ILIAS  release_7 Revision v7.30-3-g800a261c036
OAuth.php
Go to the documentation of this file.
1<?php
6// vim: foldmethod=marker
7
8$OAuth_last_computed_signature = false;
9
10
11if (!class_exists('OAuthException')) {
12 /* Generic exception class
13 */
14 class OAuthException extends Exception
15 {
16 // pass
17 }
18}
19
20class OAuthConsumer
21{
22 public $key;
23 public $secret;
24
25 public function __construct($key, $secret, $callback_url = null)
26 {
27 $this->key = $key;
28 $this->secret = $secret;
29 $this->callback_url = $callback_url;
30 }
31
32 public function __toString()
33 {
34 return "OAuthConsumer[key=$this->key,secret=$this->secret]";
35 }
36}
37
38class OAuthToken
39{
40 // access tokens and request tokens
41 public $key;
42 public $secret;
43
48 public function __construct($key, $secret)
49 {
50 $this->key = $key;
51 $this->secret = $secret;
52 }
53
58 public function to_string()
59 {
60 return "oauth_token=" .
61 OAuthUtil::urlencode_rfc3986($this->key) .
62 "&oauth_token_secret=" .
63 OAuthUtil::urlencode_rfc3986($this->secret);
64 }
65
66 public function __toString()
67 {
68 return $this->to_string();
69 }
70}
71
72class OAuthSignatureMethod
73{
74 public function check_signature(&$request, $consumer, $token, $signature)
75 {
76 $built = $this->build_signature($request, $consumer, $token);
77 return $built == $signature;
78 }
79}
80
81class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod
82{
83 public function get_name()
84 {
85 return "HMAC-SHA1";
86 }
87
88 public function build_signature($request, $consumer, $token)
89 {
90 global $OAuth_last_computed_signature;
91 $OAuth_last_computed_signature = false;
92
93 $base_string = $request->get_signature_base_string();
94 $request->base_string = $base_string;
95
96 $key_parts = array(
97 $consumer->secret,
98 ($token) ? $token->secret : ""
99 );
100
101 $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
102 $key = implode('&', $key_parts);
103
104 $computed_signature = base64_encode(hash_hmac('sha1', $base_string, $key, true));
105 $OAuth_last_computed_signature = $computed_signature;
106 return $computed_signature;
107 }
108}
109
110class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod
111{
112 public function get_name()
113 {
114 return "PLAINTEXT";
115 }
116
117 public function build_signature($request, $consumer, $token)
118 {
119 $sig = array(
120 OAuthUtil::urlencode_rfc3986($consumer->secret)
121 );
122
123 if ($token) {
124 array_push($sig, OAuthUtil::urlencode_rfc3986($token->secret));
125 } else {
126 array_push($sig, '');
127 }
128
129 $raw = implode("&", $sig);
130 // for debug purposes
131 $request->base_string = $raw;
132
133 return OAuthUtil::urlencode_rfc3986($raw);
134 }
135}
136
137class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod
138{
139 public function get_name()
140 {
141 return "RSA-SHA1";
142 }
143
144 protected function fetch_public_cert(&$request)
145 {
146 // not implemented yet, ideas are:
147 // (1) do a lookup in a table of trusted certs keyed off of consumer
148 // (2) fetch via http using a url provided by the requester
149 // (3) some sort of specific discovery code based on request
150 //
151 // either way should return a string representation of the certificate
152 throw Exception("fetch_public_cert not implemented");
153 }
154
155 protected function fetch_private_cert(&$request)
156 {
157 // not implemented yet, ideas are:
158 // (1) do a lookup in a table of trusted certs keyed off of consumer
159 //
160 // either way should return a string representation of the certificate
161 throw Exception("fetch_private_cert not implemented");
162 }
163
164 public function build_signature(&$request, $consumer, $token)
165 {
166 $base_string = $request->get_signature_base_string();
167 $request->base_string = $base_string;
168
169 // Fetch the private key cert based on the request
170 $cert = $this->fetch_private_cert($request);
171
172 // Pull the private key ID from the certificate
173 $privatekeyid = openssl_get_privatekey($cert);
174
175 // Sign using the key
176 $ok = openssl_sign($base_string, $signature, $privatekeyid);
177
178 // Release the key resource
179 openssl_free_key($privatekeyid);
180
181 return base64_encode($signature);
182 }
183
184 public function check_signature(&$request, $consumer, $token, $signature)
185 {
186 $decoded_sig = base64_decode($signature);
187
188 $base_string = $request->get_signature_base_string();
189
190 // Fetch the public key cert based on the request
191 $cert = $this->fetch_public_cert($request);
192
193 // Pull the public key ID from the certificate
194 $publickeyid = openssl_get_publickey($cert);
195
196 // Check the computed signature against the one passed in the query
