Added RequestInterface to make integration easier.
Since now only a RequestInterface is needed instead of a Request object, it becomes easier to use the Server component with a different Request object, such as the Symfony or Zend Framework Request objects. This will now only need a small wrapper, instead of extending and rewriting the existing Request object.
This commit is contained in:
Jacob Kiers
@@ -54,7 +54,7 @@ public function getName()
|
||||
*/
|
||||
public function buildSignature(Request $request, Client $client, Token $token = null)
|
||||
{
|
||||
$base_string = $request->getSignatureBaseString();
|
||||
$base_string = $request->getOAuthSignatureBaseString();
|
||||
$key = $this->getSignatureKey($client, $token);
|
||||
|
||||
return base64_encode(hash_hmac('sha1', $base_string, $key, true));
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
* @package OAuth
|
||||
* @author Andy Smith
|
||||
*/
|
||||
class Request
|
||||
class Request implements RequestInterface
|
||||
{
|
||||
/**
|
||||
* HTTP parameters.
|
||||
@@ -241,8 +241,10 @@ public function getSignableParameters()
|
||||
* The base string defined as the method, the url
|
||||
* and the parameters (normalized), each urlencoded
|
||||
* and the concated with &.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getSignatureBaseString()
|
||||
public function getOAuthSignatureBaseString()
|
||||
{
|
||||
$parts = array(
|
||||
$this->getNormalizedHttpMethod(),
|
||||
@@ -397,6 +399,79 @@ public function buildSignature($signature_method, Client $client, Token $token)
|
||||
return $signature_method->buildSignature($this, $client, $token);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getOAuthCallback()
|
||||
{
|
||||
return $this->getParameter('oauth_callback');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getOAuthConsumerKey()
|
||||
{
|
||||
return $this->getParameter('oauth_consumer_key');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getOAuthNonce()
|
||||
{
|
||||
return $this->getParameter('oauth_nonce');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getOAuthSignature()
|
||||
{
|
||||
return $this->getParameter('oauth_signature');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getOAuthSignatureMethod()
|
||||
{
|
||||
return $this->getParameter('oauth_signature_method');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getOAuthTimestamp()
|
||||
{
|
||||
return $this->getParameter('oauth_timestamp');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getOAuthToken()
|
||||
{
|
||||
return $this->getParameter('oauth_token');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getOAuthVerifier()
|
||||
{
|
||||
return $this->getParameter('oauth_verifier');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function getOAuthVersion()
|
||||
{
|
||||
return $this->getParameter('oauth_version');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get current time.
|
||||
*
|
||||
|
||||
97
src/JacobKiers/OAuth/RequestInterface.php
Normal file
97
src/JacobKiers/OAuth/RequestInterface.php
Normal file
@@ -0,0 +1,97 @@
|
||||
<?php
|
||||
/**
|
||||
* OAuth
|
||||
*
|
||||
* @package OAuth
|
||||
* @author Jacob Kiers <jacob@alphacomm.nl>
|
||||
* @license https://raw.github.com/jacobkiers/OAuth/master/LICENSE MIT
|
||||
* @link https://github.com/jacobkiers/OAuth
|
||||
*/
|
||||
|
||||
namespace JacobKiers\OAuth;
|
||||
|
||||
/**
|
||||
* Interface providing the necessary methods to handle an OAuth request.
|
||||
*
|
||||
* @package OAuth
|
||||
* @author Jacob Kiers <jacob@alphacomm.nl>
|
||||
*/
|
||||
interface RequestInterface
|
||||
{
|
||||
/**
|
||||
* Returns the OAuth Callback parameter.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthCallback();
|
||||
|
||||
/**
|
||||
* Returns the Consumer Key.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthConsumerKey();
|
||||
|
||||
/**
|
||||
* Returns the Nonce.
|
||||
*
|
||||
* In combination with the timestamp and the token, the nonce is
|
||||
* used to prevent replay and side-channel attacks.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthNonce();
|
||||
|
||||
/**
|
||||
* Returns the request signature.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthSignature();
|
||||
|
||||
/**
|
||||
* Returns the base string of this request.
|
||||
*
|
||||
* The base string defined as the method, the url
|
||||
* and the parameters (normalized), each urlencoded
|
||||
* and the concated with &.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthSignatureBaseString();
|
||||
|
||||
/**
|
||||
* Returns the signature method with which this signature is signed.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthSignatureMethod();
|
||||
|
||||
/**
|
||||
* Returns the timestamp of the request.
