PageRenderTime 55ms CodeModel.GetById 27ms RepoModel.GetById 1ms app.codeStats 0ms

/include/SugarOAuthServer.php

https://github.com/BarnetikKoop/SuiteCRM
PHP | 268 lines | 146 code | 17 blank | 105 comment | 32 complexity | a01fc5891ce3f3d4db64ce645c1068bc MD5 | raw file
Possible License(s): AGPL-3.0, LGPL-2.1, MPL-2.0-no-copyleft-exception 
    

  1. <?php
    2. 

  2. /*********************************************************************************
    3. 

  3.  * SugarCRM Community Edition is a customer relationship management program developed by
    4. 

  4.  * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
    5. 

    6. 

  6.  * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
    7. 

  7.  * Copyright (C) 2011 - 2014 Salesagility Ltd.
    8. 

  8.  *
    9. 

  9.  * This program is free software; you can redistribute it and/or modify it under
    10. 

  10.  * the terms of the GNU Affero General Public License version 3 as published by the
    11. 

  11.  * Free Software Foundation with the addition of the following permission added
    12. 

  12.  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
    13. 

  13.  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
    14. 

  14.  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
    15. 

  15.  *
    16. 

  16.  * This program is distributed in the hope that it will be useful, but WITHOUT
    17. 

  17.  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
    18. 

  18.  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
    19. 

  19.  * details.
    20. 

  20.  *
    21. 

  21.  * You should have received a copy of the GNU Affero General Public License along with
    22. 

  22.  * this program; if not, see http://www.gnu.org/licenses or write to the Free
    23. 

  23.  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
    24. 

  24.  * 02110-1301 USA.
    25. 

  25.  *
    26. 

  26.  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
    27. 

  27.  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
    28. 

  28.  *
    29. 

  29.  * The interactive user interfaces in modified source and object code versions
    30. 

  30.  * of this program must display Appropriate Legal Notices, as required under
    31. 

  31.  * Section 5 of the GNU Affero General Public License version 3.
    32. 

  32.  *
    33. 

  33.  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
    34. 

  34.  * these Appropriate Legal Notices must retain the display of the "Powered by
    35. 

  35.  * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
    36. 

  36.  * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
    37. 

  37.  * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
    38. 

  38.  ********************************************************************************/
    39. 

  39. 

  40. 

  41. require_once 'modules/OAuthTokens/OAuthToken.php';
    42. 

  42. require_once 'modules/OAuthKeys/OAuthKey.php';
    43. 

  43. /**
    44. 

  44.  * Sugar OAuth provider implementation
    45. 

  45.  * @api
    46. 

  46.  */
    47. 

  47. class SugarOAuthServer
    48. 

  48. {
    49. 

  49.     /**
    50. 

  50.      * OAuth token
    51. 

  51.      * @var OAuthToken
    52. 

  52.      */
    53. 

  53.     protected $token;
    54. 

  54. 

  55.     /**
    56. 

  56.      * Check if everything is OK
    57. 

  57.      * @throws OAuthException
    58. 

  58.      */
    59. 

  59.     protected function check()
    60. 

  60.     {
    61. 

  61.         if(!function_exists('mhash') && !function_exists('hash_hmac')) {
    62. 

  62.             // define exception class
    63. 

  63.             throw new OAuthException("MHash extension required for OAuth support");
    64. 

  64.         }
    65. 

  65.     }
    66. 

  66. 

  67.     /**
    68. 

  68.      * Is this functionality enabled?
    69. 

  69.      */
    70. 

  70.     public static function enabled()
    71. 

  71.     {
    72. 

  72.         return function_exists('mhash') || function_exists('hash_hmac');
    73. 

  73.     }
    74. 

  74. 

  75.     /**
    76. 

  76.      * Find consumer by key
    77. 

  77.      * @param $provider
    78. 

  78.      */
    79. 

  79.     public function lookupConsumer($provider)
    80. 

  80.     {
    81. 

  81.         // check $provider->consumer_key
    82. 

  82.         // on unknown: Zend_Oauth_Provider::CONSUMER_KEY_UNKNOWN
    83. 

  83.         // on bad key: Zend_Oauth_Provider::CONSUMER_KEY_REFUSED
    84. 

  84.         $GLOBALS['log']->debug("OAUTH: lookupConsumer, key={$provider->consumer_key}");
    85. 

  85.         $consumer = OAuthKey::fetchKey($provider->consumer_key);
    86. 

  86.         if(!$consumer) {
    87. 

