ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
OAuthServer.php
Go to the documentation of this file.
1 <?php
2 
3 namespace IMSGlobal\LTI\OAuth;
4 
12 class OAuthServer {
13 
14  protected $timestamp_threshold = 300; // in seconds, five minutes
15  protected $version = '1.0'; // hi blaine
16  protected $signature_methods = array();
17 
18  protected $data_store;
19 
20  function __construct($data_store) {
21  $this->data_store = $data_store;
22  }
23 
24  public function add_signature_method($signature_method) {
25  $this->signature_methods[$signature_method->get_name()] = $signature_method;
26  }
27 
28  // high level functions
29 
34  public function fetch_request_token(&$request) {
35 
36  $this->get_version($request);
37 
38  $consumer = $this->get_consumer($request);
39 
40  // no token required for the initial token request
41  $token = NULL;
42 
43  $this->check_signature($request, $consumer, $token);
44 
45  // Rev A change
46  $callback = $request->get_parameter('oauth_callback');
47  $new_token = $this->data_store->new_request_token($consumer, $callback);
48 
49  return $new_token;
50 
51  }
52 
57  public function fetch_access_token(&$request) {
58 
59  $this->get_version($request);
60 
61  $consumer = $this->get_consumer($request);
62 
63  // requires authorized request token
64  $token = $this->get_token($request, $consumer, "request");
65 
66  $this->check_signature($request, $consumer, $token);
67 
68  // Rev A change
69  $verifier = $request->get_parameter('oauth_verifier');
70  $new_token = $this->data_store->new_access_token($token, $consumer, $verifier);
71 
72  return $new_token;
73 
74  }
75 
79  public function verify_request(&$request) {
80 
81  $this->get_version($request);
82  $consumer = $this->get_consumer($request);
83  $token = $this->get_token($request, $consumer, "access");
84  $this->check_signature($request, $consumer, $token);
85 
86  return array($consumer, $token);
87 
88  }
89 
90  // Internals from here
94  private function get_version(&$request) {
95 
96  $version = $request->get_parameter("oauth_version");
97  if (!$version) {
98  // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
99  // Chapter 7.0 ("Accessing Protected Ressources")
100  $version = '1.0';
101  }
102  if ($version !== $this->version) {
103  throw new OAuthException("OAuth version '$version' not supported");
104  }
105 
106  return $version;
107 
108  }
109 
113  private function get_signature_method($request) {
114 
115  $signature_method = $request instanceof OAuthRequest
116  ? $request->get_parameter('oauth_signature_method') : NULL;
117 
118  if (!$signature_method) {
119  // According to chapter 7 ("Accessing Protected Ressources") the signature-method
120  // parameter is required, and we can't just fallback to PLAINTEXT
121  throw new OAuthException('No signature method parameter. This parameter is required');
122  }
123 
124  if (!in_array($signature_method,
125  array_keys($this->signature_methods))) {
126  throw new OAuthException(
127  "Signature method '$signature_method' not supported " .
128  'try one of the following: ' .