|
||||
*
|
||||
* @return integer
|
||||
*/
|
||||
public function getOAuthTimestamp();
|
||||
|
||||
/**
|
||||
* Returns the token.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthToken();
|
||||
|
||||
/**
|
||||
* Returns the verifier.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getOAuthVerifier();
|
||||
|
||||
/**
|
||||
* Returns the OAuth version used in this request.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
public function getOAuthVersion();
|
||||
}
|
||||
@@ -66,7 +66,7 @@ abstract protected function fetchPrivateCert(&$request);
|
||||
*/
|
||||
public function buildSignature(Request $request, Client $client, Token $token = null)
|
||||
{
|
||||
$base_string = $request->getSignatureBaseString();
|
||||
$base_string = $request->getOAuthSignatureBaseString();
|
||||
|
||||
// Fetch the private key cert based on the request
|
||||
$cert = $this->fetchPrivateCert($request);
|
||||
@@ -95,7 +95,7 @@ public function buildSignature(Request $request, Client $client, Token $token =
|
||||
*/
|
||||
public function checkSignature(Request $request, Client $client, Token $token, $signature)
|
||||
{
|
||||
$base_string = $request->getSignatureBaseString();
|
||||
$base_string = $request->getOAuthSignatureBaseString();
|
||||
|
||||
$decoded_sig = base64_decode($signature);
|
||||
|
||||
|
||||
@@ -77,7 +77,7 @@ public function addSignatureMethod(SignatureMethod $signature_method)
|
||||
*
|
||||
* Returns the request token on success
|
||||
*
|
||||
* @param JacobKiers\OAuth\Request $request
|
||||
* @param JacobKiers\OAuth\RequestInterface $request
|
||||
*
|
||||
* @return JacobKiers\OAuth\Token
|
||||
*/
|
||||
@@ -93,7 +93,7 @@ public function fetchRequestToken(Request &$request)
|
||||
$this->checkSignature($request, $client, $token);
|
||||
|
||||
// Rev A change
|
||||
$callback = $request->getParameter('oauth_callback');
|
||||
$callback = $request->getOAuthCallback();
|
||||
|
||||
return $this->data_store->newRequestToken($client, $callback);
|
||||
}
|
||||
@@ -103,7 +103,7 @@ public function fetchRequestToken(Request &$request)
|
||||
*
|
||||
* Returns the access token on success.
|
||||
*
|
||||
* @param JacobKiers\OAuth\Request $request
|
||||
* @param JacobKiers\OAuth\RequestInterface $request
|
||||
*
|
||||
* @return JacobKiers\OAuth\Token
|
||||
*/
|
||||
@@ -119,7 +119,7 @@ public function fetchAccessToken(Request &$request)
|
||||
$this->checkSignature($request, $client, $token);
|
||||
|
||||
// Rev A change
|
||||
$verifier = $request->getParameter('oauth_verifier');
|
||||
$verifier = $request->getOAuthVerifier();
|
||||
|
||||
return $this->data_store->newAccessToken($token, $client, $verifier);
|
||||
}
|
||||
@@ -127,7 +127,7 @@ public function fetchAccessToken(Request &$request)
|
||||
/**
|
||||
* Verify an api call, checks all the parameters.
|
||||
*
|
||||
* @param JacobKiers\OAuth\Request $request
|
||||
* @param JacobKiers\OAuth\RequestInterface $request
|
||||
*
|
||||
* @return array Client and Token
|
||||
*/
|
||||
@@ -145,7 +145,7 @@ public function verifyRequest(Request &$request)
|
||||
/**
|
||||
* Check that version is 1.0.
|
||||
*
|
||||
* @param JacobKiers\OAuth\Request $request
|
||||
* @param JacobKiers\OAuth\RequestInterface $request
|
||||
*
|
||||
* @return string
|
||||
*
|
||||
@@ -153,7 +153,7 @@ public function verifyRequest(Request &$request)
|
||||
*/
|
||||
private function getVersion(Request &$request)
|
||||
{
|
||||
$version = $request->getParameter('oauth_version');
|
||||
$version = $request->getOAuthVersion();
|
||||
if (!$version) {
|
||||
// Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
|
||||
// Chapter 7.0 ("Accessing Protected Ressources")
|
||||
@@ -168,15 +168,15 @@ private function getVersion(Request &$request)
|
||||
/**
|
||||
* Get the signature method name, and if it is supported.
|
||||
*
|
||||
* @param JacobKiers\OAuth\Request $request
|
||||
* @param JacobKiers\OAuth\RequestInterface $request
|
||||
*
|
||||
* @return string Signature method name.