  87.             return Zend_Oauth_Provider::CONSUMER_KEY_UNKNOWN;
    88. 

  88.         }
    89. 

  89.         $provider->consumer_secret = $consumer->c_secret;
    90. 

  90.         $this->consumer = $consumer;
    91. 

  91.         return Zend_Oauth_Provider::OK;
    92. 

  92.     }
    93. 

  93. 

  94.     /**
    95. 

  95.      * Check timestamps & nonces
    96. 

  96.      * @param OAuthProvider $provider
    97. 

  97.      */
    98. 

  98.     public function timestampNonceChecker($provider)
    99. 

  99.     {
    100. 

  100.         // FIXME: add ts/nonce verification
    101. 

  101.         if(empty($provider->nonce)) {
    102. 

  102.             return Zend_Oauth_Provider::BAD_NONCE;
    103. 

  103.         }
    104. 

  104.         if(empty($provider->timestamp)) {
    105. 

  105.             return Zend_Oauth_Provider::BAD_TIMESTAMP;
    106. 

  106.         }
    107. 

  107.         return OAuthToken::checkNonce($provider->consumer_key, $provider->nonce, $provider->timestamp);
    108. 

  108.     }
    109. 

  109. 

  110.     /**
    111. 

  111.      * Vefiry incoming token
    112. 

  112.      * @param OAuthProvider $provider
    113. 

  113.      */
    114. 

  114.     public function tokenHandler($provider)
    115. 

  115.     {
    116. 

  116.         $GLOBALS['log']->debug("OAUTH: tokenHandler, token={$provider->token}, verify={$provider->verifier}");
    117. 

  117. 

  118.         $token = OAuthToken::load($provider->token);
    119. 

  119.         if(empty($token)) {
    120. 

  120.             return Zend_Oauth_Provider::TOKEN_REJECTED;
    121. 

  121.         }
    122. 

  122.         if($token->consumer != $this->consumer->id) {
    123. 

  123.             return Zend_Oauth_Provider::TOKEN_REJECTED;
    124. 

  124.         }
    125. 

  125.         $GLOBALS['log']->debug("OAUTH: tokenHandler, found token=".var_export($token->id, true));
    126. 

  126.         if($token->tstate == OAuthToken::REQUEST) {
    127. 

  127.             if(!empty($token->verify) && $provider->verifier == $token->verify) {
    128. 

  128.                 $provider->token_secret = $token->secret;
    129. 

  129.                 $this->token = $token;
    130. 

  130.                 return Zend_Oauth_Provider::OK;
    131. 

  131.             } else {
    132. 

  132.                 return Zend_Oauth_Provider::TOKEN_USED;
    133. 

  133.             }
    134. 

  134.         }
    135. 

  135.         if($token->tstate == OAuthToken::ACCESS) {
    136. 

  136.             $provider->token_secret = $token->secret;
    137. 

  137.             $this->token = $token;
    138. 

  138.             return Zend_Oauth_Provider::OK;
    139. 

  139.         }
    140. 

  140.         return Zend_Oauth_Provider::TOKEN_REJECTED;
    141. 

  141.     }
    142. 

  142. 

  143.     /**
    144. 

  144.      * Decode POST/GET via from_html()
    145. 

  145.      * @return array decoded data
    146. 

  146.      */
    147. 

  147.     protected function decodePostGet()
    148. 

  148.     {
    149. 

  149.         $data = $_GET;
    150. 

  150.         $data = array_merge($data, $_POST);
    151. 

  151.         foreach($data as $k => $v) {
    152. 

  152.             $data[$k] = from_html($v);
    153. 

  153.         }
    154. 

  154.         return $data;
    155. 

  155.     }
    156. 

  156. 

  157.     /**
    158. 

  158.      * Create OAuth provider
    159. 

  159.      *
    160. 

  160.      * Checks current request for OAuth valitidy
    161. 

  161.      * @param bool $add_rest add REST endpoint as request path
    162. 

  162.      */
    163. 

  163.     public function __construct($req_path = '')
    164. 

  164.     {
    165. 

  165.         $GLOBALS['log']->debug("OAUTH: __construct($req_path): ".var_export($_REQUEST, true));
    166. 

  166.         $this->check();
    167. 

  167.         $this->provider = new Zend_Oauth_Provider();
    168. 

  168.         try {
    169. 

  169. 		    $this->provider->setConsumerHandler(array($this,'lookupConsumer'));
    170. 

  170. 		    $this->provider->setTimestampNonceHandler(array($this,'timestampNonceChecker'));
    171. 

