ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
OAuthStore.php
Go to the documentation of this file.
1 <?php
2 require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
3 
14 class sspmod_oauth_OAuthStore extends OAuthDataStore
15 {
16  private $store;
17  private $config;
18  private $defaultversion = '1.0';
19 
20  protected $_store_tables = array(
21  'consumers' => 'consumer = array with consumer attributes',
22  'nonce' => 'nonce+consumer_key = -boolean-',
23  'requesttorequest' => 'requestToken.key = array(version,callback,consumerKey,)',
24  'authorized' => 'requestToken.key, verifier = array(authenticated-user-attributes)',
25  'access' => 'accessToken.key+consumerKey = accesstoken',
26  'request' => 'requestToken.key+consumerKey = requesttoken',
27  );
28 
29 
30  public function __construct()
31  {
32  $this->store = new sspmod_core_Storage_SQLPermanentStorage('oauth');
33  $this->config = SimpleSAML_Configuration::getOptionalConfig('module_oauth.php');
34  }
35 
36 
43  public function authorize($requestTokenKey, $data)
44  {
45  $url = null;
46 
47  // See whether to remember values from the original requestToken request:
48  $request_attributes = $this->store->get('requesttorequest', $requestTokenKey, '');
49  // must be there ..
50  if ($request_attributes['value']) {
51  // establish callback to use
52  if ($request_attributes['value']['callback']) {
53  $url = $request_attributes['value']['callback'];
54  }
55  }
56 
57  // Is there a callback registered? This is leading, even over a supplied oauth_callback-parameter
58  $oConsumer = $this->lookup_consumer($request_attributes['value']['consumerKey']);
59 
60  if ($oConsumer && ($oConsumer->callback_url)) {
61  $url = $oConsumer->callback_url;
62  }
63 
64  $verifier = SimpleSAML\Utils\Random::generateID();
65  $url = \SimpleSAML\Utils\HTTP::addURLParameters($url, array("oauth_verifier"=>$verifier));
66 
67  $this->store->set('authorized', $requestTokenKey, $verifier, $data, $this->config->getValue('requestTokenDuration', 60*30));
68 
69  return array($url, $verifier);
70  }
71 
80  public function isAuthorized($requestToken, $verifier = '')
81  {
82  SimpleSAML\Logger::info('OAuth isAuthorized(' . $requestToken . ')');
83  return $this->store->exists('authorized', $requestToken, $verifier);
84  }
85 
86  public function getAuthorizedData($token, $verifier = '')
87  {
88  SimpleSAML\Logger::info('OAuth getAuthorizedData(' . $token . ')');
89  $data = $this->store->get('authorized', $token, $verifier);
90  return $data['value'];
91  }
92 
93  public function moveAuthorizedData($requestToken, $verifier, $accessTokenKey)
94  {
95  SimpleSAML\Logger::info('OAuth moveAuthorizedData(' . $requestToken . ', ' . $accessTokenKey . ')');
96 
97  // Retrieve authorizedData from authorized.requestToken (with provider verifier)
98  $authorizedData = $this->getAuthorizedData($requestToken, $verifier);
99 
100  // Remove the requesttoken+verifier from authorized store
101  $this->store->remove('authorized', $requestToken, $verifier);
102 
103  // Add accesstoken with authorizedData to authorized store (with empty verifier)
104  // accessTokenKey+consumer => accessToken is already registered in 'access'-table
105  $this->store->set('authorized', $accessTokenKey, '', $authorizedData, $this->config->getValue('accessTokenDuration', 60*60*24));
106  }
107 
108  public function lookup_consumer($consumer_key)
109  {
110  SimpleSAML\Logger::info('OAuth lookup_consumer(' . $consumer_key . ')');
111  if (!$this->store->exists('consumers', $consumer_key, '')) {
112  return null;
113  }
114  $consumer = $this->store->get('consumers', $consumer_key, '');
115 
116  $callback = null;
117  if ($consumer['value']['callback_url']) {
118  $callback = $consumer['value']['callback_url'];
119  }
120 
121  if ($consumer['value']['RSAcertificate']) {
122  return new OAuthConsumer($consumer['value']['key'], $consumer['value']['RSAcertificate'], $callback);
123  } else {
124  return new OAuthConsumer($consumer['value']['key'], $consumer['value']['secret'], $callback);
125  }
126  }
127 
128  function lookup_token($consumer, $tokenType = 'default', $token)
129  {
130  SimpleSAML\Logger::info('OAuth lookup_token(' . $consumer->key . ', ' . $tokenType. ',' . $token . ')');
131  $data = $this->store->get($tokenType, $token, $consumer->key);
132  if ($data == null) {
133  throw new Exception('Could not find token');
134  }
135  return $data['value'];
136  }
137 
138  function lookup_nonce($consumer, $token, $nonce, $timestamp)
139  {
140  SimpleSAML\Logger::info('OAuth lookup_nonce(' . $consumer . ', ' . $token. ',' . $nonce . ')');
141  if ($this->store->exists('nonce', $nonce, $consumer->key)) {
142  return true;
143  }
