PageRenderTime 35ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/src/MaxCDN/OAuth/OAuthUtil.php

https://gitlab.com/Blueprint-Marketing/php-maxcdn
PHP | 154 lines | 101 code | 18 blank | 35 comment | 20 complexity | b47593b5cce11041f6309f71a240fc64 MD5 | raw file
    

  1. <?php
    2. 

  2. namespace MaxCDN\OAuth;
    3. 

  3. 

  4. class OAuthUtil {
    5. 

  5.     public static function urlencode_rfc3986($input) {
    6. 

  6.         if (is_array($input)) {
    7. 

  7.             return array_map(array('\MaxCDN\OAuth\OAuthUtil', 'urlencode_rfc3986'), $input);
    8. 

  8.         } else if (is_scalar($input)) {
    9. 

  9.             return str_replace(
    10. 

  10.                                '+',
    11. 

  11.                                ' ',
    12. 

  12.                                str_replace('%7E', '~', rawurlencode($input))
    13. 

  13.                               );
    14. 

  14.         } else {
    15. 

  15.             return '';
    16. 

  16.         }
    17. 

  17.     }
    18. 

  18. 

  19. 

  20.     // This decode function isn't taking into consideration the above
    21. 

  21.     // modifications to the encoding process. However, this method doesn't
    22. 

  22.     // seem to be used anywhere so leaving it as is.
    23. 

  23.     public static function urldecode_rfc3986($string) {
    24. 

  24.         return urldecode($string);
    25. 

  25.     }
    26. 

  26. 

  27.     // Utility function for turning the Authorization: header into
    28. 

  28.     // parameters, has to do some unescaping
    29. 

  29.     // Can filter out any non-oauth parameters if needed (default behaviour)
    30. 

  30.     // May 28th, 2010 - method updated to tjerk.meesters for a speed improvement.
    31. 

  31.     //                  see http://code.google.com/p/oauth/issues/detail?id=163
    32. 

  32.     public static function split_header($header, $only_allow_oauth_parameters = true) {
    33. 

  33.         $params = array();
    34. 

  34.         if (preg_match_all('/('.($only_allow_oauth_parameters ? 'oauth_' : '').'[a-z_-]*)=(:?"([^"]*)"|([^,]*))/', $header, $matches)) {
    35. 

  35.             foreach ($matches[1] as $i => $h) {
    36. 

  36.                 $params[$h] = OAuthUtil::urldecode_rfc3986(empty($matches[3][$i]) ? $matches[4][$i] : $matches[3][$i]);
    37. 

  37.             }
    38. 

  38.         if (isset($params['realm'])) {
    39. 

  39.             unset($params['realm']);
    40. 

  40.         }
    41. 

  41.     }
    42. 

  42.     return $params;
    43. 

  43.     }
    44. 

  44. 

  45.     // helper to try to sort out headers for people who aren't running apache
    46. 

  46.     public static function get_headers() {
    47. 

  47.         if (function_exists('apache_request_headers')) {
    48. 

  48.             // we need this to get the actual Authorization: header
    49. 

  49.             // because apache tends to tell us it doesn't exist
    50. 

  50.             $headers = apache_request_headers();
    51. 

  51. 

  52.             // sanitize the output of apache_request_headers because
    53. 

  53.             // we always want the keys to be Cased-Like-This and arh()
    54. 

  54.             // returns the headers in the same case as they are in the
    55. 

  55.             // request
    56. 

  56.             $out = array();
    57. 

  57.             foreach ($headers AS $key => $value) {
    58. 

  58.                 $key = str_replace(
    59. 

  59.                                    " ",
    60. 

  60.                                    "-",
    61. 

  61.                                    ucwords(strtolower(str_replace("-", " ", $key)))
    62. 

  62.                                   );
    63. 

  63.                 $out[$key] = $value;
    64. 

  64.             }
    65. 

  65.         } else {
    66. 

  66.             // otherwise we don't have apache and are just going to have to hope
    67. 

  67.             // that $_SERVER actually contains what we need
    68. 

  68.             $out = array();
    69. 

  69.             if( isset($_SERVER['CONTENT_TYPE']) )
    70. 

  70.                 $out['Content-Type'] = $_SERVER['CONTENT_TYPE'];
    71. 

