Add oauth-php library

This commit is contained in:
Tom Needham 2012-08-01 10:20:17 +01:00
parent 7426217e76
commit 9ec035e3d3
72 changed files with 13238 additions and 0 deletions

22
3rdparty/oauth-php/LICENSE vendored Normal file
View File

@ -0,0 +1,22 @@
The MIT License
Copyright (c) 2007-2009 Mediamatic Lab
Copyright (c) 2010 Corollarium Technologies
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

1
3rdparty/oauth-php/README vendored Normal file
View File

@ -0,0 +1 @@
Please see http://code.google.com/p/oauth-php/ for documentation and help.

View File

@ -0,0 +1,227 @@
<?php
/**
* Handle the discovery of OAuth service provider endpoints and static consumer identity.
*
* @version $Id$
* @author Marc Worrell <marcw@pobox.com>
* @date Sep 4, 2008 5:05:19 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/discovery/xrds_parse.php';
require_once dirname(__FILE__).'/OAuthException2.php';
require_once dirname(__FILE__).'/OAuthRequestLogger.php';
class OAuthDiscovery
{
/**
* Return a description how we can do a consumer allocation. Prefers static allocation if
* possible. If static allocation is possible
*
* See also: http://oauth.net/discovery/#consumer_identity_types
*
* @param string uri
* @return array provider description
*/
static function discover ( $uri )
{
// See what kind of consumer allocations are available
$xrds_file = self::discoverXRDS($uri);
if (!empty($xrds_file))
{
$xrds = xrds_parse($xrds_file);
if (empty($xrds))
{
throw new OAuthException2('Could not discover OAuth information for '.$uri);
}
}
else
{
throw new OAuthException2('Could not discover XRDS file at '.$uri);
}
// Fill an OAuthServer record for the uri found
$ps = parse_url($uri);
$host = isset($ps['host']) ? $ps['host'] : 'localhost';
$server_uri = $ps['scheme'].'://'.$host.'/';
$p = array(
'user_id' => null,
'consumer_key' => '',
'consumer_secret' => '',
'signature_methods' => '',
'server_uri' => $server_uri,
'request_token_uri' => '',
'authorize_uri' => '',
'access_token_uri' => ''
);
// Consumer identity (out of bounds or static)
if (isset($xrds['consumer_identity']))
{
// Try to find a static consumer allocation, we like those :)
foreach ($xrds['consumer_identity'] as $ci)
{
if ($ci['method'] == 'static' && !empty($ci['consumer_key']))
{
$p['consumer_key'] = $ci['consumer_key'];
$p['consumer_secret'] = '';
}
else if ($ci['method'] == 'oob' && !empty($ci['uri']))
{
// TODO: Keep this uri somewhere for the user?
$p['consumer_oob_uri'] = $ci['uri'];
}
}
}
// The token uris
if (isset($xrds['request'][0]['uri']))
{
$p['request_token_uri'] = $xrds['request'][0]['uri'];
if (!empty($xrds['request'][0]['signature_method']))
{
$p['signature_methods'] = $xrds['request'][0]['signature_method'];
}
}
if (isset($xrds['authorize'][0]['uri']))
{
$p['authorize_uri'] = $xrds['authorize'][0]['uri'];
if (!empty($xrds['authorize'][0]['signature_method']))
{
$p['signature_methods'] = $xrds['authorize'][0]['signature_method'];
}
}
if (isset($xrds['access'][0]['uri']))
{
$p['access_token_uri'] = $xrds['access'][0]['uri'];
if (!empty($xrds['access'][0]['signature_method']))
{
$p['signature_methods'] = $xrds['access'][0]['signature_method'];
}
}
return $p;
}
/**
* Discover the XRDS file at the uri. This is a bit primitive, you should overrule
* this function so that the XRDS file can be cached for later referral.
*
* @param string uri
* @return string false when no XRDS file found
*/
static protected function discoverXRDS ( $uri, $recur = 0 )
{
// Bail out when we are following redirects
if ($recur > 10)
{
return false;
}
$data = self::curl($uri);
// Check what we got back, could be:
// 1. The XRDS discovery file itself (check content-type)
// 2. The X-XRDS-Location header
if (is_string($data) && !empty($data))
{
list($head,$body) = explode("\r\n\r\n", $data);
$body = trim($body);
$m = false;
// See if we got the XRDS file itself or we have to follow a location header
if ( preg_match('/^Content-Type:\s*application\/xrds+xml/im', $head)
|| preg_match('/^<\?xml[^>]*\?>\s*<xrds\s/i', $body)
|| preg_match('/^<xrds\s/i', $body)
)
{
$xrds = $body;
}
else if ( preg_match('/^X-XRDS-Location:\s*([^\r\n]*)/im', $head, $m)
|| preg_match('/^Location:\s*([^\r\n]*)/im', $head, $m))
{
// Recurse to the given location
if ($uri != $m[1])
{
$xrds = self::discoverXRDS($m[1], $recur+1);
}
else
{
// Referring to the same uri, bail out
$xrds = false;
}
}
else
{
// Not an XRDS file an nowhere else to check
$xrds = false;
}
}
else
{
$xrds = false;
}
return $xrds;
}
/**
* Try to fetch an XRDS file at the given location. Sends an accept header preferring the xrds file.
*
* @param string uri
* @return array (head,body), false on an error
*/
static protected function curl ( $uri )
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/xrds+xml, */*;q=0.1'));
curl_setopt($ch, CURLOPT_USERAGENT, 'anyMeta/OAuth 1.0 - (OAuth Discovery $LastChangedRevision: 45 $)');
curl_setopt($ch, CURLOPT_URL, $uri);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$txt = curl_exec($ch);
curl_close($ch);
// Tell the logger what we requested and what we received back
$data = "GET $uri";
OAuthRequestLogger::setSent($data, "");
OAuthRequestLogger::setReceived($txt);
return $txt;
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,50 @@
<?php
/**
* Simple exception wrapper for OAuth
*
* @version $Id: OAuthException2.php 67 2010-01-12 18:42:04Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Nov 29, 2007 5:33:54 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
// TODO: something with the HTTP return code matching to the problem
require_once dirname(__FILE__) . '/OAuthRequestLogger.php';
class OAuthException2 extends Exception
{
function __construct ( $message )
{
Exception::__construct($message);
OAuthRequestLogger::addNote('OAuthException2: '.$message);
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,846 @@
<?php
/**
* Request wrapper class. Prepares a request for consumption by the OAuth routines
*
* @version $Id: OAuthRequest.php 174 2010-11-24 15:15:41Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Nov 16, 2007 12:20:31 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthException2.php';
/**
* Object to parse an incoming OAuth request or prepare an outgoing OAuth request
*/
class OAuthRequest
{
/* the realm for this request */
protected $realm;
/* all the parameters, RFC3986 encoded name/value pairs */
protected $param = array();
/* the parsed request uri */
protected $uri_parts;
/* the raw request uri */
protected $uri;
/* the request headers */
protected $headers;
/* the request method */
protected $method;
/* the body of the OAuth request */
protected $body;
/**
* Construct from the current request. Useful for checking the signature of a request.
* When not supplied with any parameters this will use the current request.
*
* @param string uri might include parameters
* @param string method GET, PUT, POST etc.
* @param string parameters additional post parameters, urlencoded (RFC1738)
* @param array headers headers for request
* @param string body optional body of the OAuth request (POST or PUT)
*/
function __construct ( $uri = null, $method = null, $parameters = '', $headers = array(), $body = null )
{
if (is_object($_SERVER))
{
// Tainted arrays - the normal stuff in anyMeta
if (!$method) {
$method = $_SERVER->REQUEST_METHOD->getRawUnsafe();
}
if (empty($uri)) {
$uri = $_SERVER->REQUEST_URI->getRawUnsafe();
}
}
else
{
// non anyMeta systems
if (!$method) {
if (isset($_SERVER['REQUEST_METHOD'])) {
$method = $_SERVER['REQUEST_METHOD'];
}
else {
$method = 'GET';
}
}
$proto = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
if (empty($uri)) {
if (strpos($_SERVER['REQUEST_URI'], "://") !== false) {
$uri = $_SERVER['REQUEST_URI'];
}
else {
$uri = sprintf('%s://%s%s', $proto, $_SERVER['HTTP_HOST'], $_SERVER['REQUEST_URI']);
}
}
}
$headers = OAuthRequestLogger::getAllHeaders();
$this->method = strtoupper($method);
// If this is a post then also check the posted variables
if (strcasecmp($method, 'POST') == 0)
{
// TODO: what to do with 'multipart/form-data'?
if ($this->getRequestContentType() == 'multipart/form-data')
{
// Get the posted body (when available)
if (!isset($headers['X-OAuth-Test']))
{
$parameters .= $this->getRequestBodyOfMultipart();
}
}
if ($this->getRequestContentType() == 'application/x-www-form-urlencoded')
{
// Get the posted body (when available)
if (!isset($headers['X-OAuth-Test']))
{
$parameters .= $this->getRequestBody();
}
}
else
{
$body = $this->getRequestBody();
}
}
else if (strcasecmp($method, 'PUT') == 0)
{
$body = $this->getRequestBody();
}
$this->method = strtoupper($method);
$this->headers = $headers;
// Store the values, prepare for oauth
$this->uri = $uri;
$this->body = $body;
$this->parseUri($parameters);
$this->parseHeaders();
$this->transcodeParams();
}
/**
* Return the signature base string.
* Note that we can't use rawurlencode due to specified use of RFC3986.
*
* @return string
*/
function signatureBaseString ()
{
$sig = array();
$sig[] = $this->method;
$sig[] = $this->getRequestUrl();
$sig[] = $this->getNormalizedParams();
return implode('&', array_map(array($this, 'urlencode'), $sig));
}
/**
* Calculate the signature of the request, using the method in oauth_signature_method.
* The signature is returned encoded in the form as used in the url. So the base64 and
* urlencoding has been done.
*
* @param string consumer_secret
* @param string token_secret
* @param string token_type
* @exception when not all parts available
* @return string
*/
function calculateSignature ( $consumer_secret, $token_secret, $token_type = 'access' )
{
$required = array(
'oauth_consumer_key',
'oauth_signature_method',
'oauth_timestamp',
'oauth_nonce'
);
if ($token_type != 'requestToken')
{
$required[] = 'oauth_token';
}
foreach ($required as $req)
{
if (!isset($this->param[$req]))
{
throw new OAuthException2('Can\'t sign request, missing parameter "'.$req.'"');
}
}
$this->checks();
$base = $this->signatureBaseString();
$signature = $this->calculateDataSignature($base, $consumer_secret, $token_secret, $this->param['oauth_signature_method']);
return $signature;
}
/**
* Calculate the signature of a string.
* Uses the signature method from the current parameters.
*
* @param string data
* @param string consumer_secret
* @param string token_secret
* @param string signature_method
* @exception OAuthException2 thrown when the signature method is unknown
* @return string signature
*/
function calculateDataSignature ( $data, $consumer_secret, $token_secret, $signature_method )
{
if (is_null($data))
{
$data = '';
}
$sig = $this->getSignatureMethod($signature_method);
return $sig->signature($this, $data, $consumer_secret, $token_secret);
}
/**
* Select a signature method from the list of available methods.
* We try to check the most secure methods first.
*
* @todo Let the signature method tell us how secure it is
* @param array methods
* @exception OAuthException2 when we don't support any method in the list
* @return string
*/
public function selectSignatureMethod ( $methods )
{
if (in_array('HMAC-SHA1', $methods))
{
$method = 'HMAC-SHA1';
}
else if (in_array('MD5', $methods))
{
$method = 'MD5';
}
else
{
$method = false;
foreach ($methods as $m)
{
$m = strtoupper($m);
$m2 = preg_replace('/[^A-Z0-9]/', '_', $m);
if (file_exists(dirname(__FILE__).'/signature_method/OAuthSignatureMethod_'.$m2.'.php'))
{
$method = $m;
break;
}
}
if (empty($method))
{
throw new OAuthException2('None of the signing methods is supported.');
}
}
return $method;
}
/**
* Fetch the signature object used for calculating and checking the signature base string
*
* @param string method
* @return OAuthSignatureMethod object
*/
function getSignatureMethod ( $method )
{
$m = strtoupper($method);
$m = preg_replace('/[^A-Z0-9]/', '_', $m);
$class = 'OAuthSignatureMethod_'.$m;
if (file_exists(dirname(__FILE__).'/signature_method/'.$class.'.php'))
{
require_once dirname(__FILE__).'/signature_method/'.$class.'.php';
$sig = new $class();
}
else
{
throw new OAuthException2('Unsupported signature method "'.$m.'".');
}
return $sig;
}
/**
* Perform some sanity checks.
*
* @exception OAuthException2 thrown when sanity checks failed
*/
function checks ()
{
if (isset($this->param['oauth_version']))
{
$version = $this->urldecode($this->param['oauth_version']);
if ($version != '1.0')
{
throw new OAuthException2('Expected OAuth version 1.0, got "'.$this->param['oauth_version'].'"');
}
}
}
/**
* Return the request method
*
* @return string
*/
function getMethod ()
{
return $this->method;
}
/**
* Return the complete parameter string for the signature check.
* All parameters are correctly urlencoded and sorted on name and value
*
* @return string
*/
function getNormalizedParams ()
{
/*
// sort by name, then by value
// (needed when we start allowing multiple values with the same name)
$keys = array_keys($this->param);
$values = array_values($this->param);
array_multisort($keys, SORT_ASC, $values, SORT_ASC);
*/
$params = $this->param;
$normalized = array();
ksort($params);
foreach ($params as $key => $value)
{
// all names and values are already urlencoded, exclude the oauth signature
if ($key != 'oauth_signature')
{
if (is_array($value))
{
$value_sort = $value;
sort($value_sort);
foreach ($value_sort as $v)
{
$normalized[] = $key.'='.$v;
}
}
else
{
$normalized[] = $key.'='.$value;
}
}
}
return implode('&', $normalized);
}
/**
* Return the normalised url for signature checks
*/
function getRequestUrl ()
{
$url = $this->uri_parts['scheme'] . '://'
. $this->uri_parts['user'] . (!empty($this->uri_parts['pass']) ? ':' : '')
. $this->uri_parts['pass'] . (!empty($this->uri_parts['user']) ? '@' : '')
. $this->uri_parts['host'];
if ( $this->uri_parts['port']
&& $this->uri_parts['port'] != $this->defaultPortForScheme($this->uri_parts['scheme']))
{
$url .= ':'.$this->uri_parts['port'];
}
if (!empty($this->uri_parts['path']))
{
$url .= $this->uri_parts['path'];
}
return $url;
}
/**
* Get a parameter, value is always urlencoded
*
* @param string name
* @param boolean urldecode set to true to decode the value upon return
* @return string value false when not found
*/
function getParam ( $name, $urldecode = false )
{
if (isset($this->param[$name]))
{
$s = $this->param[$name];
}
else if (isset($this->param[$this->urlencode($name)]))
{
$s = $this->param[$this->urlencode($name)];
}
else
{
$s = false;
}
if (!empty($s) && $urldecode)
{
if (is_array($s))
{
$s = array_map(array($this,'urldecode'), $s);
}
else
{
$s = $this->urldecode($s);
}
}
return $s;
}
/**
* Set a parameter
*
* @param string name
* @param string value
* @param boolean encoded set to true when the values are already encoded
*/
function setParam ( $name, $value, $encoded = false )
{
if (!$encoded)
{
$name_encoded = $this->urlencode($name);
if (is_array($value))
{
foreach ($value as $v)
{
$this->param[$name_encoded][] = $this->urlencode($v);
}
}
else
{
$this->param[$name_encoded] = $this->urlencode($value);
}
}
else
{
$this->param[$name] = $value;
}
}
/**
* Re-encode all parameters so that they are encoded using RFC3986.
* Updates the $this->param attribute.
*/
protected function transcodeParams ()
{
$params = $this->param;
$this->param = array();
foreach ($params as $name=>$value)
{
if (is_array($value))
{
$this->param[$this->urltranscode($name)] = array_map(array($this,'urltranscode'), $value);
}
else
{
$this->param[$this->urltranscode($name)] = $this->urltranscode($value);
}
}
}
/**
* Return the body of the OAuth request.
*
* @return string null when no body
*/
function getBody ()
{
return $this->body;
}
/**
* Return the body of the OAuth request.
*
* @return string null when no body
*/
function setBody ( $body )
{
$this->body = $body;
}
/**
* Parse the uri into its parts. Fill in the missing parts.
*
* @param string $parameters optional extra parameters (from eg the http post)
*/
protected function parseUri ( $parameters )
{
$ps = @parse_url($this->uri);
// Get the current/requested method
$ps['scheme'] = strtolower($ps['scheme']);
// Get the current/requested host
if (function_exists('mb_strtolower'))
$ps['host'] = mb_strtolower($ps['host']);
else
$ps['host'] = strtolower($ps['host']);
if (!preg_match('/^[a-z0-9\.\-]+$/', $ps['host']))
{
throw new OAuthException2('Unsupported characters in host name');
}
// Get the port we are talking on
if (empty($ps['port']))
{
$ps['port'] = $this->defaultPortForScheme($ps['scheme']);
}
if (empty($ps['user']))
{
$ps['user'] = '';
}
if (empty($ps['pass']))
{
$ps['pass'] = '';
}
if (empty($ps['path']))
{
$ps['path'] = '/';
}
if (empty($ps['query']))
{
$ps['query'] = '';
}
if (empty($ps['fragment']))
{
$ps['fragment'] = '';
}
// Now all is complete - parse all parameters
foreach (array($ps['query'], $parameters) as $params)
{
if (strlen($params) > 0)
{
$params = explode('&', $params);
foreach ($params as $p)
{
@list($name, $value) = explode('=', $p, 2);
if (!strlen($name))
{
continue;
}
if (array_key_exists($name, $this->param))
{
if (is_array($this->param[$name]))
$this->param[$name][] = $value;
else
$this->param[$name] = array($this->param[$name], $value);
}
else
{
$this->param[$name] = $value;
}
}
}
}
$this->uri_parts = $ps;
}
/**
* Return the default port for a scheme
*
* @param string scheme
* @return int
*/
protected function defaultPortForScheme ( $scheme )
{
switch ($scheme)
{
case 'http': return 80;
case 'https': return 443;
default:
throw new OAuthException2('Unsupported scheme type, expected http or https, got "'.$scheme.'"');
break;
}
}
/**
* Encode a string according to the RFC3986
*
* @param string s
* @return string
*/
function urlencode ( $s )
{
if ($s === false)
{
return $s;
}
else
{
return str_replace('%7E', '~', rawurlencode($s));
}
}
/**
* Decode a string according to RFC3986.
* Also correctly decodes RFC1738 urls.
*
* @param string s
* @return string
*/
function urldecode ( $s )
{
if ($s === false)
{
return $s;
}
else
{
return rawurldecode($s);
}
}
/**
* urltranscode - make sure that a value is encoded using RFC3986.
* We use a basic urldecode() function so that any use of '+' as the
* encoding of the space character is correctly handled.
*
* @param string s
* @return string
*/
function urltranscode ( $s )
{
if ($s === false)
{
return $s;
}
else
{
return $this->urlencode(rawurldecode($s));
// return $this->urlencode(urldecode($s));
}
}
/**
* Parse the oauth parameters from the request headers
* Looks for something like:
*
* Authorization: OAuth realm="http://photos.example.net/authorize",
* oauth_consumer_key="dpf43f3p2l4k3l03",
* oauth_token="nnch734d00sl2jdk",
* oauth_signature_method="HMAC-SHA1",
* oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D",
* oauth_timestamp="1191242096",
* oauth_nonce="kllo9940pd9333jh",
* oauth_version="1.0"
*/
private function parseHeaders ()
{
/*
$this->headers['Authorization'] = 'OAuth realm="http://photos.example.net/authorize",
oauth_consumer_key="dpf43f3p2l4k3l03",
oauth_token="nnch734d00sl2jdk",
oauth_signature_method="HMAC-SHA1",
oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D",
oauth_timestamp="1191242096",
oauth_nonce="kllo9940pd9333jh",
oauth_version="1.0"';
*/
if (isset($this->headers['Authorization']))
{
$auth = trim($this->headers['Authorization']);
if (strncasecmp($auth, 'OAuth', 4) == 0)
{
$vs = explode(',', substr($auth, 6));
foreach ($vs as $v)
{
if (strpos($v, '='))
{
$v = trim($v);
list($name,$value) = explode('=', $v, 2);
if (!empty($value) && $value{0} == '"' && substr($value, -1) == '"')
{
$value = substr(substr($value, 1), 0, -1);
}
if (strcasecmp($name, 'realm') == 0)
{
$this->realm = $value;
}
else
{
$this->param[$name] = $value;
}
}
}
}
}
}
/**
* Fetch the content type of the current request
*
* @return string
*/
private function getRequestContentType ()
{
$content_type = 'application/octet-stream';
if (!empty($_SERVER) && array_key_exists('CONTENT_TYPE', $_SERVER))
{
list($content_type) = explode(';', $_SERVER['CONTENT_TYPE']);
}
return trim($content_type);
}
/**
* Get the body of a POST or PUT.
*
* Used for fetching the post parameters and to calculate the body signature.
*
* @return string null when no body present (or wrong content type for body)
*/
private function getRequestBody ()
{
$body = null;
if ($this->method == 'POST' || $this->method == 'PUT')
{
$body = '';
$fh = @fopen('php://input', 'r');
if ($fh)
{
while (!feof($fh))
{
$s = fread($fh, 1024);
if (is_string($s))
{
$body .= $s;
}
}
fclose($fh);
}
}
return $body;
}
/**
* Get the body of a POST with multipart/form-data by Edison tsai on 16:52 2010/09/16
*
* Used for fetching the post parameters and to calculate the body signature.
*
* @return string null when no body present (or wrong content type for body)
*/
private function getRequestBodyOfMultipart()
{
$body = null;
if ($this->method == 'POST')
{
$body = '';
if (is_array($_POST) && count($_POST) > 1)
{
foreach ($_POST AS $k => $v) {
$body .= $k . '=' . $this->urlencode($v) . '&';
} #end foreach
if(substr($body,-1) == '&')
{
$body = substr($body, 0, strlen($body)-1);
} #end if
} #end if
} #end if
return $body;
}
/**
* Simple function to perform a redirect (GET).
* Redirects the User-Agent, does not return.
*
* @param string uri
* @param array params parameters, urlencoded
* @exception OAuthException2 when redirect uri is illegal
*/
public function redirect ( $uri, $params )
{
if (!empty($params))
{
$q = array();
foreach ($params as $name=>$value)
{
$q[] = $name.'='.$value;
}
$q_s = implode('&', $q);
if (strpos($uri, '?'))
{
$uri .= '&'.$q_s;
}
else
{
$uri .= '?'.$q_s;
}
}
// simple security - multiline location headers can inject all kinds of extras
$uri = preg_replace('/\s/', '%20', $uri);
if (strncasecmp($uri, 'http://', 7) && strncasecmp($uri, 'https://', 8))
{
if (strpos($uri, '://'))
{
throw new OAuthException2('Illegal protocol in redirect uri '.$uri);
}
$uri = 'http://'.$uri;
}
header('HTTP/1.1 302 Found');
header('Location: '.$uri);
echo '';
exit();
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,316 @@
<?php
/**
* Log OAuth requests
*
* @version $Id: OAuthRequestLogger.php 98 2010-03-08 12:48:59Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Dec 7, 2007 12:22:43 PM
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
class OAuthRequestLogger
{
static private $logging = 0;
static private $enable_logging = null;
static private $store_log = null;
static private $note = '';
static private $user_id = null;
static private $request_object = null;
static private $sent = null;
static private $received = null;
static private $log = array();
/**
* Start any logging, checks the system configuration if logging is needed.
*
* @param OAuthRequest $request_object
*/
static function start ( $request_object = null )
{
if (defined('OAUTH_LOG_REQUEST'))
{
if (is_null(OAuthRequestLogger::$enable_logging))
{
OAuthRequestLogger::$enable_logging = true;
}
if (is_null(OAuthRequestLogger::$store_log))
{
OAuthRequestLogger::$store_log = true;
}
}
if (OAuthRequestLogger::$enable_logging && !OAuthRequestLogger::$logging)
{
OAuthRequestLogger::$logging = true;
OAuthRequestLogger::$request_object = $request_object;
ob_start();
// Make sure we flush our log entry when we stop the request (eg on an exception)
register_shutdown_function(array('OAuthRequestLogger','flush'));
}
}
/**
* Force logging, needed for performing test connects independent from the debugging setting.
*
* @param boolean store_log (optional) true to store the log in the db
*/
static function enableLogging ( $store_log = null )
{
OAuthRequestLogger::$enable_logging = true;
if (!is_null($store_log))
{
OAuthRequestLogger::$store_log = $store_log;
}
}
/**
* Logs the request to the database, sends any cached output.
* Also called on shutdown, to make sure we always log the request being handled.
*/
static function flush ()
{
if (OAuthRequestLogger::$logging)
{
OAuthRequestLogger::$logging = false;
if (is_null(OAuthRequestLogger::$sent))
{
// What has been sent to the user-agent?
$data = ob_get_contents();
if (strlen($data) > 0)
{
ob_end_flush();
}
elseif (ob_get_level())
{
ob_end_clean();
}
$hs = headers_list();
$sent = implode("\n", $hs) . "\n\n" . $data;
}
else
{
// The request we sent
$sent = OAuthRequestLogger::$sent;
}
if (is_null(OAuthRequestLogger::$received))
{
// Build the request we received
$hs0 = self::getAllHeaders();
$hs = array();
foreach ($hs0 as $h => $v)
{
$hs[] = "$h: $v";
}
$data = '';
$fh = @fopen('php://input', 'r');
if ($fh)
{
while (!feof($fh))
{
$s = fread($fh, 1024);
if (is_string($s))
{
$data .= $s;
}
}
fclose($fh);
}
$received = implode("\n", $hs) . "\n\n" . $data;
}
else
{
// The answer we received
$received = OAuthRequestLogger::$received;
}
// The request base string
if (OAuthRequestLogger::$request_object)
{
$base_string = OAuthRequestLogger::$request_object->signatureBaseString();
}
else
{
$base_string = '';
}
// Figure out to what keys we want to log this request
$keys = array();
if (OAuthRequestLogger::$request_object)
{
$consumer_key = OAuthRequestLogger::$request_object->getParam('oauth_consumer_key', true);
$token = OAuthRequestLogger::$request_object->getParam('oauth_token', true);