129  implode(', ', array_keys($this->signature_methods))
130  );
131  }
132 
133  return $this->signature_methods[$signature_method];
134 
135  }
136 
140  private function get_consumer($request) {
141 
142  $consumer_key = $request instanceof OAuthRequest
143  ? $request->get_parameter('oauth_consumer_key') : NULL;
144 
145  if (!$consumer_key) {
146  throw new OAuthException('Invalid consumer key');
147  }
148 
149  $consumer = $this->data_store->lookup_consumer($consumer_key);
150  if (!$consumer) {
151  throw new OAuthException('Invalid consumer');
152  }
153 
154  return $consumer;
155 
156  }
157 
161  private function get_token($request, $consumer, $token_type="access") {
162 
163  $token_field = $request instanceof OAuthRequest
164  ? $request->get_parameter('oauth_token') : NULL;
165 
166  $token = $this->data_store->lookup_token($consumer, $token_type, $token_field);
167  if (!$token) {
168  throw new OAuthException("Invalid $token_type token: $token_field");
169  }
170 
171  return $token;
172 
173  }
174 
179  private function check_signature($request, $consumer, $token) {
180 
181  // this should probably be in a different method
182  $timestamp = $request instanceof OAuthRequest
183  ? $request->get_parameter('oauth_timestamp')
184  : NULL;
185  $nonce = $request instanceof OAuthRequest
186  ? $request->get_parameter('oauth_nonce')
187  : NULL;
188 
189  $this->check_timestamp($timestamp);
190  $this->check_nonce($consumer, $token, $nonce, $timestamp);
191 
192  $signature_method = $this->get_signature_method($request);
193 
194  $signature = $request->get_parameter('oauth_signature');
195  $valid_sig = $signature_method->check_signature($request, $consumer, $token, $signature);
196 
197  if (!$valid_sig) {
198  throw new OAuthException('Invalid signature');
199  }
200  }
201 
205  private function check_timestamp($timestamp) {
206  if(!$timestamp)
207  throw new OAuthException('Missing timestamp parameter. The parameter is required');
208 
209  // verify that timestamp is recentish
210  $now = time();
211  if (abs($now - $timestamp) > $this->timestamp_threshold) {
212  throw new OAuthException("Expired timestamp, yours $timestamp, ours $now");
213  }
214 
215  }
216 
220  private function check_nonce($consumer, $token, $nonce, $timestamp) {
221 
222  if(!$nonce)
223  throw new OAuthException('Missing nonce parameter. The parameter is required');
224 
225  // verify that the nonce is uniqueish
226  $found = $this->data_store->lookup_nonce($consumer, $token, $nonce, $timestamp);
227  if ($found) {
228  throw new OAuthException("Nonce already used: $nonce");
229  }
230 
231  }
232 
233 }
IMSGlobal\LTI\OAuth\OAuthServer\verify_request
verify_request(&$request)
verify an api call, checks all the parameters
Definition: OAuthServer.php:79
IMSGlobal\LTI\OAuth\OAuthServer\check_timestamp
check_timestamp($timestamp)
check that the timestamp is new enough
Definition: OAuthServer.php:205
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
IMSGlobal\LTI\OAuth\OAuthException
Class to represent an OAuth Exception.
Definition: OAuthException.php:12
IMSGlobal\LTI\OAuth\OAuthServer\check_signature
check_signature($request, $consumer, $token)
all-in-one function to check the signature on a request should guess the signature method appropriate...
Definition: OAuthServer.php:179
IMSGlobal\LTI\OAuth\OAuthServer\get_token
get_token($request, $consumer, $token_type="access")
try to find the token for the provided request&#39;s token key
Definition: OAuthServer.php:161
IMSGlobal\LTI\OAuth\OAuthServer\fetch_request_token
fetch_request_token(&$request)
process a request_token request returns the request token on success
Definition: OAuthServer.php:34
IMSGlobal\LTI\OAuth\OAuthServer\get_version
get_version(&$request)
version 1
Definition: OAuthServer.php:94
IMSGlobal\LTI\OAuth\OAuthServer\get_consumer
get_consumer($request)
try to find the consumer for the provided request&#39;s consumer key
Definition: OAuthServer.php:140
IMSGlobal\LTI\OAuth\OAuthServer\check_nonce
check_nonce($consumer, $token, $nonce, $timestamp)
check that the nonce is not repeated
Definition: OAuthServer.php:220
IMSGlobal\LTI\OAuth\OAuthServer\get_signature_method
get_signature_method($request)
figure out the signature with some defaults
Definition: OAuthServer.php:113
IMSGlobal\LTI\OAuth\OAuthRequest
Class to represent an OAuth Request.
Definition: OAuthRequest.php:12
$timestamp
foreach($mandatory_scripts as $file) $timestamp
Definition: buildRTE.php:81
IMSGlobal\LTI\OAuth\OAuthServer
Class to represent an OAuth Server.
Definition: OAuthServer.php:12
IMSGlobal\LTI\OAuth\OAuthServer\fetch_access_token
fetch_access_token(&$request)
process an access_token request returns the access token on success
Definition: OAuthServer.php:57
IMSGlobal\LTI\OAuth\OAuthServer\add_signature_method
add_signature_method($signature_method)
Definition: OAuthServer.php:24