PageRenderTime 23ms CodeModel.GetById 1ms RepoModel.GetById 0ms app.codeStats 0ms

/common/libraries/plugin/pear/OAuth/Request.php

https://bitbucket.org/chamilo/chamilo/
PHP | 341 lines | 123 code | 33 blank | 185 comment | 15 complexity | da3d98736ae90e29be82654c686ff985 MD5 | raw file
Possible License(s): GPL-2.0, BSD-3-Clause, LGPL-2.1, LGPL-3.0, GPL-3.0, MIT
  1. <?php
  2. /**
  3. * OAuth Request
  4. *
  5. * Adapted from Andy Smith's OAuth library for PHP
  6. *
  7. * @link http://oauth.net/core/1.0
  8. * @link http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/1/spec.html
  9. * @link http://oauth.googlecode.com/svn/code/php/
  10. * @link http://term.ie/oauth/example/
  11. *
  12. * @package OAuth
  13. *
  14. * @author jhart
  15. * @copyright Copyright (c) 2008, Photobucket, Inc.
  16. * @license http://www.opensource.org/licenses/mit-license.php The MIT License
  17. */
  18. /**
  19. * Utilities
  20. */
  21. require_once('OAuth/Utils.php');
  22. /**
  23. * Signing methods
  24. */
  25. require_once('OAuth/Signature.php');
  26. /**
  27. * Consumer Model
  28. */
  29. require_once('OAuth/Consumer.php');
  30. /**
  31. * Token Model
  32. */
  33. require_once('OAuth/Token.php');
  34. /**
  35. * OAuth Request Representation
  36. *
  37. * @package OAuth
  38. */
  39. class OAuth_Request {
  40. /**
  41. * holds all parameters for request
  42. *
  43. * @access protected
  44. * @var array
  45. */
  46. protected $parameters = array();
  47. /**
  48. * Holds HTTP method (normalized, strtoupper)
  49. *
  50. * @var string
  51. */
  52. protected $http_method = '';
  53. /**
  54. * Holds url (normalized, per function)
  55. *
  56. * @var string
  57. */
  58. protected $http_url = '';
  59. /**
  60. * generated base string for this request (debugging)
  61. *
  62. * @var string
  63. */
  64. public $base_string = '';
  65. /**
  66. * generated key string for this request (debugging)
  67. *
  68. * @var string
  69. */
  70. public $key_string = '';
  71. /**
  72. * Allowed version that we support with this library
  73. *
  74. * @var string
  75. */
  76. public static $version = '1.0';
  77. /**
  78. * Request Constructor
  79. *
  80. * @uses getNormalizedHttpUrl()
  81. * @param string $http_method http method
  82. * @param string $http_url url
  83. * @param array $parameters array of parameters
  84. */
  85. public function __construct($http_method, $http_url, $parameters = null) {
  86. @$parameters or $parameters = array();
  87. $this->parameters = $parameters;
  88. $this->http_method = strtoupper($http_method);
  89. $this->http_url = self::getNormalizedHttpUrl($http_url);
  90. }
  91. /**
  92. * build up a request from what was passed to the server
  93. *
  94. * @param string $http_method [optional, default=_SERVER[HTTP_METHOD]] HTTP method (get|put|post|delete)
  95. * @param string $http_url [optional, default=http://_SERVER[HTTP_HOST]._SERVER[REQUEST_URI]] request url to sign
  96. * @param array $parameters [optional, default=_REQUEST] parameters to sign
  97. * @return self
  98. */
  99. public static function fromRequest($http_method=null, $http_url=null, $parameters=null) {
  100. @$http_url or $http_url = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
  101. @$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
  102. if ($parameters) {
  103. $req = new self($http_method, $http_url, $parameters);
  104. } else {
  105. $parameters = array_diff_assoc($_REQUEST, $_COOKIE);
  106. $request_headers = apache_request_headers();
  107. if (array_key_exists('Authorization', $request_headers) && substr($request_headers['Authorization'], 0, 5) == 'OAuth') {
  108. $header_parameters = self::splitHeader($request_headers['Authorization']);
  109. $parameters = array_merge($header_parameters, $parameters);
  110. }
  111. $req = new self($http_method, $http_url, $parameters);
  112. }
  113. return $req;
  114. }
  115. /**
  116. * build up a request form just a URL+querystring
  117. *
  118. * @param string $url a whole url, querystring included.