switch (get_class(OAuthRequestLogger::$request_object))
{
// tokens are access/request tokens by a consumer
case 'OAuthServer':
case 'OAuthRequestVerifier':
$keys['ocr_consumer_key'] = $consumer_key;
$keys['oct_token'] = $token;
break;
// tokens are access/request tokens to a server
case 'OAuthRequester':
case 'OAuthRequestSigner':
$keys['osr_consumer_key'] = $consumer_key;
$keys['ost_token'] = $token;
break;
}
}
// Log the request
if (OAuthRequestLogger::$store_log)
{
$store = OAuthStore::instance();
$store->addLog($keys, $received, $sent, $base_string, OAuthRequestLogger::$note, OAuthRequestLogger::$user_id);
}
OAuthRequestLogger::$log[] = array(
'keys' => $keys,
'received' => $received,
'sent' => $sent,
'base_string' => $base_string,
'note' => OAuthRequestLogger::$note
);
}
}
/**
* Add a note, used by the OAuthException2 to log all exceptions.
*
* @param string note
*/
static function addNote ( $note )
{
OAuthRequestLogger::$note .= $note . "\n\n";
}
/**
* Set the OAuth request object being used
*
* @param OAuthRequest request_object
*/
static function setRequestObject ( $request_object )
{
OAuthRequestLogger::$request_object = $request_object;
}
/**
* Set the relevant user (defaults to the current user)
*
* @param int user_id
*/
static function setUser ( $user_id )
{
OAuthRequestLogger::$user_id = $user_id;
}
/**
* Set the request we sent
*
* @param string request
*/
static function setSent ( $request )
{
OAuthRequestLogger::$sent = $request;
}
/**
* Set the reply we received
*
* @param string request
*/
static function setReceived ( $reply )
{
OAuthRequestLogger::$received = $reply;
}
/**
* Get the the log till now
*
* @return array
*/
static function getLog ()
{
return OAuthRequestLogger::$log;
}
/**
* helper to try to sort out headers for people who aren't running apache,
* or people who are running PHP as FastCGI.
*
* @return array of request headers as associative array.
*/
public static function getAllHeaders() {
$retarr = array();
$headers = array();
if (function_exists('apache_request_headers')) {
$headers = apache_request_headers();
ksort($headers);
return $headers;
} else {
$headers = array_merge($_ENV, $_SERVER);
foreach ($headers as $key => $val) {
//we need this header
if (strpos(strtolower($key), 'content-type') !== FALSE)
continue;
if (strtoupper(substr($key, 0, 5)) != "HTTP_")
unset($headers[$key]);
}
}
//Normalize this array to Cased-Like-This structure.
foreach ($headers AS $key => $value) {
$key = preg_replace('/^HTTP_/i', '', $key);
$key = str_replace(
" ",
"-",
ucwords(strtolower(str_replace(array("-", "_"), " ", $key)))
);
$retarr[$key] = $value;
}
ksort($retarr);
return $retarr;
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,215 @@
<?php
/**
* Sign requests before performing the request.
*
* @version $Id: OAuthRequestSigner.php 174 2010-11-24 15:15:41Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Nov 16, 2007 4:02:49 PM
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthStore.php';
require_once dirname(__FILE__) . '/OAuthRequest.php';
class OAuthRequestSigner extends OAuthRequest
{
protected $request;
protected $store;
protected $usr_id = 0;
private $signed = false;
/**
* Construct the request to be signed. Parses or appends the parameters in the params url.
* When you supply an params array, then the params should not be urlencoded.
* When you supply a string, then it is assumed it is of the type application/x-www-form-urlencoded
*
* @param string request url
* @param string method PUT, GET, POST etc.
* @param mixed params string (for urlencoded data, or array with name/value pairs)
* @param string body optional body for PUT and/or POST requests
*/
function __construct ( $request, $method = null, $params = null, $body = null )
{
$this->store = OAuthStore::instance();
if (is_string($params))
{
parent::__construct($request, $method, $params);
}
else
{
parent::__construct($request, $method);
if (is_array($params))
{
foreach ($params as $name => $value)
{
$this->setParam($name, $value);
}
}
}
// With put/ post we might have a body (not for application/x-www-form-urlencoded requests)
if (strcasecmp($method, 'PUT') == 0 || strcasecmp($method, 'POST') == 0)
{
$this->setBody($body);
}
}
/**
* Reset the 'signed' flag, so that any changes in the parameters force a recalculation
* of the signature.
*/
function setUnsigned ()
{
$this->signed = false;
}
/**
* Sign our message in the way the server understands.
* Set the needed oauth_xxxx parameters.
*
* @param int usr_id (optional) user that wants to sign this request
* @param array secrets secrets used for signing, when empty then secrets will be fetched from the token registry
* @param string name name of the token to be used for signing
* @exception OAuthException2 when there is no oauth relation with the server
* @exception OAuthException2 when we don't support the signing methods of the server
*/
function sign ( $usr_id = 0, $secrets = null, $name = '', $token_type = null)
{
$url = $this->getRequestUrl();
if (empty($secrets))
{
// get the access tokens for the site (on an user by user basis)
$secrets = $this->store->getSecretsForSignature($url, $usr_id, $name);
}
if (empty($secrets))
{
throw new OAuthException2('No OAuth relation with the server for at "'.$url.'"');
}
$signature_method = $this->selectSignatureMethod($secrets['signature_methods']);
$token = isset($secrets['token']) ? $secrets['token'] : '';
$token_secret = isset($secrets['token_secret']) ? $secrets['token_secret'] : '';
if (!$token) {
$token = $this->getParam('oauth_token');
}
$this->setParam('oauth_signature_method',$signature_method);
$this->setParam('oauth_signature', '');
$this->setParam('oauth_nonce', !empty($secrets['nonce']) ? $secrets['nonce'] : uniqid(''));
$this->setParam('oauth_timestamp', !empty($secrets['timestamp']) ? $secrets['timestamp'] : time());
if ($token_type != 'requestToken')
$this->setParam('oauth_token', $token);
$this->setParam('oauth_consumer_key', $secrets['consumer_key']);
$this->setParam('oauth_version', '1.0');
$body = $this->getBody();
if (!is_null($body))
{
// We also need to sign the body, use the default signature method
$body_signature = $this->calculateDataSignature($body, $secrets['consumer_secret'], $token_secret, $signature_method);
$this->setParam('xoauth_body_signature', $body_signature, true);
}
$signature = $this->calculateSignature($secrets['consumer_secret'], $token_secret, $token_type);
$this->setParam('oauth_signature', $signature, true);
// $this->setParam('oauth_signature', urldecode($signature), true);
$this->signed = true;
$this->usr_id = $usr_id;
}
/**
* Builds the Authorization header for the request.
* Adds all oauth_ and xoauth_ parameters to the Authorization header.
*
* @return string
*/
function getAuthorizationHeader ()
{
if (!$this->signed)
{
$this->sign($this->usr_id);
}
$h = array();
$h[] = 'Authorization: OAuth realm=""';
foreach ($this->param as $name => $value)
{
if (strncmp($name, 'oauth_', 6) == 0 || strncmp($name, 'xoauth_', 7) == 0)
{
$h[] = $name.'="'.$value.'"';
}
}
$hs = implode(', ', $h);
return $hs;
}
/**
* Builds the application/x-www-form-urlencoded parameter string. Can be appended as
* the query part to a GET or inside the request body for a POST.
*
* @param boolean oauth_as_header (optional) set to false to include oauth parameters
* @return string
*/
function getQueryString ( $oauth_as_header = true )
{
$parms = array();
foreach ($this->param as $name => $value)
{
if ( !$oauth_as_header
|| (strncmp($name, 'oauth_', 6) != 0 && strncmp($name, 'xoauth_', 7) != 0))
{
if (is_array($value))
{
foreach ($value as $v)
{
$parms[] = $name.'='.$v;
}
}
else
{
$parms[] = $name.'='.$value;
}
}
}
return implode('&', $parms);
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,306 @@
<?php
/**
* Verify the current request. Checks if signed and if the signature is correct.
* When correct then also figures out on behalf of which user this request is being made.
*
* @version $Id: OAuthRequestVerifier.php 155 2010-09-10 18:38:33Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Nov 16, 2007 4:35:03 PM
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthStore.php';
require_once dirname(__FILE__) . '/OAuthRequest.php';
class OAuthRequestVerifier extends OAuthRequest
{
private $request;
private $store;
private $accepted_signatures = null;
/**
* Construct the request to be verified
*
* @param string request
* @param string method
* @param array params The request parameters
*/
function __construct ( $uri = null, $method = null, $params = null )
{
if ($params) {
$encodedParams = array();
foreach ($params as $key => $value) {
if (preg_match("/^oauth_/", $key)) {
continue;
}
$encodedParams[rawurlencode($key)] = rawurlencode($value);
}
$this->param = array_merge($this->param, $encodedParams);
}
$this->store = OAuthStore::instance();
parent::__construct($uri, $method);
OAuthRequestLogger::start($this);
}
/**
* See if the current request is signed with OAuth
*
* @return boolean
*/
static public function requestIsSigned ()
{
if (isset($_REQUEST['oauth_signature']))
{
$signed = true;
}
else
{
$hs = OAuthRequestLogger::getAllHeaders();
if (isset($hs['Authorization']) && strpos($hs['Authorization'], 'oauth_signature') !== false)
{
$signed = true;
}
else
{
$signed = false;
}
}
return $signed;
}
/**
* Verify the request if it seemed to be signed.
*
* @param string token_type the kind of token needed, defaults to 'access'
* @exception OAuthException2 thrown when the request did not verify
* @return boolean true when signed, false when not signed
*/
public function verifyIfSigned ( $token_type = 'access' )
{
if ($this->getParam('oauth_consumer_key'))
{
OAuthRequestLogger::start($this);
$this->verify($token_type);
$signed = true;
OAuthRequestLogger::flush();
}
else
{
$signed = false;
}
return $signed;
}
/**
* Verify the request
*
* @param string token_type the kind of token needed, defaults to 'access' (false, 'access', 'request')
* @exception OAuthException2 thrown when the request did not verify
* @return int user_id associated with token (false when no user associated)
*/
public function verify ( $token_type = 'access' )
{
$retval = $this->verifyExtended($token_type);
return $retval['user_id'];
}
/**
* Verify the request
*
* @param string token_type the kind of token needed, defaults to 'access' (false, 'access', 'request')
* @exception OAuthException2 thrown when the request did not verify
* @return array ('user_id' => associated with token (false when no user associated),
* 'consumer_key' => the associated consumer_key)
*
*/
public function verifyExtended ( $token_type = 'access' )
{
$consumer_key = $this->getParam('oauth_consumer_key');
$token = $this->getParam('oauth_token');
$user_id = false;
$secrets = array();
if ($consumer_key && ($token_type === false || $token))
{
$secrets = $this->store->getSecretsForVerify( $this->urldecode($consumer_key),
$this->urldecode($token),
$token_type);
$this->store->checkServerNonce( $this->urldecode($consumer_key),
$this->urldecode($token),
$this->getParam('oauth_timestamp', true),
$this->getParam('oauth_nonce', true));
$oauth_sig = $this->getParam('oauth_signature');
if (empty($oauth_sig))
{
throw new OAuthException2('Verification of signature failed (no oauth_signature in request).');
}
try
{
$this->verifySignature($secrets['consumer_secret'], $secrets['token_secret'], $token_type);
}
catch (OAuthException2 $e)
{
throw new OAuthException2('Verification of signature failed (signature base string was "'.$this->signatureBaseString().'").'
. " with " . print_r(array($secrets['consumer_secret'], $secrets['token_secret'], $token_type), true));
}
// Check the optional body signature
if ($this->getParam('xoauth_body_signature'))
{
$method = $this->getParam('xoauth_body_signature_method');
if (empty($method))
{
$method = $this->getParam('oauth_signature_method');
}
try
{
$this->verifyDataSignature($this->getBody(), $secrets['consumer_secret'], $secrets['token_secret'], $method, $this->getParam('xoauth_body_signature'));
}
catch (OAuthException2 $e)
{
throw new OAuthException2('Verification of body signature failed.');
}
}
// All ok - fetch the user associated with this request
if (isset($secrets['user_id']))
{
$user_id = $secrets['user_id'];
}
// Check if the consumer wants us to reset the ttl of this token
$ttl = $this->getParam('xoauth_token_ttl', true);
if (is_numeric($ttl))
{
$this->store->setConsumerAccessTokenTtl($this->urldecode($token), $ttl);
}
}
else
{
throw new OAuthException2('Can\'t verify request, missing oauth_consumer_key or oauth_token');
}
return array('user_id' => $user_id, 'consumer_key' => $consumer_key, 'osr_id' => $secrets['osr_id']);
}
/**
* Verify the signature of the request, using the method in oauth_signature_method.
* The signature is returned encoded in the form as used in the url. So the base64 and
* urlencoding has been done.
*
* @param string consumer_secret
* @param string token_secret
* @exception OAuthException2 thrown when the signature method is unknown
* @exception OAuthException2 when not all parts available
* @exception OAuthException2 when signature does not match
*/
public function verifySignature ( $consumer_secret, $token_secret, $token_type = 'access' )
{
$required = array(
'oauth_consumer_key',
'oauth_signature_method',
'oauth_timestamp',
'oauth_nonce',
'oauth_signature'
);
if ($token_type !== false)
{
$required[] = 'oauth_token';
}
foreach ($required as $req)
{
if (!isset($this->param[$req]))
{
throw new OAuthException2('Can\'t verify request signature, missing parameter "'.$req.'"');
}
}
$this->checks();
$base = $this->signatureBaseString();
$this->verifyDataSignature($base, $consumer_secret, $token_secret, $this->param['oauth_signature_method'], $this->param['oauth_signature']);
}
/**
* Verify the signature of a string.
*
* @param string data
* @param string consumer_secret
* @param string token_secret
* @param string signature_method
* @param string signature
* @exception OAuthException2 thrown when the signature method is unknown
* @exception OAuthException2 when signature does not match
*/
public function verifyDataSignature ( $data, $consumer_secret, $token_secret, $signature_method, $signature )
{
if (is_null($data))
{
$data = '';
}
$sig = $this->getSignatureMethod($signature_method);
if (!$sig->verify($this, $data, $consumer_secret, $token_secret, $signature))
{
throw new OAuthException2('Signature verification failed ('.$signature_method.')');
}
}
/**
*
* @param array $accepted The array of accepted signature methods, or if null is passed
* all supported methods are accepted and there is no filtering.
*
*/
public function setAcceptedSignatureMethods($accepted = null) {
if (is_array($accepted))
$this->accepted_signatures = $accepted;
else if ($accepted == null)
$this->accepted_signatures = null;
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,521 @@
<?php
/**
* Perform a signed OAuth request with a GET, POST, PUT or DELETE operation.
*
* @version $Id: OAuthRequester.php 174 2010-11-24 15:15:41Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Nov 20, 2007 1:41:38 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthRequestSigner.php';
require_once dirname(__FILE__) . '/body/OAuthBodyContentDisposition.php';
class OAuthRequester extends OAuthRequestSigner
{
protected $files;
/**
* Construct a new request signer. Perform the request with the doRequest() method below.
*
* A request can have either one file or a body, not both.
*
* The files array consists of arrays:
* - file the filename/path containing the data for the POST/PUT
* - data data for the file, omit when you have a file
* - mime content-type of the file
* - filename filename for content disposition header
*
* When OAuth (and PHP) can support multipart/form-data then we can handle more than one file.
* For now max one file, with all the params encoded in the query string.
*
* @param string request
* @param string method http method. GET, PUT, POST etc.
* @param array params name=>value array with request parameters
* @param string body optional body to send
* @param array files optional files to send (max 1 till OAuth support multipart/form-data posts)
*/
function __construct ( $request, $method = null, $params = null, $body = null, $files = null )
{
parent::__construct($request, $method, $params, $body);
// When there are files, then we can construct a POST with a single file
if (!empty($files))
{
$empty = true;
foreach ($files as $f)
{
$empty = $empty && empty($f['file']) && !isset($f['data']);
}
if (!$empty)
{
if (!is_null($body))
{
throw new OAuthException2('When sending files, you can\'t send a body as well.');
}
$this->files = $files;
}
}
}
/**
* Perform the request, returns the response code, headers and body.
*
* @param int usr_id optional user id for which we make the request
* @param array curl_options optional extra options for curl request
* @param array options options like name and token_ttl
* @exception OAuthException2 when authentication not accepted
* @exception OAuthException2 when signing was not possible
* @return array (code=>int, headers=>array(), body=>string)
*/
function doRequest ( $usr_id = 0, $curl_options = array(), $options = array() )
{
$name = isset($options['name']) ? $options['name'] : '';
if (isset($options['token_ttl']))
{
$this->setParam('xoauth_token_ttl', intval($options['token_ttl']));
}
if (!empty($this->files))
{
// At the moment OAuth does not support multipart/form-data, so try to encode
// the supplied file (or data) as the request body and add a content-disposition header.
list($extra_headers, $body) = OAuthBodyContentDisposition::encodeBody($this->files);
$this->setBody($body);
$curl_options = $this->prepareCurlOptions($curl_options, $extra_headers);
}
$this->sign($usr_id, null, $name);
$text = $this->curl_raw($curl_options);
$result = $this->curl_parse($text);
if ($result['code'] >= 400)
{
throw new OAuthException2('Request failed with code ' . $result['code'] . ': ' . $result['body']);
}
// Record the token time to live for this server access token, immediate delete iff ttl <= 0
// Only done on a succesful request.
$token_ttl = $this->getParam('xoauth_token_ttl', false);
if (is_numeric($token_ttl))
{
$this->store->setServerTokenTtl($this->getParam('oauth_consumer_key',true), $this->getParam('oauth_token',true), $token_ttl);
}
return $result;
}
/**
* Request a request token from the site belonging to consumer_key
*
* @param string consumer_key
* @param int usr_id
* @param array params (optional) extra arguments for when requesting the request token
* @param string method (optional) change the method of the request, defaults to POST (as it should be)
* @param array options (optional) options like name and token_ttl
* @param array curl_options optional extra options for curl request
* @exception OAuthException2 when no key could be fetched
* @exception OAuthException2 when no server with consumer_key registered
* @return array (authorize_uri, token)
*/
static function requestRequestToken ( $consumer_key, $usr_id, $params = null, $method = 'POST', $options = array(), $curl_options = array())
{
OAuthRequestLogger::start();
if (isset($options['token_ttl']) && is_numeric($options['token_ttl']))
{
$params['xoauth_token_ttl'] = intval($options['token_ttl']);
}
$store = OAuthStore::instance();
$r = $store->getServer($consumer_key, $usr_id);
$uri = $r['request_token_uri'];
$oauth = new OAuthRequester($uri, $method, $params);
$oauth->sign($usr_id, $r, '', 'requestToken');
$text = $oauth->curl_raw($curl_options);
if (empty($text))
{
throw new OAuthException2('No answer from the server "'.$uri.'" while requesting a request token');
}
$data = $oauth->curl_parse($text);
if ($data['code'] != 200)
{
throw new OAuthException2('Unexpected result from the server "'.$uri.'" ('.$data['code'].') while requesting a request token');
}
$token = array();
$params = explode('&', $data['body']);
foreach ($params as $p)
{
@list($name, $value) = explode('=', $p, 2);
$token[$name] = $oauth->urldecode($value);
}
if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret']))
{
$opts = array();
if (isset($options['name']))
{
$opts['name'] = $options['name'];
}
if (isset($token['xoauth_token_ttl']))
{
$opts['token_ttl'] = $token['xoauth_token_ttl'];
}
$store->addServerToken($consumer_key, 'request', $token['oauth_token'], $token['oauth_token_secret'], $usr_id, $opts);
}
else
{
throw new OAuthException2('The server "'.$uri.'" did not return the oauth_token or the oauth_token_secret');
}
OAuthRequestLogger::flush();
// Now we can direct a browser to the authorize_uri
return array(
'authorize_uri' => $r['authorize_uri'],
'token' => $token['oauth_token']
);
}
/**
* Request an access token from the site belonging to consumer_key.
* Before this we got an request token, now we want to exchange it for
* an access token.
*
* @param string consumer_key
* @param string token
* @param int usr_id user requesting the access token
* @param string method (optional) change the method of the request, defaults to POST (as it should be)
* @param array options (optional) extra options for request, eg token_ttl
* @param array curl_options optional extra options for curl request
*
* @exception OAuthException2 when no key could be fetched
* @exception OAuthException2 when no server with consumer_key registered
*/
static function requestAccessToken ( $consumer_key, $token, $usr_id, $method = 'POST', $options = array(), $curl_options = array() )
{
OAuthRequestLogger::start();
$store = OAuthStore::instance();
$r = $store->getServerTokenSecrets($consumer_key, $token, 'request', $usr_id);
$uri = $r['access_token_uri'];
$token_name = $r['token_name'];
// Delete the server request token, this one was for one use only
$store->deleteServerToken($consumer_key, $r['token'], 0, true);
// Try to exchange our request token for an access token
$oauth = new OAuthRequester($uri, $method);
if (isset($options['oauth_verifier']))
{
$oauth->setParam('oauth_verifier', $options['oauth_verifier']);
}
if (isset($options['token_ttl']) && is_numeric($options['token_ttl']))
{
$oauth->setParam('xoauth_token_ttl', intval($options['token_ttl']));
}
OAuthRequestLogger::setRequestObject($oauth);
$oauth->sign($usr_id, $r, '', 'accessToken');
$text = $oauth->curl_raw($curl_options);
if (empty($text))
{
throw new OAuthException2('No answer from the server "'.$uri.'" while requesting an access token');
}
$data = $oauth->curl_parse($text);
if ($data['code'] != 200)
{
throw new OAuthException2('Unexpected result from the server "'.$uri.'" ('.$data['code'].') while requesting an access token');
}
$token = array();
$params = explode('&', $data['body']);
foreach ($params as $p)
{
@list($name, $value) = explode('=', $p, 2);
$token[$oauth->urldecode($name)] = $oauth->urldecode($value);
}
if (!empty($token['oauth_token']) && !empty($token['oauth_token_secret']))
{
$opts = array();
$opts['name'] = $token_name;
if (isset($token['xoauth_token_ttl']))
{
$opts['token_ttl'] = $token['xoauth_token_ttl'];
}
$store->addServerToken($consumer_key, 'access', $token['oauth_token'], $token['oauth_token_secret'], $usr_id, $opts);
}
else
{
throw new OAuthException2('The server "'.$uri.'" did not return the oauth_token or the oauth_token_secret');
}
OAuthRequestLogger::flush();
}
/**
* Open and close a curl session passing all the options to the curl libs
*
* @param array opts the curl options.
* @exception OAuthException2 when temporary file for PUT operation could not be created
* @return string the result of the curl action
*/
protected function curl_raw ( $opts = array() )
{
if (isset($opts[CURLOPT_HTTPHEADER]))
{
$header = $opts[CURLOPT_HTTPHEADER];
}
else
{
$header = array();
}
$ch = curl_init();
$method = $this->getMethod();
$url = $this->getRequestUrl();
$header[] = $this->getAuthorizationHeader();
$query = $this->getQueryString();
$body = $this->getBody();
$has_content_type = false;
foreach ($header as $h)
{
if (strncasecmp($h, 'Content-Type:', 13) == 0)
{
$has_content_type = true;
}
}
if (!is_null($body))
{
if ($method == 'TRACE')
{
throw new OAuthException2('A body can not be sent with a TRACE operation');
}
// PUT and POST allow a request body
if (!empty($query))
{
$url .= '?'.$query;
}
// Make sure that the content type of the request is ok
if (!$has_content_type)
{
$header[] = 'Content-Type: application/octet-stream';
$has_content_type = true;
}
// When PUTting, we need to use an intermediate file (because of the curl implementation)
if ($method == 'PUT')
{
/*
if (version_compare(phpversion(), '5.2.0') >= 0)
{
// Use the data wrapper to create the file expected by the put method
$put_file = fopen('data://application/octet-stream;base64,'.base64_encode($body));
}
*/
$put_file = @tmpfile();
if (!$put_file)
{
throw new OAuthException2('Could not create tmpfile for PUT operation');
}
fwrite($put_file, $body);
fseek($put_file, 0);
curl_setopt($ch, CURLOPT_PUT, true);
curl_setopt($ch, CURLOPT_INFILE, $put_file);
curl_setopt($ch, CURLOPT_INFILESIZE, strlen($body));
}
else
{
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
}
else
{
// a 'normal' request, no body to be send
if ($method == 'POST')