144  $this->store->set('nonce', $nonce, $consumer->key, true, $this->config->getValue('nonceCache', 60*60*24*14));
145  return false;
146  }
147 
148  function new_request_token($consumer, $callback = null, $version = null)
149  {
150  SimpleSAML\Logger::info('OAuth new_request_token(' . $consumer . ')');
151 
152  $lifetime = $this->config->getValue('requestTokenDuration', 60*30);
153 
154  $token = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
155  $token->callback = $callback; // OAuth1.0-RevA
156  $this->store->set('request', $token->key, $consumer->key, $token, $lifetime);
157 
158  // also store in requestToken->key => array('callback'=>CallbackURL, 'version'=>oauth_version
159  $request_attributes = array(
160  'callback' => $callback,
161  'version' => ($version?$version:$this->defaultversion),
162  'consumerKey' => $consumer->key,
163  );
164  $this->store->set('requesttorequest', $token->key, '', $request_attributes, $lifetime);
165 
166  // also store in requestToken->key => Consumer->key (enables consumer-lookup during reqToken-authorization stage)
167  $this->store->set('requesttoconsumer', $token->key, '', $consumer->key, $lifetime);
168 
169  return $token;
170  }
171 
172  function new_access_token($requestToken, $consumer, $verifier = null)
173  {
174  SimpleSAML\Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
175  $accesstoken = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
176  $this->store->set('access', $accesstoken->key, $consumer->key, $accesstoken, $this->config->getValue('accessTokenDuration', 60*60*24) );
177  return $accesstoken;
178  }
179 
185  public function lookup_consumer_by_requestToken($requestTokenKey)
186  {
187  SimpleSAML\Logger::info('OAuth lookup_consumer_by_requestToken(' . $requestTokenKey . ')');
188  if (!$this->store->exists('requesttorequest', $requestTokenKey, '')) {
189  return null;
190  }
191 
192  $request = $this->store->get('requesttorequest', $requestTokenKey, '');
193  $consumerKey = $request['value']['consumerKey'];
194  if (!$consumerKey) {
195  return null;
196  }
197 
198  $consumer = $this->store->get('consumers', $consumerKey['value'], '');
199  return $consumer['value'];
200  }
201 }
SimpleSAML\Utils\Random\generateID
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
OAuthToken
OAuth PECL extension includes an OAuth Exception class, so we need to wrap the definition of this cla...
Definition: OAuth.php:42
sspmod_oauth_OAuthStore\lookup_token
lookup_token($consumer, $tokenType='default', $token)
Definition: OAuthStore.php:128
sspmod_oauth_OAuthStore\new_access_token
new_access_token($requestToken, $consumer, $verifier=null)
Definition: OAuthStore.php:172
sspmod_oauth_OAuthStore\isAuthorized
isAuthorized($requestToken, $verifier='')
Perform lookup whether a given token exists in the list of authorized tokens; if a verifier is passed...
Definition: OAuthStore.php:80
sspmod_oauth_OAuthStore\lookup_consumer_by_requestToken
lookup_consumer_by_requestToken($requestTokenKey)
Return OAuthConsumer-instance that a given requestToken was issued to.
Definition: OAuthStore.php:185
sspmod_oauth_OAuthStore\getAuthorizedData
getAuthorizedData($token, $verifier='')
Definition: OAuthStore.php:86
sspmod_oauth_OAuthStore\$_store_tables
$_store_tables
Definition: OAuthStore.php:20
$version
$version
Definition: build.php:27
SimpleSAML
Attribute-related utility methods.
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:199
sspmod_oauth_OAuthStore\new_request_token
new_request_token($consumer, $callback=null, $version=null)
Definition: OAuthStore.php:148
sspmod_oauth_OAuthStore\lookup_nonce
lookup_nonce($consumer, $token, $nonce, $timestamp)
Definition: OAuthStore.php:138
sspmod_oauth_OAuthStore\lookup_consumer
lookup_consumer($consumer_key)
Definition: OAuthStore.php:108
sspmod_oauth_OAuthStore\moveAuthorizedData
moveAuthorizedData($requestToken, $verifier, $accessTokenKey)
Definition: OAuthStore.php:93
sspmod_oauth_OAuthStore\$config
$config
Definition: OAuthStore.php:17
sspmod_oauth_OAuthStore\authorize
authorize($requestTokenKey, $data)
Attach the data to the token, and establish the Callback URL and verifier.
Definition: OAuthStore.php:43
sspmod_oauth_OAuthStore\$defaultversion
$defaultversion
Definition: OAuthStore.php:18
$timestamp
foreach($mandatory_scripts as $file) $timestamp
Definition: buildRTE.php:81
sspmod_core_Storage_SQLPermanentStorage
Definition: SQLPermanentStorage.php:12
sspmod_oauth_OAuthStore
Definition: OAuthStore.php:14
SimpleSAML_Configuration\getOptionalConfig
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:267
$url
$url
Definition: proxy_ylocal.php:28
sspmod_oauth_OAuthStore\$store
$store
Definition: OAuthStore.php:16
sspmod_oauth_OAuthStore\__construct
__construct()
Definition: OAuthStore.php:30
$data
$data
Definition: bench.php:6