  119. * @param string $http_method [optional, default=GET] http method
  120. * @param OAuth_Consumer $consumer [optional] consumer to sign with
  121. * @param OAuth_Token $token [optional] token to sign with
  122. * @return self
  123. */
  124. public static function fromUrl($url, $http_method = 'GET', $consumer = null, $token = null) {
  125. $parts = parse_url($url);
  126. $qs = array();
  127. parse_str($parts['query'], $qs);
  128. if (!$consumer) {
  129. return self::fromRequest($http_method, $url, $qs);
  130. } else {
  131. return self::fromConsumerAndToken($consumer, $token, $http_method, $url, $qs);
  132. }
  133. }
  134. /**
  135. * Create request from consumer and token as well (for a new request)
  136. *
  137. * @param OAuth_Consumer $consumer consumer
  138. * @param OAuth_Token $token token
  139. * @param string $http_method method
  140. * @param string $http_url url
  141. * @param array $parameters parameters
  142. * @return self
  143. */
  144. public static function fromConsumerAndToken(OAuth_Consumer $consumer, $token, $http_method, $http_url, $parameters) {
  145. @$parameters or $parameters = array();
  146. $defaults = array('oauth_version' => self::$version,
  147. 'oauth_nonce' => self::getNonce(),
  148. 'oauth_timestamp' => self::getTimestamp(),
  149. 'oauth_consumer_key' => $consumer->getKey());
  150. $parameters = array_merge($defaults, $parameters);
  151. if ($token) {
  152. $parameters['oauth_token'] = $token->getKey();
  153. }
  154. return new self($http_method, $http_url, $parameters);
  155. }
  156. /**
  157. * set a parameter
  158. *
  159. * @param string $name
  160. * @param string $value
  161. */
  162. public function setParameter($name, $value) {
  163. $this->parameters[$name] = $value;
  164. }
  165. /**
  166. * get a parameter
  167. *
  168. * @param string $name
  169. * @return string
  170. */
  171. public function getParameter($name) {
  172. if (!array_key_exists($name, $this->parameters)) return null;
  173. return $this->parameters[$name];
  174. }
  175. /**
  176. * Get parameters array
  177. *
  178. * @return array of key=>value
  179. */
  180. public function getParameters() {
  181. return $this->parameters;
  182. }
  183. /**
  184. * normalize input url
  185. *
  186. * @param string $url url to normalize
  187. * @return string normalized url
  188. */
  189. public static function getNormalizedHttpUrl($url) {
  190. $parts = parse_url($url);
  191. $port = '';
  192. if (array_key_exists('port', $parts) && $parts['port'] != '80') {
  193. $port = ':' . $parts['port'];
  194. }
  195. return $parts['scheme'] . '://' . $parts['host'] . $port . '/' . trim($parts['path'], '/');
  196. }
  197. /**
  198. * get HTTP url in this request (normalized)
  199. *
  200. * @return string
  201. */
  202. public function getHttpUrl() {
  203. return $this->http_url;
  204. }
  205. /**
  206. * get HTTP method in this request (normalized)
  207. *
  208. * @return unknown
  209. */
  210. public function getHttpMethod() {
  211. return $this->http_method;
  212. }
  213. /**
  214. * Build whole url for request
  215. *
  216. * @uses toPostdata()
  217. * @uses getHttpUrl()
  218. * @return string http://httpurl?parameters
  219. */
  220. public function toUrl() {
  221. $out = $this->getHttpUrl() . '?';
  222. $out .= $this->toPostdata();
  223. return $out;
  224. }
  225. /**
  226. * build querystring for post or get
  227. *
  228. * @return string param=value&param=value...
  229. */
  230. public function toPostdata() {
  231. return OAuth_Utils::normalizeKeyValueParameters($this->getParameters());
  232. }
  233. /**
  234. * Builds Authorization: header for request
  235. *
  236. * @return string Authorization: OAuth ...
  237. */
  238. public function toHeader() {
  239. $out = '"Authorization: OAuth realm="",';
  240. return $out . OAuth_Utils::normalizeKeyValueParameters($this->getParameters(), ',');
  241. }
  242. /**
  243. * gets url
  244. *
  245. * @uses toUrl()
  246. * @return string
  247. */
  248. public function __toString() {
  249. return $this->toUrl();
  250. }
  251. /**
  252. * Signs this request - adds parameters for signature method and the signed signature
  253. *
  254. * @param string $signature_method signing method identifier
  255. * @param OAuth_Consumer $consumer to sign against
  256. * @param OAuth_Token $token to sign against
  257. */
  258. public function signRequest($signature_method, OAuth_Consumer $consumer, $token = null) {
  259. if (!($method = OAuth_Signature::getSignatureMethod($signature_method))) return false;
  260. $this->setParameter('oauth_signature_method', $method->getMethodName());
  261. $consumer_secret = $consumer->getSecret();
  262. $token_secret = ($token) ? $token->getSecret() : '';
  263. $signature = $method->signRequest($this, $consumer_secret, $token_secret);
  264. $this->setParameter('oauth_signature', $signature);
  265. }
  266. /**
  267. * Get current timestamp
  268. *
  269. * @return int
  270. */
  271. public static function getTimestamp() {
  272. //return 1191242096; //example from spec
  273. return time();
  274. }
  275. /**
  276. * get current nonce
  277. *
  278. * @return string
  279. */
  280. public static function getNonce() {
  281. //return 'kllo9940pd9333jh'; //example from spec
  282. $mt = microtime();
  283. $rand = mt_rand();
  284. return md5($mt . $rand); // md5s look nicer than numbers
  285. }
  286. /**
  287. * util function for turning the Authorization: header into
  288. * parameters, has to do some unescaping
  289. *
  290. * @param string $header string to split up
  291. * @return array array of oauth params
  292. */
  293. public static function splitHeader($header) {
  294. // error cases: commas in parameter values
  295. $parts = explode(',', $header);
  296. $out = array();
  297. foreach ($parts as $param) {
  298. $param = trim($param);
  299. // skip the 'realm' param, nobody ever uses it anyway
  300. if (substr($param, 0, 5) != 'oauth') continue;
  301. $param_parts = explode('=', $param);
  302. // rawurldecode() used because urldecode() will turn a '+' in the
  303. // value into a space
  304. $out[OAuth_Utils::urldecodeRFC3986($param_parts[0])] = OAuth_Utils::urldecodeRFC3986_UTF8($param_parts[1]);
  305. }
  306. return $out;
  307. }
  308. }