Change all references to consumer to client, as per RFC 5849.
This commit is contained in:
Gary Jones
parent
4d5cfee737
commit
12afd40c6e
@ -1,10 +1,10 @@
|
||||
<?php
|
||||
namespace GaryJones\OAuth;
|
||||
|
||||
class Consumer
|
||||
class Client
|
||||
{
|
||||
public $key;
|
||||
public $secret;
|
||||
protected $key;
|
||||
protected $secret;
|
||||
|
||||
public function __construct($key, $secret, $callback_url = null)
|
||||
{
|
||||
@ -13,8 +13,18 @@ class Consumer
|
||||
$this->callback_url = $callback_url;
|
||||
}
|
||||
|
||||
public function getKey()
|
||||
{
|
||||
return $this->key;
|
||||
}
|
||||
|
||||
public function getSecret()
|
||||
{
|
||||
return $this->secret;
|
||||
}
|
||||
|
||||
public function __toString()
|
||||
{
|
||||
return "OAuthConsumer[key=$this->key,secret=$this->secret]";
|
||||
return "OAuthClient[key=$this->key,secret=$this->secret]";
|
||||
}
|
||||
}
|
||||
@ -15,14 +15,14 @@ class HmacSha1 extends SignatureMethod
|
||||
return 'HMAC-SHA1';
|
||||
}
|
||||
|
||||
public function buildSignature($request, $consumer, $token)
|
||||
public function buildSignature($request, $client, $token)
|
||||
{
|
||||
$base_string = $request->getSignatureBaseString();
|
||||
$request->base_string = $base_string;
|
||||
|
||||
$key_parts = array(
|
||||
$consumer->secret,
|
||||
($token) ? $token->secret : ''
|
||||
$client->getSecret(),
|
||||
($token) ? $token->getSecret() : ''
|
||||
);
|
||||
|
||||
$key_parts = Util::urlencodeRfc3986($key_parts);
|
||||
|
||||
@ -12,28 +12,28 @@ interface OAuthDataStore
|
||||
|
||||
/**
|
||||
*
|
||||
* @param type $consumer
|
||||
* @param type $client
|
||||
* @param type $token_type
|
||||
* @param type $token
|
||||
*/
|
||||
public function lookupToken($consumer, $token_type, $token);
|
||||
public function lookupToken($client, $token_type, $token);
|
||||
|
||||
/**
|
||||
*
|
||||
* @param type $consumer
|
||||
* @param type $client
|
||||
* @param type $token
|
||||
* @param type $nonce
|
||||
* @param type $timestamp
|
||||
*/
|
||||
public function lookupNonce($consumer, $token, $nonce, $timestamp);
|
||||
public function lookupNonce($client, $token, $nonce, $timestamp);
|
||||
|
||||
/**
|
||||
* Return a new token attached to this consumer.
|
||||
*
|
||||
* @param type $consumer
|
||||
* @param type $client
|
||||
* @param type $callback
|
||||
*/
|
||||
public function newRequestToken($consumer, $callback = null);
|
||||
public function newRequestToken($client, $callback = null);
|
||||
|
||||
/**
|
||||
* Return a new access token attached to this consumer for the user
|
||||
@ -42,8 +42,8 @@ interface OAuthDataStore
|
||||
* Should also invalidate the request token.
