Change all references to consumer to client, as per RFC 5849.

This commit is contained in:
Gary Jones 2012-11-18 02:33:29 +00:00
parent 4d5cfee737
commit 12afd40c6e
9 changed files with 95 additions and 72 deletions

View File

@ -1,10 +1,10 @@
<?php <?php
namespace GaryJones\OAuth; namespace GaryJones\OAuth;
class Consumer class Client
{ {
public $key; protected $key;
public $secret; protected $secret;
public function __construct($key, $secret, $callback_url = null) public function __construct($key, $secret, $callback_url = null)
{ {
@ -13,8 +13,18 @@ class Consumer
$this->callback_url = $callback_url; $this->callback_url = $callback_url;
} }
public function getKey()
{
return $this->key;
}
public function getSecret()
{
return $this->secret;
}
public function __toString() public function __toString()
{ {
return "OAuthConsumer[key=$this->key,secret=$this->secret]"; return "OAuthClient[key=$this->key,secret=$this->secret]";
} }
} }

View File

@ -15,14 +15,14 @@ class HmacSha1 extends SignatureMethod
return 'HMAC-SHA1'; return 'HMAC-SHA1';
} }
public function buildSignature($request, $consumer, $token) public function buildSignature($request, $client, $token)
{ {
$base_string = $request->getSignatureBaseString(); $base_string = $request->getSignatureBaseString();
$request->base_string = $base_string; $request->base_string = $base_string;
$key_parts = array( $key_parts = array(
$consumer->secret, $client->getSecret(),
($token) ? $token->secret : '' ($token) ? $token->getSecret() : ''
); );
$key_parts = Util::urlencodeRfc3986($key_parts); $key_parts = Util::urlencodeRfc3986($key_parts);

View File

@ -12,28 +12,28 @@ interface OAuthDataStore
/** /**
* *
* @param type $consumer * @param type $client
* @param type $token_type * @param type $token_type
* @param type $token * @param type $token
*/ */
public function lookupToken($consumer, $token_type, $token); public function lookupToken($client, $token_type, $token);
/** /**
* *
* @param type $consumer * @param type $client
* @param type $token * @param type $token
* @param type $nonce * @param type $nonce
* @param type $timestamp * @param type $timestamp
*/ */
public function lookupNonce($consumer, $token, $nonce, $timestamp); public function lookupNonce($client, $token, $nonce, $timestamp);
/** /**
* Return a new token attached to this consumer. * Return a new token attached to this consumer.
* *
* @param type $consumer * @param type $client
* @param type $callback * @param type $callback
*/ */
public function newRequestToken($consumer, $callback = null); public function newRequestToken($client, $callback = null);
/** /**
* Return a new access token attached to this consumer for the user * Return a new access token attached to this consumer for the user
@ -42,8 +42,8 @@ interface OAuthDataStore
* Should also invalidate the request token. * Should also invalidate the request token.
* *
* @param type $token * @param type $token
* @param type $consumer * @param type $client
* @param type $verifier * @param type $verifier
*/ */
public function newAccessToken($token, $consumer, $verifier = null); public function newAccessToken($token, $client, $verifier = null);
} }

View File

@ -72,15 +72,15 @@ class OAuthRequest
/** /**
* pretty much a helper function to set up the request * pretty much a helper function to set up the request
*/ */
public static function fromConsumerAndToken($consumer, $token, $http_method, $http_url, $parameters = null) public static function fromClientAndToken($client, $token, $http_method, $http_url, $parameters = null)
{ {
$parameters = ($parameters) ? $parameters : array(); $parameters = ($parameters) ? $parameters : array();
$defaults = array("oauth_version" => OAuthRequest::$version, $defaults = array("oauth_version" => OAuthRequest::$version,
"oauth_nonce" => OAuthRequest::generateNonce(), "oauth_nonce" => OAuthRequest::generateNonce(),
"oauth_timestamp" => OAuthRequest::generateTimestamp(), "oauth_timestamp" => OAuthRequest::generateTimestamp(),
"oauth_consumer_key" => $consumer->key); "oauth_consumer_key" => $client->getKey());
if ($token) { if ($token) {
$defaults['oauth_token'] = $token->key; $defaults['oauth_token'] = $token->getKey();
} }
$parameters = array_merge($defaults, $parameters); $parameters = array_merge($defaults, $parameters);
@ -250,16 +250,16 @@ class OAuthRequest
return $this->toUrl(); return $this->toUrl();
} }
public function signRequest($signature_method, $consumer, $token) public function signRequest($signature_method, $client, $token)
{ {
$this->setParameter('oauth_signature_method', $signature_method->getName(), false); $this->setParameter('oauth_signature_method', $signature_method->getName(), false);
$signature = $this->buildSignature($signature_method, $consumer, $token); $signature = $this->buildSignature($signature_method, $client, $token);
$this->setParameter('oauth_signature', $signature, false); $this->setParameter('oauth_signature', $signature, false);
} }
public function buildSignature($signature_method, $consumer, $token) public function buildSignature($signature_method, $client, $token)
{ {
$signature = $signature_method->buildSignature($this, $consumer, $token); $signature = $signature_method->buildSignature($this, $client, $token);
return $signature; return $signature;
} }

