = array(
160 'callback' => $callback,
161 'version' => ($version?$version:$this->defaultversion),
162 'consumerKey' => $consumer->key,
163 );
164 $this->store->set('requesttorequest', $token->key, '', $request_attributes, $lifetime);
165
166 // also store in requestToken->key => Consumer->key (enables consumer-lookup during reqToken-authorization stage)
167 $this->store->set('requesttoconsumer', $token->key, '', $consumer->key, $lifetime);
168
169 return $token;
170 }
171
172 function new_access_token($requestToken, $consumer, $verifier = null)
173 {
174 SimpleSAML\Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
175 $accesstoken = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
176 $this->store->set('access', $accesstoken->key, $consumer->key, $accesstoken, $this->config->getValue('accessTokenDuration', 60*60*24) );
177 return $accesstoken;
178 }
179
185 public function lookup_consumer_by_requestToken($requestTokenKey)
186 {
187 SimpleSAML\Logger::info('OAuth lookup_consumer_by_requestToken(' . $requestTokenKey . ')');
188 if (!$this->store->exists('requesttorequest', $requestTokenKey, '')) {
189 return null;
190 }
191
192 $request = $this->store->get('requesttorequest', $requestTokenKey, '');
193 $consumerKey = $request['value']['consumerKey'];
194 if (!$consumerKey) {
195 return null;
196 }
197
198 $consumer = $this->store->get('consumers', $consumerKey['value'], '');
199 return $consumer['value'];
200 }
201}
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
$timestamp
foreach($mandatory_scripts as $file) $timestamp
Definition: buildRTE.php:81
$version
$version
Definition: build.php:27
php
An exception for terminatinating execution or to throw for unit testing.
OAuthToken
OAuth PECL extension includes an OAuth Exception class, so we need to wrap the definition of this cla...
Definition: OAuth.php:43
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:199
SimpleSAML\Utils\Random\generateID
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26
SimpleSAML_Configuration\getOptionalConfig
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:267
sspmod_core_Storage_SQLPermanentStorage
Definition: SQLPermanentStorage.php:13
sspmod_oauth_OAuthStore
Definition: OAuthStore.php:15
sspmod_oauth_OAuthStore\lookup_token
lookup_token($consumer, $tokenType='default', $token)
Definition: OAuthStore.php:128
sspmod_oauth_OAuthStore\isAuthorized
isAuthorized($requestToken, $verifier='')
Perform lookup whether a given token exists in the list of authorized tokens; if a verifier is passed...
Definition: OAuthStore.php:80
sspmod_oauth_OAuthStore\getAuthorizedData
getAuthorizedData($token, $verifier='')
Definition: OAuthStore.php:86
sspmod_oauth_OAuthStore\$store
$store
Definition: OAuthStore.php:16
sspmod_oauth_OAuthStore\lookup_consumer_by_requestToken
lookup_consumer_by_requestToken($requestTokenKey)
Return OAuthConsumer-instance that a given requestToken was issued to.
Definition: OAuthStore.php:185
sspmod_oauth_OAuthStore\lookup_consumer
lookup_consumer($consumer_key)
Definition: OAuthStore.php:108
sspmod_oauth_OAuthStore\lookup_nonce
lookup_nonce($consumer, $token, $nonce, $timestamp)
Definition: OAuthStore.php:138
sspmod_oauth_OAuthStore\new_request_token
new_request_token($consumer, $callback=null, $version=null)
Definition: OAuthStore.php:148
sspmod_oauth_OAuthStore\__construct
__construct()
Definition: OAuthStore.php:30
sspmod_oauth_OAuthStore\moveAuthorizedData
moveAuthorizedData($requestToken, $verifier, $accessTokenKey)
Definition: OAuthStore.php:93
sspmod_oauth_OAuthStore\$_store_tables
$_store_tables
Definition: OAuthStore.php:20
sspmod_oauth_OAuthStore\$defaultversion
$defaultversion
Definition: OAuthStore.php:18
sspmod_oauth_OAuthStore\new_access_token
new_access_token($requestToken, $consumer, $verifier=null)
Definition: OAuthStore.php:172
sspmod_oauth_OAuthStore\authorize
authorize($requestTokenKey, $data)
Attach the data to the token, and establish the Callback URL and verifier.
Definition: OAuthStore.php:43
sspmod_oauth_OAuthStore\$config
$config
Definition: OAuthStore.php:17
SimpleSAML
Attribute-related utility methods.
$url
$url
Definition: proxy_ylocal.php:28
$data
$data
Definition: bench.php:6