|
||||
*
|
||||
* @param type $token
|
||||
* @param type $consumer
|
||||
* @param type $client
|
||||
* @param type $verifier
|
||||
*/
|
||||
public function newAccessToken($token, $consumer, $verifier = null);
|
||||
public function newAccessToken($token, $client, $verifier = null);
|
||||
}
|
||||
|
||||
@ -72,15 +72,15 @@ class OAuthRequest
|
||||
/**
|
||||
* pretty much a helper function to set up the request
|
||||
*/
|
||||
public static function fromConsumerAndToken($consumer, $token, $http_method, $http_url, $parameters = null)
|
||||
public static function fromClientAndToken($client, $token, $http_method, $http_url, $parameters = null)
|
||||
{
|
||||
$parameters = ($parameters) ? $parameters : array();
|
||||
$defaults = array("oauth_version" => OAuthRequest::$version,
|
||||
"oauth_nonce" => OAuthRequest::generateNonce(),
|
||||
"oauth_timestamp" => OAuthRequest::generateTimestamp(),
|
||||
"oauth_consumer_key" => $consumer->key);
|
||||
"oauth_consumer_key" => $client->getKey());
|
||||
if ($token) {
|
||||
$defaults['oauth_token'] = $token->key;
|
||||
$defaults['oauth_token'] = $token->getKey();
|
||||
}
|
||||
|
||||
$parameters = array_merge($defaults, $parameters);
|
||||
@ -250,16 +250,16 @@ class OAuthRequest
|
||||
return $this->toUrl();
|
||||
}
|
||||
|
||||
public function signRequest($signature_method, $consumer, $token)
|
||||
public function signRequest($signature_method, $client, $token)
|
||||
{
|
||||
$this->setParameter('oauth_signature_method', $signature_method->getName(), false);
|
||||
$signature = $this->buildSignature($signature_method, $consumer, $token);
|
||||
$signature = $this->buildSignature($signature_method, $client, $token);
|
||||
$this->setParameter('oauth_signature', $signature, false);
|
||||
}
|
||||
|
||||
public function buildSignature($signature_method, $consumer, $token)
|
||||
public function buildSignature($signature_method, $client, $token)
|
||||
{
|
||||
$signature = $signature_method->buildSignature($this, $consumer, $token);
|
||||
$signature = $signature_method->buildSignature($this, $client, $token);
|
||||
return $signature;
|
||||
}
|
||||
|
||||
|
||||
@ -29,16 +29,16 @@ class OAuthServer
|
||||
{
|
||||
$this->getVersion($request);
|
||||
|
||||
$consumer = $this->getConsumer($request);
|
||||
$client = $this->getClient($request);
|
||||
|
||||
// no token required for the initial token request
|
||||
$token = null;
|
||||
|
||||
$this->checkSignature($request, $consumer, $token);
|
||||
$this->checkSignature($request, $client, $token);
|
||||
|
||||
// Rev A change
|
||||
$callback = $request->getParameter('oauth_callback');
|
||||
$new_token = $this->data_store->newRequestToken($consumer, $callback);
|
||||
$new_token = $this->data_store->newRequestToken($client, $callback);
|
||||
|
||||
return $new_token;
|
||||
}
|
||||
@ -51,16 +51,16 @@ class OAuthServer
|
||||
{
|
||||
$this->getVersion($request);
|
||||
|
||||
$consumer = $this->getConsumer($request);
|
||||
$client = $this->getClient($request);
|
||||
|
||||
// requires authorized request token
|
||||
$token = $this->getToken($request, $consumer, 'request');
|
||||
$token = $this->getToken($request, $client, 'request');
|
||||
|
||||
$this->checkSignature($request, $consumer, $token);
|
||||
$this->checkSignature($request, $client, $token);
|
||||
|
||||
// Rev A change
|
||||
$verifier = $request->getParameter('oauth_verifier');
|
||||
$new_token = $this->data_store->newAccessToken($token, $consumer, $verifier);
|
||||
$new_token = $this->data_store->newAccessToken($token, $client, $verifier);
|
||||
|
||||
return $new_token;
|
||||
}
|
||||
@ -71,10 +71,10 @@ class OAuthServer
|
||||
public function verifyRequest(&$request)
|
||||
{
|
||||
$this->getVersion($request);
|
||||
$consumer = $this->getConsumer($request);
|
||||
$token = $this->getToken($request, $consumer, 'access');
|
||||
$this->checkSignature($request, $consumer, $token);
|
||||
return array($consumer, $token);
|
||||
$client = $this->getClient($request);
|
||||
$token = $this->getToken($request, $client, 'access');
|
||||
$this->checkSignature($request, $client, $token);
|
||||
return array($client, $token);
|
||||
}
|
||||
|
||||
// Internals from here
|
||||
@ -118,32 +118,32 @@ class OAuthServer
|
||||
}
|
||||
|
||||
/**
|
||||
* try to find the consumer for the provided request's consumer key
|
||||
* try to find the client for the provided request's client key
|
||||
*/
|
||||
private function getConsumer($request)
|
||||
private function getClient($request)
|
||||
{
|
||||
$consumer_key = $request instanceof OAuthRequest ? $request->getParameter('oauth_consumer_key') : null;
|
||||
