2 /*********************************************************************************
3 * SugarCRM Community Edition is a customer relationship management program developed by
4 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
6 * This program is free software; you can redistribute it and/or modify it under
7 * the terms of the GNU Affero General Public License version 3 as published by the
8 * Free Software Foundation with the addition of the following permission added
9 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
11 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
13 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
18 * You should have received a copy of the GNU Affero General Public License along with
19 * this program; if not, see http://www.gnu.org/licenses or write to the Free
20 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
24 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
26 * The interactive user interfaces in modified source and object code versions
27 * of this program must display Appropriate Legal Notices, as required under
28 * Section 5 of the GNU Affero General Public License version 3.
30 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31 * these Appropriate Legal Notices must retain the display of the "Powered by
32 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
33 * technical reasons, the Appropriate Legal Notices must display the words
34 * "Powered by SugarCRM".
35 ********************************************************************************/
38 require_once 'modules/OAuthTokens/OAuthToken.php';
39 require_once 'modules/OAuthKeys/OAuthKey.php';
42 * Sugar OAuth provider implementation
44 class SugarOAuthServer
53 * Check if everything is OK
54 * @throws OAuthException
56 protected function check()
58 if(!function_exists('mhash') && !function_exists('hash_hmac')) {
59 // define exception class
60 throw new OAuthException("MHash extension required for OAuth support");
65 * Is this functionality enabled?
67 public static function enabled()
69 return function_exists('mhash') || function_exists('hash_hmac');
73 * Find consumer by key
76 public function lookupConsumer($provider)
78 // check $provider->consumer_key
79 // on unknown: Zend_Oauth_Provider::CONSUMER_KEY_UNKNOWN
80 // on bad key: Zend_Oauth_Provider::CONSUMER_KEY_REFUSED
81 $GLOBALS['log']->debug("OAUTH: lookupConsumer, key={$provider->consumer_key}");
82 $consumer = OAuthKey::fetchKey($provider->consumer_key);
84 return Zend_Oauth_Provider::CONSUMER_KEY_UNKNOWN;
86 $provider->consumer_secret = $consumer->c_secret;
87 $this->consumer = $consumer;
88 return Zend_Oauth_Provider::OK;
92 * Check timestamps & nonces
93 * @param OAuthProvider $provider
95 public function timestampNonceChecker($provider)
97 // FIXME: add ts/nonce verification
98 if(empty($provider->nonce)) {
99 return Zend_Oauth_Provider::BAD_NONCE;
101 if(empty($provider->timestamp)) {
102 return Zend_Oauth_Provider::BAD_TIMESTAMP;
104 return OAuthToken::checkNonce($provider->consumer_key, $provider->nonce, $provider->timestamp);
108 * Vefiry incoming token
109 * @param OAuthProvider $provider
111 public function tokenHandler($provider)
113 $GLOBALS['log']->debug("OAUTH: tokenHandler, token={$provider->token}, verify={$provider->verifier}");
115 $token = OAuthToken::load($provider->token);
117 return Zend_Oauth_Provider::TOKEN_REJECTED;
119 if($token->consumer != $this->consumer->id) {
120 return Zend_Oauth_Provider::TOKEN_REJECTED;
122 $GLOBALS['log']->debug("OAUTH: tokenHandler, found token=".var_export($token->id, true));
123 if($token->tstate == OAuthToken::REQUEST) {
124 if(!empty($token->verify) && $provider->verifier == $token->verify) {
125 $provider->token_secret = $token->secret;
126 $this->token = $token;
127 return Zend_Oauth_Provider::OK;
129 return Zend_Oauth_Provider::TOKEN_USED;
132 if($token->tstate == OAuthToken::ACCESS) {
133 $provider->token_secret = $token->secret;
134 $this->token = $token;
135 return Zend_Oauth_Provider::OK;
137 return Zend_Oauth_Provider::TOKEN_REJECTED;
140 protected function decodePostGet()
143 $data = array_merge($data, $_POST);
144 foreach($data as $k => $v) {
145 $data[$k] = from_html($v);
151 * Create OAuth provider
153 * Checks current request for OAuth valitidy
154 * @param bool $add_rest add REST endpoint as request path
156 public function __construct($req_path = '')
158 $GLOBALS['log']->debug("OAUTH: __construct($req_path): ".var_export($_REQUEST, true));
160 $this->provider = new Zend_Oauth_Provider();
162 $this->provider->setConsumerHandler(array($this,'lookupConsumer'));
163 $this->provider->setTimestampNonceHandler(array($this,'timestampNonceChecker'));
164 $this->provider->setTokenHandler(array($this,'tokenHandler'));
165 if(!empty($req_path)) {
166 $this->provider->setRequestTokenPath($req_path); // No token needed for this end point
168 $this->provider->checkOAuthRequest(null, $this->decodePostGet());
169 if(mt_rand() % 10 == 0) {
170 // cleanup 1 in 10 times
171 OAuthToken::cleanup();
173 } catch(Exception $e) {
174 $GLOBALS['log']->debug($this->reportProblem($e));
180 * Generate request token string
183 public function requestToken()
185 $GLOBALS['log']->debug("OAUTH: requestToken");
186 $token = OAuthToken::generate();
187 $token->setConsumer($this->consumer);
189 return $token->queryString();
193 * Generate access token string - must have validated request token
196 public function accessToken()
198 $GLOBALS['log']->debug("OAUTH: accessToken");
199 if(empty($this->token) || $this->token->tstate != OAuthToken::REQUEST) {
202 $this->token->invalidate();
203 $token = OAuthToken::generate();
204 $token->setState(OAuthToken::ACCESS);
205 $token->setConsumer($this->consumer);
206 // transfer user data from request token
207 $token->copyAuthData($this->token);
209 return $token->queryString();
213 * Return authorization URL
216 public function authUrl()
218 return urlencode($GLOBALS['sugar_config']['site_url']."index.php?module=OAuthTokens&action=authorize");
222 * Fetch current token if it is authorized
223 * @return OAuthToken|null
225 public function authorizedToken()
227 if($this->token->tstate == OAuthToken::ACCESS) {
234 * Fetch authorization data from current token
235 * @return mixed Authorization data or null if none
237 public function authorization()
239 if($this->token->tstate == OAuthToken::ACCESS) {
240 return $this->token->authdata;
246 * Report OAuth problem as string
248 public function reportProblem(Exception $e)
250 return $this->provider->reportProblem($e);
254 if(!class_exists('OAuthException')) {
255 // we will use this in case oauth extension is not loaded
256 class OAuthException extends Exception {}