{
if (!$has_content_type)
{
$header[] = 'Content-Type: application/x-www-form-urlencoded';
$has_content_type = true;
}
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
}
else
{
if (!empty($query))
{
$url .= '?'.$query;
}
if ($method != 'GET')
{
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
}
}
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_USERAGENT, 'anyMeta/OAuth 1.0 - ($LastChangedRevision: 174 $)');
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
foreach ($opts as $k => $v)
{
if ($k != CURLOPT_HTTPHEADER)
{
curl_setopt($ch, $k, $v);
}
}
$txt = curl_exec($ch);
if ($txt === false) {
$error = curl_error($ch);
curl_close($ch);
throw new OAuthException2('CURL error: ' . $error);
}
curl_close($ch);
if (!empty($put_file))
{
fclose($put_file);
}
// Tell the logger what we requested and what we received back
$data = $method . " $url\n".implode("\n",$header);
if (is_string($body))
{
$data .= "\n\n".$body;
}
else if ($method == 'POST')
{
$data .= "\n\n".$query;
}
OAuthRequestLogger::setSent($data, $body);
OAuthRequestLogger::setReceived($txt);
return $txt;
}
/**
* Parse an http response
*
* @param string response the http text to parse
* @return array (code=>http-code, headers=>http-headers, body=>body)
*/
protected function curl_parse ( $response )
{
if (empty($response))
{
return array();
}
@list($headers,$body) = explode("\r\n\r\n",$response,2);
$lines = explode("\r\n",$headers);
if (preg_match('@^HTTP/[0-9]\.[0-9] +100@', $lines[0]))
{
/* HTTP/1.x 100 Continue
* the real data is on the next line
*/
@list($headers,$body) = explode("\r\n\r\n",$body,2);
$lines = explode("\r\n",$headers);
}
// first line of headers is the HTTP response code
$http_line = array_shift($lines);
if (preg_match('@^HTTP/[0-9]\.[0-9] +([0-9]{3})@', $http_line, $matches))
{
$code = $matches[1];
}
// put the rest of the headers in an array
$headers = array();
foreach ($lines as $l)
{
list($k, $v) = explode(': ', $l, 2);
$headers[strtolower($k)] = $v;
}
return array( 'code' => $code, 'headers' => $headers, 'body' => $body);
}
/**
* Mix the given headers into the headers that were given to curl
*
* @param array curl_options
* @param array extra_headers
* @return array new curl options
*/
protected function prepareCurlOptions ( $curl_options, $extra_headers )
{
$hs = array();
if (!empty($curl_options[CURLOPT_HTTPHEADER]) && is_array($curl_options[CURLOPT_HTTPHEADER]))
{
foreach ($curl_options[CURLOPT_HTTPHEADER] as $h)
{
list($opt, $val) = explode(':', $h, 2);
$opt = str_replace(' ', '-', ucwords(str_replace('-', ' ', $opt)));
$hs[$opt] = $val;
}
}
$curl_options[CURLOPT_HTTPHEADER] = array();
$hs = array_merge($hs, $extra_headers);
foreach ($hs as $h => $v)
{
$curl_options[CURLOPT_HTTPHEADER][] = "$h: $v";
}
return $curl_options;
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,333 @@
<?php
/**
* Server layer over the OAuthRequest handler
*
* @version $Id: OAuthServer.php 154 2010-08-31 18:04:41Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Nov 27, 2007 12:36:38 PM
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once 'OAuthRequestVerifier.php';
require_once 'OAuthSession.php';
class OAuthServer extends OAuthRequestVerifier
{
protected $session;
protected $allowed_uri_schemes = array(
'http',
'https'
);
protected $disallowed_uri_schemes = array(
'file',
'callto',
'mailto'
);
/**
* Construct the request to be verified
*
* @param string request
* @param string method
* @param array params The request parameters
* @param string store The session storage class.
* @param array store_options The session storage class parameters.
* @param array options Extra options:
* - allowed_uri_schemes: list of allowed uri schemes.
* - disallowed_uri_schemes: list of unallowed uri schemes.
*
* e.g. Allow only http and https
* $options = array(
* 'allowed_uri_schemes' => array('http', 'https'),
* 'disallowed_uri_schemes' => array()
* );
*
* e.g. Disallow callto, mailto and file, allow everything else
* $options = array(
* 'allowed_uri_schemes' => array(),
* 'disallowed_uri_schemes' => array('callto', 'mailto', 'file')
* );
*
* e.g. Allow everything
* $options = array(
* 'allowed_uri_schemes' => array(),
* 'disallowed_uri_schemes' => array()
* );
*
*/
function __construct ( $uri = null, $method = null, $params = null, $store = 'SESSION',
$store_options = array(), $options = array() )
{
parent::__construct($uri, $method, $params);
$this->session = OAuthSession::instance($store, $store_options);
if (array_key_exists('allowed_uri_schemes', $options) && is_array($options['allowed_uri_schemes'])) {
$this->allowed_uri_schemes = $options['allowed_uri_schemes'];
}
if (array_key_exists('disallowed_uri_schemes', $options) && is_array($options['disallowed_uri_schemes'])) {
$this->disallowed_uri_schemes = $options['disallowed_uri_schemes'];
}
}
/**
* Handle the request_token request.
* Returns the new request token and request token secret.
*
* TODO: add correct result code to exception
*
* @return string returned request token, false on an error
*/
public function requestToken ()
{
OAuthRequestLogger::start($this);
try
{
$this->verify(false);
$options = array();
$ttl = $this->getParam('xoauth_token_ttl', false);
if ($ttl)
{
$options['token_ttl'] = $ttl;
}
// 1.0a Compatibility : associate callback url to the request token
$cbUrl = $this->getParam('oauth_callback', true);
if ($cbUrl) {
$options['oauth_callback'] = $cbUrl;
}
// Create a request token
$store = OAuthStore::instance();
$token = $store->addConsumerRequestToken($this->getParam('oauth_consumer_key', true), $options);
$result = 'oauth_callback_confirmed=1&oauth_token='.$this->urlencode($token['token'])
.'&oauth_token_secret='.$this->urlencode($token['token_secret']);
if (!empty($token['token_ttl']))
{
$result .= '&xoauth_token_ttl='.$this->urlencode($token['token_ttl']);
}
$request_token = $token['token'];
header('HTTP/1.1 200 OK');
header('Content-Length: '.strlen($result));
header('Content-Type: application/x-www-form-urlencoded');
echo $result;
}
catch (OAuthException2 $e)
{
$request_token = false;
header('HTTP/1.1 401 Unauthorized');
header('Content-Type: text/plain');
echo "OAuth Verification Failed: " . $e->getMessage();
}
OAuthRequestLogger::flush();
return $request_token;
}
/**
* Verify the start of an authorization request. Verifies if the request token is valid.
* Next step is the method authorizeFinish()
*
* Nota bene: this stores the current token, consumer key and callback in the _SESSION
*
* @exception OAuthException2 thrown when not a valid request
* @return array token description
*/
public function authorizeVerify ()
{
OAuthRequestLogger::start($this);
$store = OAuthStore::instance();
$token = $this->getParam('oauth_token', true);
$rs = $store->getConsumerRequestToken($token);
if (empty($rs))
{
throw new OAuthException2('Unknown request token "'.$token.'"');
}
// We need to remember the callback
$verify_oauth_token = $this->session->get('verify_oauth_token');
if ( empty($verify_oauth_token)
|| strcmp($verify_oauth_token, $rs['token']))
{
$this->session->set('verify_oauth_token', $rs['token']);
$this->session->set('verify_oauth_consumer_key', $rs['consumer_key']);
$cb = $this->getParam('oauth_callback', true);
if ($cb)
$this->session->set('verify_oauth_callback', $cb);
else
$this->session->set('verify_oauth_callback', $rs['callback_url']);
}
OAuthRequestLogger::flush();
return $rs;
}
/**
* Overrule this method when you want to display a nice page when
* the authorization is finished. This function does not know if the authorization was
* succesfull, you need to check the token in the database.
*
* @param boolean authorized if the current token (oauth_token param) is authorized or not
* @param int user_id user for which the token was authorized (or denied)
* @return string verifier For 1.0a Compatibility
*/
public function authorizeFinish ( $authorized, $user_id )
{
OAuthRequestLogger::start($this);
$token = $this->getParam('oauth_token', true);
$verifier = null;
if ($this->session->get('verify_oauth_token') == $token)
{
// Flag the token as authorized, or remove the token when not authorized
$store = OAuthStore::instance();
// Fetch the referrer host from the oauth callback parameter
$referrer_host = '';
$oauth_callback = false;
$verify_oauth_callback = $this->session->get('verify_oauth_callback');
if (!empty($verify_oauth_callback) && $verify_oauth_callback != 'oob') // OUT OF BAND
{
$oauth_callback = $this->session->get('verify_oauth_callback');
$ps = parse_url($oauth_callback);
if (isset($ps['host']))
{
$referrer_host = $ps['host'];
}
}
if ($authorized)
{
OAuthRequestLogger::addNote('Authorized token "'.$token.'" for user '.$user_id.' with referrer "'.$referrer_host.'"');
// 1.0a Compatibility : create a verifier code
$verifier = $store->authorizeConsumerRequestToken($token, $user_id, $referrer_host);
}
else
{
OAuthRequestLogger::addNote('Authorization rejected for token "'.$token.'" for user '.$user_id."\nToken has been deleted");
$store->deleteConsumerRequestToken($token);
}
if (!empty($oauth_callback))
{
$params = array('oauth_token' => rawurlencode($token));
// 1.0a Compatibility : if verifier code has been generated, add it to the URL
if ($verifier) {
$params['oauth_verifier'] = $verifier;
}
$uri = preg_replace('/\s/', '%20', $oauth_callback);
if (!empty($this->allowed_uri_schemes))
{
if (!in_array(substr($uri, 0, strpos($uri, '://')), $this->allowed_uri_schemes))
{
throw new OAuthException2('Illegal protocol in redirect uri '.$uri);
}
}
else if (!empty($this->disallowed_uri_schemes))
{
if (in_array(substr($uri, 0, strpos($uri, '://')), $this->disallowed_uri_schemes))
{
throw new OAuthException2('Illegal protocol in redirect uri '.$uri);
}
}
$this->redirect($oauth_callback, $params);
}
}
OAuthRequestLogger::flush();
return $verifier;
}
/**
* Exchange a request token for an access token.
* The exchange is only succesful iff the request token has been authorized.
*
* Never returns, calls exit() when token is exchanged or when error is returned.
*/
public function accessToken ()
{
OAuthRequestLogger::start($this);
try
{
$this->verify('request');
$options = array();
$ttl = $this->getParam('xoauth_token_ttl', false);
if ($ttl)
{
$options['token_ttl'] = $ttl;
}
$verifier = $this->getParam('oauth_verifier', false);
if ($verifier) {
$options['verifier'] = $verifier;
}
$store = OAuthStore::instance();
$token = $store->exchangeConsumerRequestForAccessToken($this->getParam('oauth_token', true), $options);
$result = 'oauth_token='.$this->urlencode($token['token'])
.'&oauth_token_secret='.$this->urlencode($token['token_secret']);
if (!empty($token['token_ttl']))
{
$result .= '&xoauth_token_ttl='.$this->urlencode($token['token_ttl']);
}
header('HTTP/1.1 200 OK');
header('Content-Length: '.strlen($result));
header('Content-Type: application/x-www-form-urlencoded');
echo $result;
}
catch (OAuthException2 $e)
{
header('HTTP/1.1 401 Access Denied');
header('Content-Type: text/plain');
echo "OAuth Verification Failed: " . $e->getMessage();
}
OAuthRequestLogger::flush();
exit();
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,86 @@
<?php
/**
* Storage container for the oauth credentials, both server and consumer side.
* This is the factory to select the store you want to use
*
* @version $Id: OAuthSession.php 67 2010-01-12 18:42:04Z brunobg@corollarium.com $
* @author brunobg@corollarium.com
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
* Copyright (c) 2010 Corollarium Technologies
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthException2.php';
class OAuthSession
{
static private $instance = false;
/**
* Request an instance of the OAuthSession
*/
public static function instance ( $store = 'SESSION', $options = array() )
{
if (!OAuthSession::$instance)
{
// Select the store you want to use
if (strpos($store, '/') === false)
{
$class = 'OAuthSession'.$store;
$file = dirname(__FILE__) . '/session/'.$class.'.php';
}
else
{
$file = $store;
$store = basename($file, '.php');
$class = $store;
}
if (is_file($file))
{
require_once $file;
if (class_exists($class))
{
OAuthSession::$instance = new $class($options);
}
else
{
throw new OAuthException2('Could not find class '.$class.' in file '.$file);
}
}
else
{
throw new OAuthException2('No OAuthSession for '.$store.' (file '.$file.')');
}
}
return OAuthSession::$instance;
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,86 @@
<?php
/**
* Storage container for the oauth credentials, both server and consumer side.
* This is the factory to select the store you want to use
*
* @version $Id: OAuthStore.php 67 2010-01-12 18:42:04Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Nov 16, 2007 4:03:30 PM
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthException2.php';
class OAuthStore
{
static private $instance = false;
/**
* Request an instance of the OAuthStore
*/
public static function instance ( $store = 'MySQL', $options = array() )
{
if (!OAuthStore::$instance)
{
// Select the store you want to use
if (strpos($store, '/') === false)
{
$class = 'OAuthStore'.$store;
$file = dirname(__FILE__) . '/store/'.$class.'.php';
}
else
{
$file = $store;
$store = basename($file, '.php');
$class = $store;
}
if (is_file($file))
{
require_once $file;
if (class_exists($class))
{
OAuthStore::$instance = new $class($options);
}
else
{
throw new OAuthException2('Could not find class '.$class.' in file '.$file);
}
}
else
{
throw new OAuthException2('No OAuthStore for '.$store.' (file '.$file.')');
}
}
return OAuthStore::$instance;
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,129 @@
<?php
/**
* Add the extra headers for a PUT or POST request with a file.
*
* @version $Id$
* @author Marc Worrell <marcw@pobox.com>
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
class OAuthBodyContentDisposition
{
/**
* Builds the request string.
*
* The files array can be a combination of the following (either data or file):
*
* file => "path/to/file", filename=, mime=, data=
*
* @param array files (name => filedesc) (not urlencoded)
* @return array (headers, body)
*/
static function encodeBody ( $files )
{
$headers = array();
$body = null;
// 1. Add all the files to the post
if (!empty($files))
{
foreach ($files as $name => $f)
{
$data = false;
$filename = false;
if (isset($f['filename']))
{
$filename = $f['filename'];
}
if (!empty($f['file']))
{
$data = @file_get_contents($f['file']);
if ($data === false)
{
throw new OAuthException2(sprintf('Could not read the file "%s" for request body', $f['file']));
}
if (empty($filename))
{
$filename = basename($f['file']);
}
}
else if (isset($f['data']))
{
$data = $f['data'];
}
// When there is data, add it as a request body, otherwise silently skip the upload
if ($data !== false)
{
if (isset($headers['Content-Disposition']))
{
throw new OAuthException2('Only a single file (or data) allowed in a signed PUT/POST request body.');
}
if (empty($filename))
{
$filename = 'untitled';
}
$mime = !empty($f['mime']) ? $f['mime'] : 'application/octet-stream';
$headers['Content-Disposition'] = 'attachment; filename="'.OAuthBodyContentDisposition::encodeParameterName($filename).'"';
$headers['Content-Type'] = $mime;
$body = $data;
}
}
// When we have a body, add the content-length
if (!is_null($body))
{
$headers['Content-Length'] = strlen($body);
}
}
return array($headers, $body);
}
/**
* Encode a parameter's name for use in a multipart header.
* For now we do a simple filter that removes some unwanted characters.
* We might want to implement RFC1522 here. See http://tools.ietf.org/html/rfc1522
*
* @param string name
* @return string
*/
static function encodeParameterName ( $name )
{
return preg_replace('/[^\x20-\x7f]|"/', '-', $name);
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,143 @@
<?php
/**
* Create the body for a multipart/form-data message.
*
* @version $Id: OAuthMultipartFormdata.php 6 2008-02-13 12:35:09Z marcw@pobox.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Jan 31, 2008 12:50:05 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
class OAuthBodyMultipartFormdata
{
/**
* Builds the request string.
*
* The files array can be a combination of the following (either data or file):
*
* file => "path/to/file", filename=, mime=, data=
*
* @param array params (name => value) (all names and values should be urlencoded)
* @param array files (name => filedesc) (not urlencoded)
* @return array (headers, body)
*/
static function encodeBody ( $params, $files )
{
$headers = array();
$body = '';
$boundary = 'OAuthRequester_'.md5(uniqid('multipart') . microtime());
$headers['Content-Type'] = 'multipart/form-data; boundary=' . $boundary;
// 1. Add the parameters to the post
if (!empty($params))
{
foreach ($params as $name => $value)
{
$body .= '--'.$boundary."\r\n";
$body .= 'Content-Disposition: form-data; name="'.OAuthBodyMultipartFormdata::encodeParameterName(rawurldecode($name)).'"';
$body .= "\r\n\r\n";
$body .= urldecode($value);
$body .= "\r\n";
}
}
// 2. Add all the files to the post
if (!empty($files))
{
$untitled = 1;
foreach ($files as $name => $f)
{
$data = false;
$filename = false;
if (isset($f['filename']))
{
$filename = $f['filename'];
}
if (!empty($f['file']))
{
$data = @file_get_contents($f['file']);
if ($data === false)
{
throw new OAuthException2(sprintf('Could not read the file "%s" for form-data part', $f['file']));
}
if (empty($filename))
{
$filename = basename($f['file']);
}
}
else if (isset($f['data']))
{
$data = $f['data'];
}
// When there is data, add it as a form-data part, otherwise silently skip the upload
if ($data !== false)
{
if (empty($filename))
{
$filename = sprintf('untitled-%d', $untitled++);
}
$mime = !empty($f['mime']) ? $f['mime'] : 'application/octet-stream';
$body .= '--'.$boundary."\r\n";
$body .= 'Content-Disposition: form-data; name="'.OAuthBodyMultipartFormdata::encodeParameterName($name).'"; filename="'.OAuthBodyMultipartFormdata::encodeParameterName($filename).'"'."\r\n";
$body .= 'Content-Type: '.$mime;
$body .= "\r\n\r\n";
$body .= $data;
$body .= "\r\n";
}
}
}
$body .= '--'.$boundary."--\r\n";
$headers['Content-Length'] = strlen($body);
return array($headers, $body);
}
/**
* Encode a parameter's name for use in a multipart header.
* For now we do a simple filter that removes some unwanted characters.
* We might want to implement RFC1522 here. See http://tools.ietf.org/html/rfc1522
*
* @param string name
* @return string
*/
static function encodeParameterName ( $name )
{
return preg_replace('/[^\x20-\x7f]|"/', '-', $name);
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,304 @@
<?php
/**
* Parse a XRDS discovery description to a simple array format.
*
* For now a simple parse of the document. Better error checking
* in a later version.
*
* @version $Id$
* @author Marc Worrell <marcw@pobox.com>
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
/* example of use:
header('content-type: text/plain');
$file = file_get_contents('../../test/discovery/xrds-magnolia.xrds');
$xrds = xrds_parse($file);
print_r($xrds);
*/
/**
* Parse the xrds file in the argument. The xrds description must have been
* fetched via curl or something else.
*
* TODO: more robust checking, support for more service documents
* TODO: support for URIs to definition instead of local xml:id
*
* @param string data contents of xrds file
* @exception Exception when the file is in an unknown format
* @return array
*/
function xrds_parse ( $data )
{
$oauth = array();
$doc = @DOMDocument::loadXML($data);
if ($doc === false)
{
throw new Exception('Error in XML, can\'t load XRDS document');
}
$xpath = new DOMXPath($doc);
$xpath->registerNamespace('xrds', 'xri://$xrds');
$xpath->registerNamespace('xrd', 'xri://$XRD*($v*2.0)');
$xpath->registerNamespace('simple', 'http://xrds-simple.net/core/1.0');
// Yahoo! uses this namespace, with lowercase xrd in it
$xpath->registerNamespace('xrd2', 'xri://$xrd*($v*2.0)');
$uris = xrds_oauth_service_uris($xpath);
foreach ($uris as $uri)
{
// TODO: support uris referring to service documents outside this one
if ($uri{0} == '#')
{
$id = substr($uri, 1);
$oauth = xrds_xrd_oauth($xpath, $id);
if (is_array($oauth) && !empty($oauth))
{
return $oauth;
}
}
}
return false;
}
/**
* Parse a XRD definition for OAuth and return the uris etc.
*
* @param XPath xpath
* @param string id
* @return array
*/
function xrds_xrd_oauth ( $xpath, $id )
{
$oauth = array();
$xrd = $xpath->query('//xrds:XRDS/xrd:XRD[@xml:id="'.$id.'"]');
if ($xrd->length == 0)
{
// Yahoo! uses another namespace
$xrd = $xpath->query('//xrds:XRDS/xrd2:XRD[@xml:id="'.$id.'"]');
}
if ($xrd->length >= 1)
{
$x = $xrd->item(0);
$services = array();
foreach ($x->childNodes as $n)
{
switch ($n->nodeName)
{
case 'Type':
if ($n->nodeValue != 'xri://$xrds*simple')
{
// Not a simple XRDS document
return false;
}
break;
case 'Expires':
$oauth['expires'] = $n->nodeValue;
break;
case 'Service':
list($type,$service) = xrds_xrd_oauth_service($n);
if ($type)
{
$services[$type][xrds_priority($n)][] = $service;
}
break;
}
}
// Flatten the services on priority
foreach ($services as $type => $service)
{
$oauth[$type] = xrds_priority_flatten($service);
}
}
else
{
$oauth = false;
}
return $oauth;
}
/**
* Parse a service definition for OAuth in a simple xrd element
*
* @param DOMElement n
* @return array (type, service desc)
*/
function xrds_xrd_oauth_service ( $n )
{
$service = array(
'uri' => '',
'signature_method' => array(),
'parameters' => array()
);
$type = false;
foreach ($n->childNodes as $c)
{
$name = $c->nodeName;
$value = $c->nodeValue;
if ($name == 'URI')
{
$service['uri'] = $value;
}
else if ($name == 'Type')
{
if (strncmp($value, 'http://oauth.net/core/1.0/endpoint/', 35) == 0)
{
$type = basename($value);
}
else if (strncmp($value, 'http://oauth.net/core/1.0/signature/', 36) == 0)
{
$service['signature_method'][] = basename($value);
}
else if (strncmp($value, 'http://oauth.net/core/1.0/parameters/', 37) == 0)
{
$service['parameters'][] = basename($value);
}
else if (strncmp($value, 'http://oauth.net/discovery/1.0/consumer-identity/', 49) == 0)
{
$type = 'consumer_identity';
$service['method'] = basename($value);
unset($service['signature_method']);
unset($service['parameters']);
}
else
{
$service['unknown'][] = $value;
}
}
else if ($name == 'LocalID')
{
$service['consumer_key'] = $value;
}
else if ($name{0} != '#')
{
$service[strtolower($name)] = $value;
}
}
return array($type, $service);
}
/**
* Return the OAuth service uris in order of the priority.
*
* @param XPath xpath
* @return array
*/
function xrds_oauth_service_uris ( $xpath )
{
$uris = array();
$xrd_oauth = $xpath->query('//xrds:XRDS/xrd:XRD/xrd:Service/xrd:Type[.=\'http://oauth.net/discovery/1.0\']');
if ($xrd_oauth->length > 0)
{
$service = array();
foreach ($xrd_oauth as $xo)
{
// Find the URI of the service definition
$cs = $xo->parentNode->childNodes;
foreach ($cs as $c)
{
if ($c->nodeName == 'URI')
{
$prio = xrds_priority($xo);
$service[$prio][] = $c->nodeValue;
}
}
}
$uris = xrds_priority_flatten($service);
}
return $uris;
}
/**
* Flatten an array according to the priority
*
* @param array ps buckets per prio
* @return array one dimensional array
*/
function xrds_priority_flatten ( $ps )
{
$prio = array();
$null = array();
ksort($ps);
foreach ($ps as $idx => $bucket)
{
if (!empty($bucket))
{
if ($idx == 'null')
{
$null = $bucket;
}
else
{
$prio = array_merge($prio, $bucket);
}
}
}
$prio = array_merge($prio, $bucket);
return $prio;
}
/**
* Fetch the priority of a element
*
* @param DOMElement elt
* @return mixed 'null' or int
*/
function xrds_priority ( $elt )
{
if ($elt->hasAttribute('priority'))
{
$prio = $elt->getAttribute('priority');
if (is_numeric($prio))
{
$prio = intval($prio);
}
}
else
{
$prio = 'null';
}
return $prio;
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,101 @@
The xrds_parse.php script contains the function:
function xrds_parse ( $data. )
$data Contains the contents of a XRDS XML file.
When the data is invalid XML then this will throw an exception.
After parsing a XRDS definition it will return a datastructure much like the one below.
Array
(
[expires] => 2008-04-13T07:34:58Z
[request] => Array
(
[0] => Array
(
[uri] => https://ma.gnolia.com/oauth/get_request_token
[signature_method] => Array
(
[0] => HMAC-SHA1
[1] => RSA-SHA1
[2] => PLAINTEXT
)
[parameters] => Array
(
[0] => auth-header
[1] => post-body
[2] => uri-query
)
)
)
[authorize] => Array
(
[0] => Array
(
[uri] => http://ma.gnolia.com/oauth/authorize
[signature_method] => Array
(
)
[parameters] => Array
(
[0] => auth-header
[1] => uri-query
)
)
)
[access] => Array
(
[0] => Array
(
[uri] => https://ma.gnolia.com/oauth/get_access_token
[signature_method] => Array
(
[0] => HMAC-SHA1
[1] => RSA-SHA1
[2] => PLAINTEXT
)
[parameters] => Array
(
[0] => auth-header
[1] => post-body
[2] => uri-query
)
)
)
[resource] => Array
(
[0] => Array
(
[uri] =>
[signature_method] => Array
(
[0] => HMAC-SHA1
[1] => RSA-SHA1
)
[parameters] => Array
(
[0] => auth-header
[1] => post-body
[2] => uri-query
)
)
)
[consumer_identity] => Array
(
[0] => Array
(
[uri] => http://ma.gnolia.com/applications/new
[method] => oob
)
)
)