$client_key = $request instanceof OAuthRequest ? $request->getParameter('oauth_consumer_key') : null;
|
||||
|
||||
if (!$consumer_key) {
|
||||
throw new OAuthException('Invalid consumer key');
|
||||
if (!$client_key) {
|
||||
throw new OAuthException('Invalid client key');
|
||||
}
|
||||
|
||||
$consumer = $this->data_store->lookupClient($consumer_key);
|
||||
if (!$consumer) {
|
||||
throw new OAuthException('Invalid consumer');
|
||||
$client = $this->data_store->lookupClient($client_key);
|
||||
if (!$client) {
|
||||
throw new OAuthException('Invalid client');
|
||||
}
|
||||
|
||||
return $consumer;
|
||||
return $client;
|
||||
}
|
||||
|
||||
/**
|
||||
* try to find the token for the provided request's token key
|
||||
*/
|
||||
private function getToken($request, $consumer, $token_type = 'access')
|
||||
private function getToken($request, $client, $token_type = 'access')
|
||||
{
|
||||
$token_field = $request instanceof OAuthRequest ? $request->getParameter('oauth_token') : null;
|
||||
|
||||
$token = $this->data_store->lookupToken($consumer, $token_type, $token_field);
|
||||
$token = $this->data_store->lookupToken($client, $token_type, $token_field);
|
||||
if (!$token) {
|
||||
throw new OAuthException("Invalid $token_type token: $token_field");
|
||||
}
|
||||
@ -154,19 +154,19 @@ class OAuthServer
|
||||
* all-in-one function to check the signature on a request
|
||||
* should guess the signature method appropriately
|
||||
*/
|
||||
private function checkSignature($request, $consumer, $token)
|
||||
private function checkSignature($request, $client, $token)
|
||||
{
|
||||
// this should probably be in a different method
|
||||
$timestamp = $request instanceof OAuthRequest ? $request->getParameter('oauth_timestamp') : null;
|
||||
$nonce = $request instanceof OAuthRequest ? $request->getParameter('oauth_nonce') : null;
|
||||
|
||||
$this->checkTimestamp($timestamp);
|
||||
$this->checkNonce($consumer, $token, $nonce, $timestamp);
|
||||
$this->checkNonce($client, $token, $nonce, $timestamp);
|
||||
|
||||
$signature_method = $this->getSignatureMethod($request);
|
||||
|
||||
$signature = $request->getParameter('oauth_signature');
|
||||
$valid_sig = $signature_method->checkSignature($request, $consumer, $token, $signature);
|
||||
$valid_sig = $signature_method->checkSignature($request, $client, $token, $signature);
|
||||
|
||||
if (!$valid_sig) {
|
||||
throw new OAuthException('Invalid signature');
|
||||
@ -192,14 +192,14 @@ class OAuthServer
|
||||
/**
|
||||
* check that the nonce is not repeated
|
||||
*/
|
||||
private function checkNonce($consumer, $token, $nonce, $timestamp)
|
||||
private function checkNonce($client, $token, $nonce, $timestamp)
|
||||
{
|
||||
if (!$nonce) {
|
||||
throw new OAuthException('Missing nonce parameter. The parameter is required');
|
||||
}
|
||||
|
||||
// verify that the nonce is uniqueish
|
||||
$found = $this->data_store->lookupNonce($consumer, $token, $nonce, $timestamp);
|
||||
$found = $this->data_store->lookupNonce($client, $token, $nonce, $timestamp);
|
||||
if ($found) {
|
||||
throw new OAuthException('Nonce already used: ' . $nonce);
|
||||
}
|
||||
|
||||
@ -14,7 +14,7 @@ class PlainText extends SignatureMethod
|
||||
}
|
||||
|
||||
/**
|
||||
* oauth_signature is set to the concatenated encoded values of the Consumer Secret and
|
||||
* oauth_signature is set to the concatenated encoded values of the Client Secret and
|
||||
* Token Secret, separated by a '&' character (ASCII code 38), even if either secret is
|
||||
* empty. The result MUST be encoded again.
|
||||
* - Chapter 9.4.1 ("Generating Signatures")
|
||||
@ -22,11 +22,11 @@ class PlainText extends SignatureMethod
|
||||
* Please note that the second encoding MUST NOT happen in the SignatureMethod, as
|
||||
* OAuthRequest handles this!
|
||||
*/
|
||||
public function buildSignature($request, $consumer, $token)
|
||||
public function buildSignature($request, $client, $token)
|
||||
{
|
||||
$key_parts = array(
|
||||
$consumer->secret,
|
||||
($token) ? $token->secret : ''
|
||||
$client->getSecret(),
|
||||
($token) ? $token->getSecret() : ''
|
||||
);
|
||||
|
||||
$key_parts = Util::urlencodeRfc3986($key_parts);
|
||||
|
||||
@ -4,7 +4,7 @@ namespace GaryJones\OAuth;
|
||||
/**
|
||||
* The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in
|
||||
* [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for
|
||||
* EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a
|
||||
* EMSA-PKCS1-v1_5. It is assumed that the Client has provided its RSA public key in a
|
||||
* verified way to the Service Provider, in a manner which is beyond the scope of this
|
||||
* specification.
