return OAUTH_PARAMETER_ABSENT;
}
- $token = $this->tokens->load('access', $provider->token);
+ try {
+ $token = $this->tokens->load('access', $provider->token);
+ } catch (OAuthException $e) {
+ if ($e->getCode() == OAUTH_TOKEN_REJECTED) {
+ return OAUTH_TOKEN_REJECTED;
+ }
+ throw $e;
+ }
+
+ if (time() - $token->lastuse > 60) {
+ //time to update lastuse after at least a minute
+ $this->tokens->updateLastUse($token->tokenKey);
+ }
+
$provider->token_secret = $token->secret;
return OAUTH_OK;
}
/**
* Get a new oauth provider instance.
* Used to work around the fastcgi bug in oauthprovider.
- *
+ *
* @return \OAuthProvider
*/
public static function getProvider()
{
//$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION'];
//unset($_SERVER['HTTP_AUTHORIZATION']);
+ if ((isset($_SERVER['HTTP_AUTHORIZATION'])
+ && strtolower(substr($_SERVER['HTTP_AUTHORIZATION'], 0, 5)) != 'oauth')
+ || (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
+ && strtolower(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 0, 5)) != 'oauth')
+ ) {
+ //work around bug https://bugs.php.net/bug.php?id=68168
+ //#68168: HTTP Basic auth reported as "signature_method_rejected"
+ throw new \OAuthException(
+ 'No oauth auth header', OAUTH_PARAMETER_ABSENT
+ );
+ }
$params = array();
if (!isset($_SERVER['HTTP_AUTHORIZATION'])