Reformat library/OAuth1
- Add type hints to Network\FKOAuthDataStore
This commit is contained in:
parent
010a7b7576
commit
17838366a0
2 changed files with 873 additions and 782 deletions
|
@ -3,15 +3,20 @@
|
|||
|
||||
/* Generic exception class
|
||||
*/
|
||||
|
||||
use Friendica\Network\FKOAuthDataStore;
|
||||
|
||||
if (!class_exists('OAuthException', false)) {
|
||||
class OAuthException extends Exception
|
||||
{ }
|
||||
{
|
||||
}
|
||||
}
|
||||
|
||||
class OAuthConsumer
|
||||
{
|
||||
public $key;
|
||||
public $secret;
|
||||
public $callback_url;
|
||||
|
||||
function __construct($key, $secret, $callback_url = NULL)
|
||||
{
|
||||
|
@ -39,6 +44,9 @@ class OAuthToken
|
|||
/**
|
||||
* key = the token
|
||||
* secret = the token secret
|
||||
*
|
||||
* @param $key
|
||||
* @param $secret
|
||||
*/
|
||||
function __construct($key, $secret)
|
||||
{
|
||||
|
@ -72,6 +80,7 @@ abstract class OAuthSignatureMethod
|
|||
{
|
||||
/**
|
||||
* Needs to return the name of the Signature Method (ie HMAC-SHA1)
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
abstract public function get_name();
|
||||
|
@ -81,15 +90,17 @@ abstract class OAuthSignatureMethod
|
|||
* NOTE: The output of this function MUST NOT be urlencoded.
|
||||
* the encoding is handled in OAuthRequest when the final
|
||||
* request is serialized
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param OAuthToken $token
|
||||
* @return string
|
||||
*/
|
||||
abstract public function build_signature($request, $consumer, $token);
|
||||
abstract public function build_signature(OAuthRequest $request, OAuthConsumer $consumer, OAuthToken $token);
|
||||
|
||||
/**
|
||||
* Verifies that a given signature is correct
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param OAuthToken $token
|
||||
|
@ -117,7 +128,13 @@ class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod
|
|||
return "HMAC-SHA1";
|
||||
}
|
||||
|
||||
public function build_signature($request, $consumer, $token)
|
||||
/**
|
||||
* @param OAuthRequest $request
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param OAuthToken $token
|
||||
* @return string
|
||||
*/
|
||||
public function build_signature(OAuthRequest $request, OAuthConsumer $consumer, OAuthToken $token)
|
||||
{
|
||||
$base_string = $request->get_signature_base_string();
|
||||
$request->base_string = $base_string;
|
||||
|
@ -156,8 +173,13 @@ class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod
|
|||
*
|
||||
* Please note that the second encoding MUST NOT happen in the SignatureMethod, as
|
||||
* OAuthRequest handles this!
|
||||
*
|
||||
* @param $request
|
||||
* @param $consumer
|
||||
* @param $token
|
||||
* @return string
|
||||
*/
|
||||
public function build_signature($request, $consumer, $token)
|
||||
public function build_signature(OAuthRequest $request, OAuthConsumer $consumer, OAuthToken $token)
|
||||
{
|
||||
$key_parts = array(
|
||||
$consumer->secret,
|
||||
|
@ -201,7 +223,7 @@ abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod
|
|||
// Either way should return a string representation of the certificate
|
||||
protected abstract function fetch_private_cert(&$request);
|
||||
|
||||
public function build_signature($request, $consumer, $token)
|
||||
public function build_signature(OAuthRequest $request, OAuthConsumer $consumer, OAuthToken $token)
|
||||
{
|
||||
$base_string = $request->get_signature_base_string();
|
||||
$request->base_string = $base_string;
|
||||
|
@ -213,7 +235,7 @@ abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod
|
|||
$privatekeyid = openssl_get_privatekey($cert);
|
||||
|
||||
// Sign using the key
|
||||
$ok = openssl_sign($base_string, $signature, $privatekeyid);
|
||||
openssl_sign($base_string, $signature, $privatekeyid);
|
||||
|
||||
// Release the key resource
|
||||
openssl_free_key($privatekeyid);
|
||||
|
@ -265,6 +287,11 @@ class OAuthRequest
|
|||
|
||||
/**
|
||||
* attempt to build up a request from what was passed to the server
|
||||
*
|
||||
* @param string|null $http_method
|
||||
* @param string|null $http_url
|
||||
* @param string|null $parameters
|
||||
* @return OAuthRequest
|
||||
*/
|
||||
public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
|
||||
{
|
||||
|
@ -323,8 +350,15 @@ class OAuthRequest
