2 require_once 'Zend/Oauth/Exception.php';
3 require_once 'Zend/Oauth/Http/Utility.php';
4 require_once 'Zend/Uri/Http.php';
8 * Basic OAuth provider class
10 class Zend_Oauth_Provider
13 * OAuth result statuses
17 const BAD_TIMESTAMP = 2;
18 const CONSUMER_KEY_UNKNOWN = 3;
19 const CONSUMER_KEY_REFUSED = 4;
20 const INVALID_SIGNATURE = 5;
22 const TOKEN_EXPIRED = 7;
23 const TOKEN_REVOKED = 8;
24 const TOKEN_REJECTED = 9;
25 const PARAMETER_ABSENT = 10;
26 const SIGNATURE_METHOD_REJECTED = 11;
27 const OAUTH_VERIFIER_INVALID = 12;
30 * Error names for error reporting
33 protected $errnames = array(
34 self::BAD_NONCE => "nonce_used",
35 self::BAD_TIMESTAMP => "timestamp_refused",
36 self::CONSUMER_KEY_UNKNOWN => "consumer_key_unknown",
37 self::CONSUMER_KEY_REFUSED => "consumer_key_refused",
38 self::INVALID_SIGNATURE => "signature_invalid",
39 self::TOKEN_USED => "token_used",
40 self::TOKEN_EXPIRED => "token_expired",
41 self::TOKEN_REVOKED => "token_revoked",
42 self::TOKEN_REJECTED => "token_rejected",
43 self::PARAMETER_ABSENT => "parameter_absent",
44 self::SIGNATURE_METHOD_REJECTED => "signature_method_rejected",
45 self::OAUTH_VERIFIER_INVALID => "verifier_invalid",
51 public $consumer_secret;
56 protected $tokenHandler;
57 protected $consumerHandler;
58 protected $nonceHandler;
59 protected $oauth_params;
61 protected $requestPath;
69 * Required OAuth parameters
72 protected $required = array("oauth_consumer_key", "oauth_signature", "oauth_signature_method", "oauth_nonce", "oauth_timestamp");
75 * Set consumer key handler
76 * @param string $callback
77 * @return Zend_Oauth_Provider
79 public function setConsumerHandler($callback)
81 $this->consumerHandler = $callback;
86 * Set nonce/ts handler
87 * @param string $callback
88 * @return Zend_Oauth_Provider
90 public function setTimestampNonceHandler($callback)
92 $this->nonceHandler = $callback;
98 * @param string $callback
99 * @return Zend_Oauth_Provider
101 public function setTokenHandler($callback)
103 $this->tokenHandler = $callback;
108 * Set URL for requesting token (doesn't need token)
109 * @param string $req_path
110 * @return Zend_Oauth_Provider
112 public function setRequestTokenPath($req_path)
114 $this->requestPath = $req_path;
119 * Set this request as token endpoint
120 * @param string $request
121 * @return Zend_Oauth_Provider
123 public function isRequestTokenEndpoint($request)
125 $this->is_request = $request;
130 * Report problem in OAuth as string
131 * @param Zend_Oauth_Exception $e
134 public function reportProblem(Zend_Oauth_Exception $e)
136 $code = $e->getCode();
137 if($code == self::PARAMETER_ABSENT) {
138 return "oauth_problem=parameter_absent&oauth_parameters_absent={$this->problem}";
140 if($code == self::INVALID_SIGNATURE) {
141 return "oauth_problem=signature_invalid&debug_sbs={$this->problem}";
143 if(isset($this->errnames[$code])) {
144 return "oauth_problem=".$this->errnames[$code];
146 return "oauth_problem=unknown_problem&code=$code";
150 * Check if this request needs token
153 protected function needsToken()
155 if(!empty($this->is_request)) {
158 if(empty($this->requestPath)) {
161 $GLOBALS['log']->debug("URLs: now: ".$this->url->getUri(). " req: {$this->requestPath}");
162 if($this->requestPath[0] == '/') {
163 return $this->url->getPath() != $this->requestPath;
165 return $this->url->getUri() != $this->requestPath;
169 * Check if all required parameters are there
170 * @param array $params
171 * @throws Zend_Oauth_Exception
173 protected function checkRequiredParams($params)
175 foreach($this->required as $param) {
176 if(!isset($params[$param])) {
177 $this->problem = $param;
178 throw new Zend_Oauth_Exception("Missing parameter: $param", self::PARAMETER_ABSENT);
181 if($this->needsToken() && !isset($params["oauth_token"])) {
182 $this->problem = "oauth_token";
183 throw new Zend_Oauth_Exception("Missing parameter: oauth_token", self::PARAMETER_ABSENT);
189 * Check if signature method is supported
190 * @param string $signatureMethod
191 * @throws Zend_Oauth_Exception
193 protected function checkSignatureMethod($signatureMethod)
197 $parts = explode('-', $signatureMethod);
198 if (count($parts) > 1) {
199 $className = 'Zend_Oauth_Signature_' . ucfirst(strtolower($parts[0]));
201 $className = 'Zend_Oauth_Signature_' . ucfirst(strtolower($signatureMethod));
203 $filename = str_replace('_', '/', $className) . '.php';
204 if(file_exists($filename)) {
205 require_once $filename;
207 if(!class_exists($className)) {
208 throw new Zend_Oauth_Exception("Invalid signature method", self::SIGNATURE_METHOD_REJECTED);
