jjkiers
/
OAuth
1
0
Fork 0
Code Issues 2 Pull Requests 1 Packages Projects Releases 1 Wiki Activity

Added RequestInterface to make integration easier. 

Since now only a RequestInterface is needed instead of a Request object,
it becomes easier to use the Server component with a different Request
object, such as the Symfony or Zend Framework Request objects.

This will now only need a small wrapper, instead of extending and
rewriting the existing Request object.
This commit is contained in:
Jacob Kiers 2013-02-08 10:57:53 +00:00
parent c471cd2b8d
commit be09ba0216
6 changed files with 199 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/JacobKiers/OAuth/HmacSha1.php
View File

@ -54,7 +54,7 @@ class HmacSha1 extends SignatureMethod
*/ */
public function buildSignature(Request $request, Client $client, Token $token = null) public function buildSignature(Request $request, Client $client, Token $token = null)
{ {
$base_string = $request->getSignatureBaseString(); $base_string = $request->getOAuthSignatureBaseString();
$key = $this->getSignatureKey($client, $token); $key = $this->getSignatureKey($client, $token);
return base64_encode(hash_hmac('sha1', $base_string, $key, true)); return base64_encode(hash_hmac('sha1', $base_string, $key, true));

79
src/JacobKiers/OAuth/Request.php
View File

@ -17,7 +17,7 @@ namespace JacobKiers\OAuth;
* @package OAuth * @package OAuth
* @author Andy Smith * @author Andy Smith
*/ */
class Request class Request implements RequestInterface
{ {
/** /**
* HTTP parameters. * HTTP parameters.
@ -241,8 +241,10 @@ class Request
* The base string defined as the method, the url * The base string defined as the method, the url
* and the parameters (normalized), each urlencoded * and the parameters (normalized), each urlencoded
* and the concated with &. * and the concated with &.
*
* @return string
*/ */
public function getSignatureBaseString() public function getOAuthSignatureBaseString()
{ {
$parts = array( $parts = array(
$this->getNormalizedHttpMethod(), $this->getNormalizedHttpMethod(),
@ -397,6 +399,79 @@ class Request
return $signature_method->buildSignature($this, $client, $token); return $signature_method->buildSignature($this, $client, $token);
} }
/**
* {@inheritdoc}
*/
public function getOAuthCallback()
{
return $this->getParameter('oauth_callback');
}
/**
* {@inheritdoc}
*/
public function getOAuthConsumerKey()
{
return $this->getParameter('oauth_consumer_key');
}
/**
* {@inheritdoc}
*/
public function getOAuthNonce()
{
return $this->getParameter('oauth_nonce');
}
/**
* {@inheritdoc}
*/
public function getOAuthSignature()
{
return $this->getParameter('oauth_signature');
}
/**
* {@inheritdoc}
*/
public function getOAuthSignatureMethod()
{
return $this->getParameter('oauth_signature_method');
}
/**
* {@inheritdoc}
*/
public function getOAuthTimestamp()
{
return $this->getParameter('oauth_timestamp');
}
/**
* {@inheritdoc}
*/
public function getOAuthToken()
{
return $this->getParameter('oauth_token');
}
/**
* {@inheritdoc}
*/
public function getOAuthVerifier()
{
return $this->getParameter('oauth_verifier');
}
/**
* {@inheritdoc}
*/
public function getOAuthVersion()
{
return $this->getParameter('oauth_version');
}
/** /**
* Get current time. * Get current time.
* *

97
src/JacobKiers/OAuth/RequestInterface.php Normal file
View File

@ -0,0 +1,97 @@
<?php
/**
* OAuth
*
* @package OAuth
* @author Jacob Kiers <jacob@alphacomm.nl>
* @license https://raw.github.com/jacobkiers/OAuth/master/LICENSE MIT
* @link https://github.com/jacobkiers/OAuth
*/
namespace JacobKiers\OAuth;
/**
* Interface providing the necessary methods to handle an OAuth request.
*
* @package OAuth
* @author Jacob Kiers <jacob@alphacomm.nl>
*/
interface RequestInterface
{
/**
* Returns the OAuth Callback parameter.
*
* @return string
*/
public function getOAuthCallback();
/**
* Returns the Consumer Key.
*
* @return string
*/
public function getOAuthConsumerKey();
/**
* Returns the Nonce.
*
* In combination with the timestamp and the token, the nonce is
* used to prevent replay and side-channel attacks.
*
* @return string
*/
public function getOAuthNonce();
/**
* Returns the request signature.
*
* @return string
*/
public function getOAuthSignature();
/**
* Returns the base string of this request.
*
* The base string defined as the method, the url
* and the parameters (normalized), each urlencoded
* and the concated with &.
*
* @return string
*/
public function getOAuthSignatureBaseString();
/**
* Returns the signature method with which this signature is signed.
*
* @return string
*/
public function getOAuthSignatureMethod();
/**
* Returns the timestamp of the request.
*
* @return integer
*/
public function getOAuthTimestamp();
/**
* Returns the token.
*
* @return string
*/
public function getOAuthToken();
/**
* Returns the verifier.
*
* @return string
*/
public function getOAuthVerifier();
/**
* Returns the OAuth version used in this request.
*
* @var string
*/
public function getOAuthVersion();
}