View File

@ -29,16 +29,16 @@ class OAuthServer
{ {
$this->getVersion($request); $this->getVersion($request);
$consumer = $this->getConsumer($request); $client = $this->getClient($request);
// no token required for the initial token request // no token required for the initial token request
$token = null; $token = null;
$this->checkSignature($request, $consumer, $token); $this->checkSignature($request, $client, $token);
// Rev A change // Rev A change
$callback = $request->getParameter('oauth_callback'); $callback = $request->getParameter('oauth_callback');
$new_token = $this->data_store->newRequestToken($consumer, $callback); $new_token = $this->data_store->newRequestToken($client, $callback);
return $new_token; return $new_token;
} }
@ -51,16 +51,16 @@ class OAuthServer
{ {
$this->getVersion($request); $this->getVersion($request);
$consumer = $this->getConsumer($request); $client = $this->getClient($request);
// requires authorized request token // requires authorized request token
$token = $this->getToken($request, $consumer, 'request'); $token = $this->getToken($request, $client, 'request');
$this->checkSignature($request, $consumer, $token); $this->checkSignature($request, $client, $token);
// Rev A change // Rev A change
$verifier = $request->getParameter('oauth_verifier'); $verifier = $request->getParameter('oauth_verifier');
$new_token = $this->data_store->newAccessToken($token, $consumer, $verifier); $new_token = $this->data_store->newAccessToken($token, $client, $verifier);
return $new_token; return $new_token;
} }
@ -71,10 +71,10 @@ class OAuthServer
public function verifyRequest(&$request) public function verifyRequest(&$request)
{ {
$this->getVersion($request); $this->getVersion($request);
$consumer = $this->getConsumer($request); $client = $this->getClient($request);
$token = $this->getToken($request, $consumer, 'access'); $token = $this->getToken($request, $client, 'access');
$this->checkSignature($request, $consumer, $token); $this->checkSignature($request, $client, $token);
return array($consumer, $token); return array($client, $token);
} }
// Internals from here // Internals from here
@ -118,32 +118,32 @@ class OAuthServer
} }
/** /**
* try to find the consumer for the provided request's consumer key * try to find the client for the provided request's client key
*/ */
private function getConsumer($request) private function getClient($request)
{ {
$consumer_key = $request instanceof OAuthRequest ? $request->getParameter('oauth_consumer_key') : null; $client_key = $request instanceof OAuthRequest ? $request->getParameter('oauth_consumer_key') : null;
if (!$consumer_key) { if (!$client_key) {
throw new OAuthException('Invalid consumer key'); throw new OAuthException('Invalid client key');
} }
$consumer = $this->data_store->lookupClient($consumer_key); $client = $this->data_store->lookupClient($client_key);
if (!$consumer) { if (!$client) {
throw new OAuthException('Invalid consumer'); throw new OAuthException('Invalid client');
} }
return $consumer; return $client;
} }
/** /**
* try to find the token for the provided request's token key * try to find the token for the provided request's token key
*/ */
private function getToken($request, $consumer, $token_type = 'access') private function getToken($request, $client, $token_type = 'access')
{ {
$token_field = $request instanceof OAuthRequest ? $request->getParameter('oauth_token') : null; $token_field = $request instanceof OAuthRequest ? $request->getParameter('oauth_token') : null;
$token = $this->data_store->lookupToken($consumer, $token_type, $token_field); $token = $this->data_store->lookupToken($client, $token_type, $token_field);
if (!$token) { if (!$token) {
throw new OAuthException("Invalid $token_type token: $token_field"); throw new OAuthException("Invalid $token_type token: $token_field");
} }
@ -154,19 +154,19 @@ class OAuthServer
* all-in-one function to check the signature on a request * all-in-one function to check the signature on a request
* should guess the signature method appropriately * should guess the signature method appropriately
*/ */
private function checkSignature($request, $consumer, $token) private function checkSignature($request, $client, $token)
{ {
// this should probably be in a different method // this should probably be in a different method
$timestamp = $request instanceof OAuthRequest ? $request->getParameter('oauth_timestamp') : null; $timestamp = $request instanceof OAuthRequest ? $request->getParameter('oauth_timestamp') : null;
$nonce = $request instanceof OAuthRequest ? $request->getParameter('oauth_nonce') : null; $nonce = $request instanceof OAuthRequest ? $request->getParameter('oauth_nonce') : null;
$this->checkTimestamp($timestamp); $this->checkTimestamp($timestamp);
$this->checkNonce($consumer, $token, $nonce, $timestamp); $this->checkNonce($client, $token, $nonce, $timestamp);
$signature_method = $this->getSignatureMethod($request); $signature_method = $this->getSignatureMethod($request);
$signature = $request->getParameter('oauth_signature'); $signature = $request->getParameter('oauth_signature');
$valid_sig = $signature_method->checkSignature($request, $consumer, $token, $signature); $valid_sig = $signature_method->checkSignature($request, $client, $token, $signature);
if (!$valid_sig) { if (!$valid_sig) {
throw new OAuthException('Invalid signature'); throw new OAuthException('Invalid signature');
@ -192,14 +192,14 @@ class OAuthServer
/** /**
* check that the nonce is not repeated * check that the nonce is not repeated
*/ */
private function checkNonce($consumer, $token, $nonce, $timestamp) private function checkNonce($client, $token, $nonce, $timestamp)
{ {
if (!$nonce) { if (!$nonce) {
throw new OAuthException('Missing nonce parameter. The parameter is required'); throw new OAuthException('Missing nonce parameter. The parameter is required');
} }
// verify that the nonce is uniqueish // verify that the nonce is uniqueish
$found = $this->data_store->lookupNonce($consumer, $token, $nonce, $timestamp); $found = $this->data_store->lookupNonce($client, $token, $nonce, $timestamp);
if ($found) { if ($found) {
throw new OAuthException('Nonce already used: ' . $nonce); throw new OAuthException('Nonce already used: ' . $nonce);
} }

