Collaboration diagram for OAuthServer:

Public Member Functions
	__construct ($data_store)

	add_signature_method ($signature_method)

	fetch_request_token (&$request)
	process a request_token request returns the request token on success More...

	fetch_access_token (&$request)
	process an access_token request returns the access token on success More...

	verify_request (&$request)
	verify an api call, checks all the parameters More...

Protected Attributes
	$timestamp_threshold = 300

	$version = 1.0

	$signature_methods = array()

	$data_store

Private Member Functions
	get_version (&$request)
	version 1 More...

	get_signature_method (&$request)
	figure out the signature with some defaults More...

	get_consumer (&$request)
	try to find the consumer for the provided request's consumer key More...

	get_token (&$request, $consumer, $token_type="access")
	try to find the token for the provided request's token key More...

	check_signature (&$request, $consumer, $token)
	all-in-one function to check the signature on a request should guess the signature method appropriately More...

	check_timestamp ($timestamp)
	check that the timestamp is new enough More...

	check_nonce ($consumer, $token, $nonce, $timestamp)
	check that the nonce is not repeated More...

Detailed Description

Definition at line 494 of file OAuth.php.

Constructor & Destructor Documentation

◆ __construct()

OAuthServer::__construct ( $data_store )

Definition at line 502 of file OAuth.php.

     {
         $this->data_store = $data_store;
     }

Member Function Documentation

◆ add_signature_method()

OAuthServer::add_signature_method ( $signature_method )

Definition at line 507 of file OAuth.php.

     {
         $this->signature_methods[$signature_method->get_name()] =
       $signature_method;
     }

◆ check_nonce()

OAuthServer::check_nonce	(	$consumer,
		$token,
		$nonce,
		$timestamp
	)

private

check that the nonce is not repeated

Definition at line 699 of file OAuth.php.

References $timestamp, and $token.

     {
         // verify that the nonce is uniqueish
         $found = $this->data_store->lookup_nonce(
         $consumer,
         $token,
         $nonce,
         $timestamp
     );
         if ($found) {
             throw new OAuthException("Nonce already used: $nonce");
         }
     }

◆ check_signature()

OAuthServer::check_signature	(	&	$request,
			$consumer,
			$token
	)

private

all-in-one function to check the signature on a request should guess the signature method appropriately

Definition at line 651 of file OAuth.php.

References $OAuth_last_computed_signature, $timestamp, and $token.

     {
         // this should probably be in a different method
         global $OAuth_last_computed_signature;
         $OAuth_last_computed_signature = false;
 
         $timestamp = @$request->get_parameter('oauth_timestamp');
         $nonce = @$request->get_parameter('oauth_nonce');
 
         $this->check_timestamp($timestamp);
         $this->check_nonce($consumer, $token, $nonce, $timestamp);
 
         $signature_method = $this->get_signature_method($request);
 
         $signature = $request->get_parameter('oauth_signature');
         $valid_sig = $signature_method->check_signature(
         $request,
         $consumer,
         $token,
         $signature
     );
 
         if (!$valid_sig) {
             $ex_text = "Invalid signature";
             if ($OAuth_last_computed_signature) {
                 $ex_text = $ex_text . " ours= $OAuth_last_computed_signature yours=$signature";
             }
             throw new OAuthException($ex_text);
         }
     }

◆ check_timestamp()

OAuthServer::check_timestamp ( $timestamp )

private

check that the timestamp is new enough

Definition at line 685 of file OAuth.php.

References $timestamp.

     {
         // verify that timestamp is recentish
         $now = time();
         if ($now - $timestamp > $this->timestamp_threshold) {
             throw new OAuthException(
           "Expired timestamp, yours $timestamp, ours $now"
       );
         }
     }

◆ fetch_access_token()

OAuthServer::fetch_access_token ( & $request )

process an access_token request returns the access token on success

Definition at line 539 of file OAuth.php.

References $token.

     {
         $this->get_version($request);
 
         $consumer = $this->get_consumer($request);
 
         // requires authorized request token
         $token = $this->get_token($request, $consumer, "request");
 
 
         $this->check_signature($request, $consumer, $token);
 
         $new_token = $this->data_store->new_access_token($token, $consumer);
 
         return $new_token;
     }

◆ fetch_request_token()

OAuthServer::fetch_request_token ( & $request )

process a request_token request returns the request token on success

Definition at line 519 of file OAuth.php.