View File

@ -0,0 +1,44 @@
<?php
/**
* Abstract base class for OAuthStore implementations
*
* @version $Id$
* @author Bruno Barberi Gnecco <brunobg@corollarium.com>
*
* The MIT License
*
* Copyright (c) 2010 Corollarium Technologies
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
/**
* This class is used to store Session information on the server. Most
* people will use the $_SESSION based implementation, but you may prefer
* a SQL, Memcache or other implementation.
*
*/
abstract class OAuthSessionAbstract
{
abstract public function get ( $key );
abstract public function set ( $key, $data );
}
?>

View File

@ -0,0 +1,63 @@
<?php
/**
* Abstract base class for OAuthStore implementations
*
* @version $Id$
* @author Bruno Barberi Gnecco <brunobg@corollarium.com>
*
* The MIT License
*
* Copyright (c) 2010 Corollarium Technologies
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthSessionAbstract.class.php';
class OAuthSessionSESSION extends OAuthSessionAbstract
{
public function __construct( $options = array() )
{
}
/**
* Gets a variable value
*
* @param string $key
* @return The value or null if not set.
*/
public function get ( $key )
{
return @$_SESSION[$key];
}
/**
* Sets a variable value
*
* @param string $key The key
* @param any $data The data
*/
public function set ( $key, $data )
{
$_SESSION[$key] = $data;
}
}
?>

View File

@ -0,0 +1,69 @@
<?php
/**
* Interface for OAuth signature methods
*
* @version $Id$
* @author Marc Worrell <marcw@pobox.com>
* @date Sep 8, 2008 12:04:35 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
abstract class OAuthSignatureMethod
{
/**
* Return the name of this signature
*
* @return string
*/
abstract public function name();
/**
* Return the signature for the given request
*
* @param OAuthRequest request
* @param string base_string
* @param string consumer_secret
* @param string token_secret
* @return string
*/
abstract public function signature ( $request, $base_string, $consumer_secret, $token_secret );
/**
* Check if the request signature corresponds to the one calculated for the request.
*
* @param OAuthRequest request
* @param string base_string data to be signed, usually the base string, can be a request body
* @param string consumer_secret
* @param string token_secret
* @param string signature from the request, still urlencoded
* @return string
*/
abstract public function verify ( $request, $base_string, $consumer_secret, $token_secret, $signature );
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,115 @@
<?php
/**
* OAuth signature implementation using HMAC-SHA1
*
* @version $Id$
* @author Marc Worrell <marcw@pobox.com>
* @date Sep 8, 2008 12:21:19 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/OAuthSignatureMethod.class.php';
class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod
{
public function name ()
{
return 'HMAC-SHA1';
}
/**
* Calculate the signature using HMAC-SHA1
* This function is copyright Andy Smith, 2007.
*
* @param OAuthRequest request
* @param string base_string
* @param string consumer_secret
* @param string token_secret
* @return string
*/
function signature ( $request, $base_string, $consumer_secret, $token_secret )
{
$key = $request->urlencode($consumer_secret).'&'.$request->urlencode($token_secret);
if (function_exists('hash_hmac'))
{
$signature = base64_encode(hash_hmac("sha1", $base_string, $key, true));
}
else
{
$blocksize = 64;
$hashfunc = 'sha1';
if (strlen($key) > $blocksize)
{
$key = pack('H*', $hashfunc($key));
}
$key = str_pad($key,$blocksize,chr(0x00));
$ipad = str_repeat(chr(0x36),$blocksize);
$opad = str_repeat(chr(0x5c),$blocksize);
$hmac = pack(
'H*',$hashfunc(
($key^$opad).pack(
'H*',$hashfunc(
($key^$ipad).$base_string
)
)
)
);
$signature = base64_encode($hmac);
}
return $request->urlencode($signature);
}
/**
* Check if the request signature corresponds to the one calculated for the request.
*
* @param OAuthRequest request
* @param string base_string data to be signed, usually the base string, can be a request body
* @param string consumer_secret
* @param string token_secret
* @param string signature from the request, still urlencoded
* @return string
*/
public function verify ( $request, $base_string, $consumer_secret, $token_secret, $signature )
{
$a = $request->urldecode($signature);
$b = $request->urldecode($this->signature($request, $base_string, $consumer_secret, $token_secret));
// We have to compare the decoded values
$valA = base64_decode($a);
$valB = base64_decode($b);
// Crude binary comparison
return rawurlencode($valA) == rawurlencode($valB);
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,95 @@
<?php
/**
* OAuth signature implementation using MD5
*
* @version $Id$
* @author Marc Worrell <marcw@pobox.com>
* @date Sep 8, 2008 12:09:43 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/OAuthSignatureMethod.class.php';
class OAuthSignatureMethod_MD5 extends OAuthSignatureMethod
{
public function name ()
{
return 'MD5';
}
/**
* Calculate the signature using MD5
* Binary md5 digest, as distinct from PHP's built-in hexdigest.
* This function is copyright Andy Smith, 2007.
*
* @param OAuthRequest request
* @param string base_string
* @param string consumer_secret
* @param string token_secret
* @return string
*/
function signature ( $request, $base_string, $consumer_secret, $token_secret )
{
$s .= '&'.$request->urlencode($consumer_secret).'&'.$request->urlencode($token_secret);
$md5 = md5($base_string);
$bin = '';
for ($i = 0; $i < strlen($md5); $i += 2)
{
$bin .= chr(hexdec($md5{$i+1}) + hexdec($md5{$i}) * 16);
}
return $request->urlencode(base64_encode($bin));
}
/**
* Check if the request signature corresponds to the one calculated for the request.
*
* @param OAuthRequest request
* @param string base_string data to be signed, usually the base string, can be a request body
* @param string consumer_secret
* @param string token_secret
* @param string signature from the request, still urlencoded
* @return string
*/
public function verify ( $request, $base_string, $consumer_secret, $token_secret, $signature )
{
$a = $request->urldecode($signature);
$b = $request->urldecode($this->signature($request, $base_string, $consumer_secret, $token_secret));
// We have to compare the decoded values
$valA = base64_decode($a);
$valB = base64_decode($b);
// Crude binary comparison
return rawurlencode($valA) == rawurlencode($valB);
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,80 @@
<?php
/**
* OAuth signature implementation using PLAINTEXT
*
* @version $Id$
* @author Marc Worrell <marcw@pobox.com>
* @date Sep 8, 2008 12:09:43 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/OAuthSignatureMethod.class.php';
class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod
{
public function name ()
{
return 'PLAINTEXT';
}
/**
* Calculate the signature using PLAINTEXT
*
* @param OAuthRequest request
* @param string base_string
* @param string consumer_secret
* @param string token_secret
* @return string
*/
function signature ( $request, $base_string, $consumer_secret, $token_secret )
{
return $request->urlencode($request->urlencode($consumer_secret).'&'.$request->urlencode($token_secret));
}
/**
* Check if the request signature corresponds to the one calculated for the request.
*
* @param OAuthRequest request
* @param string base_string data to be signed, usually the base string, can be a request body
* @param string consumer_secret
* @param string token_secret
* @param string signature from the request, still urlencoded
* @return string
*/
public function verify ( $request, $base_string, $consumer_secret, $token_secret, $signature )
{
$a = $request->urldecode($signature);
$b = $request->urldecode($this->signature($request, $base_string, $consumer_secret, $token_secret));
return $request->urldecode($a) == $request->urldecode($b);
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,139 @@
<?php
/**
* OAuth signature implementation using PLAINTEXT
*
* @version $Id$
* @author Marc Worrell <marcw@pobox.com>
* @date Sep 8, 2008 12:00:14 PM
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/OAuthSignatureMethod.class.php';
class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod
{
public function name()
{
return 'RSA-SHA1';
}
/**
* Fetch the public CERT key for the signature
*
* @param OAuthRequest request
* @return string public key
*/
protected function fetch_public_cert ( $request )
{
// not implemented yet, ideas are:
// (1) do a lookup in a table of trusted certs keyed off of consumer
// (2) fetch via http using a url provided by the requester
// (3) some sort of specific discovery code based on request
//
// either way should return a string representation of the certificate
throw OAuthException2("OAuthSignatureMethod_RSA_SHA1::fetch_public_cert not implemented");
}
/**
* Fetch the private CERT key for the signature
*
* @param OAuthRequest request
* @return string private key
*/
protected function fetch_private_cert ( $request )
{
// not implemented yet, ideas are:
// (1) do a lookup in a table of trusted certs keyed off of consumer
//
// either way should return a string representation of the certificate
throw OAuthException2("OAuthSignatureMethod_RSA_SHA1::fetch_private_cert not implemented");
}
/**
* Calculate the signature using RSA-SHA1
* This function is copyright Andy Smith, 2008.
*
* @param OAuthRequest request
* @param string base_string
* @param string consumer_secret
* @param string token_secret
* @return string
*/
public function signature ( $request, $base_string, $consumer_secret, $token_secret )
{
// Fetch the private key cert based on the request
$cert = $this->fetch_private_cert($request);
// Pull the private key ID from the certificate
$privatekeyid = openssl_get_privatekey($cert);
// Sign using the key
$sig = false;
$ok = openssl_sign($base_string, $sig, $privatekeyid);
// Release the key resource
openssl_free_key($privatekeyid);
return $request->urlencode(base64_encode($sig));
}
/**
* Check if the request signature is the same as the one calculated for the request.
*
* @param OAuthRequest request
* @param string base_string
* @param string consumer_secret
* @param string token_secret
* @param string signature
* @return string
*/
public function verify ( $request, $base_string, $consumer_secret, $token_secret, $signature )
{
$decoded_sig = base64_decode($request->urldecode($signature));
// Fetch the public key cert based on the request
$cert = $this->fetch_public_cert($request);
// Pull the public key ID from the certificate
$publickeyid = openssl_get_publickey($cert);
// Check the computed signature against the one passed in the query
$ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
// Release the key resource
openssl_free_key($publickeyid);
return $ok == 1;
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,113 @@
<?php
/**
* OAuthStore implementation for 2 legged OAuth. This 'store' just saves the
* consumer_token and consumer_secret.
*
* @version $Id$
* @author Ben Hesketh <ben.hesketh@compassengine.com>
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthStoreAbstract.class.php';
class OAuthStore2Leg extends OAuthStoreAbstract
{
protected $consumer_key;
protected $consumer_secret;
protected $signature_method = array('HMAC-SHA1');
protected $token_type = false;
/*
* Takes two options: consumer_key and consumer_secret
*/
public function __construct( $options = array() )
{
if(isset($options['consumer_key']) && isset($options['consumer_secret']))
{
$this->consumer_key = $options['consumer_key'];
$this->consumer_secret = $options['consumer_secret'];
}
else
{
throw new OAuthException2("OAuthStore2Leg needs consumer_token and consumer_secret");
}
}
public function getSecretsForVerify ( $consumer_key, $token, $token_type = 'access' ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function getSecretsForSignature ( $uri, $user_id )
{
return array(
'consumer_key' => $this->consumer_key,
'consumer_secret' => $this->consumer_secret,
'signature_methods' => $this->signature_method,
'token' => $this->token_type
);
}
public function getServerTokenSecrets ( $consumer_key, $token, $token_type, $user_id, $name = '' ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function addServerToken ( $consumer_key, $token_type, $token, $token_secret, $user_id, $options = array() ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function deleteServer ( $consumer_key, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function getServer( $consumer_key, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function getServerForUri ( $uri, $user_id ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function listServerTokens ( $user_id ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function countServerTokens ( $consumer_key ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function getServerToken ( $consumer_key, $token, $user_id ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function deleteServerToken ( $consumer_key, $token, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function setServerTokenTtl ( $consumer_key, $token, $token_ttl )
{
//This method just needs to exist. It doesn't have to do anything!
}
public function listServers ( $q = '', $user_id ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function updateServer ( $server, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function updateConsumer ( $consumer, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function deleteConsumer ( $consumer_key, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function getConsumer ( $consumer_key, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function getConsumerStatic () { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function addConsumerRequestToken ( $consumer_key, $options = array() ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function getConsumerRequestToken ( $token ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function deleteConsumerRequestToken ( $token ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function authorizeConsumerRequestToken ( $token, $user_id, $referrer_host = '' ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function countConsumerAccessTokens ( $consumer_key ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function exchangeConsumerRequestForAccessToken ( $token, $options = array() ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function getConsumerAccessToken ( $token, $user_id ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function deleteConsumerAccessToken ( $token, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function setConsumerAccessTokenTtl ( $token, $ttl ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function listConsumers ( $user_id ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function listConsumerApplications( $begin = 0, $total = 25 ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function listConsumerTokens ( $user_id ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function checkServerNonce ( $consumer_key, $token, $timestamp, $nonce ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function addLog ( $keys, $received, $sent, $base_string, $notes, $user_id = null ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function listLog ( $options, $user_id ) { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
public function install () { throw new OAuthException2("OAuthStore2Leg doesn't support " . __METHOD__); }
}
?>

View File

@ -0,0 +1,150 @@
<?php
/**
* Abstract base class for OAuthStore implementations
*
* @version $Id$
* @author Marc Worrell <marcw@pobox.com>
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
abstract class OAuthStoreAbstract
{
abstract public function getSecretsForVerify ( $consumer_key, $token, $token_type = 'access' );
abstract public function getSecretsForSignature ( $uri, $user_id );
abstract public function getServerTokenSecrets ( $consumer_key, $token, $token_type, $user_id, $name = '' );
abstract public function addServerToken ( $consumer_key, $token_type, $token, $token_secret, $user_id, $options = array() );
abstract public function deleteServer ( $consumer_key, $user_id, $user_is_admin = false );
abstract public function getServer( $consumer_key, $user_id, $user_is_admin = false );
abstract public function getServerForUri ( $uri, $user_id );
abstract public function listServerTokens ( $user_id );
abstract public function countServerTokens ( $consumer_key );
abstract public function getServerToken ( $consumer_key, $token, $user_id );
abstract public function deleteServerToken ( $consumer_key, $token, $user_id, $user_is_admin = false );
abstract public function listServers ( $q = '', $user_id );
abstract public function updateServer ( $server, $user_id, $user_is_admin = false );
abstract public function updateConsumer ( $consumer, $user_id, $user_is_admin = false );
abstract public function deleteConsumer ( $consumer_key, $user_id, $user_is_admin = false );
abstract public function getConsumer ( $consumer_key, $user_id, $user_is_admin = false );
abstract public function getConsumerStatic ();
abstract public function addConsumerRequestToken ( $consumer_key, $options = array() );
abstract public function getConsumerRequestToken ( $token );
abstract public function deleteConsumerRequestToken ( $token );
abstract public function authorizeConsumerRequestToken ( $token, $user_id, $referrer_host = '' );
abstract public function countConsumerAccessTokens ( $consumer_key );
abstract public function exchangeConsumerRequestForAccessToken ( $token, $options = array() );
abstract public function getConsumerAccessToken ( $token, $user_id );
abstract public function deleteConsumerAccessToken ( $token, $user_id, $user_is_admin = false );
abstract public function setConsumerAccessTokenTtl ( $token, $ttl );
abstract public function listConsumers ( $user_id );
abstract public function listConsumerApplications( $begin = 0, $total = 25 );
abstract public function listConsumerTokens ( $user_id );
abstract public function checkServerNonce ( $consumer_key, $token, $timestamp, $nonce );
abstract public function addLog ( $keys, $received, $sent, $base_string, $notes, $user_id = null );
abstract public function listLog ( $options, $user_id );
abstract public function install ();
/**
* Fetch the current static consumer key for this site, create it when it was not found.
* The consumer secret for the consumer key is always empty.
*
* @return string consumer key
*/
/* ** Some handy utility functions ** */
/**
* Generate a unique key
*
* @param boolean unique force the key to be unique
* @return string
*/
public function generateKey ( $unique = false )
{
$key = md5(uniqid(rand(), true));
if ($unique)
{
list($usec,$sec) = explode(' ',microtime());
$key .= dechex($usec).dechex($sec);
}
return $key;
}
/**
* Check to see if a string is valid utf8
*
* @param string $s
* @return boolean
*/
protected function isUTF8 ( $s )
{
return preg_match('%(?:
[\xC2-\xDF][\x80-\xBF] # non-overlong 2-byte
|\xE0[\xA0-\xBF][\x80-\xBF] # excluding overlongs
|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2} # straight 3-byte
|\xED[\x80-\x9F][\x80-\xBF] # excluding surrogates
|\xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3
|[\xF1-\xF3][\x80-\xBF]{3} # planes 4-15
|\xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16
)+%xs', $s);
}
/**
* Make a string utf8, replacing all non-utf8 chars with a '.'
*
* @param string
* @return string
*/
protected function makeUTF8 ( $s )
{
if (function_exists('iconv'))
{
do
{
$ok = true;
$text = @iconv('UTF-8', 'UTF-8//TRANSLIT', $s);
if (strlen($text) != strlen($s))
{
// Remove the offending character...
$s = $text . '.' . substr($s, strlen($text) + 1);
$ok = false;
}
}
while (!$ok);
}
return $s;
}
}
?>