|
|||
|
||||
/**
|
||||
* pretty much a helper function to set up the request
|
||||
*
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param OAuthToken $token
|
||||
* @param string $http_method
|
||||
* @param string $http_url
|
||||
* @param array|null $parameters
|
||||
* @return OAuthRequest
|
||||
*/
|
||||
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = NULL)
|
||||
public static function from_consumer_and_token(OAuthConsumer $consumer, OAuthToken $token, $http_method, $http_url, array $parameters = NULL)
|
||||
{
|
||||
@$parameters or $parameters = array();
|
||||
$defaults = array(
|
||||
|
@ -374,6 +408,7 @@ class OAuthRequest
|
|||
|
||||
/**
|
||||
* The request parameters, sorted and concatenated into a normalized string.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function get_signable_parameters()
|
||||
|
@ -456,8 +491,11 @@ class OAuthRequest
|
|||
|
||||
/**
|
||||
* builds the data one would send in a POST request
|
||||
*
|
||||
* @param bool $raw
|
||||
* @return array|string
|
||||
*/
|
||||
public function to_postdata($raw = false)
|
||||
public function to_postdata(bool $raw = false)
|
||||
{
|
||||
if ($raw)
|
||||
return $this->parameters;
|
||||
|
@ -467,6 +505,10 @@ class OAuthRequest
|
|||
|
||||
/**
|
||||
* builds the Authorization: header
|
||||
*
|
||||
* @param string|null $realm
|
||||
* @return string
|
||||
* @throws OAuthException
|
||||
*/
|
||||
public function to_header($realm = null)
|
||||
{
|
||||
|
@ -498,7 +540,7 @@ class OAuthRequest
|
|||
}
|
||||
|
||||
|
||||
public function sign_request($signature_method, $consumer, $token)
|
||||
public function sign_request(OAuthSignatureMethod $signature_method, $consumer, $token)
|
||||
{
|
||||
$this->set_parameter(
|
||||
"oauth_signature_method",
|
||||
|
@ -509,7 +551,7 @@ class OAuthRequest
|
|||
$this->set_parameter("oauth_signature", $signature, false);
|
||||
}
|
||||
|
||||
public function build_signature($signature_method, $consumer, $token)
|
||||
public function build_signature(OAuthSignatureMethod $signature_method, $consumer, $token)
|
||||
{
|
||||
$signature = $signature_method->build_signature($this, $consumer, $token);
|
||||
return $signature;
|
||||
|
@ -536,16 +578,18 @@ class OAuthServer
|
|||
{
|
||||
protected $timestamp_threshold = 300; // in seconds, five minutes
|
||||
protected $version = '1.0'; // hi blaine
|
||||
/** @var OAuthSignatureMethod[] */
|
||||
protected $signature_methods = array();
|
||||
|
||||
/** @var FKOAuthDataStore */
|
||||
protected $data_store;
|
||||
|
||||
function __construct($data_store)
|
||||
function __construct(FKOAuthDataStore $data_store)
|
||||
{
|
||||
$this->data_store = $data_store;
|
||||
}
|
||||
|
||||
public function add_signature_method($signature_method)
|
||||
public function add_signature_method(OAuthSignatureMethod $signature_method)
|
||||
{
|
||||
$this->signature_methods[$signature_method->get_name()] =
|
||||
$signature_method;
|
||||
|
@ -556,8 +600,12 @@ class OAuthServer
|
|||
/**
|
||||
* process a request_token request
|
||||
* returns the request token on success
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @return OAuthToken|null
|
||||
* @throws OAuthException
|
||||
*/
|
||||
public function fetch_request_token(&$request)
|
||||
public function fetch_request_token(OAuthRequest $request)
|
||||
{
|
||||
$this->get_version($request);
|
||||
|
||||
|
@ -578,8 +626,12 @@ class OAuthServer
|
|||
/**
|
||||
* process an access_token request
|
||||
* returns the access token on success
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @return object
|
||||
* @throws OAuthException
|
||||
*/
|
||||
public function fetch_access_token(&$request)
|
||||
public function fetch_access_token(OAuthRequest $request)
|
||||
{
|
||||
$this->get_version($request);
|
||||
|
||||
|
@ -599,8 +651,12 @@ class OAuthServer
|
|||
|
||||
/**
|
||||
* verify an api call, checks all the parameters
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @return array
|
||||
* @throws OAuthException
|
||||
*/
|
||||
public function verify_request(&$request)
|
||||
public function verify_request(OAuthRequest $request)
|
||||
{
|
||||
$this->get_version($request);
|
||||
$consumer = $this->get_consumer($request);
|
||||
|
@ -610,10 +666,15 @@ class OAuthServer