View File

@ -14,7 +14,7 @@ class PlainText extends SignatureMethod
} }
/** /**
* oauth_signature is set to the concatenated encoded values of the Consumer Secret and * oauth_signature is set to the concatenated encoded values of the Client Secret and
* Token Secret, separated by a '&' character (ASCII code 38), even if either secret is * Token Secret, separated by a '&' character (ASCII code 38), even if either secret is
* empty. The result MUST be encoded again. * empty. The result MUST be encoded again.
* - Chapter 9.4.1 ("Generating Signatures") * - Chapter 9.4.1 ("Generating Signatures")
@ -22,11 +22,11 @@ class PlainText extends SignatureMethod
* Please note that the second encoding MUST NOT happen in the SignatureMethod, as * Please note that the second encoding MUST NOT happen in the SignatureMethod, as
* OAuthRequest handles this! * OAuthRequest handles this!
*/ */
public function buildSignature($request, $consumer, $token) public function buildSignature($request, $client, $token)
{ {
$key_parts = array( $key_parts = array(
$consumer->secret, $client->getSecret(),
($token) ? $token->secret : '' ($token) ? $token->getSecret() : ''
); );
$key_parts = Util::urlencodeRfc3986($key_parts); $key_parts = Util::urlencodeRfc3986($key_parts);