|
||||
*
|
||||
* @throws JacobKiers\OAuth\OAuthException
|
||||
*/
|
||||
private function getSignatureMethod(Request $request)
|
||||
private function getSignatureMethod(RequestInterface $request)
|
||||
{
|
||||
$signature_method = $request instanceof Request ? $request->getParameter('oauth_signature_method') : null;
|
||||
$signature_method = $request instanceof Request ? $request->getOAuthSignatureMethod() : null;
|
||||
|
||||
if (!$signature_method) {
|
||||
// According to chapter 7 ("Accessing Protected Resources") the signature-method
|
||||
@@ -196,15 +196,15 @@ private function getSignatureMethod(Request $request)
|
||||
/**
|
||||
* Try to find the client for the provided request's client key.
|
||||
*
|
||||
* @param JacobKiers\OAuth\Request $request
|
||||
* @param JacobKiers\OAuth\RequestInterface $request
|
||||
*
|
||||
* @return JacobKiers\OAuth\Client
|
||||
*
|
||||
* @throws JacobKiers\OAuth\OAuthException
|
||||
*/
|
||||
private function getClient(Request $request)
|
||||
private function getClient(RequestInterface $request)
|
||||
{
|
||||
$client_key = $request instanceof Request ? $request->getParameter('oauth_consumer_key') : null;
|
||||
$client_key = $request instanceof Request ? $request->getOAuthConsumerKey() : null;
|
||||
|
||||
if (!$client_key) {
|
||||
throw new OAuthException('Invalid client key');
|
||||
@@ -221,7 +221,7 @@ private function getClient(Request $request)
|
||||
/**
|
||||
* Try to find the token for the provided request's token key.
|
||||
*
|
||||
* @param JacobKiers\OAuth\Request $request
|
||||
* @param JacobKiers\OAuth\RequestInterface $request
|
||||
* @param JacobKiers\OAuth\Client $client
|
||||
* @param string $token_type
|
||||
*
|
||||
@@ -229,9 +229,9 @@ private function getClient(Request $request)
|
||||
*
|
||||
* @throws JacobKiers\OAuth\OAuthException
|
||||
*/
|
||||
private function getToken(Request $request, Client $client, $token_type = 'access')
|
||||
private function getToken(RequestInterface $request, Client $client, $token_type = 'access')
|
||||
{
|
||||
$token_field = $request instanceof Request ? $request->getParameter('oauth_token') : null;
|
||||
$token_field = $request instanceof Request ? $request->getOAuthToken() : null;
|
||||
|
||||
$token = $this->data_store->lookupToken($client, $token_type, $token_field);
|
||||
if (!$token) {
|
||||
@@ -245,24 +245,24 @@ private function getToken(Request $request, Client $client, $token_type = 'acces
|
||||
*
|
||||
* Should determine the signature method appropriately
|
||||
*
|
||||
* @param JacobKiers\OAuth\Request $request
|
||||
* @param JacobKiers\OAuth\RequestInterface $request
|
||||
* @param JacobKiers\OAuth\Client $client
|
||||
* @param JacobKiers\OAuth\Token $token
|
||||
*
|
||||
* @throws JacobKiers\OAuth\OAuthException
|
||||
*/
|
||||
private function checkSignature(Request $request, Client $client, Token $token)
|
||||
private function checkSignature(RequestInterface $request, Client $client, Token $token)
|
||||
{
|
||||
// this should probably be in a different method
|
||||
$timestamp = $request instanceof Request ? $request->getParameter('oauth_timestamp') : null;
|
||||
$nonce = $request instanceof Request ? $request->getParameter('oauth_nonce') : null;
|
||||
$timestamp = $request instanceof Request ? $request->getOAuthTimestamp() : null;
|
||||
$nonce = $request instanceof Request ? $request->getOAuthNonce() : null;
|
||||
|
||||
$this->checkTimestamp($timestamp);
|
||||
$this->checkNonce($client, $token, $nonce, $timestamp);
|
||||
|
||||
$signature_method = $this->getSignatureMethod($request);
|
||||
|
||||
$signature = $request->getParameter('oauth_signature');
|
||||
$signature = $request->getOAuthSignature();
|
||||
$valid_sig = $signature_method->checkSignature($request, $client, $token, $signature);
|
||||
|
||||
if (!$valid_sig) {
|
||||
|
||||
@@ -57,7 +57,7 @@ private function getSignatureMethod()
|
||||
private function getRequest()
|
||||
{
|
||||
return m::mock('JacobKiers\OAuth\Request', function ($mock) {
|
||||
$mock->shouldReceive('getSignatureBaseString')
|
||||
$mock->shouldReceive('getOAuthSignatureBaseString')
|
||||
->withNoArgs()
|
||||
->andReturn('POST&http%3A%2F%2Fexample.com%2Ffoobar&oauth_signature_method%3DHMAC-SHA1')->once();
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user