OAuthServer Class Reference

Collaboration diagram for OAuthServer:

Public Member Functions
	__construct ($data_store)
	add_signature_method ($signature_method)
	fetch_request_token (&$request)
	process a request_token request returns the request token on success More...
	fetch_access_token (&$request)
	process an access_token request returns the access token on success More...
	verify_request (&$request)
	verify an api call, checks all the parameters More...

Protected Attributes
	$timestamp_threshold = 300
	$version = 1.0
	$signature_methods = array()
	$data_store

Private Member Functions
	get_version (&$request)
	version 1 More...
	get_signature_method (&$request)
	figure out the signature with some defaults More...
	get_consumer (&$request)
	try to find the consumer for the provided request's consumer key More...
	get_token (&$request, $consumer, $token_type="access")
	try to find the token for the provided request's token key More...
	check_signature (&$request, $consumer, $token)
	all-in-one function to check the signature on a request should guess the signature method appropriately More...
	check_timestamp ($timestamp)
	check that the timestamp is new enough More...
	check_nonce ($consumer, $token, $nonce, $timestamp)
	check that the nonce is not repeated More...

Detailed Description

Definition at line 494 of file OAuth.php.

Constructor & Destructor Documentation

__construct()

OAuthServer::__construct

(

$data_store

)

Definition at line 502 of file OAuth.php.

    {
        $this->data_store = $data_store;
    }

References $data_store.

Member Function Documentation

add_signature_method()

OAuthServer::add_signature_method

(

$signature_method

)

Definition at line 507 of file OAuth.php.

    {
        $this->signature_methods[$signature_method->get_name()] =
      $signature_method;
    }

check_nonce()

OAuthServer::check_nonce (   $consumer,   $token,   $nonce,   $timestamp  )

private

check that the nonce is not repeated

Definition at line 699 of file OAuth.php.

    {
        // verify that the nonce is uniqueish
        $found = $this->data_store->lookup_nonce(
        $consumer,
        $token,
        $nonce,
        $timestamp
    );
        if ($found) {
            throw new OAuthException("Nonce already used: $nonce");
        }
    }

References $timestamp, and $token.

Referenced by check_signature().

Here is the caller graph for this function:

check_signature()

OAuthServer::check_signature ( &  $request,   $consumer,   $token  )

private

all-in-one function to check the signature on a request should guess the signature method appropriately

Definition at line 651 of file OAuth.php.

    {
        // this should probably be in a different method
        global $OAuth_last_computed_signature;
        $OAuth_last_computed_signature = false;
 
        $timestamp = @$request->get_parameter('oauth_timestamp');
        $nonce = @$request->get_parameter('oauth_nonce');
 
        $this->check_timestamp($timestamp);
        $this->check_nonce($consumer, $token, $nonce, $timestamp);
 
        $signature_method = $this->get_signature_method($request);
 
        $signature = $request->get_parameter('oauth_signature');
        $valid_sig = $signature_method->check_signature(
        $request,
        $consumer,
        $token,
        $signature
    );
 
        if (!$valid_sig) {
            $ex_text = "Invalid signature";
            if ($OAuth_last_computed_signature) {
                $ex_text = $ex_text . " ours= $OAuth_last_computed_signature yours=$signature";
            }
            throw new OAuthException($ex_text);
        }
    }

References $OAuth_last_computed_signature, $timestamp, $token, check_nonce(), check_timestamp(), and get_signature_method().

Referenced by fetch_access_token(), fetch_request_token(), and verify_request().

Here is the call graph for this function:

Here is the caller graph for this function:

check_timestamp()

OAuthServer::check_timestamp (   $timestamp )

private

check that the timestamp is new enough

Definition at line 685 of file OAuth.php.

    {
        // verify that timestamp is recentish
        $now = time();
        if ($now - $timestamp > $this->timestamp_threshold) {
            throw new OAuthException(
          "Expired timestamp, yours $timestamp, ours $now"
      );
        }
    }

References $timestamp.

Referenced by check_signature().

Here is the caller graph for this function:

fetch_access_token()

OAuthServer::fetch_access_token

(

&

$request

)

process an access_token request returns the access token on success

Definition at line 539 of file OAuth.php.

    {
        $this->get_version($request);
 
        $consumer = $this->get_consumer($request);
 
        // requires authorized request token
        $token = $this->get_token($request, $consumer, "request");
 
 
        $this->check_signature($request, $consumer, $token);
 
        $new_token = $this->data_store->new_access_token($token, $consumer);
 
        return $new_token;
    }

References $token, check_signature(), get_consumer(), get_token(), and get_version().