  71.             if( isset($_ENV['CONTENT_TYPE']) )
    72. 

  72.                 $out['Content-Type'] = $_ENV['CONTENT_TYPE'];
    73. 

  73. 

  74.             foreach ($_SERVER as $key => $value) {
    75. 

  75.                 if (substr($key, 0, 5) == "HTTP_") {
    76. 

  76.                     // this is chaos, basically it is just there to capitalize the first
    77. 

  77.                     // letter of every word that is not an initial HTTP and strip HTTP
    78. 

  78.                     // code from przemek
    79. 

  79.                     $key = str_replace(
    80. 

  80.                                        " ",
    81. 

  81.                                        "-",
    82. 

  82.                                        ucwords(strtolower(str_replace("_", " ", substr($key, 5))))
    83. 

  83.                                       );
    84. 

  84.                     $out[$key] = $value;
    85. 

  85.                 }
    86. 

  86.             }
    87. 

  87.         }
    88. 

  88.         return $out;
    89. 

  89.     }
    90. 

  90. 

  91.     // This function takes a input like a=b&a=c&d=e and returns the parsed
    92. 

  92.     // parameters like this
    93. 

  93.     // array('a' => array('b','c'), 'd' => 'e')
    94. 

  94.     public static function parse_parameters( $input ) {
    95. 

  95.         if (!isset($input) || !$input) return array();
    96. 

  96. 

  97.         $pairs = explode('&', $input);
    98. 

  98. 

  99.         $parsed_parameters = array();
    100. 

  100.         foreach ($pairs as $pair) {
    101. 

  101.             $split = explode('=', $pair, 2);
    102. 

  102.             $parameter = OAuthUtil::urldecode_rfc3986($split[0]);
    103. 

  103.             $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : '';
    104. 

  104. 

  105.             if (isset($parsed_parameters[$parameter])) {
    106. 

  106.                 // We have already recieved parameter(s) with this name, so add to the list
    107. 

  107.                 // of parameters with this name
    108. 

  108. 

  109.                 if (is_scalar($parsed_parameters[$parameter])) {
    110. 

  110.                     // This is the first duplicate, so transform scalar (string) into an array
    111. 

  111.                     // so we can add the duplicates
    112. 

  112.                     $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]);
    113. 

  113.                 }
    114. 

  114. 

  115.                 $parsed_parameters[$parameter][] = $value;
    116. 

  116.             } else {
    117. 

  117.                 $parsed_parameters[$parameter] = $value;
    118. 

  118.             }
    119. 

  119.         }
    120. 

  120.         return $parsed_parameters;
    121. 

  121.     }
    122. 

  122. 

  123.     public static function build_http_query($params) {
    124. 

  124.         if (!$params) return '';
    125. 

  125. 

  126.         // Urlencode both keys and values
    127. 

  127.         $keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
    128. 

  128.         $values = OAuthUtil::urlencode_rfc3986(array_values($params));
    129. 

  129.         $params = array_combine($keys, $values);
    130. 

  130. 

  131.         // Parameters are sorted by name, using lexicographical byte value ordering.
    132. 

  132.         // Ref: Spec: 9.1.1 (1)
    133. 

  133.         uksort($params, 'strcmp');
    134. 

  134. 

  135.         $pairs = array();
    136. 

  136.         foreach ($params as $parameter => $value) {
    137. 

  137.             if (is_array($value)) {
    138. 

  138.                 // If two or more parameters share the same name, they are sorted by their value
    139. 

  139.                 // Ref: Spec: 9.1.1 (1)
    140. 

  140.                 // June 12th, 2010 - changed to sort because of issue 164 by hidetaka
    141. 

  141.                 sort($value, SORT_STRING);
    142. 

  142.                 foreach ($value as $duplicate_value) {
    143. 

  143.                     $pairs[] = $parameter . '=' . $duplicate_value;
    144. 

  144.                 }
    145. 

  145.             } else {
    146. 

  146.                 $pairs[] = $parameter . '=' . $value;
    147. 

  147.             }
    148. 

  148.         }
    149. 

  149.         // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
    150. 

  150.         // Each name-value pair is separated by an '&' character (ASCII code 38)
    151. 

  151.         return implode('&', $pairs);
    152. 

  152.     }
    153. 

  153. }
    154. 

  154. 

  155.