Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

195 lines
5.2 KiB

  1. <?php
  2. /**
  3. * OAuth server
  4. * Based on oauth2-php <http://code.google.com/p/oauth2-php/>
  5. *
  6. */
  7. define('TOKEN_DURATION', 300);
  8. require_once("library/OAuth1.php");
  9. require_once("library/oauth2-php/lib/OAuth2.inc");
  10. class FKOAuthDataStore extends OAuthDataStore {
  11. function gen_token(){
  12. return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
  13. }
  14. function lookup_consumer($consumer_key) {
  15. //echo "<pre>"; var_dump($consumer_key); killme();
  16. $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
  17. dbesc($consumer_key)
  18. );
  19. if (count($r))
  20. return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
  21. return null;
  22. }
  23. function lookup_token($consumer, $token_type, $token) {
  24. //echo __file__.":".__line__."<pre>"; var_dump($consumer, $token_type, $token); killme();
  25. $r = q("SELECT id, secret,scope, expires FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
  26. dbesc($consumer->key),
  27. dbesc($token_type),
  28. dbesc($token)
  29. );
  30. if (count($r)){
  31. $ot=new OAuthToken($r[0]['id'],$r[0]['secret']);
  32. $ot->scope=$r[0]['scope'];
  33. $ot->expires = $r[0]['expires'];
  34. return $ot;
  35. }
  36. return null;
  37. }
  38. function lookup_nonce($consumer, $token, $nonce, $timestamp) {
  39. //echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
  40. $r = q("SELECT id, secret FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
  41. dbesc($consumer->key),
  42. dbesc($nonce),
  43. intval($timestamp)
  44. );
  45. if (count($r))
  46. return new OAuthToken($r[0]['id'],$r[0]['secret']);
  47. return null;
  48. }
  49. function new_request_token($consumer, $callback = null) {
  50. $key = $this->gen_token();
  51. $sec = $this->gen_token();
  52. $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
  53. dbesc($key),
  54. dbesc($sec),
  55. dbesc($consumer->key),
  56. 'request',
  57. intval(TOKEN_DURATION));
  58. if (!$r) return null;
  59. return new OAuthToken($key,$sec);
  60. }
  61. function new_access_token($token, $consumer, $verifier = null) {
  62. // return a new access token attached to this consumer
  63. // for the user associated with this token if the request token
  64. // is authorized
  65. // should also invalidate the request token
  66. $ret=Null;
  67. if (!is_null($token) && $token->expires > time()){
  68. $key = $this->gen_token();
  69. $sec = $this->gen_token();
  70. $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
  71. dbesc($key),
  72. dbesc($sec),
  73. dbesc($consumer->$key),
  74. 'access',
  75. intval(TOKEN_DURATION));
  76. if ($r)
  77. $ret = new OAuthToken($key,$sec);
  78. }
  79. q("DELETE FROM tokens WHERE id='%s'", $token->key);
  80. return $ret;
  81. }
  82. }
  83. class FKOAuth1 extends OAuthServer {
  84. function __construct() {
  85. parent::__construct(new FKOAuthDataStore());
  86. $this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
  87. $this->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1());
  88. }
  89. }
  90. class FKOAuth2 extends OAuth2 {
  91. private function db_secret($client_secret){
  92. return hash('whirlpool',$client_secret);
  93. }
  94. public function addClient($client_id, $client_secret, $redirect_uri) {
  95. $client_secret = $this->db_secret($client_secret);
  96. $r = q("INSERT INTO clients (client_id, pw, redirect_uri) VALUES ('%s', '%s', '%s')",
  97. dbesc($client_id),
  98. dbesc($client_secret),
  99. dbesc($redirect_uri)
  100. );
  101. return $r;
  102. }
  103. protected function checkClientCredentials($client_id, $client_secret = NULL) {
  104. $client_secret = $this->db_secret($client_secret);
  105. $r = q("SELECT pw FROM clients WHERE client_id = '%s'",
  106. dbesc($client_id));
  107. if ($client_secret === NULL)
  108. return $result !== FALSE;
  109. return $result["client_secret"] == $client_secret;
  110. }
  111. protected function getRedirectUri($client_id) {
  112. $r = q("SELECT redirect_uri FROM clients WHERE client_id = '%s'",
  113. dbesc($client_id));
  114. if ($r === FALSE)
  115. return FALSE;
  116. return isset($r[0]["redirect_uri"]) && $r[0]["redirect_uri"] ? $r[0]["redirect_uri"] : NULL;
  117. }
  118. protected function getAccessToken($oauth_token) {
  119. $r = q("SELECT client_id, expires, scope FROM tokens WHERE id = '%s'",
  120. dbesc($oauth_token));
  121. if (count($r))
  122. return $r[0];
  123. return null;
  124. }
  125. protected function setAccessToken($oauth_token, $client_id, $expires, $scope = NULL) {
  126. $r = q("INSERT INTO tokens (id, client_id, expires, scope) VALUES ('%s', '%s', %d, '%s')",
  127. dbesc($oauth_token),
  128. dbesc($client_id),
  129. intval($expires),
  130. dbesc($scope));
  131. return $r;
  132. }
  133. protected function getSupportedGrantTypes() {
  134. return array(
  135. OAUTH2_GRANT_TYPE_AUTH_CODE,
  136. );
  137. }
  138. protected function getAuthCode($code) {
  139. $r = q("SELECT id, client_id, redirect_uri, expires, scope FROM auth_codes WHERE id = '%s'",
  140. dbesc($code));
  141. if (count($r))
  142. return $r[0];
  143. return null;
  144. }
  145. protected function setAuthCode($code, $client_id, $redirect_uri, $expires, $scope = NULL) {
  146. $r = q("INSERT INTO auth_codes
  147. (id, client_id, redirect_uri, expires, scope) VALUES
  148. ('%s', '%s', '%s', %d, '%s')",
  149. dbesc($code),
  150. dbesc($client_id),
  151. dbesc($redirect_uri),
  152. intval($expires),
  153. dbesc($scope));
  154. return $r;
  155. }
  156. }