197 $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
198
199 // Release the key resource
200 openssl_free_key($publickeyid);
201
202 return $ok == 1;
203 }
204}
205
206class OAuthRequest
207{
208 private $parameters;
209 private $http_method;
210 private $http_url;
211 // for debug purposes
212 public $base_string;
213 public static $version = '1.0';
214 public static $POST_INPUT = 'php://input';
215
216 public function __construct($http_method, $http_url, $parameters = null)
217 {
218 @$parameters or $parameters = array();
219 $this->parameters = $parameters;
220 $this->http_method = $http_method;
221 $this->http_url = $http_url;
222 }
223
224
228 public static function from_request($http_method = null, $http_url = null, $parameters = null)
229 {
230 $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
231 ? 'http'
232 : 'https';
233 $port = "";
234 if ($_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" &&
235 strpos(':', $_SERVER['HTTP_HOST']) < 0) {
236 $port = ':' . $_SERVER['SERVER_PORT'] ;
237 }
238 @$http_url or $http_url = $scheme .
239 '://' . $_SERVER['HTTP_HOST'] .
240 $port .
241 $_SERVER['REQUEST_URI'];
242 @$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
243
244 // We weren't handed any parameters, so let's find the ones relevant to
245 // this request.
246 // If you run XML-RPC or similar you should use this to provide your own
247 // parsed parameter-list
248 if (!$parameters) {
249 // Find request headers
250 $request_headers = OAuthUtil::get_headers();
251
252 // Parse the query-string to find GET parameters
253 $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
254
255 $ourpost = $_POST;
256 // Deal with magic_quotes
257 // http://www.php.net/manual/en/security.magicquotes.disabling.php
258 if (get_magic_quotes_gpc()) {
259 $outpost = array();
260 foreach ($_POST as $k => $v) {
261 $v = stripslashes($v);
262 $ourpost[$k] = $v;
263 }
264 }
265 // Add POST Parameters if they exist
266 $parameters = array_merge($parameters, $ourpost);
267
268 // We have a Authorization-header with OAuth data. Parse the header
269 // and add those overriding any duplicates from GET or POST
270 if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
271 $header_parameters = OAuthUtil::split_header(
272 $request_headers['Authorization']
273 );
274 $parameters = array_merge($parameters, $header_parameters);
275 }
276 }
277
278 return new OAuthRequest($http_method, $http_url, $parameters);
279 }
280
284 public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = null)
285 {
286 @$parameters or $parameters = array();
287 $defaults = array("oauth_version" => OAuthRequest::$version,
288 "oauth_nonce" => OAuthRequest::generate_nonce(),
289 "oauth_timestamp" => OAuthRequest::generate_timestamp(),
290 "oauth_consumer_key" => $consumer->key);
291 if ($token) {
292 $defaults['oauth_token'] = $token->key;
293 }
294
295 $parameters = array_merge($defaults, $parameters);
296
297 // Parse the query-string to find and add GET parameters
298 $parts = parse_url($http_url);
299 if ($parts['query']) {
300 $qparms = OAuthUtil::parse_parameters($parts['query']);
301 $parameters = array_merge($qparms, $parameters);
302 }
303
304
305 return new OAuthRequest($http_method, $http_url, $parameters);
306 }
307
308 public function set_parameter($name, $value, $allow_duplicates = true)
309 {
310 if ($allow_duplicates && isset($this->parameters[$name])) {
311 // We have already added parameter(s) with this name, so add to the list
312 if (is_scalar($this->parameters[$name])) {
313 // This is the first duplicate, so transform scalar (string)
314 // into an array so we can add the duplicates
315 $this->parameters[$name] = array($this->parameters[$name]);
316 }
317
318 $this->parameters[$name][] = $value;
319 } else {
320 $this->parameters[$name] = $value;
321 }
322 }
323
324 public function get_parameter($name)
325 {
326 return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
327 }
328
329 public function get_parameters()
330 {
331 return $this->parameters;
332 }
333
334 public function unset_parameter($name)
335 {
336 unset($this->parameters[$name]);
337 }
338
343 public function get_signable_parameters()
344 {
345 // Grab all parameters
346 $params = $this->parameters;
347
348 // Remove oauth_signature if present
349 // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
350 if (isset($params['oauth_signature'])) {
351 unset($params['oauth_signature']);
352 }
353
354 return OAuthUtil::build_http_query($params);
355 }
356
364 public function get_signature_base_string()
365 {
366 $parts = array(
367 $this->get_normalized_http_method(),
368 $this->get_normalized_http_url(),
369 $this->get_signable_parameters()
370 );
371