  171. 		    $this->provider->setTokenHandler(array($this,'tokenHandler'));
    172. 

  172. 	        if(!empty($req_path)) {
    173. 

  173. 		        $this->provider->isRequestTokenEndpoint($req_path);  // No token needed for this end point
    174. 

  174. 	        }
    175. 

  175. 	    	$this->provider->checkOAuthRequest(null, $this->decodePostGet());
    176. 

  176. 	    	if(mt_rand() % 10 == 0) {
    177. 

  177. 	    	    // cleanup 1 in 10 times
    178. 

  178. 	    	    OAuthToken::cleanup();
    179. 

  179. 	    	}
    180. 

  180.         } catch(Exception $e) {
    181. 

  181.             $GLOBALS['log']->debug($this->reportProblem($e));
    182. 

  182.             throw $e;
    183. 

  183.         }
    184. 

  184.     }
    185. 

  185. 

  186.     /**
    187. 

  187.      * Generate request token string
    188. 

  188.      * @return string
    189. 

  189.      */
    190. 

  190.     public function requestToken()
    191. 

  191.     {
    192. 

  192.         $GLOBALS['log']->debug("OAUTH: requestToken");
    193. 

  193.         $token = OAuthToken::generate();
    194. 

  194.         $token->setConsumer($this->consumer);
    195. 

  195.         $params = $this->provider->getOAuthParams();
    196. 

  196.         if(!empty($params['oauth_callback']) && $params['oauth_callback'] != 'oob') {
    197. 

  197.             $token->setCallbackURL($params['oauth_callback']);
    198. 

  198.         }
    199. 

  199.         $token->save();
    200. 

  200.         return $token->queryString();
    201. 

  201.     }
    202. 

  202. 

  203.     /**
    204. 

  204.      * Generate access token string - must have validated request token
    205. 

  205.      * @return string
    206. 

  206.      */
    207. 

  207.     public function accessToken()
    208. 

  208.     {
    209. 

  209.         $GLOBALS['log']->debug("OAUTH: accessToken");
    210. 

  210.         if(empty($this->token) || $this->token->tstate != OAuthToken::REQUEST) {
    211. 

  211.             return null;
    212. 

  212.         }
    213. 

  213.         $this->token->invalidate();
    214. 

  214.         $token = OAuthToken::generate();
    215. 

  215.         $token->setState(OAuthToken::ACCESS);
    216. 

  216.         $token->setConsumer($this->consumer);
    217. 

  217.         // transfer user data from request token
    218. 

  218.         $token->copyAuthData($this->token);
    219. 

  219.         $token->save();
    220. 

  220.         return $token->queryString();
    221. 

  221.     }
    222. 

  222. 

  223.     /**
    224. 

  224.      * Return authorization URL
    225. 

  225.      * @return string
    226. 

  226.      */
    227. 

  227.     public function authUrl()
    228. 

  228.     {
    229. 

  229.         return urlencode(rtrim($GLOBALS['sugar_config']['site_url'],'/')."/index.php?module=OAuthTokens&action=authorize");
    230. 

  230.     }
    231. 

  231. 

  232.     /**
    233. 

  233.      * Fetch current token if it is authorized
    234. 

  234.      * @return OAuthToken|null
    235. 

  235.      */
    236. 

  236.     public function authorizedToken()
    237. 

  237.     {
    238. 

  238.         if($this->token->tstate == OAuthToken::ACCESS) {
    239. 

  239.             return $this->token;
    240. 

  240.         }
    241. 

  241.         return null;
    242. 

  242.     }
    243. 

  243. 

  244.     /**
    245. 

  245.      * Fetch authorization data from current token
    246. 

  246.      * @return mixed Authorization data or null if none
    247. 

  247.      */
    248. 

  248.     public function authorization()
    249. 

  249.     {
    250. 

  250.         if($this->token->tstate == OAuthToken::ACCESS) {
    251. 

  251.             return $this->token->authdata;
    252. 

  252.         }
    253. 

  253.         return null;
    254. 

  254.     }
    255. 

  255. 

  256.     /**
    257. 

  257.      * Report OAuth problem as string
    258. 

  258.      */
    259. 

  259.     public function reportProblem(Exception $e)
    260. 

  260.     {
    261. 

  261.         return $this->provider->reportProblem($e);
    262. 

  262.     }
    263. 

  263. }
    264. 

  264. 

  265. if(!class_exists('OAuthException')) {
    266. 

  266.     // we will use this in case oauth extension is not loaded
    267. 

  267.     class OAuthException extends Exception {}
    268. 

  268. }
    269.