View File

@ -0,0 +1,264 @@
<?php
/**
* Storage container for the oauth credentials, both server and consumer side.
* This file can only be used in conjunction with anyMeta.
*
* @version $Id: OAuthStoreAnyMeta.php 68 2010-01-12 18:59:23Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Nov 16, 2007 4:03:30 PM
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthStoreMySQL.php';
class OAuthStoreAnymeta extends OAuthStoreMySQL
{
/**
* Construct the OAuthStoreAnymeta
*
* @param array options
*/
function __construct ( $options = array() )
{
parent::__construct(array('conn' => any_db_conn()));
}
/**
* Add an entry to the log table
*
* @param array keys (osr_consumer_key, ost_token, ocr_consumer_key, oct_token)
* @param string received
* @param string sent
* @param string base_string
* @param string notes
* @param int (optional) user_id
*/
public function addLog ( $keys, $received, $sent, $base_string, $notes, $user_id = null )
{
if (is_null($user_id) && isset($GLOBALS['any_auth']))
{
$user_id = $GLOBALS['any_auth']->getUserId();
}
parent::addLog($keys, $received, $sent, $base_string, $notes, $user_id);
}
/**
* Get a page of entries from the log. Returns the last 100 records
* matching the options given.
*
* @param array options
* @param int user_id current user
* @return array log records
*/
public function listLog ( $options, $user_id )
{
$where = array();
$args = array();
if (empty($options))
{
$where[] = 'olg_usa_id_ref = %d';
$args[] = $user_id;
}
else
{
foreach ($options as $option => $value)
{
if (strlen($value) > 0)
{
switch ($option)
{
case 'osr_consumer_key':
case 'ocr_consumer_key':
case 'ost_token':
case 'oct_token':
$where[] = 'olg_'.$option.' = \'%s\'';
$args[] = $value;
break;
}
}
}
$where[] = '(olg_usa_id_ref IS NULL OR olg_usa_id_ref = %d)';
$args[] = $user_id;
}
$rs = any_db_query_all_assoc('
SELECT olg_id,
olg_osr_consumer_key AS osr_consumer_key,
olg_ost_token AS ost_token,
olg_ocr_consumer_key AS ocr_consumer_key,
olg_oct_token AS oct_token,
olg_usa_id_ref AS user_id,
olg_received AS received,
olg_sent AS sent,
olg_base_string AS base_string,
olg_notes AS notes,
olg_timestamp AS timestamp,
INET_NTOA(olg_remote_ip) AS remote_ip
FROM oauth_log
WHERE '.implode(' AND ', $where).'
ORDER BY olg_id DESC
LIMIT 0,100', $args);
return $rs;
}
/**
* Initialise the database
*/
public function install ()
{
parent::install();
any_db_query("ALTER TABLE oauth_consumer_registry MODIFY ocr_usa_id_ref int(11) unsigned");
any_db_query("ALTER TABLE oauth_consumer_token MODIFY oct_usa_id_ref int(11) unsigned not null");
any_db_query("ALTER TABLE oauth_server_registry MODIFY osr_usa_id_ref int(11) unsigned");
any_db_query("ALTER TABLE oauth_server_token MODIFY ost_usa_id_ref int(11) unsigned not null");
any_db_query("ALTER TABLE oauth_log MODIFY olg_usa_id_ref int(11) unsigned");
any_db_alter_add_fk('oauth_consumer_registry', 'ocr_usa_id_ref', 'any_user_auth(usa_id_ref)', 'on update cascade on delete set null');
any_db_alter_add_fk('oauth_consumer_token', 'oct_usa_id_ref', 'any_user_auth(usa_id_ref)', 'on update cascade on delete cascade');
any_db_alter_add_fk('oauth_server_registry', 'osr_usa_id_ref', 'any_user_auth(usa_id_ref)', 'on update cascade on delete set null');
any_db_alter_add_fk('oauth_server_token', 'ost_usa_id_ref', 'any_user_auth(usa_id_ref)', 'on update cascade on delete cascade');
any_db_alter_add_fk('oauth_log', 'olg_usa_id_ref', 'any_user_auth(usa_id_ref)', 'on update cascade on delete cascade');
}
/** Some simple helper functions for querying the mysql db **/
/**
* Perform a query, ignore the results
*
* @param string sql
* @param vararg arguments (for sprintf)
*/
protected function query ( $sql )
{
list($sql, $args) = $this->sql_args(func_get_args());
any_db_query($sql, $args);
}
/**
* Perform a query, ignore the results
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_all_assoc ( $sql )
{
list($sql, $args) = $this->sql_args(func_get_args());
return any_db_query_all_assoc($sql, $args);
}
/**
* Perform a query, return the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_row_assoc ( $sql )
{
list($sql, $args) = $this->sql_args(func_get_args());
return any_db_query_row_assoc($sql, $args);
}
/**
* Perform a query, return the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_row ( $sql )
{
list($sql, $args) = $this->sql_args(func_get_args());
return any_db_query_row($sql, $args);
}
/**
* Perform a query, return the first column of the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return mixed
*/
protected function query_one ( $sql )
{
list($sql, $args) = $this->sql_args(func_get_args());
return any_db_query_one($sql, $args);
}
/**
* Return the number of rows affected in the last query
*
* @return int
*/
protected function query_affected_rows ()
{
return any_db_affected_rows();
}
/**
* Return the id of the last inserted row
*
* @return int
*/
protected function query_insert_id ()
{
return any_db_insert_id();
}
private function sql_args ( $args )
{
$sql = array_shift($args);
if (count($args) == 1 && is_array($args[0]))
{
$args = $args[0];
}
return array($sql, $args);
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,245 @@
<?php
/**
* Storage container for the oauth credentials, both server and consumer side.
* Based on MySQL
*
* @version $Id: OAuthStoreMySQL.php 85 2010-02-19 14:56:40Z brunobg@corollarium.com $
* @author Marc Worrell <marcw@pobox.com>
* @date Nov 16, 2007 4:03:30 PM
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthStoreSQL.php';
class OAuthStoreMySQL extends OAuthStoreSQL
{
/**
* The MySQL connection
*/
protected $conn;
/**
* Initialise the database
*/
public function install ()
{
require_once dirname(__FILE__) . '/mysql/install.php';
}
/* ** Some simple helper functions for querying the mysql db ** */
/**
* Perform a query, ignore the results
*
* @param string sql
* @param vararg arguments (for sprintf)
*/
protected function query ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysql_query($sql, $this->conn)))
{
$this->sql_errcheck($sql);
}
if (is_resource($res))
{
mysql_free_result($res);
}
}
/**
* Perform a query, ignore the results
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_all_assoc ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysql_query($sql, $this->conn)))
{
$this->sql_errcheck($sql);
}
$rs = array();
while ($row = mysql_fetch_assoc($res))
{
$rs[] = $row;
}
mysql_free_result($res);
return $rs;
}
/**
* Perform a query, return the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_row_assoc ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysql_query($sql, $this->conn)))
{
$this->sql_errcheck($sql);
}
if ($row = mysql_fetch_assoc($res))
{
$rs = $row;
}
else
{
$rs = false;
}
mysql_free_result($res);
return $rs;
}
/**
* Perform a query, return the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_row ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysql_query($sql, $this->conn)))
{
$this->sql_errcheck($sql);
}
if ($row = mysql_fetch_array($res))
{
$rs = $row;
}
else
{
$rs = false;
}
mysql_free_result($res);
return $rs;
}
/**
* Perform a query, return the first column of the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return mixed
*/
protected function query_one ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysql_query($sql, $this->conn)))
{
$this->sql_errcheck($sql);
}
$val = @mysql_result($res, 0, 0);
mysql_free_result($res);
return $val;
}
/**
* Return the number of rows affected in the last query
*/
protected function query_affected_rows ()
{
return mysql_affected_rows($this->conn);
}
/**
* Return the id of the last inserted row
*
* @return int
*/
protected function query_insert_id ()
{
return mysql_insert_id($this->conn);
}
protected function sql_printf ( $args )
{
$sql = array_shift($args);
if (count($args) == 1 && is_array($args[0]))
{
$args = $args[0];
}
$args = array_map(array($this, 'sql_escape_string'), $args);
return vsprintf($sql, $args);
}
protected function sql_escape_string ( $s )
{
if (is_string($s))
{
return mysql_real_escape_string($s, $this->conn);
}
else if (is_null($s))
{
return NULL;
}
else if (is_bool($s))
{
return intval($s);
}
else if (is_int($s) || is_float($s))
{
return $s;
}
else
{
return mysql_real_escape_string(strval($s), $this->conn);
}
}
protected function sql_errcheck ( $sql )
{
if (mysql_errno($this->conn))
{
$msg = "SQL Error in OAuthStoreMySQL: ".mysql_error($this->conn)."\n\n" . $sql;
throw new OAuthException2($msg);
}
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

View File

@ -0,0 +1,306 @@
<?php
/**
* Storage container for the oauth credentials, both server and consumer side.
* Based on MySQL
*
* @version $Id: OAuthStoreMySQLi.php 64 2009-08-16 19:37:00Z marcw@pobox.com $
* @author Bruno Barberi Gnecco <brunobg@users.sf.net> Based on code by Marc Worrell <marcw@pobox.com>
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
/*
* Modified from OAuthStoreMySQL to support MySQLi
*/
require_once dirname(__FILE__) . '/OAuthStoreMySQL.php';
class OAuthStoreMySQLi extends OAuthStoreMySQL
{
public function install() {
$sql = file_get_contents(dirname(__FILE__) . '/mysql/mysql.sql');
$ps = explode('#--SPLIT--', $sql);
foreach ($ps as $p)
{
$p = preg_replace('/^\s*#.*$/m', '', $p);
$this->query($p);
$this->sql_errcheck($p);
}
}
/**
* Construct the OAuthStoreMySQLi.
* In the options you have to supply either:
* - server, username, password and database (for a mysqli_connect)
* - conn (for the connection to be used)
*
* @param array options
*/
function __construct ( $options = array() )
{
if (isset($options['conn']))
{
$this->conn = $options['conn'];
}
else
{
if (isset($options['server']))
{
$server = $options['server'];
$username = $options['username'];
if (isset($options['password']))
{
$this->conn = ($GLOBALS["___mysqli_ston"] = mysqli_connect($server, $username, $options['password']));
}
else
{
$this->conn = ($GLOBALS["___mysqli_ston"] = mysqli_connect($server, $username));
}
}
else
{
// Try the default mysql connect
$this->conn = ($GLOBALS["___mysqli_ston"] = mysqli_connect());
}
if ($this->conn === false)
{
throw new OAuthException2('Could not connect to MySQL database: ' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
}
if (isset($options['database']))
{
/* TODO: security. mysqli_ doesn't seem to have an escape identifier function.
$escapeddb = mysqli_real_escape_string($options['database']);
if (!((bool)mysqli_query( $this->conn, "USE `$escapeddb`" )))
{
$this->sql_errcheck();
}*/
}
$this->query('set character set utf8');
}
}
/**
* Perform a query, ignore the results
*
* @param string sql
* @param vararg arguments (for sprintf)
*/
protected function query ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysqli_query( $this->conn, $sql)))
{
$this->sql_errcheck($sql);
}
if (!is_bool($res))
{
((mysqli_free_result($res) || (is_object($res) && (get_class($res) == "mysqli_result"))) ? true : false);
}
}
/**
* Perform a query, ignore the results
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_all_assoc ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysqli_query( $this->conn, $sql)))
{
$this->sql_errcheck($sql);
}
$rs = array();
while ($row = mysqli_fetch_assoc($res))
{
$rs[] = $row;
}
((mysqli_free_result($res) || (is_object($res) && (get_class($res) == "mysqli_result"))) ? true : false);
return $rs;
}
/**
* Perform a query, return the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_row_assoc ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysqli_query( $this->conn, $sql)))
{
$this->sql_errcheck($sql);
}
if ($row = mysqli_fetch_assoc($res))
{
$rs = $row;
}
else
{
$rs = false;
}
((mysqli_free_result($res) || (is_object($res) && (get_class($res) == "mysqli_result"))) ? true : false);
return $rs;
}
/**
* Perform a query, return the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_row ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysqli_query( $this->conn, $sql)))
{
$this->sql_errcheck($sql);
}
if ($row = mysqli_fetch_array($res))
{
$rs = $row;
}
else
{
$rs = false;
}
((mysqli_free_result($res) || (is_object($res) && (get_class($res) == "mysqli_result"))) ? true : false);
return $rs;
}
/**
* Perform a query, return the first column of the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return mixed
*/
protected function query_one ( $sql )
{
$sql = $this->sql_printf(func_get_args());
if (!($res = mysqli_query( $this->conn, $sql)))
{
$this->sql_errcheck($sql);
}
if ($row = mysqli_fetch_assoc($res))
{
$val = array_pop($row);
}
else
{
$val = false;
}
((mysqli_free_result($res) || (is_object($res) && (get_class($res) == "mysqli_result"))) ? true : false);
return $val;
}
/**
* Return the number of rows affected in the last query
*/
protected function query_affected_rows ()
{
return mysqli_affected_rows($this->conn);
}
/**
* Return the id of the last inserted row
*
* @return int
*/
protected function query_insert_id ()
{
return ((is_null($___mysqli_res = mysqli_insert_id($this->conn))) ? false : $___mysqli_res);
}
protected function sql_printf ( $args )
{
$sql = array_shift($args);
if (count($args) == 1 && is_array($args[0]))
{
$args = $args[0];
}
$args = array_map(array($this, 'sql_escape_string'), $args);
return vsprintf($sql, $args);
}
protected function sql_escape_string ( $s )
{
if (is_string($s))
{
return mysqli_real_escape_string( $this->conn, $s);
}
else if (is_null($s))
{
return NULL;
}
else if (is_bool($s))
{
return intval($s);
}
else if (is_int($s) || is_float($s))
{
return $s;
}
else
{
return mysqli_real_escape_string( $this->conn, strval($s));
}
}
protected function sql_errcheck ( $sql )
{
if (((is_object($this->conn)) ? mysqli_errno($this->conn) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)))
{
$msg = "SQL Error in OAuthStoreMySQL: ".((is_object($this->conn)) ? mysqli_error($this->conn) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))."\n\n" . $sql;
throw new OAuthException2($msg);
}
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,274 @@
<?php
/**
* Storage container for the oauth credentials, both server and consumer side.
* Based on MySQL
*
* @version $Id: OAuthStorePDO.php 64 2009-08-16 19:37:00Z marcw@pobox.com $
* @author Bruno Barberi Gnecco <brunobg@users.sf.net> Based on code by Marc Worrell <marcw@pobox.com>
*
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthStoreSQL.php';
class OAuthStorePDO extends OAuthStoreSQL
{
private $conn; // PDO connection
private $lastaffectedrows;
/**
* Construct the OAuthStorePDO.
* In the options you have to supply either:
* - dsn, username, password and database (for a new PDO connection)
* - conn (for the connection to be used)
*
* @param array options
*/
function __construct ( $options = array() )
{
if (isset($options['conn']))
{
$this->conn = $options['conn'];
}
else if (isset($options['dsn']))
{
try
{
$this->conn = new PDO($options['dsn'], $options['username'], @$options['password']);
}
catch (PDOException $e)
{
throw new OAuthException2('Could not connect to PDO database: ' . $e->getMessage());
}
$this->query('set character set utf8');
}
}
/**
* Perform a query, ignore the results
*
* @param string sql
* @param vararg arguments (for sprintf)
*/
protected function query ( $sql )
{
$sql = $this->sql_printf(func_get_args());
try
{
$this->lastaffectedrows = $this->conn->exec($sql);
if ($this->lastaffectedrows === FALSE) {
$this->sql_errcheck($sql);
}
}
catch (PDOException $e)
{
$this->sql_errcheck($sql);
}
}
/**
* Perform a query, ignore the results
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_all_assoc ( $sql )
{
$sql = $this->sql_printf(func_get_args());
$result = array();
try
{
$stmt = $this->conn->query($sql);
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
catch (PDOException $e)
{
$this->sql_errcheck($sql);
}
return $result;
}
/**
* Perform a query, return the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_row_assoc ( $sql )
{
$sql = $this->sql_printf(func_get_args());
$result = $this->query_all_assoc($sql);
$val = array_pop($result);
return $val;
}
/**
* Perform a query, return the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return array
*/
protected function query_row ( $sql )
{
$sql = $this->sql_printf(func_get_args());
try
{
$all = $this->conn->query($sql, PDO::FETCH_NUM);
$row = array();
foreach ($all as $r) {
$row = $r;
break;
}
}
catch (PDOException $e)
{
$this->sql_errcheck($sql);
}
return $row;
}
/**
* Perform a query, return the first column of the first row
*
* @param string sql
* @param vararg arguments (for sprintf)
* @return mixed
*/
protected function query_one ( $sql )
{
$sql = $this->sql_printf(func_get_args());
$row = $this->query_row($sql);
$val = array_pop($row);
return $val;
}
/**
* Return the number of rows affected in the last query
*/
protected function query_affected_rows ()
{
return $this->lastaffectedrows;
}
/**
* Return the id of the last inserted row
*
* @return int
*/
protected function query_insert_id ()
{
return $this->conn->lastInsertId();
}
protected function sql_printf ( $args )
{
$sql = array_shift($args);
if (count($args) == 1 && is_array($args[0]))
{
$args = $args[0];
}
$args = array_map(array($this, 'sql_escape_string'), $args);
return vsprintf($sql, $args);
}
protected function sql_escape_string ( $s )
{
if (is_string($s))
{
$s = $this->conn->quote($s);
// kludge. Quote already adds quotes, and this conflicts with OAuthStoreSQL.
// so remove the quotes
$len = mb_strlen($s);
if ($len == 0)
return $s;
$startcut = 0;
while (isset($s[$startcut]) && $s[$startcut] == '\'')
$startcut++;
$endcut = $len-1;
while (isset($s[$endcut]) && $s[$endcut] == '\'')
$endcut--;
$s = mb_substr($s, $startcut, $endcut-$startcut+1);
return $s;
}
else if (is_null($s))
{
return NULL;
}
else if (is_bool($s))
{
return intval($s);
}
else if (is_int($s) || is_float($s))
{
return $s;
}
else
{
return $this->conn->quote(strval($s));
}
}
protected function sql_errcheck ( $sql )
{
$msg = "SQL Error in OAuthStoreMySQL: ". print_r($this->conn->errorInfo(), true) ."\n\n" . $sql;
$backtrace = debug_backtrace();
$msg .= "\n\nAt file " . $backtrace[1]['file'] . ", line " . $backtrace[1]['line'];
throw new OAuthException2($msg);
}
/**
* Initialise the database
*/
public function install ()
{
// TODO: this depends on mysql extension
require_once dirname(__FILE__) . '/mysql/install.php';
}
}
/* vi:set ts=4 sts=4 sw=4 binary noeol: */
?>

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,157 @@
<?php
/**
* OAuthSession is a really *dirty* storage. It's useful for testing and may
* be enough for some very simple applications, but it's not recommended for
* production use.
*
* @version $Id: OAuthStoreSession.php 153 2010-08-30 21:25:58Z brunobg@corollarium.com $
* @author BBG
*
* The MIT License
*
* Copyright (c) 2007-2008 Mediamatic Lab
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__) . '/OAuthStoreAbstract.class.php';
class OAuthStoreSession extends OAuthStoreAbstract
{
private $session;
/*
* Takes two options: consumer_key and consumer_secret
*/
public function __construct( $options = array() )
{
if (!session_id()) {
session_start();
}
if(isset($options['consumer_key']) && isset($options['consumer_secret']))
{
$this->session = &$_SESSION['oauth_' . $options['consumer_key']];
$this->session['consumer_key'] = $options['consumer_key'];
$this->session['consumer_secret'] = $options['consumer_secret'];
$this->session['signature_methods'] = array('HMAC-SHA1');
$this->session['server_uri'] = $options['server_uri'];
$this->session['request_token_uri'] = $options['request_token_uri'];
$this->session['authorize_uri'] = $options['authorize_uri'];
$this->session['access_token_uri'] = $options['access_token_uri'];
}
else
{
throw new OAuthException2("OAuthStoreSession needs consumer_token and consumer_secret");
}
}
public function getSecretsForVerify ( $consumer_key, $token, $token_type = 'access' ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function getSecretsForSignature ( $uri, $user_id )
{
return $this->session;
}
public function getServerTokenSecrets ( $consumer_key, $token, $token_type, $user_id, $name = '')
{
if ($consumer_key != $this->session['consumer_key']) {
return array();
}
return array(
'consumer_key' => $consumer_key,
'consumer_secret' => $this->session['consumer_secret'],
'token' => $token,
'token_secret' => $this->session['token_secret'],
'token_name' => $name,
'signature_methods' => $this->session['signature_methods'],
'server_uri' => $this->session['server_uri'],
'request_token_uri' => $this->session['request_token_uri'],
'authorize_uri' => $this->session['authorize_uri'],
'access_token_uri' => $this->session['access_token_uri'],
'token_ttl' => 3600,
);
}
public function addServerToken ( $consumer_key, $token_type, $token, $token_secret, $user_id, $options = array() )
{
$this->session['token_type'] = $token_type;
$this->session['token'] = $token;
$this->session['token_secret'] = $token_secret;
}
public function deleteServer ( $consumer_key, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function getServer( $consumer_key, $user_id, $user_is_admin = false ) {
return array(
'id' => 0,
'user_id' => $user_id,
'consumer_key' => $this->session['consumer_key'],
'consumer_secret' => $this->session['consumer_secret'],
'signature_methods' => $this->session['signature_methods'],
'server_uri' => $this->session['server_uri'],
'request_token_uri' => $this->session['request_token_uri'],
'authorize_uri' => $this->session['authorize_uri'],
'access_token_uri' => $this->session['access_token_uri'],
);
}
public function getServerForUri ( $uri, $user_id ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function listServerTokens ( $user_id ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function countServerTokens ( $consumer_key ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function getServerToken ( $consumer_key, $token, $user_id ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function deleteServerToken ( $consumer_key, $token, $user_id, $user_is_admin = false ) {
// TODO
}
public function setServerTokenTtl ( $consumer_key, $token, $token_ttl )
{
//This method just needs to exist. It doesn't have to do anything!
}
public function listServers ( $q = '', $user_id ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function updateServer ( $server, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function updateConsumer ( $consumer, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function deleteConsumer ( $consumer_key, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function getConsumer ( $consumer_key, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function getConsumerStatic () { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function addConsumerRequestToken ( $consumer_key, $options = array() ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function getConsumerRequestToken ( $token ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function deleteConsumerRequestToken ( $token ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function authorizeConsumerRequestToken ( $token, $user_id, $referrer_host = '' ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function countConsumerAccessTokens ( $consumer_key ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function exchangeConsumerRequestForAccessToken ( $token, $options = array() ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function getConsumerAccessToken ( $token, $user_id ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function deleteConsumerAccessToken ( $token, $user_id, $user_is_admin = false ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function setConsumerAccessTokenTtl ( $token, $ttl ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function listConsumers ( $user_id ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function listConsumerApplications( $begin = 0, $total = 25 ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function listConsumerTokens ( $user_id ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function checkServerNonce ( $consumer_key, $token, $timestamp, $nonce ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function addLog ( $keys, $received, $sent, $base_string, $notes, $user_id = null ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function listLog ( $options, $user_id ) { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
public function install () { throw new OAuthException2("OAuthStoreSession doesn't support " . __METHOD__); }
}
?>

View File

@ -0,0 +1,32 @@
<?php
/**
* Installs all tables in the mysql.sql file, using the default mysql connection
*/
/* Change and uncomment this when you need to: */
/*
mysql_connect('localhost', 'root');
if (mysql_errno())
{
die(' Error '.mysql_errno().': '.mysql_error());
}
mysql_select_db('test');
*/
$sql = file_get_contents(dirname(__FILE__) . '/mysql.sql');
$ps = explode('#--SPLIT--', $sql);
foreach ($ps as $p)
{
$p = preg_replace('/^\s*#.*$/m', '', $p);
mysql_query($p);
if (mysql_errno())
{
die(' Error '.mysql_errno().': '.mysql_error());
}
}
?>