|
||||
* - Chapter 9.3 ("RSA-SHA1")
|
||||
@ -17,7 +17,7 @@ abstract class RsaSha1 extends SignatureMethod
|
||||
}
|
||||
|
||||
// Up to the SP to implement this lookup of keys. Possible ideas are:
|
||||
// (1) do a lookup in a table of trusted certs keyed off of consumer
|
||||
// (1) do a lookup in a table of trusted certs keyed off of client
|
||||
// (2) fetch via http using a url provided by the requester
|
||||
// (3) some sort of specific discovery code based on request
|
||||
//
|
||||
@ -25,12 +25,12 @@ abstract class RsaSha1 extends SignatureMethod
|
||||
abstract protected function fetchPublicCert(&$request);
|
||||
|
||||
// Up to the SP to implement this lookup of keys. Possible ideas are:
|
||||
// (1) do a lookup in a table of trusted certs keyed off of consumer
|
||||
// (1) do a lookup in a table of trusted certs keyed off of client
|
||||
//
|
||||
// Either way should return a string representation of the certificate
|
||||
abstract protected function fetchPrivateCert(&$request);
|
||||
|
||||
public function buildSignature($request, $consumer, $token)
|
||||
public function buildSignature($request, $client, $token)
|
||||
{
|
||||
$base_string = $request->getSignatureBaseString();
|
||||
$request->base_string = $base_string;
|
||||
@ -50,7 +50,7 @@ abstract class RsaSha1 extends SignatureMethod
|
||||
return base64_encode($signature);
|
||||
}
|
||||
|
||||
public function checkSignature($request, $consumer, $token, $signature)
|
||||
public function checkSignature($request, $client, $token, $signature)
|
||||
{
|
||||
$decoded_sig = base64_decode($signature);
|
||||
|
||||
|
||||
@ -14,28 +14,31 @@ abstract class SignatureMethod
|
||||
abstract public function getName();
|
||||
|
||||
/**
|
||||
* Build up the signature
|
||||
* Build up the signature.
|
||||
*
|
||||
* NOTE: The output of this function MUST NOT be urlencoded.
|
||||
* the encoding is handled in OAuthRequest when the final
|
||||
* request is serialized
|
||||
* @param OAuthRequest $request
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param OAuthToken $token
|
||||
* request is serialized.
|
||||
*
|
||||
* @param GaryJones\OAuth\OAuthRequest $request
|
||||
* @param GaryJones\OAuth\Client $client
|
||||
* @param GaryJones\OAuth\Token $token
|
||||
* @return string
|
||||
*/
|
||||
abstract public function buildSignature($request, $consumer, $token);
|
||||
abstract public function buildSignature($request, $client, $token);
|
||||
|
||||
/**
|
||||
* Verifies that a given signature is correct
|
||||
* @param OAuthRequest $request
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param OAuthToken $token
|
||||
* Verifies that a given signature is correct.
|
||||
*
|
||||
* @param GaryJones\OAuth\OAuthRequest $request
|
||||
* @param GaryJones\OAuth\Consumer $client
|
||||
* @param GaryJones\OAuth\Token $token
|
||||
* @param string $signature
|
||||
* @return bool
|
||||
*/
|
||||
public function checkSignature($request, $consumer, $token, $signature)
|
||||
public function checkSignature($request, $client, $token, $signature)
|
||||
{
|
||||
$built = $this->buildSignature($request, $consumer, $token);
|
||||
$built = $this->buildSignature($request, $client, $token);
|
||||
return $built == $signature;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,8 +4,8 @@ namespace GaryJones\OAuth;
|
||||
class Token
|
||||
{
|
||||
// access tokens and request tokens
|
||||
public $key;
|
||||
public $secret;
|
||||
protected $key;
|
||||
protected $secret;
|
||||
|
||||
/**
|
||||
* key = the token
|
||||
@ -17,6 +17,16 @@ class Token
|
||||
$this->secret = $secret;
|
||||
}
|
||||
|
||||
public function getKey()
|
||||
{
|
||||
return $this->key;
|
||||
}
|
||||
|
||||
public function getSecret()
|
||||
{
|
||||
return $this->secret;
|
||||
}
|
||||
|
||||
/**
|
||||
* generates the basic string serialization of a token that a server
|
||||
* would respond to request_token and access_token calls with
|
||||
|
||||
Loading…
Reference in New Issue
Block a user