4
src/JacobKiers/OAuth/RsaSha1.php
View File

@ -66,7 +66,7 @@ abstract class RsaSha1 extends SignatureMethod
*/ */
public function buildSignature(Request $request, Client $client, Token $token = null) public function buildSignature(Request $request, Client $client, Token $token = null)
{ {
$base_string = $request->getSignatureBaseString(); $base_string = $request->getOAuthSignatureBaseString();
// Fetch the private key cert based on the request // Fetch the private key cert based on the request
$cert = $this->fetchPrivateCert($request); $cert = $this->fetchPrivateCert($request);
@ -95,7 +95,7 @@ abstract class RsaSha1 extends SignatureMethod
*/ */
public function checkSignature(Request $request, Client $client, Token $token, $signature) public function checkSignature(Request $request, Client $client, Token $token, $signature)
{ {
$base_string = $request->getSignatureBaseString(); $base_string = $request->getOAuthSignatureBaseString();
$decoded_sig = base64_decode($signature); $decoded_sig = base64_decode($signature);

42
src/JacobKiers/OAuth/Server.php
View File

@ -77,7 +77,7 @@ class Server
* *
* Returns the request token on success * Returns the request token on success
* *
* @param JacobKiers\OAuth\Request $request * @param JacobKiers\OAuth\RequestInterface $request
* *
* @return JacobKiers\OAuth\Token * @return JacobKiers\OAuth\Token
*/ */
@ -93,7 +93,7 @@ class Server
$this->checkSignature($request, $client, $token); $this->checkSignature($request, $client, $token);
// Rev A change // Rev A change
$callback = $request->getParameter('oauth_callback'); $callback = $request->getOAuthCallback();
return $this->data_store->newRequestToken($client, $callback); return $this->data_store->newRequestToken($client, $callback);
} }
@ -103,7 +103,7 @@ class Server
* *
* Returns the access token on success. * Returns the access token on success.
* *
* @param JacobKiers\OAuth\Request $request * @param JacobKiers\OAuth\RequestInterface $request
* *
* @return JacobKiers\OAuth\Token * @return JacobKiers\OAuth\Token
*/ */
@ -119,7 +119,7 @@ class Server
$this->checkSignature($request, $client, $token); $this->checkSignature($request, $client, $token);
// Rev A change // Rev A change
$verifier = $request->getParameter('oauth_verifier'); $verifier = $request->getOAuthVerifier();
return $this->data_store->newAccessToken($token, $client, $verifier); return $this->data_store->newAccessToken($token, $client, $verifier);
} }
@ -127,7 +127,7 @@ class Server
/** /**
* Verify an api call, checks all the parameters. * Verify an api call, checks all the parameters.
* *
* @param JacobKiers\OAuth\Request $request * @param JacobKiers\OAuth\RequestInterface $request
* *
* @return array Client and Token * @return array Client and Token
*/ */
@ -145,7 +145,7 @@ class Server
/** /**
* Check that version is 1.0. * Check that version is 1.0.
* *
* @param JacobKiers\OAuth\Request $request * @param JacobKiers\OAuth\RequestInterface $request
* *
* @return string * @return string
* *
@ -153,7 +153,7 @@ class Server
*/ */
private function getVersion(Request &$request) private function getVersion(Request &$request)
{ {
$version = $request->getParameter('oauth_version'); $version = $request->getOAuthVersion();
if (!$version) { if (!$version) {
// Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present. // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
// Chapter 7.0 ("Accessing Protected Ressources") // Chapter 7.0 ("Accessing Protected Ressources")
@ -168,15 +168,15 @@ class Server
/** /**
* Get the signature method name, and if it is supported. * Get the signature method name, and if it is supported.
* *
* @param JacobKiers\OAuth\Request $request * @param JacobKiers\OAuth\RequestInterface $request
* *
* @return string Signature method name. * @return string Signature method name.
* *
* @throws JacobKiers\OAuth\OAuthException * @throws JacobKiers\OAuth\OAuthException
*/ */
private function getSignatureMethod(Request $request) private function getSignatureMethod(RequestInterface $request)
{ {
$signature_method = $request instanceof Request ? $request->getParameter('oauth_signature_method') : null; $signature_method = $request instanceof Request ? $request->getOAuthSignatureMethod() : null;
if (!$signature_method) { if (!$signature_method) {