View File

@ -0,0 +1,236 @@
# Datamodel for OAuthStoreMySQL
#
# You need to add the foreign key constraints for the user ids your are using.
# I have commented the constraints out, just look for 'usa_id_ref' to enable them.
#
# The --SPLIT-- markers are used by the install.php script
#
# @version $Id: mysql.sql 156 2010-09-16 15:46:49Z brunobg@corollarium.com $
# @author Marc Worrell
#
# Changes:
#
# 2010-09-15
# ALTER TABLE oauth_server_token MODIFY ost_referrer_host varchar(128) not null default '';
#
# 2010-07-22
# ALTER TABLE oauth_consumer_registry DROP INDEX ocr_consumer_key;
# ALTER TABLE oauth_consumer_registry ADD UNIQUE ocr_consumer_key(ocr_consumer_key,ocr_usa_id_ref,ocr_server_uri)
#
# 2010-04-20 (on 103 and 110)
# ALTER TABLE oauth_consumer_registry MODIFY ocr_consumer_key varchar(128) binary not null;
# ALTER TABLE oauth_consumer_registry MODIFY ocr_consumer_secret varchar(128) binary not null;
#
# 2010-04-20 (on 103 and 110)
# ALTER TABLE oauth_server_token ADD ost_verifier char(10);
# ALTER TABLE oauth_server_token ADD ost_callback_url varchar(512);
#
# 2008-10-15 (on r48) Added ttl to consumer and server tokens, added named server tokens
#
# ALTER TABLE oauth_server_token
# ADD ost_token_ttl datetime not null default '9999-12-31',
# ADD KEY (ost_token_ttl);
#
# ALTER TABLE oauth_consumer_token
# ADD oct_name varchar(64) binary not null default '',
# ADD oct_token_ttl datetime not null default '9999-12-31',
# DROP KEY oct_usa_id_ref,
# ADD UNIQUE KEY (oct_usa_id_ref, oct_ocr_id_ref, oct_token_type, oct_name),
# ADD KEY (oct_token_ttl);
#
# 2008-09-09 (on r5) Added referrer host to server access token
#
# ALTER TABLE oauth_server_token ADD ost_referrer_host VARCHAR(128) NOT NULL;
#
#
# Log table to hold all OAuth request when you enabled logging
#
CREATE TABLE IF NOT EXISTS oauth_log (
olg_id int(11) not null auto_increment,
olg_osr_consumer_key varchar(64) binary,
olg_ost_token varchar(64) binary,
olg_ocr_consumer_key varchar(64) binary,
olg_oct_token varchar(64) binary,
olg_usa_id_ref int(11),
olg_received text not null,
olg_sent text not null,
olg_base_string text not null,
olg_notes text not null,
olg_timestamp timestamp not null default current_timestamp,
olg_remote_ip bigint not null,
primary key (olg_id),
key (olg_osr_consumer_key, olg_id),
key (olg_ost_token, olg_id),
key (olg_ocr_consumer_key, olg_id),
key (olg_oct_token, olg_id),
key (olg_usa_id_ref, olg_id)
# , foreign key (olg_usa_id_ref) references any_user_auth (usa_id_ref)
# on update cascade
# on delete cascade
) engine=InnoDB default charset=utf8;
#--SPLIT--
#
# /////////////////// CONSUMER SIDE ///////////////////
#
# This is a registry of all consumer codes we got from other servers
# The consumer_key/secret is obtained from the server
# We also register the server uri, so that we can find the consumer key and secret
# for a certain server. From that server we can check if we have a token for a
# particular user.
CREATE TABLE IF NOT EXISTS oauth_consumer_registry (
ocr_id int(11) not null auto_increment,
ocr_usa_id_ref int(11),
ocr_consumer_key varchar(128) binary not null,
ocr_consumer_secret varchar(128) binary not null,
ocr_signature_methods varchar(255) not null default 'HMAC-SHA1,PLAINTEXT',
ocr_server_uri varchar(255) not null,
ocr_server_uri_host varchar(128) not null,
ocr_server_uri_path varchar(128) binary not null,
ocr_request_token_uri varchar(255) not null,
ocr_authorize_uri varchar(255) not null,
ocr_access_token_uri varchar(255) not null,
ocr_timestamp timestamp not null default current_timestamp,
primary key (ocr_id),
unique key (ocr_consumer_key, ocr_usa_id_ref, ocr_server_uri),
key (ocr_server_uri),
key (ocr_server_uri_host, ocr_server_uri_path),
key (ocr_usa_id_ref)
# , foreign key (ocr_usa_id_ref) references any_user_auth(usa_id_ref)
# on update cascade
# on delete set null
) engine=InnoDB default charset=utf8;
#--SPLIT--
# Table used to sign requests for sending to a server by the consumer
# The key is defined for a particular user. Only one single named
# key is allowed per user/server combination
CREATE TABLE IF NOT EXISTS oauth_consumer_token (
oct_id int(11) not null auto_increment,
oct_ocr_id_ref int(11) not null,
oct_usa_id_ref int(11) not null,
oct_name varchar(64) binary not null default '',
oct_token varchar(64) binary not null,
oct_token_secret varchar(64) binary not null,
oct_token_type enum('request','authorized','access'),
oct_token_ttl datetime not null default '9999-12-31',
oct_timestamp timestamp not null default current_timestamp,
primary key (oct_id),
unique key (oct_ocr_id_ref, oct_token),
unique key (oct_usa_id_ref, oct_ocr_id_ref, oct_token_type, oct_name),
key (oct_token_ttl),
foreign key (oct_ocr_id_ref) references oauth_consumer_registry (ocr_id)
on update cascade
on delete cascade
# , foreign key (oct_usa_id_ref) references any_user_auth (usa_id_ref)
# on update cascade
# on delete cascade
) engine=InnoDB default charset=utf8;
#--SPLIT--
#
# ////////////////// SERVER SIDE /////////////////
#
# Table holding consumer key/secret combos an user issued to consumers.
# Used for verification of incoming requests.
CREATE TABLE IF NOT EXISTS oauth_server_registry (
osr_id int(11) not null auto_increment,
osr_usa_id_ref int(11),
osr_consumer_key varchar(64) binary not null,
osr_consumer_secret varchar(64) binary not null,
osr_enabled tinyint(1) not null default '1',
osr_status varchar(16) not null,
osr_requester_name varchar(64) not null,
osr_requester_email varchar(64) not null,
osr_callback_uri varchar(255) not null,
osr_application_uri varchar(255) not null,
osr_application_title varchar(80) not null,
osr_application_descr text not null,
osr_application_notes text not null,
osr_application_type varchar(20) not null,
osr_application_commercial tinyint(1) not null default '0',
osr_issue_date datetime not null,
osr_timestamp timestamp not null default current_timestamp,
primary key (osr_id),
unique key (osr_consumer_key),
key (osr_usa_id_ref)
# , foreign key (osr_usa_id_ref) references any_user_auth(usa_id_ref)
# on update cascade
# on delete set null
) engine=InnoDB default charset=utf8;
#--SPLIT--
# Nonce used by a certain consumer, every used nonce should be unique, this prevents
# replaying attacks. We need to store all timestamp/nonce combinations for the
# maximum timestamp received.
CREATE TABLE IF NOT EXISTS oauth_server_nonce (
osn_id int(11) not null auto_increment,
osn_consumer_key varchar(64) binary not null,
osn_token varchar(64) binary not null,
osn_timestamp bigint not null,
osn_nonce varchar(80) binary not null,
primary key (osn_id),
unique key (osn_consumer_key, osn_token, osn_timestamp, osn_nonce)
) engine=InnoDB default charset=utf8;
#--SPLIT--
# Table used to verify signed requests sent to a server by the consumer
# When the verification is succesful then the associated user id is returned.
CREATE TABLE IF NOT EXISTS oauth_server_token (
ost_id int(11) not null auto_increment,
ost_osr_id_ref int(11) not null,
ost_usa_id_ref int(11) not null,
ost_token varchar(64) binary not null,
ost_token_secret varchar(64) binary not null,
ost_token_type enum('request','access'),
ost_authorized tinyint(1) not null default '0',
ost_referrer_host varchar(128) not null default '',
ost_token_ttl datetime not null default '9999-12-31',
ost_timestamp timestamp not null default current_timestamp,
ost_verifier char(10),
ost_callback_url varchar(512),
primary key (ost_id),
unique key (ost_token),
key (ost_osr_id_ref),
key (ost_token_ttl),
foreign key (ost_osr_id_ref) references oauth_server_registry (osr_id)
on update cascade
on delete cascade
# , foreign key (ost_usa_id_ref) references any_user_auth (usa_id_ref)
# on update cascade
# on delete cascade
) engine=InnoDB default charset=utf8;

View File

@ -0,0 +1,114 @@
CREATE TABLE oauth_log
(
olg_id number,
olg_osr_consumer_key varchar2(64),
olg_ost_token varchar2(64),
olg_ocr_consumer_key varchar2(64),
olg_oct_token varchar2(64),
olg_usa_id_ref number,
olg_received varchar2(500),
olg_sent varchar2(500),
olg_base_string varchar2(500),
olg_notes varchar2(500),
olg_timestamp date default sysdate,
olg_remote_ip varchar2(50)
);
alter table oauth_log
add constraint oauth_log_pk primary key (olg_id);
CREATE TABLE oauth_consumer_registry
(
ocr_id number,
ocr_usa_id_ref number,
ocr_consumer_key varchar2(64),
ocr_consumer_secret varchar2(64),
ocr_signature_methods varchar2(255)default 'HMAC-SHA1,PLAINTEXT',
ocr_server_uri varchar2(255),
ocr_server_uri_host varchar2(128),
ocr_server_uri_path varchar2(128),
ocr_request_token_uri varchar2(255),
ocr_authorize_uri varchar2(255),
ocr_access_token_uri varchar2(255),
ocr_timestamp date default sysdate
)
alter table oauth_consumer_registry
add constraint oauth_consumer_registry_pk primary key (ocr_id);
CREATE TABLE oauth_consumer_token
(
oct_id number,
oct_ocr_id_ref number,
oct_usa_id_ref number,
oct_name varchar2(64) default '',
oct_token varchar2(64),
oct_token_secret varchar2(64),
oct_token_type varchar2(20), -- enum('request','authorized','access'),
oct_token_ttl date default TO_DATE('9999.12.31', 'yyyy.mm.dd'),
oct_timestamp date default sysdate
);
alter table oauth_consumer_token
add constraint oauth_consumer_token_pk primary key (oct_id);
CREATE TABLE oauth_server_registry
(
osr_id number,
osr_usa_id_ref number,
osr_consumer_key varchar2(64),
osr_consumer_secret varchar2(64),
osr_enabled integer default '1',
osr_status varchar2(16),
osr_requester_name varchar2(64),
osr_requester_email varchar2(64),
osr_callback_uri varchar2(255),
osr_application_uri varchar2(255),
osr_application_title varchar2(80),
osr_application_descr varchar2(500),
osr_application_notes varchar2(500),
osr_application_type varchar2(20),
osr_application_commercial integer default '0',
osr_issue_date date,
osr_timestamp date default sysdate
);
alter table oauth_server_registry
add constraint oauth_server_registry_pk primary key (osr_id);
CREATE TABLE oauth_server_nonce
(
osn_id number,
osn_consumer_key varchar2(64),
osn_token varchar2(64),
osn_timestamp number,
osn_nonce varchar2(80)
);
alter table oauth_server_nonce
add constraint oauth_server_nonce_pk primary key (osn_id);
CREATE TABLE oauth_server_token
(
ost_id number,
ost_osr_id_ref number,
ost_usa_id_ref number,
ost_token varchar2(64),
ost_token_secret varchar2(64),
ost_token_type varchar2(20), -- enum('request','access'),
ost_authorized integer default '0',
ost_referrer_host varchar2(128),
ost_token_ttl date default TO_DATE('9999.12.31', 'yyyy.mm.dd'),
ost_timestamp date default sysdate,
ost_verifier varchar2(10),
ost_callback_url varchar2(512)
);
alter table oauth_server_token
add constraint oauth_server_token_pk primary key (ost_id);

View File

@ -0,0 +1,9 @@
CREATE SEQUENCE SEQ_OCT_ID NOCACHE;
CREATE SEQUENCE SEQ_OCR_ID NOCACHE;
CREATE SEQUENCE SEQ_OSR_ID NOCACHE;
CREATE SEQUENCE SEQ_OSN_ID NOCACHE;
CREATE SEQUENCE SEQ_OLG_ID NOCACHE;