References $token.

     {
         $this->get_version($request);
 
         $consumer = $this->get_consumer($request);
 
         // no token required for the initial token request
         $token = null;
 
         $this->check_signature($request, $consumer, $token);
 
         $new_token = $this->data_store->new_request_token($consumer);
 
         return $new_token;
     }

◆ get_consumer()

OAuthServer::get_consumer ( & $request )

private

try to find the consumer for the provided request's consumer key

Definition at line 612 of file OAuth.php.

     {
         $consumer_key = @$request->get_parameter("oauth_consumer_key");
         if (!$consumer_key) {
             throw new OAuthException("Invalid consumer key");
         }
 
         $consumer = $this->data_store->lookup_consumer($consumer_key);
         if (!$consumer) {
             throw new OAuthException("Invalid consumer");
         }
 
         return $consumer;
     }

◆ get_signature_method()

OAuthServer::get_signature_method ( & $request )

private

figure out the signature with some defaults

Definition at line 589 of file OAuth.php.

     {
         $signature_method =
         @$request->get_parameter("oauth_signature_method");
         if (!$signature_method) {
             $signature_method = "PLAINTEXT";
         }
         if (!in_array(
         $signature_method,
         array_keys($this->signature_methods)
     )) {
             throw new OAuthException(
           "Signature method '$signature_method' not supported " .
         "try one of the following: " .
         implode(", ", array_keys($this->signature_methods))
       );
         }
         return $this->signature_methods[$signature_method];
     }

◆ get_token()

OAuthServer::get_token	(	&	$request,
			$consumer,
			$token_type = `"access"`
	)

private

try to find the token for the provided request's token key

Definition at line 630 of file OAuth.php.

References $token.

     {
         $token_field = @$request->get_parameter('oauth_token');
         if (!$token_field) {
             return false;
         }
         $token = $this->data_store->lookup_token(
         $consumer,
         $token_type,
         $token_field
     );
         if (!$token) {
             throw new OAuthException("Invalid $token_type token: $token_field");
         }
         return $token;
     }

◆ get_version()

OAuthServer::get_version ( & $request )

private

version 1

Definition at line 574 of file OAuth.php.

     {
         $version = $request->get_parameter("oauth_version");
         if (!$version) {
             $version = 1.0;
         }
         if ($version && $version != $this->version) {
             throw new OAuthException("OAuth version '$version' not supported");
         }
         return $version;
     }

◆ verify_request()

OAuthServer::verify_request ( & $request )

verify an api call, checks all the parameters

Definition at line 559 of file OAuth.php.

References $OAuth_last_computed_signature, and $token.

     {
         global $OAuth_last_computed_signature;
         $OAuth_last_computed_signature = false;
         $this->get_version($request);
         $consumer = $this->get_consumer($request);
         $token = $this->get_token($request, $consumer, "access");
         $this->check_signature($request, $consumer, $token);
         return array($consumer, $token);
     }

Field Documentation

◆ $data_store

OAuthServer::$data_store

protected

Definition at line 500 of file OAuth.php.

◆ $signature_methods

OAuthServer::$signature_methods = array()

protected

Definition at line 498 of file OAuth.php.

◆ $timestamp_threshold

OAuthServer::$timestamp_threshold = 300

protected

Definition at line 496 of file OAuth.php.

◆ $version

OAuthServer::$version = 1.0

protected

Definition at line 497 of file OAuth.php.

The documentation for this class was generated from the following file:

Modules/LTIConsumer/lib/OAuth.php

Public Member Functions

Protected Attributes

Private Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ add_signature_method()

◆ check_nonce()

◆ check_signature()

◆ check_timestamp()

◆ fetch_access_token()

◆ fetch_request_token()

◆ get_consumer()

◆ get_signature_method()

◆ get_token()

◆ get_version()

◆ verify_request()

Field Documentation

◆ $data_store

◆ $signature_methods

◆ $timestamp_threshold

◆ $version