372 $parts = OAuthUtil::urlencode_rfc3986($parts);
373
374 return implode('&', $parts);
375 }
376
380 public function get_normalized_http_method()
381 {
382 return strtoupper($this->http_method);
383 }
384
389 public function get_normalized_http_url()
390 {
391 $parts = parse_url($this->http_url);
392
393 $port = @$parts['port'];
394 $scheme = $parts['scheme'];
395 $host = $parts['host'];
396 $path = @$parts['path'];
397
398 $port or $port = ($scheme == 'https') ? '443' : '80';
399
400 if (($scheme == 'https' && $port != '443')
401 || ($scheme == 'http' && $port != '80')) {
402 $host = "$host:$port";
403 }
404 return "$scheme://$host$path";
405 }
406
410 public function to_url()
411 {
412 $post_data = $this->to_postdata();
413 $out = $this->get_normalized_http_url();
414 if ($post_data) {
415 $out .= '?' . $post_data;
416 }
417 return $out;
418 }
419
423 public function to_postdata()
424 {
425 return OAuthUtil::build_http_query($this->parameters);
426 }
427
431 public function to_header()
432 {
433 $out = 'Authorization: OAuth realm=""';
434 $total = array();
435 foreach ($this->parameters as $k => $v) {
436 if (substr($k, 0, 5) != "oauth") {
437 continue;
438 }
439 if (is_array($v)) {
440 throw new OAuthException('Arrays not supported in headers');
441 }
442 $out .= ',' .
443 OAuthUtil::urlencode_rfc3986($k) .
444 '="' .
445 OAuthUtil::urlencode_rfc3986($v) .
446 '"';
447 }
448 return $out;
449 }
450
451 public function __toString()
452 {
453 return $this->to_url();
454 }
455
456
457 public function sign_request($signature_method, $consumer, $token)
458 {
459 $this->set_parameter(
460 "oauth_signature_method",
461 $signature_method->get_name(),
462 false
463 );
464 $signature = $this->build_signature($signature_method, $consumer, $token);
465 $this->set_parameter("oauth_signature", $signature, false);
466 }
467
468 public function build_signature($signature_method, $consumer, $token)
469 {
470 $signature = $signature_method->build_signature($this, $consumer, $token);
471 return $signature;
472 }
473
477 private static function generate_timestamp()
478 {
479 return time();
480 }
481
485 private static function generate_nonce()
486 {
487 $mt = microtime();
488 $rand = mt_rand();
489
490 return md5($mt . $rand); // md5s look nicer than numbers
491 }
492}
493
494class OAuthServer
495{
496 protected $timestamp_threshold = 300; // in seconds, five minutes
497 protected $version = 1.0; // hi blaine
498 protected $signature_methods = array();
499
500 protected $data_store;
501
502 public function __construct($data_store)
503 {
504 $this->data_store = $data_store;
505 }
506
507 public function add_signature_method($signature_method)
508 {
509 $this->signature_methods[$signature_method->get_name()] =
510 $signature_method;
511 }
512
513 // high level functions
514
519 public function fetch_request_token(&$request)
520 {
521 $this->get_version($request);
522
523 $consumer = $this->get_consumer($request);
524
525 // no token required for the initial token request
526 $token = null;
527
528 $this->check_signature($request, $consumer, $token);
529
530 $new_token = $this->data_store->new_request_token($consumer);
531
532 return $new_token;
533 }
534
539 public function fetch_access_token(&$request)
540 {
541 $this->get_version($request);
542
543 $consumer = $this->get_consumer($request);
544
545 // requires authorized request token
546 $token = $this->get_token($request, $consumer, "request");
547
548
549 $this->check_signature($request, $consumer, $token);
550
551 $new_token = $this->data_store->new_access_token($token, $consumer);
552
553 return $new_token;
554 }
555
559 public function verify_request(&$request)
560 {
561 global $OAuth_last_computed_signature;
562 $OAuth_last_computed_signature = false;
563 $this->get_version($request);
564 $consumer = $this->get_consumer($request);
565 $token = $this->get_token($request, $consumer, "access");
566 $this->check_signature($request, $consumer, $token);
567 return array($consumer, $token);
568 }
569
570 // Internals from here
574 private function get_version(&$request)
575 {
576 $version = $request->get_parameter("oauth_version");
577 if (!$version) {
578 $version = 1.0;
579 }
580 if ($version && $version != $this->version) {
581 throw new OAuthException("OAuth version '$version' not supported");
582 }
583 return $version;
584 }
585
589 private function get_signature_method(&$request)
590 {
591 $signature_method =
592 @$request->get_parameter("oauth_signature_method");
593 if (!$signature_method) {
594 $signature_method = "PLAINTEXT";
595 }
596 if (!in_array(
597 $signature_method,
598 array_keys($this->signature_methods)
599 )) {
600 throw new OAuthException(
601 "Signature method '$signature_method' not supported " .