View File

@ -0,0 +1,71 @@
CREATE OR REPLACE PROCEDURE SP_ADD_CONSUMER_REQUEST_TOKEN
(
P_TOKEN_TTL IN NUMBER, -- IN SECOND
P_CONSUMER_KEY IN VARCHAR2,
P_TOKEN IN VARCHAR2,
P_TOKEN_SECRET IN VARCHAR2,
P_CALLBACK_URL IN VARCHAR2,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Add an unautorized request token to our server.
V_OSR_ID NUMBER;
V_OSR_ID_REF NUMBER;
V_EXC_NO_SERVER_EXIST EXCEPTION;
BEGIN
P_RESULT := 0;
BEGIN
SELECT OSR_ID INTO V_OSR_ID
FROM OAUTH_SERVER_REGISTRY
WHERE OSR_CONSUMER_KEY = P_CONSUMER_KEY
AND OSR_ENABLED = 1;
EXCEPTION
WHEN NO_DATA_FOUND THEN
RAISE V_EXC_NO_SERVER_EXIST;
END;
BEGIN
SELECT OST_OSR_ID_REF INTO V_OSR_ID_REF
FROM OAUTH_SERVER_TOKEN
WHERE OST_OSR_ID_REF = V_OSR_ID;
UPDATE OAUTH_SERVER_TOKEN
SET OST_OSR_ID_REF = V_OSR_ID,
OST_USA_ID_REF = 1,
OST_TOKEN = P_TOKEN,
OST_TOKEN_SECRET = P_TOKEN_SECRET,
OST_TOKEN_TYPE = 'REQUEST',
OST_TOKEN_TTL = SYSDATE + (P_TOKEN_TTL/(24*60*60)),
OST_CALLBACK_URL = P_CALLBACK_URL,
OST_TIMESTAMP = SYSDATE
WHERE OST_OSR_ID_REF = V_OSR_ID_REF;
EXCEPTION
WHEN NO_DATA_FOUND THEN
INSERT INTO OAUTH_SERVER_TOKEN
(OST_ID, OST_OSR_ID_REF, OST_USA_ID_REF, OST_TOKEN, OST_TOKEN_SECRET, OST_TOKEN_TYPE,
OST_TOKEN_TTL, OST_CALLBACK_URL)
VALUES
(SEQ_OCT_ID.NEXTVAL, V_OSR_ID, 1, P_TOKEN, P_TOKEN_SECRET, 'REQUEST', SYSDATE + (P_TOKEN_TTL/(24*60*60)),
P_CALLBACK_URL);
END;
EXCEPTION
WHEN V_EXC_NO_SERVER_EXIST THEN
P_RESULT := 2; -- NO_SERVER_EXIST
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,31 @@
CREATE OR REPLACE PROCEDURE SP_ADD_LOG
(
P_RECEIVED IN VARCHAR2,
P_SENT IN VARCHAR2,
P_BASE_STRING IN VARCHAR2,
P_NOTES IN VARCHAR2,
P_USA_ID_REF IN NUMBER,
P_REMOTE_IP IN VARCHAR2,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Add an entry to the log table
BEGIN
P_RESULT := 0;
INSERT INTO oauth_log
(OLG_ID, olg_received, olg_sent, olg_base_string, olg_notes, olg_usa_id_ref, olg_remote_ip)
VALUES
(SEQ_OLG_ID.NEXTVAL, P_RECEIVED, P_SENT, P_BASE_STRING, P_NOTES, NVL(P_USA_ID_REF, 0), P_REMOTE_IP);
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,55 @@
CREATE OR REPLACE PROCEDURE SP_ADD_SERVER_TOKEN
(
P_CONSUMER_KEY IN VARCHAR2,
P_USER_ID IN NUMBER,
P_NAME IN VARCHAR2,
P_TOKEN_TYPE IN VARCHAR2,
P_TOKEN IN VARCHAR2,
P_TOKEN_SECRET IN VARCHAR2,
P_TOKEN_INTERVAL_IN_SEC IN NUMBER,
P_RESULT OUT NUMBER
)
AS
-- Add a request token we obtained from a server.
V_OCR_ID NUMBER;
V_TOKEN_TTL DATE;
V_EXC_INVALID_CONSUMER_KEY EXCEPTION;
BEGIN
P_RESULT := 0;
BEGIN
SELECT OCR_ID INTO V_OCR_ID FROM OAUTH_CONSUMER_REGISTRY
WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY AND OCR_USA_ID_REF = P_USER_ID;
EXCEPTION
WHEN NO_DATA_FOUND THEN
RAISE V_EXC_INVALID_CONSUMER_KEY;
END;
DELETE FROM OAUTH_CONSUMER_TOKEN
WHERE OCT_OCR_ID_REF = V_OCR_ID
AND OCT_USA_ID_REF = P_USER_ID
AND UPPER(OCT_TOKEN_TYPE) = UPPER(P_TOKEN_TYPE)
AND OCT_NAME = P_NAME;
IF P_TOKEN_INTERVAL_IN_SEC IS NOT NULL THEN
V_TOKEN_TTL := SYSDATE + (P_TOKEN_INTERVAL_IN_SEC/(24*60*60));
ELSE
V_TOKEN_TTL := TO_DATE('9999.12.31', 'yyyy.mm.dd');
END IF;
INSERT INTO OAUTH_CONSUMER_TOKEN
(OCT_ID, OCT_OCR_ID_REF,OCT_USA_ID_REF, OCT_NAME, OCT_TOKEN, OCT_TOKEN_SECRET, OCT_TOKEN_TYPE, OCT_TIMESTAMP, OCT_TOKEN_TTL)
VALUES
(SEQ_OCT_ID.NEXTVAL, V_OCR_ID, P_USER_ID, P_NAME, P_TOKEN, P_TOKEN_SECRET, UPPER(P_TOKEN_TYPE), SYSDATE, V_TOKEN_TTL);
EXCEPTION
WHEN V_EXC_INVALID_CONSUMER_KEY THEN
P_RESULT := 2; -- INVALID_CONSUMER_KEY
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,32 @@
CREATE OR REPLACE PROCEDURE SP_AUTH_CONSUMER_REQ_TOKEN
(
P_USER_ID IN NUMBER,
P_REFERRER_HOST IN VARCHAR2,
P_VERIFIER IN VARCHAR2,
P_TOKEN IN VARCHAR2,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Fetch the consumer request token, by request token.
BEGIN
P_RESULT := 0;
UPDATE OAUTH_SERVER_TOKEN
SET OST_AUTHORIZED = 1,
OST_USA_ID_REF = P_USER_ID,
OST_TIMESTAMP = SYSDATE,
OST_REFERRER_HOST = P_REFERRER_HOST,
OST_VERIFIER = P_VERIFIER
WHERE OST_TOKEN = P_TOKEN
AND OST_TOKEN_TYPE = 'REQUEST';
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,81 @@
CREATE OR REPLACE PROCEDURE SP_CHECK_SERVER_NONCE
(
P_CONSUMER_KEY IN VARCHAR2,
P_TOKEN IN VARCHAR2,
P_TIMESTAMP IN NUMBER,
P_MAX_TIMESTAMP_SKEW IN NUMBER,
P_NONCE IN VARCHAR2,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Check an nonce/timestamp combination. Clears any nonce combinations
-- that are older than the one received.
V_IS_MAX NUMBER;
V_MAX_TIMESTAMP NUMBER;
V_IS_DUPLICATE_TIMESTAMP NUMBER;
V_EXC_INVALID_TIMESTAMP EXCEPTION;
V_EXC_DUPLICATE_TIMESTAMP EXCEPTION;
BEGIN
P_RESULT := 0;
BEGIN
SELECT MAX(OSN_TIMESTAMP),
CASE
WHEN MAX(OSN_TIMESTAMP) > (P_TIMESTAMP + P_MAX_TIMESTAMP_SKEW) THEN 1 ELSE 0
END "IS_MAX" INTO V_MAX_TIMESTAMP, V_IS_MAX
FROM OAUTH_SERVER_NONCE
WHERE OSN_CONSUMER_KEY = P_CONSUMER_KEY
AND OSN_TOKEN = P_TOKEN;
IF V_IS_MAX = 1 THEN
RAISE V_EXC_INVALID_TIMESTAMP;
END IF;
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
END;
BEGIN
SELECT 1 INTO V_IS_DUPLICATE_TIMESTAMP FROM DUAL WHERE EXISTS
(SELECT OSN_ID FROM OAUTH_SERVER_NONCE
WHERE OSN_CONSUMER_KEY = P_CONSUMER_KEY
AND OSN_TOKEN = P_TOKEN
AND OSN_TIMESTAMP = P_TIMESTAMP
AND OSN_NONCE = P_NONCE);
IF V_IS_DUPLICATE_TIMESTAMP = 1 THEN
RAISE V_EXC_DUPLICATE_TIMESTAMP;
END IF;
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
END;
-- Insert the new combination
INSERT INTO OAUTH_SERVER_NONCE
(OSN_ID, OSN_CONSUMER_KEY, OSN_TOKEN, OSN_TIMESTAMP, OSN_NONCE)
VALUES
(SEQ_OSN_ID.NEXTVAL, P_CONSUMER_KEY, P_TOKEN, P_TIMESTAMP, P_NONCE);
-- Clean up all timestamps older than the one we just received
DELETE FROM OAUTH_SERVER_NONCE
WHERE OSN_CONSUMER_KEY = P_CONSUMER_KEY
AND OSN_TOKEN = P_TOKEN
AND OSN_TIMESTAMP < (P_TIMESTAMP - P_MAX_TIMESTAMP_SKEW);
EXCEPTION
WHEN V_EXC_INVALID_TIMESTAMP THEN
P_RESULT := 2; -- INVALID_TIMESTAMP
WHEN V_EXC_DUPLICATE_TIMESTAMP THEN
P_RESULT := 3; -- DUPLICATE_TIMESTAMP
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,28 @@
CREATE OR REPLACE PROCEDURE SP_CONSUMER_STATIC_SAVE
(
P_OSR_CONSUMER_KEY IN VARCHAR2,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Fetch the static consumer key for this provider.
BEGIN
P_RESULT := 0;
INSERT INTO OAUTH_SERVER_REGISTRY
(OSR_ID, OSR_ENABLED, OSR_STATUS, OSR_USA_ID_REF, OSR_CONSUMER_KEY, OSR_CONSUMER_SECRET, OSR_REQUESTER_NAME, OSR_REQUESTER_EMAIL, OSR_CALLBACK_URI,
OSR_APPLICATION_URI, OSR_APPLICATION_TITLE, OSR_APPLICATION_DESCR, OSR_APPLICATION_NOTES,
OSR_APPLICATION_TYPE, OSR_APPLICATION_COMMERCIAL, OSR_TIMESTAMP,OSR_ISSUE_DATE)
VALUES
(SEQ_OSR_ID.NEXTVAL, 1, 'ACTIVE', NULL, P_OSR_CONSUMER_KEY, '\', '\', '\', '\', '\',
'STATIC SHARED CONSUMER KEY', '\', 'STATIC SHARED CONSUMER KEY', '\', 0, SYSDATE, SYSDATE);
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,27 @@
CREATE OR REPLACE PROCEDURE SP_COUNT_CONSUMER_ACCESS_TOKEN
(
P_CONSUMER_KEY IN VARCHAR2,
P_COUNT OUT NUMBER,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Count the consumer access tokens for the given consumer.
BEGIN
P_RESULT := 0;
SELECT COUNT(OST_ID) INTO P_COUNT
FROM OAUTH_SERVER_TOKEN
JOIN OAUTH_SERVER_REGISTRY
ON OST_OSR_ID_REF = OSR_ID
WHERE OST_TOKEN_TYPE = 'ACCESS'
AND OSR_CONSUMER_KEY = P_CONSUMER_KEY
AND OST_TOKEN_TTL >= SYSDATE;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,28 @@
CREATE OR REPLACE PROCEDURE SP_COUNT_SERVICE_TOKENS
(
P_CONSUMER_KEY IN VARCHAR2,
P_COUNT OUT NUMBER,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Count how many tokens we have for the given server
BEGIN
P_RESULT := 0;
SELECT COUNT(OCT_ID) INTO P_COUNT
FROM OAUTH_CONSUMER_TOKEN
JOIN OAUTH_CONSUMER_REGISTRY
ON OCT_OCR_ID_REF = OCR_ID
WHERE OCT_TOKEN_TYPE = 'ACCESS'
AND OCR_CONSUMER_KEY = P_CONSUMER_KEY
AND OCT_TOKEN_TTL >= SYSDATE;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,35 @@
CREATE OR REPLACE PROCEDURE SP_DELETE_CONSUMER
(
P_CONSUMER_KEY IN VARCHAR2,
P_USER_ID IN NUMBER,
P_USER_IS_ADMIN IN NUMBER, --0:NO; 1:YES
P_RESULT OUT NUMBER
)
AS
-- Delete a consumer key. This removes access to our site for all applications using this key.
BEGIN
P_RESULT := 0;
IF P_USER_IS_ADMIN = 1 THEN
DELETE FROM OAUTH_SERVER_REGISTRY
WHERE OSR_CONSUMER_KEY = P_CONSUMER_KEY
AND (OSR_USA_ID_REF = P_USER_ID OR OSR_USA_ID_REF IS NULL);
ELSIF P_USER_IS_ADMIN = 0 THEN
DELETE FROM OAUTH_SERVER_REGISTRY
WHERE OSR_CONSUMER_KEY = P_CONSUMER_KEY
AND OSR_USA_ID_REF = P_USER_ID;
END IF;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,35 @@
CREATE OR REPLACE PROCEDURE SP_DELETE_SERVER
(
P_CONSUMER_KEY IN VARCHAR2,
P_USER_ID IN NUMBER,
P_USER_IS_ADMIN IN NUMBER, --0:NO; 1:YES
P_RESULT OUT NUMBER
)
AS
-- Delete a server key. This removes access to that site.
BEGIN
P_RESULT := 0;
IF P_USER_IS_ADMIN = 1 THEN
DELETE FROM OAUTH_CONSUMER_REGISTRY
WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY
AND (OCR_USA_ID_REF = P_USER_ID OR OCR_USA_ID_REF IS NULL);
ELSIF P_USER_IS_ADMIN = 0 THEN
DELETE FROM OAUTH_CONSUMER_REGISTRY
WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY
AND OCR_USA_ID_REF = P_USER_ID;
END IF;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,37 @@
CREATE OR REPLACE PROCEDURE SP_DELETE_SERVER_TOKEN
(
P_CONSUMER_KEY IN VARCHAR2,
P_USER_ID IN NUMBER,
P_TOKEN IN VARCHAR2,
P_USER_IS_ADMIN IN NUMBER, --0:NO; 1:YES
P_RESULT OUT NUMBER
)
AS
-- Delete a token we obtained from a server.
BEGIN
P_RESULT := 0;
IF P_USER_IS_ADMIN = 1 THEN
DELETE FROM OAUTH_CONSUMER_TOKEN
WHERE OCT_TOKEN = P_TOKEN
AND OCT_OCR_ID_REF IN (SELECT OCR_ID FROM OAUTH_CONSUMER_REGISTRY WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY);
ELSIF P_USER_IS_ADMIN = 0 THEN
DELETE FROM OAUTH_CONSUMER_TOKEN
WHERE OCT_TOKEN = P_TOKEN
AND OCT_USA_ID_REF = P_USER_ID
AND OCT_OCR_ID_REF IN (SELECT OCR_ID FROM OAUTH_CONSUMER_REGISTRY WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY);
END IF;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,33 @@
CREATE OR REPLACE PROCEDURE SP_DEL_CONSUMER_ACCESS_TOKEN
(
P_USER_ID IN NUMBER,
P_TOKEN IN VARCHAR2,
P_USER_IS_ADMIN IN NUMBER, -- 1:YES; 0:NO
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Delete a consumer access token.
BEGIN
P_RESULT := 0;
IF P_USER_IS_ADMIN = 1 THEN
DELETE FROM OAUTH_SERVER_TOKEN
WHERE OST_TOKEN = P_TOKEN
AND OST_TOKEN_TYPE = 'ACCESS';
ELSE
DELETE FROM OAUTH_SERVER_TOKEN
WHERE OST_TOKEN = P_TOKEN
AND OST_TOKEN_TYPE = 'ACCESS'
AND OST_USA_ID_REF = P_USER_ID;
END IF;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,25 @@
CREATE OR REPLACE PROCEDURE SP_DEL_CONSUMER_REQUEST_TOKEN
(
P_TOKEN IN VARCHAR2,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Delete a consumer token. The token must be a request or authorized token.
BEGIN
P_RESULT := 0;
DELETE FROM OAUTH_SERVER_TOKEN
WHERE OST_TOKEN = P_TOKEN
AND OST_TOKEN_TYPE = 'REQUEST';
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,96 @@
CREATE OR REPLACE PROCEDURE SP_EXCH_CONS_REQ_FOR_ACC_TOKEN
(
P_TOKEN_TTL IN NUMBER, -- IN SECOND
P_NEW_TOKEN IN VARCHAR2,
P_TOKEN IN VARCHAR2,
P_TOKEN_SECRET IN VARCHAR2,
P_VERIFIER IN VARCHAR2,
P_OUT_TOKEN_TTL OUT NUMBER,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Add an unautorized request token to our server.
V_TOKEN_EXIST NUMBER;
V_EXC_NO_TOKEN_EXIST EXCEPTION;
BEGIN
P_RESULT := 0;
IF P_VERIFIER IS NOT NULL THEN
BEGIN
SELECT 1 INTO V_TOKEN_EXIST FROM DUAL WHERE EXISTS
(SELECT OST_TOKEN FROM OAUTH_SERVER_TOKEN
WHERE OST_TOKEN = P_TOKEN
AND OST_TOKEN_TYPE = 'REQUEST'
AND OST_AUTHORIZED = 1
AND OST_TOKEN_TTL >= SYSDATE
AND OST_VERIFIER = P_VERIFIER);
EXCEPTION
WHEN NO_DATA_FOUND THEN
RAISE V_EXC_NO_TOKEN_EXIST;
END;
UPDATE OAUTH_SERVER_TOKEN
SET OST_TOKEN = P_NEW_TOKEN,
OST_TOKEN_SECRET = P_TOKEN_SECRET,
OST_TOKEN_TYPE = 'ACCESS',
OST_TIMESTAMP = SYSDATE,
OST_TOKEN_TTL = NVL(SYSDATE + (P_TOKEN_TTL/(24*60*60)), TO_DATE('9999.12.31', 'yyyy.mm.dd'))
WHERE OST_TOKEN = P_TOKEN
AND OST_TOKEN_TYPE = 'REQUEST'
AND OST_AUTHORIZED = 1
AND OST_TOKEN_TTL >= SYSDATE
AND OST_VERIFIER = P_VERIFIER;
ELSE
BEGIN
SELECT 1 INTO V_TOKEN_EXIST FROM DUAL WHERE EXISTS
(SELECT OST_TOKEN FROM OAUTH_SERVER_TOKEN
WHERE OST_TOKEN = P_TOKEN
AND OST_TOKEN_TYPE = 'REQUEST'
AND OST_AUTHORIZED = 1
AND OST_TOKEN_TTL >= SYSDATE);
EXCEPTION
WHEN NO_DATA_FOUND THEN
RAISE V_EXC_NO_TOKEN_EXIST;
END;
UPDATE OAUTH_SERVER_TOKEN
SET OST_TOKEN = P_NEW_TOKEN,
OST_TOKEN_SECRET = P_TOKEN_SECRET,
OST_TOKEN_TYPE = 'ACCESS',
OST_TIMESTAMP = SYSDATE,
OST_TOKEN_TTL = NVL(SYSDATE + (P_TOKEN_TTL/(24*60*60)), TO_DATE('9999.12.31', 'yyyy.mm.dd'))
WHERE OST_TOKEN = P_TOKEN
AND OST_TOKEN_TYPE = 'REQUEST'
AND OST_AUTHORIZED = 1
AND OST_TOKEN_TTL >= SYSDATE;
END IF;
SELECT CASE
WHEN OST_TOKEN_TTL >= TO_DATE('9999.12.31', 'yyyy.mm.dd') THEN NULL ELSE (OST_TOKEN_TTL - SYSDATE)*24*60*60
END "TOKEN_TTL" INTO P_OUT_TOKEN_TTL
FROM OAUTH_SERVER_TOKEN
WHERE OST_TOKEN = P_NEW_TOKEN;
EXCEPTION
WHEN V_EXC_NO_TOKEN_EXIST THEN
P_RESULT := 2; -- NO_TOKEN_EXIST
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,41 @@
CREATE OR REPLACE PROCEDURE SP_GET_CONSUMER
(
P_CONSUMER_KEY IN STRING,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Fetch a consumer of this server, by consumer_key.
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT OSR_ID "osr_id",
OSR_USA_ID_REF "osr_usa_id_ref",
OSR_CONSUMER_KEY "osr_consumer_key",
OSR_CONSUMER_SECRET "osr_consumer_secret",
OSR_ENABLED "osr_enabled",
OSR_STATUS "osr_status",
OSR_REQUESTER_NAME "osr_requester_name",
OSR_REQUESTER_EMAIL "osr_requester_email",
OSR_CALLBACK_URI "osr_callback_uri",
OSR_APPLICATION_URI "osr_application_uri",
OSR_APPLICATION_TITLE "osr_application_title",
OSR_APPLICATION_DESCR "osr_application_descr",
OSR_APPLICATION_NOTES "osr_application_notes",
OSR_APPLICATION_TYPE "osr_application_type",
OSR_APPLICATION_COMMERCIAL "osr_application_commercial",
OSR_ISSUE_DATE "osr_issue_date",
OSR_TIMESTAMP "osr_timestamp"
FROM OAUTH_SERVER_REGISTRY
WHERE OSR_CONSUMER_KEY = P_CONSUMER_KEY;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,43 @@
CREATE OR REPLACE PROCEDURE SP_GET_CONSUMER_ACCESS_TOKEN
(
P_USER_ID IN NUMBER,
P_TOKEN IN VARCHAR2,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Fetch the consumer access token, by access token.
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT OST_TOKEN "token",
OST_TOKEN_SECRET "token_secret",
OST_REFERRER_HOST "token_referrer_host",
OSR_CONSUMER_KEY "consumer_key",
OSR_CONSUMER_SECRET "consumer_secret",
OSR_APPLICATION_URI "application_uri",
OSR_APPLICATION_TITLE "application_title",
OSR_APPLICATION_DESCR "application_descr",
OSR_CALLBACK_URI "callback_uri"
FROM OAUTH_SERVER_TOKEN
JOIN OAUTH_SERVER_REGISTRY
ON OST_OSR_ID_REF = OSR_ID
WHERE OST_TOKEN_TYPE = 'ACCESS'
AND OST_TOKEN = P_TOKEN
AND OST_USA_ID_REF = P_USER_ID
AND OST_TOKEN_TTL >= SYSDATE;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,41 @@
CREATE OR REPLACE PROCEDURE SP_GET_CONSUMER_REQUEST_TOKEN
(
P_TOKEN IN VARCHAR2,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Fetch the consumer request token, by request token.
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT OST_TOKEN "token",
OST_TOKEN_SECRET "token_secret",
OSR_CONSUMER_KEY "consumer_key",
OSR_CONSUMER_SECRET "consumer_secret",
OST_TOKEN_TYPE "token_type",
OST_CALLBACK_URL "callback_url",
OSR_APPLICATION_TITLE "application_title",
OSR_APPLICATION_DESCR "application_descr",
OSR_APPLICATION_URI "application_uri"
FROM OAUTH_SERVER_TOKEN
JOIN OAUTH_SERVER_REGISTRY
ON OST_OSR_ID_REF = OSR_ID
WHERE OST_TOKEN_TYPE = 'REQUEST'
AND OST_TOKEN = P_TOKEN
AND OST_TOKEN_TTL >= SYSDATE;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,25 @@
CREATE OR REPLACE PROCEDURE SP_GET_CONSUMER_STATIC_SELECT
(
P_OSR_CONSUMER_KEY OUT VARCHAR2,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Fetch the static consumer key for this provider.
BEGIN
P_RESULT := 0;
SELECT OSR_CONSUMER_KEY INTO P_OSR_CONSUMER_KEY
FROM OAUTH_SERVER_REGISTRY
WHERE OSR_CONSUMER_KEY LIKE 'sc-%%'
AND OSR_USA_ID_REF IS NULL;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,43 @@
CREATE OR REPLACE PROCEDURE SP_GET_SECRETS_FOR_SIGNATURE
(
P_HOST IN VARCHAR2,
P_PATH IN VARCHAR2,
P_USER_ID IN NUMBER,
P_NAME IN VARCHAR2,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Find the server details for signing a request, always looks for an access token.
-- The returned credentials depend on which local user is making the request.
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT * FROM (
SELECT OCR_CONSUMER_KEY "consumer_key",
OCR_CONSUMER_SECRET "consumer_secret",
OCT_TOKEN "token",
OCT_TOKEN_SECRET "token_secret",
OCR_SIGNATURE_METHODS "signature_methods"
FROM OAUTH_CONSUMER_REGISTRY
JOIN OAUTH_CONSUMER_TOKEN ON OCT_OCR_ID_REF = OCR_ID
WHERE OCR_SERVER_URI_HOST = P_HOST
AND OCR_SERVER_URI_PATH = SUBSTR(P_PATH, 1, LENGTH(OCR_SERVER_URI_PATH))
AND (OCR_USA_ID_REF = P_USER_ID OR OCR_USA_ID_REF IS NULL)
AND OCT_USA_ID_REF = P_USER_ID
AND OCT_TOKEN_TYPE = 'ACCESS'
AND OCT_NAME = P_NAME
AND OCT_TOKEN_TTL >= SYSDATE
ORDER BY OCR_USA_ID_REF DESC, OCR_CONSUMER_SECRET DESC, LENGTH(OCR_SERVER_URI_PATH) DESC
) WHERE ROWNUM<=1;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,52 @@
CREATE OR REPLACE PROCEDURE SP_GET_SECRETS_FOR_VERIFY
(
P_CONSUMER_KEY IN VARCHAR2,
P_TOKEN IN VARCHAR2,
P_TOKEN_TYPE IN VARCHAR2,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE to Find stored credentials for the consumer key and token. Used by an OAuth server
-- when verifying an OAuth request.
BEGIN
P_RESULT := 0;
IF P_TOKEN_TYPE IS NULL THEN
OPEN P_ROWS FOR
SELECT OSR.OSR_ID "osr_id",
OSR.OSR_CONSUMER_KEY "consumer_key",
OSR.OSR_CONSUMER_SECRET "consumer_secret"
FROM OAUTH_SERVER_REGISTRY OSR
WHERE OSR.OSR_CONSUMER_KEY = P_CONSUMER_KEY
AND OSR.OSR_ENABLED = 1;
ELSE
OPEN P_ROWS FOR
SELECT OSR.OSR_ID "osr_id",
OST.OST_ID "ost_id",
OST.OST_USA_ID_REF "user_id",
OSR.OSR_CONSUMER_KEY "consumer_key",
OSR.OSR_CONSUMER_SECRET "consumer_secret",
OST.OST_TOKEN "token",
OST.OST_TOKEN_SECRET "token_secret"
FROM OAUTH_SERVER_REGISTRY OSR, OAUTH_SERVER_TOKEN OST
WHERE OST.OST_OSR_ID_REF = OSR.OSR_ID
AND upper(OST.OST_TOKEN_TYPE) = upper(P_TOKEN_TYPE)
AND OSR.OSR_CONSUMER_KEY = P_CONSUMER_KEY
AND OST.OST_TOKEN = P_TOKEN
AND OSR.OSR_ENABLED = 1
AND OST.OST_TOKEN_TTL >= SYSDATE;
END IF;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,35 @@
CREATE OR REPLACE PROCEDURE SP_GET_SERVER
(
P_CONSUMER_KEY IN VARCHAR2,
P_USER_ID IN NUMBER,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Get a server from the consumer registry using the consumer key
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT OCR_ID "id",
OCR_USA_ID_REF "user_id",
OCR_CONSUMER_KEY "consumer_key",
OCR_CONSUMER_SECRET "consumer_secret",
OCR_SIGNATURE_METHODS "signature_methods",
OCR_SERVER_URI "server_uri",
OCR_REQUEST_TOKEN_URI "request_token_uri",
OCR_AUTHORIZE_URI "authorize_uri",
OCR_ACCESS_TOKEN_URI "access_token_uri"
FROM OAUTH_CONSUMER_REGISTRY
WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY
AND (OCR_USA_ID_REF = P_USER_ID OR OCR_USA_ID_REF IS NULL);
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,41 @@
CREATE OR REPLACE PROCEDURE SP_GET_SERVER_FOR_URI
(
P_HOST IN VARCHAR2,
P_PATH IN VARCHAR2,
P_USER_ID IN NUMBER,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Find the server details that might be used for a request
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT * FROM (
SELECT OCR_ID "id",
OCR_USA_ID_REF "user_id",
OCR_CONSUMER_KEY "consumer_key",
OCR_CONSUMER_SECRET "consumer_secret",
OCR_SIGNATURE_METHODS "signature_methods",
OCR_SERVER_URI "server_uri",
OCR_REQUEST_TOKEN_URI "request_token_uri",
OCR_AUTHORIZE_URI "authorize_uri",
OCR_ACCESS_TOKEN_URI "access_token_uri"
FROM OAUTH_CONSUMER_REGISTRY
WHERE OCR_SERVER_URI_HOST = P_HOST
AND OCR_SERVER_URI_PATH = SUBSTR(P_PATH, 1, LENGTH(OCR_SERVER_URI_PATH))
AND (OCR_USA_ID_REF = P_USER_ID OR OCR_USA_ID_REF IS NULL)
ORDER BY ocr_usa_id_ref DESC, OCR_CONSUMER_KEY DESC, LENGTH(ocr_server_uri_path) DESC
) WHERE ROWNUM<=1;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,45 @@
CREATE OR REPLACE PROCEDURE SP_GET_SERVER_TOKEN
(
P_CONSUMER_KEY IN VARCHAR2,
P_USER_ID IN NUMBER,
P_TOKEN IN VARCHAR2,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Get a specific server token for the given user
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT OCR_CONSUMER_KEY "consumer_key",
OCR_CONSUMER_SECRET "consumer_secret",
OCT_TOKEN "token",
OCT_TOKEN_SECRET "token_secret",
OCT_USA_ID_REF "usr_id",
OCR_SIGNATURE_METHODS "signature_methods",
OCR_SERVER_URI "server_uri",
OCR_SERVER_URI_HOST "server_uri_host",
OCR_SERVER_URI_PATH "server_uri_path",
OCR_REQUEST_TOKEN_URI "request_token_uri",
OCR_AUTHORIZE_URI "authorize_uri",
OCR_ACCESS_TOKEN_URI "access_token_uri",
OCT_TIMESTAMP "timestamp"
FROM OAUTH_CONSUMER_REGISTRY
JOIN OAUTH_CONSUMER_TOKEN
ON OCT_OCR_ID_REF = OCR_ID
WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY
AND OCT_USA_ID_REF = P_USER_ID
AND OCT_TOKEN_TYPE = 'ACCESS'
AND OCT_TOKEN = P_TOKEN
AND OCT_TOKEN_TTL >= SYSDATE;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,47 @@
CREATE OR REPLACE PROCEDURE SP_GET_SERVER_TOKEN_SECRETS
(
P_CONSUMER_KEY IN VARCHAR2,
P_TOKEN IN VARCHAR2,
P_TOKEN_TYPE IN VARCHAR2,
P_USER_ID IN NUMBER,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- Get the token and token secret we obtained from a server.
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT OCR.OCR_CONSUMER_KEY "consumer_key",
OCR.OCR_CONSUMER_SECRET "consumer_secret",
OCT.OCT_TOKEN "token",
OCT.OCT_TOKEN_SECRET "token_secret",
OCT.OCT_NAME "token_name",
OCR.OCR_SIGNATURE_METHODS "signature_methods",
OCR.OCR_SERVER_URI "server_uri",
OCR.OCR_REQUEST_TOKEN_URI "request_token_uri",
OCR.OCR_AUTHORIZE_URI "authorize_uri",
OCR.OCR_ACCESS_TOKEN_URI "access_token_uri",
CASE WHEN OCT.OCT_TOKEN_TTL >= TO_DATE('9999.12.31', 'yyyy.mm.dd') THEN NULL
ELSE OCT.OCT_TOKEN_TTL - SYSDATE
END "token_ttl"
FROM OAUTH_CONSUMER_REGISTRY OCR, OAUTH_CONSUMER_TOKEN OCT
WHERE OCT.OCT_OCR_ID_REF = OCR_ID
AND OCR.OCR_CONSUMER_KEY = P_CONSUMER_KEY
AND upper(OCT.OCT_TOKEN_TYPE) = upper(P_TOKEN_TYPE)
AND OCT.OCT_TOKEN = P_TOKEN
AND OCT.OCT_USA_ID_REF = P_USER_ID
AND OCT.OCT_TOKEN_TTL >= SYSDATE;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,41 @@
CREATE OR REPLACE PROCEDURE SP_LIST_CONSUMERS
(
P_USER_ID IN NUMBER,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Fetch a list of all consumer keys, secrets etc.
-- Returns the public (user_id is null) and the keys owned by the user
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT OSR_ID "id",
OSR_USA_ID_REF "user_id",
OSR_CONSUMER_KEY "consumer_key",
OSR_CONSUMER_SECRET "consumer_secret",
OSR_ENABLED "enabled",
OSR_STATUS "status",
OSR_ISSUE_DATE "issue_date",
OSR_APPLICATION_URI "application_uri",
OSR_APPLICATION_TITLE "application_title",
OSR_APPLICATION_DESCR "application_descr",
OSR_REQUESTER_NAME "requester_name",
OSR_REQUESTER_EMAIL "requester_email",
OSR_CALLBACK_URI "callback_uri"
FROM OAUTH_SERVER_REGISTRY
WHERE (OSR_USA_ID_REF = P_USER_ID OR OSR_USA_ID_REF IS NULL)
ORDER BY OSR_APPLICATION_TITLE;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,43 @@
CREATE OR REPLACE PROCEDURE SP_LIST_CONSUMER_TOKENS
(
P_USER_ID IN NUMBER,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Fetch a list of all consumer tokens accessing the account of the given user.
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT OSR_CONSUMER_KEY "consumer_key",
OSR_CONSUMER_SECRET "consumer_secret",
OSR_ENABLED "enabled",
OSR_STATUS "status",
OSR_APPLICATION_URI "application_uri",
OSR_APPLICATION_TITLE "application_title",
OSR_APPLICATION_DESCR "application_descr",
OST_TIMESTAMP "timestamp",
OST_TOKEN "token",
OST_TOKEN_SECRET "token_secret",
OST_REFERRER_HOST "token_referrer_host",
OSR_CALLBACK_URI "callback_uri"
FROM OAUTH_SERVER_REGISTRY
JOIN OAUTH_SERVER_TOKEN
ON OST_OSR_ID_REF = OSR_ID
WHERE OST_USA_ID_REF = P_USER_ID
AND OST_TOKEN_TYPE = 'ACCESS'
AND OST_TOKEN_TTL >= SYSDATE
ORDER BY OSR_APPLICATION_TITLE;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,75 @@
CREATE OR REPLACE PROCEDURE SP_LIST_LOG
(
P_OPTION_FLAG IN NUMBER, -- 0:NULL; 1:OTHERWISE
P_USA_ID IN NUMBER,
P_OSR_CONSUMER_KEY IN VARCHAR2,
P_OCR_CONSUMER_KEY IN VARCHAR2,
P_OST_TOKEN IN VARCHAR2,
P_OCT_TOKEN IN VARCHAR2,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Get a page of entries from the log. Returns the last 100 records
-- matching the options given.
BEGIN
P_RESULT := 0;
IF P_OPTION_FLAG IS NULL OR P_OPTION_FLAG = 0 THEN
OPEN P_ROWS FOR
SELECT * FROM (
SELECT OLG_ID "olg_id",
OLG_OSR_CONSUMER_KEY "osr_consumer_key",
OLG_OST_TOKEN "ost_token",
OLG_OCR_CONSUMER_KEY "ocr_consumer_key",
OLG_OCT_TOKEN "oct_token",
OLG_USA_ID_REF "user_id",
OLG_RECEIVED "received",
OLG_SENT "sent",
OLG_BASE_STRING "base_string",
OLG_NOTES "notes",
OLG_TIMESTAMP "timestamp",
-- INET_NTOA(OLG_REMOTE_IP) "remote_ip"
OLG_REMOTE_IP "remote_ip"
FROM OAUTH_LOG
WHERE OLG_USA_ID_REF = P_USA_ID
ORDER BY OLG_ID DESC
) WHERE ROWNUM<=100;
ELSE
OPEN P_ROWS FOR
SELECT * FROM (
SELECT OLG_ID "olg_id",
OLG_OSR_CONSUMER_KEY "osr_consumer_key",
OLG_OST_TOKEN "ost_token",
OLG_OCR_CONSUMER_KEY "ocr_consumer_key",
OLG_OCT_TOKEN "oct_token",
OLG_USA_ID_REF "user_id",
OLG_RECEIVED "received",
OLG_SENT "sent",
OLG_BASE_STRING "base_string",
OLG_NOTES "notes",
OLG_TIMESTAMP "timestamp",
-- INET_NTOA(OLG_REMOTE_IP) "remote_ip"
OLG_REMOTE_IP "remote_ip"
FROM OAUTH_LOG
WHERE OLG_OSR_CONSUMER_KEY = P_OSR_CONSUMER_KEY
AND OLG_OCR_CONSUMER_KEY = P_OCR_CONSUMER_KEY
AND OLG_OST_TOKEN = P_OST_TOKEN
AND OLG_OCT_TOKEN = P_OCT_TOKEN
AND (OLG_USA_ID_REF IS NULL OR OLG_USA_ID_REF = P_USA_ID)
ORDER BY OLG_ID DESC
) WHERE ROWNUM<=100;
END IF;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,66 @@
CREATE OR REPLACE PROCEDURE SP_LIST_SERVERS
(
P_Q IN VARCHAR2,
P_USER_ID IN NUMBER,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Get a list of all consumers from the consumer registry.
BEGIN
P_RESULT := 0;
IF P_Q IS NOT NULL THEN
OPEN P_ROWS FOR
SELECT OCR_ID "id",
OCR_USA_ID_REF "user_id",
OCR_CONSUMER_KEY "consumer_key",
OCR_CONSUMER_SECRET "consumer_secret",
OCR_SIGNATURE_METHODS "signature_methods",
OCR_SERVER_URI "server_uri",
OCR_SERVER_URI_HOST "server_uri_host",
OCR_SERVER_URI_PATH "server_uri_path",
OCR_REQUEST_TOKEN_URI "request_token_uri",
OCR_AUTHORIZE_URI "authorize_uri",
OCR_ACCESS_TOKEN_URI "access_token_uri"
FROM OAUTH_CONSUMER_REGISTRY
WHERE ( OCR_CONSUMER_KEY LIKE '%'|| P_Q ||'%'
OR OCR_SERVER_URI LIKE '%'|| P_Q ||'%'
OR OCR_SERVER_URI_HOST LIKE '%'|| P_Q ||'%'
OR OCR_SERVER_URI_PATH LIKE '%'|| P_Q ||'%')
AND (OCR_USA_ID_REF = P_USER_ID OR OCR_USA_ID_REF IS NULL)
ORDER BY OCR_SERVER_URI_HOST, OCR_SERVER_URI_PATH;
ELSE
OPEN P_ROWS FOR
SELECT OCR_ID "id",
OCR_USA_ID_REF "user_id",
OCR_CONSUMER_KEY "consumer_key",
OCR_CONSUMER_SECRET "consumer_secret",
OCR_SIGNATURE_METHODS "signature_methods",
OCR_SERVER_URI "server_uri",
OCR_SERVER_URI_HOST "server_uri_host",
OCR_SERVER_URI_PATH "server_uri_path",
OCR_REQUEST_TOKEN_URI "request_token_uri",
OCR_AUTHORIZE_URI "authorize_uri",
OCR_ACCESS_TOKEN_URI "access_token_uri"
FROM OAUTH_CONSUMER_REGISTRY
WHERE OCR_USA_ID_REF = P_USER_ID OR OCR_USA_ID_REF IS NULL
ORDER BY OCR_SERVER_URI_HOST, OCR_SERVER_URI_PATH;
END IF;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,45 @@
CREATE OR REPLACE PROCEDURE SP_LIST_SERVER_TOKENS
(
P_USER_ID IN NUMBER,
P_ROWS OUT TYPES.REF_CURSOR,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Find the server details that might be used for a request
BEGIN
P_RESULT := 0;
OPEN P_ROWS FOR
SELECT OCR_CONSUMER_KEY "consumer_key",
OCR_CONSUMER_SECRET "consumer_secret",
OCT_ID "token_id",
OCT_TOKEN "token",
OCT_TOKEN_SECRET "token_secret",
OCT_USA_ID_REF "user_id",
OCR_SIGNATURE_METHODS "signature_methods",
OCR_SERVER_URI "server_uri",
OCR_SERVER_URI_HOST "server_uri_host",
OCR_SERVER_URI_PATH "server_uri_path",
OCR_REQUEST_TOKEN_URI "request_token_uri",
OCR_AUTHORIZE_URI "authorize_uri",
OCR_ACCESS_TOKEN_URI "access_token_uri",
OCT_TIMESTAMP "timestamp"
FROM OAUTH_CONSUMER_REGISTRY
JOIN OAUTH_CONSUMER_TOKEN
ON OCT_OCR_ID_REF = OCR_ID
WHERE OCT_USA_ID_REF = P_USER_ID
AND OCT_TOKEN_TYPE = 'ACCESS'
AND OCT_TOKEN_TTL >= SYSDATE
ORDER BY OCR_SERVER_URI_HOST, OCR_SERVER_URI_PATH;
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,28 @@
CREATE OR REPLACE PROCEDURE SP_SET_CONSUMER_ACC_TOKEN_TTL
(
P_TOKEN IN VARCHAR2,
P_TOKEN_TTL IN NUMBER,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Set the ttl of a consumer access token. This is done when the
-- server receives a valid request with a xoauth_token_ttl parameter in it.
BEGIN
P_RESULT := 0;
UPDATE OAUTH_SERVER_TOKEN
SET OST_TOKEN_TTL = SYSDATE + (P_TOKEN_TTL/(24*60*60))
WHERE OST_TOKEN = P_TOKEN
AND OST_TOKEN_TYPE = 'ACCESS';
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,29 @@
CREATE OR REPLACE PROCEDURE SP_SET_SERVER_TOKEN_TTL
(
P_TOKEN_TTL IN NUMBER, -- IN SECOND
P_CONSUMER_KEY IN VARCHAR2,
P_TOKEN IN VARCHAR2,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Set the ttl of a server access token.
BEGIN
P_RESULT := 0;
UPDATE OAUTH_CONSUMER_TOKEN
SET OCT_TOKEN_TTL = SYSDATE + (P_TOKEN_TTL/(24*60*60)) -- DATE_ADD(NOW(), INTERVAL %D SECOND)
WHERE OCT_TOKEN = P_TOKEN
AND OCT_OCR_ID_REF IN (SELECT OCR_ID FROM OAUTH_CONSUMER_REGISTRY WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY);
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,40 @@
CREATE OR REPLACE PROCEDURE SP_UPDATE_CONSUMER
(
P_OSR_USA_ID_REF IN NUMBER,
P_OSR_CONSUMER_KEY IN VARCHAR2,
P_OSR_CONSUMER_SECRET IN VARCHAR2,
P_OSR_REQUESTER_NAME IN VARCHAR2,
P_OSR_REQUESTER_EMAIL IN VARCHAR2,
P_OSR_CALLBACK_URI IN VARCHAR2,
P_OSR_APPLICATION_URI IN VARCHAR2,
P_OSR_APPLICATION_TITLE IN VARCHAR2,
P_OSR_APPLICATION_DESCR IN VARCHAR2,
P_OSR_APPLICATION_NOTES IN VARCHAR2,
P_OSR_APPLICATION_TYPE IN VARCHAR2,
P_OSR_APPLICATION_COMMERCIAL IN INTEGER,
P_RESULT OUT NUMBER
)
AS
-- PROCEDURE TO Insert a new consumer with this server (we will be the server)
BEGIN
P_RESULT := 0;
INSERT INTO OAUTH_SERVER_REGISTRY
( OSR_ID, OSR_ENABLED, OSR_STATUS,OSR_USA_ID_REF,OSR_CONSUMER_KEY, OSR_CONSUMER_SECRET,OSR_REQUESTER_NAME,
OSR_REQUESTER_EMAIL, OSR_CALLBACK_URI, OSR_APPLICATION_URI, OSR_APPLICATION_TITLE, OSR_APPLICATION_DESCR,
OSR_APPLICATION_NOTES, OSR_APPLICATION_TYPE, OSR_APPLICATION_COMMERCIAL, OSR_TIMESTAMP, OSR_ISSUE_DATE)
VALUES
( SEQ_OSR_ID.NEXTVAL, 1, 'ACTIVE', P_OSR_USA_ID_REF, P_OSR_CONSUMER_KEY, P_OSR_CONSUMER_SECRET,P_OSR_REQUESTER_NAME,
P_OSR_REQUESTER_EMAIL, P_OSR_CALLBACK_URI, P_OSR_APPLICATION_URI, P_OSR_APPLICATION_TITLE, P_OSR_APPLICATION_DESCR,
P_OSR_APPLICATION_NOTES, P_OSR_APPLICATION_TYPE, P_OSR_APPLICATION_COMMERCIAL, SYSDATE, SYSDATE);
EXCEPTION
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,139 @@
CREATE OR REPLACE PROCEDURE SP_UPDATE_SERVER
(
P_CONSUMER_KEY IN VARCHAR2,
P_USER_ID IN NUMBER,
P_OCR_ID IN NUMBER,
P_USER_IS_ADMIN IN NUMBER, -- 0:NO; 1:YES;
P_OCR_CONSUMER_SECRET IN VARCHAR2,
P_OCR_SERVER_URI IN VARCHAR2,
P_OCR_SERVER_URI_HOST IN VARCHAR2,
P_OCR_SERVER_URI_PATH IN VARCHAR2,
P_OCR_REQUEST_TOKEN_URI IN VARCHAR2,
P_OCR_AUTHORIZE_URI IN VARCHAR2,
P_OCR_ACCESS_TOKEN_URI IN VARCHAR2,
P_OCR_SIGNATURE_METHODS IN VARCHAR2,
P_OCR_USA_ID_REF IN NUMBER,
P_UPDATE_P_OCR_USA_ID_REF_FLAG IN NUMBER, -- 1:TRUE; 0:FALSE
P_RESULT OUT NUMBER
)
AS
-- Add a request token we obtained from a server.
V_OCR_ID_EXIST NUMBER;
V_OCR_USA_ID_REF NUMBER;
V_EXC_DUPLICATE_CONSUMER_KEY EXCEPTION;
V_EXC_UNAUTHORISED_USER_ID EXCEPTION;
BEGIN
P_RESULT := 0;
V_OCR_USA_ID_REF := P_OCR_USA_ID_REF;
IF P_OCR_ID IS NOT NULL THEN
BEGIN
SELECT 1 INTO V_OCR_ID_EXIST FROM DUAL WHERE EXISTS
(SELECT OCR_ID FROM OAUTH_CONSUMER_REGISTRY
WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY
AND OCR_ID != P_OCR_ID
AND (OCR_USA_ID_REF = P_USER_ID OR OCR_USA_ID_REF IS NULL));
EXCEPTION
WHEN NO_DATA_FOUND THEN
V_OCR_ID_EXIST :=0;
END;
ELSE
BEGIN
SELECT 1 INTO V_OCR_ID_EXIST FROM DUAL WHERE EXISTS
(SELECT OCR_ID FROM OAUTH_CONSUMER_REGISTRY
WHERE OCR_CONSUMER_KEY = P_CONSUMER_KEY
AND (OCR_USA_ID_REF = P_USER_ID OR OCR_USA_ID_REF IS NULL));
EXCEPTION
WHEN NO_DATA_FOUND THEN
V_OCR_ID_EXIST :=0;
END;
END IF;
IF V_OCR_ID_EXIST = 1 THEN
RAISE V_EXC_DUPLICATE_CONSUMER_KEY;
END IF;
IF P_OCR_ID IS NOT NULL THEN
IF P_USER_IS_ADMIN != 1 THEN
BEGIN
SELECT OCR_USA_ID_REF INTO V_OCR_USA_ID_REF
FROM OAUTH_CONSUMER_REGISTRY
WHERE OCR_ID = P_OCR_ID;
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
END;
IF V_OCR_USA_ID_REF != P_USER_ID THEN
RAISE V_EXC_UNAUTHORISED_USER_ID;
END IF;
END IF;
IF P_UPDATE_P_OCR_USA_ID_REF_FLAG = 0 THEN
UPDATE OAUTH_CONSUMER_REGISTRY
SET OCR_CONSUMER_KEY = P_CONSUMER_KEY,
OCR_CONSUMER_SECRET = P_OCR_CONSUMER_SECRET,
OCR_SERVER_URI = P_OCR_SERVER_URI,
OCR_SERVER_URI_HOST = P_OCR_SERVER_URI_HOST,
OCR_SERVER_URI_PATH = P_OCR_SERVER_URI_PATH,
OCR_TIMESTAMP = SYSDATE,
OCR_REQUEST_TOKEN_URI = P_OCR_REQUEST_TOKEN_URI,
OCR_AUTHORIZE_URI = P_OCR_AUTHORIZE_URI,
OCR_ACCESS_TOKEN_URI = P_OCR_ACCESS_TOKEN_URI,
OCR_SIGNATURE_METHODS = P_OCR_SIGNATURE_METHODS
WHERE OCR_ID = P_OCR_ID;
ELSIF P_UPDATE_P_OCR_USA_ID_REF_FLAG = 1 THEN
UPDATE OAUTH_CONSUMER_REGISTRY
SET OCR_CONSUMER_KEY = P_CONSUMER_KEY,
OCR_CONSUMER_SECRET = P_OCR_CONSUMER_SECRET,
OCR_SERVER_URI = P_OCR_SERVER_URI,
OCR_SERVER_URI_HOST = P_OCR_SERVER_URI_HOST,
OCR_SERVER_URI_PATH = P_OCR_SERVER_URI_PATH,
OCR_TIMESTAMP = SYSDATE,
OCR_REQUEST_TOKEN_URI = P_OCR_REQUEST_TOKEN_URI,
OCR_AUTHORIZE_URI = P_OCR_AUTHORIZE_URI,
OCR_ACCESS_TOKEN_URI = P_OCR_ACCESS_TOKEN_URI,
OCR_SIGNATURE_METHODS = P_OCR_SIGNATURE_METHODS,
OCR_USA_ID_REF = P_OCR_USA_ID_REF
WHERE OCR_ID = P_OCR_ID;
END IF;
ELSE
IF P_UPDATE_P_OCR_USA_ID_REF_FLAG = 0 THEN
V_OCR_USA_ID_REF := P_USER_ID;
END IF;
INSERT INTO OAUTH_CONSUMER_REGISTRY
(OCR_ID, OCR_CONSUMER_KEY ,OCR_CONSUMER_SECRET, OCR_SERVER_URI, OCR_SERVER_URI_HOST, OCR_SERVER_URI_PATH,
OCR_TIMESTAMP, OCR_REQUEST_TOKEN_URI, OCR_AUTHORIZE_URI, OCR_ACCESS_TOKEN_URI, OCR_SIGNATURE_METHODS,
OCR_USA_ID_REF)
VALUES
(SEQ_OCR_ID.NEXTVAL, P_CONSUMER_KEY, P_OCR_CONSUMER_SECRET, P_OCR_SERVER_URI, P_OCR_SERVER_URI_HOST, P_OCR_SERVER_URI_PATH,
SYSDATE, P_OCR_REQUEST_TOKEN_URI, P_OCR_AUTHORIZE_URI, P_OCR_ACCESS_TOKEN_URI, P_OCR_SIGNATURE_METHODS,
V_OCR_USA_ID_REF);
END IF;
EXCEPTION
WHEN V_EXC_DUPLICATE_CONSUMER_KEY THEN
P_RESULT := 2; -- DUPLICATE_CONSUMER_KEY
WHEN V_EXC_UNAUTHORISED_USER_ID THEN
P_RESULT := 3; -- UNAUTHORISED_USER_ID
WHEN OTHERS THEN
-- CALL THE FUNCTION TO LOG ERRORS
ROLLBACK;
P_RESULT := 1; -- ERROR
END;
/