Here is the call graph for this function:

fetch_request_token()

OAuthServer::fetch_request_token

(

&

$request

)

process a request_token request returns the request token on success

Definition at line 519 of file OAuth.php.

    {
        $this->get_version($request);
 
        $consumer = $this->get_consumer($request);
 
        // no token required for the initial token request
        $token = null;
 
        $this->check_signature($request, $consumer, $token);
 
        $new_token = $this->data_store->new_request_token($consumer);
 
        return $new_token;
    }

References $token, check_signature(), get_consumer(), and get_version().

Here is the call graph for this function:

get_consumer()

OAuthServer::get_consumer ( &  $request )

private

try to find the consumer for the provided request's consumer key

Definition at line 612 of file OAuth.php.

    {
        $consumer_key = @$request->get_parameter("oauth_consumer_key");
        if (!$consumer_key) {
            throw new OAuthException("Invalid consumer key");
        }
 
        $consumer = $this->data_store->lookup_consumer($consumer_key);
        if (!$consumer) {
            throw new OAuthException("Invalid consumer");
        }
 
        return $consumer;
    }

Referenced by fetch_access_token(), fetch_request_token(), and verify_request().

Here is the caller graph for this function:

get_signature_method()

OAuthServer::get_signature_method ( &  $request )

private

figure out the signature with some defaults

Definition at line 589 of file OAuth.php.

    {
        $signature_method =
        @$request->get_parameter("oauth_signature_method");
        if (!$signature_method) {
            $signature_method = "PLAINTEXT";
        }
        if (!in_array(
        $signature_method,
        array_keys($this->signature_methods)
    )) {
            throw new OAuthException(
          "Signature method '$signature_method' not supported " .
        "try one of the following: " .
        implode(", ", array_keys($this->signature_methods))
      );
        }
        return $this->signature_methods[$signature_method];
    }

Referenced by check_signature().

Here is the caller graph for this function:

get_token()

OAuthServer::get_token ( &  $request,   $consumer,   $token_type = "access"  )

private

try to find the token for the provided request's token key

Definition at line 630 of file OAuth.php.

    {
        $token_field = @$request->get_parameter('oauth_token');
        if (!$token_field) {
            return false;
        }
        $token = $this->data_store->lookup_token(
        $consumer,
        $token_type,
        $token_field
    );
        if (!$token) {
            throw new OAuthException("Invalid $token_type token: $token_field");
        }
        return $token;
    }

References $token.

Referenced by fetch_access_token(), and verify_request().

Here is the caller graph for this function:

get_version()

OAuthServer::get_version ( &  $request )

private

version 1

Definition at line 574 of file OAuth.php.

    {
        $version = $request->get_parameter("oauth_version");
        if (!$version) {
            $version = 1.0;
        }
        if ($version && $version != $this->version) {
            throw new OAuthException("OAuth version '$version' not supported");
        }
        return $version;
    }

References $version.

Referenced by fetch_access_token(), fetch_request_token(), and verify_request().

Here is the caller graph for this function:

verify_request()

OAuthServer::verify_request

(

&

$request

)

verify an api call, checks all the parameters

Definition at line 559 of file OAuth.php.

    {
        global $OAuth_last_computed_signature;
        $OAuth_last_computed_signature = false;
        $this->get_version($request);
        $consumer = $this->get_consumer($request);
        $token = $this->get_token($request, $consumer, "access");
        $this->check_signature($request, $consumer, $token);
        return array($consumer, $token);
    }

References $OAuth_last_computed_signature, $token, check_signature(), get_consumer(), get_token(), and get_version().

Here is the call graph for this function:

Field Documentation

$data_store

OAuthServer::$data_store

protected

Definition at line 500 of file OAuth.php.

Referenced by __construct().

$signature_methods

OAuthServer::$signature_methods = array()

protected

Definition at line 498 of file OAuth.php.

$timestamp_threshold

OAuthServer::$timestamp_threshold = 300

protected

Definition at line 496 of file OAuth.php.

$version

OAuthServer::$version = 1.0

protected

Definition at line 497 of file OAuth.php.

Referenced by get_version().

---

The documentation for this class was generated from the following file:

• Modules/LTIConsumer/lib/OAuth.php