602 "try one of the following: " .
603 implode(", ", array_keys($this->signature_methods))
604 );
605 }
606 return $this->signature_methods[$signature_method];
607 }
608
612 private function get_consumer(&$request)
613 {
614 $consumer_key = @$request->get_parameter("oauth_consumer_key");
615 if (!$consumer_key) {
616 throw new OAuthException("Invalid consumer key");
617 }
618
619 $consumer = $this->data_store->lookup_consumer($consumer_key);
620 if (!$consumer) {
621 throw new OAuthException("Invalid consumer");
622 }
623
624 return $consumer;
625 }
626
630 private function get_token(&$request, $consumer, $token_type = "access")
631 {
632 $token_field = @$request->get_parameter('oauth_token');
633 if (!$token_field) {
634 return false;
635 }
636 $token = $this->data_store->lookup_token(
637 $consumer,
638 $token_type,
639 $token_field
640 );
641 if (!$token) {
642 throw new OAuthException("Invalid $token_type token: $token_field");
643 }
644 return $token;
645 }
646
651 private function check_signature(&$request, $consumer, $token)
652 {
653 // this should probably be in a different method
654 global $OAuth_last_computed_signature;
655 $OAuth_last_computed_signature = false;
656
657 $timestamp = @$request->get_parameter('oauth_timestamp');
658 $nonce = @$request->get_parameter('oauth_nonce');
659
660 $this->check_timestamp($timestamp);
661 $this->check_nonce($consumer, $token, $nonce, $timestamp);
662
663 $signature_method = $this->get_signature_method($request);
664
665 $signature = $request->get_parameter('oauth_signature');
666 $valid_sig = $signature_method->check_signature(
667 $request,
668 $consumer,
669 $token,
670 $signature
671 );
672
673 if (!$valid_sig) {
674 $ex_text = "Invalid signature";
675 if ($OAuth_last_computed_signature) {
676 $ex_text = $ex_text . " ours= $OAuth_last_computed_signature yours=$signature";
677 }
678 throw new OAuthException($ex_text);
679 }
680 }
681
685 private function check_timestamp($timestamp)
686 {
687 // verify that timestamp is recentish
688 $now = time();
689 if ($now - $timestamp > $this->timestamp_threshold) {
690 throw new OAuthException(
691 "Expired timestamp, yours $timestamp, ours $now"
692 );
693 }
694 }
695
699 private function check_nonce($consumer, $token, $nonce, $timestamp)
700 {
701 // verify that the nonce is uniqueish
702 $found = $this->data_store->lookup_nonce(
703 $consumer,
704 $token,
705 $nonce,
706 $timestamp
707 );
708 if ($found) {
709 throw new OAuthException("Nonce already used: $nonce");
710 }
711 }
712}
713
714class OAuthDataStore
715{
716 public function lookup_consumer($consumer_key)
717 {
718 // implement me
719 }
720
721 public function lookup_token($consumer, $token_type, $token)
722 {
723 // implement me
724 }
725
726 public function lookup_nonce($consumer, $token, $nonce, $timestamp)
727 {
728 // implement me
729 }
730
731 public function new_request_token($consumer)
732 {
733 // return a new token attached to this consumer
734 }
735
736 public function new_access_token($token, $consumer)
737 {
738 // return a new access token attached to this consumer
739 // for the user associated with this token if the request token
740 // is authorized
741 // should also invalidate the request token
742 }
743}
744
745class OAuthUtil
746{
747 public static function urlencode_rfc3986($input)
748 {
749 if (is_array($input)) {
750 return array_map(array('OAuthUtil', 'urlencode_rfc3986'), $input);
751 } elseif (is_scalar($input)) {
752 return str_replace(
753 '+',
754 ' ',
755 str_replace('%7E', '~', rawurlencode($input))
756 );
757 } else {
758 return '';
759 }
760 }
761
762
763 // This decode function isn't taking into consideration the above
764 // modifications to the encoding process. However, this method doesn't
765 // seem to be used anywhere so leaving it as is.