// According to chapter 7 ("Accessing Protected Resources") the signature-method // According to chapter 7 ("Accessing Protected Resources") the signature-method
@ -196,15 +196,15 @@ class Server
/** /**
* Try to find the client for the provided request's client key. * Try to find the client for the provided request's client key.
* *
* @param JacobKiers\OAuth\Request $request * @param JacobKiers\OAuth\RequestInterface $request
* *
* @return JacobKiers\OAuth\Client * @return JacobKiers\OAuth\Client
* *
* @throws JacobKiers\OAuth\OAuthException * @throws JacobKiers\OAuth\OAuthException
*/ */
private function getClient(Request $request) private function getClient(RequestInterface $request)
{ {
$client_key = $request instanceof Request ? $request->getParameter('oauth_consumer_key') : null; $client_key = $request instanceof Request ? $request->getOAuthConsumerKey() : null;
if (!$client_key) { if (!$client_key) {
throw new OAuthException('Invalid client key'); throw new OAuthException('Invalid client key');
@ -221,7 +221,7 @@ class Server
/** /**
* Try to find the token for the provided request's token key. * Try to find the token for the provided request's token key.
* *
* @param JacobKiers\OAuth\Request $request * @param JacobKiers\OAuth\RequestInterface $request
* @param JacobKiers\OAuth\Client $client * @param JacobKiers\OAuth\Client $client
* @param string $token_type * @param string $token_type
* *
@ -229,9 +229,9 @@ class Server
* *
* @throws JacobKiers\OAuth\OAuthException * @throws JacobKiers\OAuth\OAuthException
*/ */
private function getToken(Request $request, Client $client, $token_type = 'access') private function getToken(RequestInterface $request, Client $client, $token_type = 'access')
{ {
$token_field = $request instanceof Request ? $request->getParameter('oauth_token') : null; $token_field = $request instanceof Request ? $request->getOAuthToken() : null;
$token = $this->data_store->lookupToken($client, $token_type, $token_field); $token = $this->data_store->lookupToken($client, $token_type, $token_field);
if (!$token) { if (!$token) {
@ -245,24 +245,24 @@ class Server
* *
* Should determine the signature method appropriately * Should determine the signature method appropriately
* *
* @param JacobKiers\OAuth\Request $request * @param JacobKiers\OAuth\RequestInterface $request
* @param JacobKiers\OAuth\Client $client * @param JacobKiers\OAuth\Client $client
* @param JacobKiers\OAuth\Token $token * @param JacobKiers\OAuth\Token $token
* *
* @throws JacobKiers\OAuth\OAuthException * @throws JacobKiers\OAuth\OAuthException
*/ */
private function checkSignature(Request $request, Client $client, Token $token) private function checkSignature(RequestInterface $request, Client $client, Token $token)
{ {
// this should probably be in a different method // this should probably be in a different method
$timestamp = $request instanceof Request ? $request->getParameter('oauth_timestamp') : null; $timestamp = $request instanceof Request ? $request->getOAuthTimestamp() : null;
$nonce = $request instanceof Request ? $request->getParameter('oauth_nonce') : null; $nonce = $request instanceof Request ? $request->getOAuthNonce() : null;
$this->checkTimestamp($timestamp); $this->checkTimestamp($timestamp);
$this->checkNonce($client, $token, $nonce, $timestamp); $this->checkNonce($client, $token, $nonce, $timestamp);
$signature_method = $this->getSignatureMethod($request); $signature_method = $this->getSignatureMethod($request);
$signature = $request->getParameter('oauth_signature'); $signature = $request->getOAuthSignature();
$valid_sig = $signature_method->checkSignature($request, $client, $token, $signature); $valid_sig = $signature_method->checkSignature($request, $client, $token, $signature);
if (!$valid_sig) { if (!$valid_sig) {

2
tests/HmacSha1Test.php
View File

@ -57,7 +57,7 @@ class HmacSha1Test extends PHPUnit_Framework_TestCase
private function getRequest() private function getRequest()
{ {
return m::mock('JacobKiers\OAuth\Request', function ($mock) { return m::mock('JacobKiers\OAuth\Request', function ($mock) {
$mock->shouldReceive('getSignatureBaseString') $mock->shouldReceive('getOAuthSignatureBaseString')
->withNoArgs() ->withNoArgs()
->andReturn('POST&http%3A%2F%2Fexample.com%2Ffoobar&oauth_signature_method%3DHMAC-SHA1')->once(); ->andReturn('POST&http%3A%2F%2Fexample.com%2Ffoobar&oauth_signature_method%3DHMAC-SHA1')->once();
}); });