View File

@ -4,7 +4,7 @@ namespace GaryJones\OAuth;
/** /**
* The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in * The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in
* [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for * [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for
* EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a * EMSA-PKCS1-v1_5. It is assumed that the Client has provided its RSA public key in a
* verified way to the Service Provider, in a manner which is beyond the scope of this * verified way to the Service Provider, in a manner which is beyond the scope of this
* specification. * specification.
* - Chapter 9.3 ("RSA-SHA1") * - Chapter 9.3 ("RSA-SHA1")
@ -17,7 +17,7 @@ abstract class RsaSha1 extends SignatureMethod
} }
// Up to the SP to implement this lookup of keys. Possible ideas are: // Up to the SP to implement this lookup of keys. Possible ideas are:
// (1) do a lookup in a table of trusted certs keyed off of consumer // (1) do a lookup in a table of trusted certs keyed off of client
// (2) fetch via http using a url provided by the requester // (2) fetch via http using a url provided by the requester
// (3) some sort of specific discovery code based on request // (3) some sort of specific discovery code based on request
// //
@ -25,12 +25,12 @@ abstract class RsaSha1 extends SignatureMethod
abstract protected function fetchPublicCert(&$request); abstract protected function fetchPublicCert(&$request);
// Up to the SP to implement this lookup of keys. Possible ideas are: // Up to the SP to implement this lookup of keys. Possible ideas are:
// (1) do a lookup in a table of trusted certs keyed off of consumer // (1) do a lookup in a table of trusted certs keyed off of client
// //
// Either way should return a string representation of the certificate // Either way should return a string representation of the certificate
abstract protected function fetchPrivateCert(&$request); abstract protected function fetchPrivateCert(&$request);
public function buildSignature($request, $consumer, $token) public function buildSignature($request, $client, $token)
{ {
$base_string = $request->getSignatureBaseString(); $base_string = $request->getSignatureBaseString();
$request->base_string = $base_string; $request->base_string = $base_string;
@ -50,7 +50,7 @@ abstract class RsaSha1 extends SignatureMethod
return base64_encode($signature); return base64_encode($signature);
} }
public function checkSignature($request, $consumer, $token, $signature) public function checkSignature($request, $client, $token, $signature)
{ {
$decoded_sig = base64_decode($signature); $decoded_sig = base64_decode($signature);

View File

@ -14,28 +14,31 @@ abstract class SignatureMethod
abstract public function getName(); abstract public function getName();
/** /**
* Build up the signature * Build up the signature.
*
* NOTE: The output of this function MUST NOT be urlencoded. * NOTE: The output of this function MUST NOT be urlencoded.
* the encoding is handled in OAuthRequest when the final * the encoding is handled in OAuthRequest when the final
* request is serialized * request is serialized.
* @param OAuthRequest $request *
* @param OAuthConsumer $consumer * @param GaryJones\OAuth\OAuthRequest $request
* @param OAuthToken $token * @param GaryJones\OAuth\Client $client
* @param GaryJones\OAuth\Token $token
* @return string * @return string
*/ */
abstract public function buildSignature($request, $consumer, $token); abstract public function buildSignature($request, $client, $token);
/** /**
* Verifies that a given signature is correct * Verifies that a given signature is correct.
* @param OAuthRequest $request *
* @param OAuthConsumer $consumer * @param GaryJones\OAuth\OAuthRequest $request
* @param OAuthToken $token * @param GaryJones\OAuth\Consumer $client
* @param GaryJones\OAuth\Token $token
* @param string $signature * @param string $signature
* @return bool * @return bool
*/ */
public function checkSignature($request, $consumer, $token, $signature) public function checkSignature($request, $client, $token, $signature)
{ {
$built = $this->buildSignature($request, $consumer, $token); $built = $this->buildSignature($request, $client, $token);
return $built == $signature; return $built == $signature;
} }
} }

View File

@ -4,8 +4,8 @@ namespace GaryJones\OAuth;
class Token class Token
{ {
// access tokens and request tokens // access tokens and request tokens
public $key; protected $key;
public $secret; protected $secret;
/** /**
* key = the token * key = the token
@ -17,6 +17,16 @@ class Token
$this->secret = $secret; $this->secret = $secret;
} }
public function getKey()
{
return $this->key;
}
public function getSecret()
{
return $this->secret;
}
/** /**
* generates the basic string serialization of a token that a server * generates the basic string serialization of a token that a server
* would respond to request_token and access_token calls with * would respond to request_token and access_token calls with