766 public static function urldecode_rfc3986($string)
767 {
768 return urldecode($string);
769 }
770
771 // Utility function for turning the Authorization: header into
772 // parameters, has to do some unescaping
773 // Can filter out any non-oauth parameters if needed (default behaviour)
774 public static function split_header($header, $only_allow_oauth_parameters = true)
775 {
776 $pattern = '/(([-_a-z]*)=("([^"]*)"|([^,]*)),?)/';
777 $offset = 0;
778 $params = array();
779 while (preg_match($pattern, $header, $matches, PREG_OFFSET_CAPTURE, $offset) > 0) {
780 $match = $matches[0];
781 $header_name = $matches[2][0];
782 $header_content = (isset($matches[5])) ? $matches[5][0] : $matches[4][0];
783 if (preg_match('/^oauth_/', $header_name) || !$only_allow_oauth_parameters) {
784 $params[$header_name] = OAuthUtil::urldecode_rfc3986($header_content);
785 }
786 $offset = $match[1] + strlen($match[0]);
787 }
788
789 if (isset($params['realm'])) {
790 unset($params['realm']);
791 }
792
793 return $params;
794 }
795
796 // helper to try to sort out headers for people who aren't running apache
797 public static function get_headers()
798 {
799 if (function_exists('apache_request_headers')) {
800 // we need this to get the actual Authorization: header
801 // because apache tends to tell us it doesn't exist
802 return apache_request_headers();
803 }
804 // otherwise we don't have apache and are just going to have to hope
805 // that $_SERVER actually contains what we need
806 $out = array();
807 foreach ($_SERVER as $key => $value) {
808 if (substr($key, 0, 5) == "HTTP_") {
809 // this is chaos, basically it is just there to capitalize the first
810 // letter of every word that is not an initial HTTP and strip HTTP
811 // code from przemek
812 $key = str_replace(
813 " ",
814 "-",
815 ucwords(strtolower(str_replace("_", " ", substr($key, 5))))
816 );
817 $out[$key] = $value;
818 }
819 }
820 return $out;
821 }
822
823 // This function takes a input like a=b&a=c&d=e and returns the parsed
824 // parameters like this
825 // array('a' => array('b','c'), 'd' => 'e')
826 public static function parse_parameters($input)
827 {
828 if (!isset($input) || !$input) {
829 return array();
830 }
831
832 // fau: fix for PHP7
833 $pairs = explode('&', $input);
834
835 $parsed_parameters = array();
836 foreach ($pairs as $pair) {
837 $split = explode('=', $pair, 2);
838 // fau.
839 $parameter = OAuthUtil::urldecode_rfc3986($split[0]);
840 $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : '';
841
842 if (isset($parsed_parameters[$parameter])) {
843 // We have already recieved parameter(s) with this name, so add to the list
844 // of parameters with this name
845
846 if (is_scalar($parsed_parameters[$parameter])) {
847 // This is the first duplicate, so transform scalar (string) into an array
848 // so we can add the duplicates
849 $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]);
850 }
851
852 $parsed_parameters[$parameter][] = $value;
853 } else {
854 $parsed_parameters[$parameter] = $value;
855 }
856 }
857 return $parsed_parameters;
858 }
859
860 public static function build_http_query($params)
861 {
862 if (!$params) {
863 return '';
864 }
865
866 // Urlencode both keys and values
867 $keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
868 $values = OAuthUtil::urlencode_rfc3986(array_values($params));
869 $params = array_combine($keys, $values);
870
871 // Parameters are sorted by name, using lexicographical byte value ordering.