213 * Collect request parameters from the environment
214 * @param string $method HTTP method being used
215 * @param string $params Extra parameters
217 protected function assembleParams($method, $params = array())
219 $params = array_merge($_GET, $params);
220 if($method == 'POST') {
221 $params = array_merge($_POST, $params);
224 if(function_exists('apache_request_headers')) {
225 $headers = apache_request_headers();
226 if(isset($headers['Authorization'])) {
227 $auth = $headers['Authorization'];
228 } elseif(isset($headers['authorization'])) {
229 $auth = $headers['authorization'];
232 if(empty($auth) && !empty($_SERVER['HTTP_AUTHORIZATION'])) {
233 $auth = $_SERVER['HTTP_AUTHORIZATION'];
236 if(!empty($auth) && substr($auth, 0, 6) == 'OAuth ') {
237 // import header data
238 if (preg_match_all('/(oauth_[a-z_-]*)=(:?"([^"]*)"|([^,]*))/', $auth, $matches)) {
239 foreach ($matches[1] as $num => $header) {
240 if($header == 'realm') {
243 $params[$header] = urldecode(empty($matches[3][$num])? $matches[4][$num] : $matches[3][$num]);
251 * Get current request URL
253 protected function getRequestUrl()
256 if(empty($_SERVER['SERVER_PORT']) || empty($_SERVER['HTTP_HOST']) || empty($_SERVER['REQUEST_URI'])) {
257 return Zend_Uri_Http::fromString("http://localhost/");
259 if($_SERVER['SERVER_PORT'] == 443 || (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (!empty($_SERVER['HTTP_HTTPS']) && $_SERVER['HTTP_HTTPS'] == 'on') || (!empty($_SERVER['HTTP_X_FORWARDED_PORT']) && $_SERVER['HTTP_X_FORWARDED_PORT'] == 443)) {
262 return Zend_Uri_Http::fromString("$proto://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}");
266 * Returns oauth parameters
269 public function getOAuthParams()
271 return $this->oauth_params;
275 * Validate OAuth request
276 * @param Zend_Uri_Http $url Request URL, will use current if null
277 * @param array $params Additional parameters
279 * @throws Zend_Oauth_Exception
281 public function checkOAuthRequest(Zend_Uri_Http $url = null, $params = array())
284 $this->url = $this->getRequestUrl();
286 $this->url = clone $url;
288 // We'll ignore query for the pruposes of URL matching
289 $this->url->setQuery('');
291 if(isset($_SERVER['REQUEST_METHOD'])) {
292 $method = $_SERVER['REQUEST_METHOD'];
293 } elseif(isset($_SERVER['HTTP_METHOD'])) {
294 $method = $_SERVER['HTTP_METHOD'];
298 $params = $this->assembleParams($method, $params);
299 $this->oauth_params = $params;
300 $this->checkSignatureMethod($params['oauth_signature_method']);
301 $this->checkRequiredParams($params);
303 $this->timestamp = $params['oauth_timestamp'];
304 $this->nonce = $params['oauth_nonce'];
305 $this->consumer_key = $params['oauth_consumer_key'];
307 if(!is_callable($this->nonceHandler)) {
308 throw new Zend_Oauth_Exception("Nonce handler not callable", self::BAD_NONCE);
311 $res = call_user_func($this->nonceHandler, $this);
312 if($res != self::OK) {
313 throw new Zend_Oauth_Exception("Invalid request", $res);
316 if(!is_callable($this->consumerHandler)) {
317 throw new Zend_Oauth_Exception("Consumer handler not callable", self::CONSUMER_KEY_UNKNOWN);
320 $res = call_user_func($this->consumerHandler, $this);
321 // this will set $this->consumer_secret if OK
322 if($res != self::OK) {
323 throw new Zend_Oauth_Exception("Consumer key invalid", $res);
326 if($this->needsToken()) {
327 $this->token = $params['oauth_token'];
328 if(isset($params['oauth_verifier'])) {
329 $this->verifier = $params['oauth_verifier'];
331 if(!is_callable($this->tokenHandler)) {
332 throw new Zend_Oauth_Exception("Token handler not callable", self::TOKEN_REJECTED);
334 $res = call_user_func($this->tokenHandler, $this);
335 // this will set $this->token_secret if OK
336 if($res != self::OK) {
337 throw new Zend_Oauth_Exception("Token invalid", $res);
341 $util = new Zend_Oauth_Http_Utility();
342 $req_sign = $params['oauth_signature'];
343 unset($params['oauth_signature']);
344 $our_sign = $util->sign($params, $params['oauth_signature_method'], $this->consumer_secret,
345 $this->token_secret, $method, $this->url->getUri());
346 if($req_sign != $our_sign) {
347 // TODO: think how to extract signature base string
348 $this->problem = $our_sign;
349 $GLOBALS['log']->fatal("Bad signature: $req_sign != $our_sign");
350 throw new Zend_Oauth_Exception("Invalid signature", self::INVALID_SIGNATURE);
358 * @param int $size How many characters?
360 public function generateToken($size)
363 while(strlen($str) < $size) {
364 $str .= md5(uniqid(mt_rand(), true), true);
366 return substr($str, 0, $size);