|
|||
}
|
||||
|
||||
// Internals from here
|
||||
|
||||
/**
|
||||
* version 1
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @return string
|
||||
* @throws OAuthException
|
||||
*/
|
||||
private function get_version(&$request)
|
||||
private function get_version(OAuthRequest $request)
|
||||
{
|
||||
$version = $request->get_parameter("oauth_version");
|
||||
if (!$version) {
|
||||
|
@ -629,8 +690,12 @@ class OAuthServer
|
|||
|
||||
/**
|
||||
* figure out the signature with some defaults
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @return OAuthSignatureMethod
|
||||
* @throws OAuthException
|
||||
*/
|
||||
private function get_signature_method(&$request)
|
||||
private function get_signature_method(OAuthRequest $request)
|
||||
{
|
||||
$signature_method =
|
||||
@$request->get_parameter("oauth_signature_method");
|
||||
|
@ -656,8 +721,12 @@ class OAuthServer
|
|||
|
||||
/**
|
||||
* try to find the consumer for the provided request's consumer key
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @return OAuthConsumer
|
||||
* @throws OAuthException
|
||||
*/
|
||||
private function get_consumer(&$request)
|
||||
private function get_consumer(OAuthRequest $request)
|
||||
{
|
||||
$consumer_key = @$request->get_parameter("oauth_consumer_key");
|
||||
if (!$consumer_key) {
|
||||
|
@ -674,8 +743,14 @@ class OAuthServer
|
|||
|
||||
/**
|
||||
* try to find the token for the provided request's token key
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @param $consumer
|
||||
* @param string $token_type
|
||||
* @return OAuthToken|null
|
||||
* @throws OAuthException
|
||||
*/
|
||||
private function get_token(&$request, $consumer, $token_type = "access")
|
||||
private function get_token(OAuthRequest &$request, $consumer, $token_type = "access")
|
||||
{
|
||||
$token_field = @$request->get_parameter('oauth_token');
|
||||
$token = $this->data_store->lookup_token(
|
||||
|
@ -692,8 +767,13 @@ class OAuthServer
|
|||
/**
|
||||
* all-in-one function to check the signature on a request
|
||||
* should guess the signature method appropriately
|
||||
*
|
||||
* @param OAuthRequest $request
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param OAuthToken|null $token
|
||||
* @throws OAuthException
|
||||
*/
|
||||
private function check_signature(&$request, $consumer, $token)
|
||||
private function check_signature(OAuthRequest $request, OAuthConsumer $consumer, OAuthToken $token = null)
|
||||
{
|
||||
// this should probably be in a different method
|
||||
$timestamp = @$request->get_parameter('oauth_timestamp');
|
||||
|
@ -720,6 +800,9 @@ class OAuthServer
|
|||
|
||||
/**
|
||||
* check that the timestamp is new enough
|
||||
*
|
||||
* @param int $timestamp
|
||||
* @throws OAuthException
|
||||
*/
|
||||
private function check_timestamp($timestamp)
|
||||
{
|
||||
|
@ -739,8 +822,14 @@ class OAuthServer
|
|||
|
||||
/**
|
||||
* check that the nonce is not repeated
|
||||
*
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param OAuthToken $token
|
||||
* @param string $nonce
|
||||
* @param int $timestamp
|
||||
* @throws OAuthException
|
||||
*/
|
||||
private function check_nonce($consumer, $token, $nonce, $timestamp)
|
||||
private function check_nonce(OAuthConsumer $consumer, OAuthToken $token, $nonce, int $timestamp)
|
||||
{
|
||||
if (!$nonce)
|
||||
throw new OAuthException(
|
||||
|
@ -767,22 +856,22 @@ class OAuthDataStore
|
|||
// implement me
|
||||
}
|
||||
|
||||
function lookup_token($consumer, $token_type, $token)
|
||||
function lookup_token(OAuthConsumer $consumer, $token_type, $token_id)
|
||||
{
|
||||
// implement me
|
||||
}
|
||||
|
||||
function lookup_nonce($consumer, $token, $nonce, $timestamp)
|
||||
function lookup_nonce(OAuthConsumer $consumer, OAuthToken $token, $nonce, int $timestamp)
|
||||
{
|
||||
// implement me
|
||||
}
|
||||
|
||||
function new_request_token($consumer, $callback = null)
|
||||
function new_request_token(OAuthConsumer $consumer, $callback = null)
|
||||
{
|
||||
// return a new token attached to this consumer
|
||||
}
|
||||
|
||||
function new_access_token($token, $consumer, $verifier = null)
|
||||
function new_access_token(OAuthToken $token, OAuthConsumer $consumer, $verifier = null)
|
||||
{
|
||||