872 // Ref: Spec: 9.1.1 (1)
873 uksort($params, 'strcmp');
874
875 $pairs = array();
876 foreach ($params as $parameter => $value) {
877 if (is_array($value)) {
878 // If two or more parameters share the same name, they are sorted by their value
879 // Ref: Spec: 9.1.1 (1)
880 natsort($value);
881 foreach ($value as $duplicate_value) {
882 $pairs[] = $parameter . '=' . $duplicate_value;
883 }
884 } else {
885 $pairs[] = $parameter . '=' . $value;
886 }
887 }
888 // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
889 // Each name-value pair is separated by an '&' character (ASCII code 38)
890 return implode('&', $pairs);
891 }
892}
$OAuth_last_computed_signature
$OAuth_last_computed_signature
http://oauth.googlecode.com/svn/code/php/
Definition: OAuth.php:8
$total
$total
Definition: Utf8Test.php:87
$timestamp
foreach($mandatory_scripts as $file) $timestamp
Definition: buildRTE.php:81
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
php
An exception for terminatinating execution or to throw for unit testing.
OAuthConsumer\__toString
__toString()
Definition: OAuth.php:32
OAuthConsumer\__construct
__construct($key, $secret, $callback_url=null)
Definition: OAuth.php:25
OAuthDataStore\lookup_consumer
lookup_consumer($consumer_key)
Definition: OAuth.php:716
OAuthDataStore\new_access_token
new_access_token($token, $consumer)
Definition: OAuth.php:736
OAuthDataStore\lookup_token
lookup_token($consumer, $token_type, $token)
Definition: OAuth.php:721
OAuthDataStore\new_request_token
new_request_token($consumer)
Definition: OAuth.php:731
OAuthDataStore\lookup_nonce
lookup_nonce($consumer, $token, $nonce, $timestamp)
Definition: OAuth.php:726
OAuthRequest\from_consumer_and_token
static from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=null)
pretty much a helper function to set up the request
Definition: OAuth.php:284
OAuthRequest\$POST_INPUT
static $POST_INPUT
Definition: OAuth.php:214
OAuthRequest\__construct
__construct($http_method, $http_url, $parameters=null)
Definition: OAuth.php:216
OAuthRequest\sign_request
sign_request($signature_method, $consumer, $token)
Definition: OAuth.php:457
OAuthRequest\$version
static $version
Definition: OAuth.php:213
OAuthRequest\__toString
__toString()
Definition: OAuth.php:451
OAuthRequest\get_normalized_http_method
get_normalized_http_method()
just uppercases the http method
Definition: OAuth.php:380
OAuthRequest\to_postdata
to_postdata()
builds the data one would send in a POST request
Definition: OAuth.php:423
OAuthRequest\get_normalized_http_url
get_normalized_http_url()
parses the url and rebuilds it to be scheme://host/path
Definition: OAuth.php:389
OAuthRequest\to_url
to_url()
builds a url usable for a GET request
Definition: OAuth.php:410
OAuthRequest\unset_parameter
unset_parameter($name)
Definition: OAuth.php:334
OAuthRequest\get_signable_parameters
get_signable_parameters()
The request parameters, sorted and concatenated into a normalized string.
Definition: OAuth.php:343
OAuthRequest\get_signature_base_string
get_signature_base_string()
Returns the base string of this request.
Definition: OAuth.php:364
OAuthRequest\from_request
static from_request($http_method=null, $http_url=null, $parameters=null)
attempt to build up a request from what was passed to the server
Definition: OAuth.php:228
OAuthRequest\set_parameter
set_parameter($name, $value, $allow_duplicates=true)
Definition: OAuth.php:308
OAuthRequest\get_parameters
get_parameters()
Definition: OAuth.php:329
OAuthRequest\get_parameter
get_parameter($name)
Definition: OAuth.php:324
OAuthRequest\generate_timestamp
static generate_timestamp()
util function: current timestamp
Definition: OAuth.php:477
OAuthRequest\to_header
to_header()
builds the Authorization: header
Definition: OAuth.php:431
OAuthRequest\build_signature
build_signature($signature_method, $consumer, $token)
Definition: OAuth.php:468
OAuthRequest\generate_nonce
static generate_nonce()
util function: current nonce
Definition: OAuth.php:485
OAuthServer\$signature_methods
$signature_methods
Definition: OAuth.php:498
OAuthServer\add_signature_method
add_signature_method($signature_method)
Definition: OAuth.php:507
OAuthServer\__construct
__construct($data_store)
Definition: OAuth.php:502
OAuthServer\check_signature
check_signature(&$request, $consumer, $token)
all-in-one function to check the signature on a request should guess the signature method appropriate...
