support query splitting and quoting and search content and tags

[grauphel.git] / lib / oauth.php

diff --git a/lib/oauth.php b/lib/oauth.php
index 6900c20305e0fba6ca68d8bd79886c91d0b6cfc6..4a652fc507a462d4606f0213c04f28a64bc0c3d0 100644 (file)
--- a/lib/oauth.php
+++ b/lib/oauth.php
@@ -103,7 +103,20 @@ class OAuth
             return OAUTH_PARAMETER_ABSENT;
         }
 
             return OAUTH_PARAMETER_ABSENT;
         }
 

-        $token = $this->tokens->load('access', $provider->token);
+        try {
+            $token = $this->tokens->load('access', $provider->token);
+        } catch (OAuthException $e) {
+            if ($e->getCode() == OAUTH_TOKEN_REJECTED) {
+                return OAUTH_TOKEN_REJECTED;
+            }
+            throw $e;
+        }
+
+        if (time() - $token->lastuse > 60) {
+            //time to update lastuse after at least a minute
+            $this->tokens->updateLastUse($token->tokenKey);
+        }
+

         $provider->token_secret = $token->secret;
         return OAUTH_OK;
     }
         $provider->token_secret = $token->secret;
         return OAUTH_OK;
     }


@@ -140,15 +153,23 @@ class OAuth
     /**
      * Get a new oauth provider instance.
      * Used to work around the fastcgi bug in oauthprovider.
     /**
      * Get a new oauth provider instance.
      * Used to work around the fastcgi bug in oauthprovider.

-     * 
+     *

      * @return \OAuthProvider
      */
     public static function getProvider()
     {
      * @return \OAuthProvider
      */
     public static function getProvider()
     {

+        $params = array();

         //$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION'];
         //$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION'];

-        //unset($_SERVER['HTTP_AUTHORIZATION']);

 
 

-        $params = array();
+        if (isset($_SERVER['HTTP_AUTHORIZATION'])
+            && $_SERVER['HTTP_AUTHORIZATION'] == ''
+        ) {
+            //work around bug https://bugs.php.net/bug.php?id=68168
+            //#68168: HTTP Basic auth and empty auth header reported
+            //        as "signature_method_rejected"
+            $params['oauth_signature_method'] = OAUTH_SIG_METHOD_PLAINTEXT;
+        }
+

         if (!isset($_SERVER['HTTP_AUTHORIZATION'])
             && isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
         ) {
         if (!isset($_SERVER['HTTP_AUTHORIZATION'])
             && isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
         ) {