// return a new access token attached to this consumer
|
||||
// for the user associated with this token if the request token
|
||||
|
|
|
@ -12,6 +12,7 @@ namespace Friendica\Network;
|
|||
use Friendica\Core\Config;
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\Util\Strings;
|
||||
use OAuthConsumer;
|
||||
use OAuthDataStore;
|
||||
use OAuthToken;
|
||||
|
@ -26,15 +27,16 @@ class FKOAuthDataStore extends OAuthDataStore
|
|||
{
|
||||
/**
|
||||
* @return string
|
||||
* @throws \Exception
|
||||
*/
|
||||
private static function genToken()
|
||||
{
|
||||
return Friendica\Util\Strings::getRandomHex(32);
|
||||
return Strings::getRandomHex(32);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $consumer_key key
|
||||
* @return mixed
|
||||
* @return OAuthConsumer|null
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function lookup_consumer($consumer_key)
|
||||
|
@ -52,17 +54,17 @@ class FKOAuthDataStore extends OAuthDataStore
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $consumer consumer
|
||||
* @param string $token_type type
|
||||
* @param string $token token
|
||||
* @return mixed
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param string $token_type
|
||||
* @param string $token_id
|
||||
* @return OAuthToken|null
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function lookup_token($consumer, $token_type, $token)
|
||||
public function lookup_token(OAuthConsumer $consumer, $token_type, $token_id)
|
||||
{
|
||||
Logger::log(__function__ . ":" . $consumer . ", " . $token_type . ", " . $token);
|
||||
Logger::log(__function__ . ":" . $consumer . ", " . $token_type . ", " . $token_id);
|
||||
|
||||
$s = DBA::select('tokens', ['id', 'secret', 'scope', 'expires', 'uid'], ['client_id' => $consumer->key, 'scope' => $token_type, 'id' => $token]);
|
||||
$s = DBA::select('tokens', ['id', 'secret', 'scope', 'expires', 'uid'], ['client_id' => $consumer->key, 'scope' => $token_type, 'id' => $token_id]);
|
||||
$r = DBA::toArray($s);
|
||||
|
||||
if (DBA::isResult($r)) {
|
||||
|
@ -77,14 +79,14 @@ class FKOAuthDataStore extends OAuthDataStore
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $consumer consumer
|
||||
* @param string $token token
|
||||
* @param string $nonce nonce
|
||||
* @param string $timestamp timestamp
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param OAuthToken $token
|
||||
* @param string $nonce
|
||||
* @param int $timestamp
|
||||
* @return mixed
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function lookup_nonce($consumer, $token, $nonce, $timestamp)
|
||||
public function lookup_nonce(OAuthConsumer $consumer, OAuthToken $token, $nonce, int $timestamp)
|
||||
{
|
||||
$token = DBA::selectFirst('tokens', ['id', 'secret'], ['client_id' => $consumer->key, 'id' => $nonce, 'expires' => $timestamp]);
|
||||
if (DBA::isResult($token)) {
|
||||
|
@ -95,12 +97,12 @@ class FKOAuthDataStore extends OAuthDataStore
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $consumer consumer
|
||||
* @param string $callback optional, default null
|
||||
* @return mixed
|
||||
* @param OAuthConsumer $consumer
|
||||
* @param string $callback
|
||||
* @return OAuthToken|null
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function new_request_token($consumer, $callback = null)
|
||||
public function new_request_token(OAuthConsumer $consumer, $callback = null)
|
||||
{
|
||||
Logger::log(__function__ . ":" . $consumer . ", " . $callback);
|
||||
$key = self::genToken();
|
||||
|
@ -131,13 +133,13 @@ class FKOAuthDataStore extends OAuthDataStore
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $token token
|
||||
* @param string $consumer consumer
|
||||
* @param OAuthToken $token token
|
||||
* @param OAuthConsumer $consumer consumer
|
||||
* @param string $verifier optional, defult null
|
||||
* @return object
|
||||
* @throws HTTPException\InternalServerErrorException
|
||||
* @return OAuthToken
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function new_access_token($token, $consumer, $verifier = null)
|
||||
public function new_access_token(OAuthToken $token, OAuthConsumer $consumer, $verifier = null)
|
||||
{
|
||||
Logger::log(__function__ . ":" . $token . ", " . $consumer . ", " . $verifier);
|
||||
|
||||
|
|
Loading…
Reference in a new issue