Definition: OAuth.php:651
OAuthServer\check_nonce
check_nonce($consumer, $token, $nonce, $timestamp)
check that the nonce is not repeated
Definition: OAuth.php:699
OAuthServer\check_timestamp
check_timestamp($timestamp)
check that the timestamp is new enough
Definition: OAuth.php:685
OAuthServer\fetch_access_token
fetch_access_token(&$request)
process an access_token request returns the access token on success
Definition: OAuth.php:539
OAuthServer\$timestamp_threshold
$timestamp_threshold
Definition: OAuth.php:496
OAuthServer\get_token
get_token(&$request, $consumer, $token_type="access")
try to find the token for the provided request's token key
Definition: OAuth.php:630
OAuthServer\fetch_request_token
fetch_request_token(&$request)
process a request_token request returns the request token on success
Definition: OAuth.php:519
OAuthServer\get_signature_method
get_signature_method(&$request)
figure out the signature with some defaults
Definition: OAuth.php:589
OAuthServer\verify_request
verify_request(&$request)
verify an api call, checks all the parameters
Definition: OAuth.php:559
OAuthServer\get_consumer
get_consumer(&$request)
try to find the consumer for the provided request's consumer key
Definition: OAuth.php:612
OAuthServer\get_version
get_version(&$request)
version 1
Definition: OAuth.php:574
OAuthSignatureMethod_HMAC_SHA1
Definition: OAuth.php:82
OAuthSignatureMethod_HMAC_SHA1\get_name
get_name()
Definition: OAuth.php:83
OAuthSignatureMethod_HMAC_SHA1\build_signature
build_signature($request, $consumer, $token)
Definition: OAuth.php:88
OAuthSignatureMethod_PLAINTEXT
Definition: OAuth.php:111
OAuthSignatureMethod_PLAINTEXT\build_signature
build_signature($request, $consumer, $token)
Definition: OAuth.php:117
OAuthSignatureMethod_PLAINTEXT\get_name
get_name()
Definition: OAuth.php:112
OAuthSignatureMethod_RSA_SHA1
Definition: OAuth.php:138
OAuthSignatureMethod_RSA_SHA1\fetch_public_cert
fetch_public_cert(&$request)
Definition: OAuth.php:144
OAuthSignatureMethod_RSA_SHA1\build_signature
build_signature(&$request, $consumer, $token)
Definition: OAuth.php:164
OAuthSignatureMethod_RSA_SHA1\fetch_private_cert
fetch_private_cert(&$request)
Definition: OAuth.php:155
OAuthSignatureMethod_RSA_SHA1\get_name
get_name()
Definition: OAuth.php:139
OAuthSignatureMethod_RSA_SHA1\check_signature
check_signature(&$request, $consumer, $token, $signature)
Definition: OAuth.php:184
OAuthSignatureMethod\check_signature
check_signature(&$request, $consumer, $token, $signature)
Definition: OAuth.php:74
OAuthToken\to_string
to_string()
generates the basic string serialization of a token that a server would respond to request_token and ...
Definition: OAuth.php:58
OAuthToken\__toString
__toString()
Definition: OAuth.php:66
OAuthToken\__construct
__construct($key, $secret)
key = the token secret = the token secret
Definition: OAuth.php:48
OAuthUtil\get_headers
static get_headers()
Definition: OAuth.php:797
OAuthUtil\split_header
static split_header($header, $only_allow_oauth_parameters=true)
Definition: OAuth.php:774
OAuthUtil\urldecode_rfc3986
static urldecode_rfc3986($string)
Definition: OAuth.php:766
OAuthUtil\urlencode_rfc3986
static urlencode_rfc3986($input)
Definition: OAuth.php:747
OAuthUtil\parse_parameters
static parse_parameters($input)
Definition: OAuth.php:826
OAuthUtil\build_http_query
static build_http_query($params)
Definition: OAuth.php:860
$name
if($format !==null) $name
Definition: metadata.php:230
$keys
$keys
Definition: metadata.php:187
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
$token
$token
Definition: xapitoken.php:52