View File

@ -0,0 +1,28 @@
<?php
/**
Added by Vinay Kant Sahu.
vinaykant.sahu@gmail.com
* Storage container for the oauth credentials, both server and consumer side.
* Based on Oracle
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
echo 'Right now we do not have Oracle DB installer.
Please find OracleDB folder here with this Table, Sequences and Procedures. You need to manually install/create DB schema and SP with your oracle DB. ';
?>

View File

@ -0,0 +1,166 @@
#
# Log table to hold all OAuth request when you enabled logging
#
CREATE TABLE oauth_log (
olg_id serial primary key,
olg_osr_consumer_key varchar(64),
olg_ost_token varchar(64),
olg_ocr_consumer_key varchar(64),
olg_oct_token varchar(64),
olg_usa_id_ref text,
olg_received text not null,
olg_sent text not null,
olg_base_string text not null,
olg_notes text not null,
olg_timestamp timestamp not null default current_timestamp,
olg_remote_ip inet not null
);
COMMENT ON TABLE oauth_log IS 'Log table to hold all OAuth request when you enabled logging';
#
# /////////////////// CONSUMER SIDE ///////////////////
#
# This is a registry of all consumer codes we got from other servers
# The consumer_key/secret is obtained from the server
# We also register the server uri, so that we can find the consumer key and secret
# for a certain server. From that server we can check if we have a token for a
# particular user.
CREATE TABLE oauth_consumer_registry (
ocr_id serial primary key,
ocr_usa_id_ref text,
ocr_consumer_key varchar(128) not null,
ocr_consumer_secret varchar(128) not null,
ocr_signature_methods varchar(255) not null default 'HMAC-SHA1,PLAINTEXT',
ocr_server_uri varchar(255) not null,
ocr_server_uri_host varchar(128) not null,
ocr_server_uri_path varchar(128) not null,
ocr_request_token_uri varchar(255) not null,
ocr_authorize_uri varchar(255) not null,
ocr_access_token_uri varchar(255) not null,
ocr_timestamp timestamp not null default current_timestamp,
unique (ocr_consumer_key, ocr_usa_id_ref, ocr_server_uri)
);
COMMENT ON TABLE oauth_consumer_registry IS 'This is a registry of all consumer codes we got from other servers';
# Table used to sign requests for sending to a server by the consumer
# The key is defined for a particular user. Only one single named
# key is allowed per user/server combination
-- Create enum type token_type
CREATE TYPE consumer_token_type AS ENUM (
'request',
'authorized',
'access'
);
CREATE TABLE oauth_consumer_token (
oct_id serial primary key,
oct_ocr_id_ref integer not null,
oct_usa_id_ref text not null,
oct_name varchar(64) not null default '',
oct_token varchar(64) not null,
oct_token_secret varchar(64) not null,
oct_token_type consumer_token_type,
oct_token_ttl timestamp not null default timestamp '9999-12-31',
oct_timestamp timestamp not null default current_timestamp,
unique (oct_ocr_id_ref, oct_token),
unique (oct_usa_id_ref, oct_ocr_id_ref, oct_token_type, oct_name),
foreign key (oct_ocr_id_ref) references oauth_consumer_registry (ocr_id)
on update cascade
on delete cascade
);
COMMENT ON TABLE oauth_consumer_token IS 'Table used to sign requests for sending to a server by the consumer';
#
# ////////////////// SERVER SIDE /////////////////
#
# Table holding consumer key/secret combos an user issued to consumers.
# Used for verification of incoming requests.
CREATE TABLE oauth_server_registry (
osr_id serial primary key,
osr_usa_id_ref text,
osr_consumer_key varchar(64) not null,
osr_consumer_secret varchar(64) not null,
osr_enabled boolean not null default true,
osr_status varchar(16) not null,
osr_requester_name varchar(64) not null,
osr_requester_email varchar(64) not null,
osr_callback_uri varchar(255) not null,
osr_application_uri varchar(255) not null,
osr_application_title varchar(80) not null,
osr_application_descr text not null,
osr_application_notes text not null,
osr_application_type varchar(20) not null,
osr_application_commercial boolean not null default false,
osr_issue_date timestamp not null,
osr_timestamp timestamp not null default current_timestamp,
unique (osr_consumer_key)
);
COMMENT ON TABLE oauth_server_registry IS 'Table holding consumer key/secret combos an user issued to consumers';
# Nonce used by a certain consumer, every used nonce should be unique, this prevents
# replaying attacks. We need to store all timestamp/nonce combinations for the
# maximum timestamp received.
CREATE TABLE oauth_server_nonce (
osn_id serial primary key,
osn_consumer_key varchar(64) not null,
osn_token varchar(64) not null,
osn_timestamp bigint not null,
osn_nonce varchar(80) not null,
unique (osn_consumer_key, osn_token, osn_timestamp, osn_nonce)
);
COMMENT ON TABLE oauth_server_nonce IS 'Nonce used by a certain consumer, every used nonce should be unique, this prevents replaying attacks';
# Table used to verify signed requests sent to a server by the consumer
# When the verification is succesful then the associated user id is returned.
-- Create enum type token_type
CREATE TYPE server_token_type AS ENUM (
'request',
'access'
);
CREATE TABLE oauth_server_token (
ost_id serial primary key,
ost_osr_id_ref integer not null,
ost_usa_id_ref text not null,
ost_token varchar(64) not null,
ost_token_secret varchar(64) not null,
ost_token_type server_token_type,
ost_authorized boolean not null default false,
ost_referrer_host varchar(128) not null default '',
ost_token_ttl timestamp not null default timestamp '9999-12-31',
ost_timestamp timestamp not null default current_timestamp,
ost_verifier char(10),
ost_callback_url varchar(512),
unique (ost_token),
foreign key (ost_osr_id_ref) references oauth_server_registry (osr_id)
on update cascade
on delete cascade
);
COMMENT ON TABLE oauth_server_token IS 'Table used to verify signed requests sent to a server by the consumer';