do not error out on basic auth
[grauphel.git] / lib / oauth.php
index 41af349..b7239ba 100644 (file)
@@ -158,38 +158,63 @@ class OAuth
      */
     public static function getProvider()
     {
+        $params = array();
         //$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION'];
-        //unset($_SERVER['HTTP_AUTHORIZATION']);
-        if ((isset($_SERVER['HTTP_AUTHORIZATION'])
-                && strtolower(substr($_SERVER['HTTP_AUTHORIZATION'], 0, 5)) != 'oauth')
-            || (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
-                && strtolower(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 0, 5)) != 'oauth')
+
+        if (isset($_SERVER['HTTP_AUTHORIZATION'])
+            && strtolower(substr($_SERVER['HTTP_AUTHORIZATION'], 0, 6)) != 'oauth '
         ) {
             //work around bug https://bugs.php.net/bug.php?id=68168
-            //#68168: HTTP Basic auth reported as "signature_method_rejected"
-            throw new \OAuthException(
-                'No oauth auth header', OAUTH_PARAMETER_ABSENT
-            );
+            //#68168: HTTP Basic auth and empty auth header reported
+            //        as "signature_method_rejected"
+            $params['oauth_signature_method'] = OAUTH_SIG_METHOD_PLAINTEXT;
         }
 
-        $params = array();
         if (!isset($_SERVER['HTTP_AUTHORIZATION'])
             && isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
         ) {
             //FastCgi puts the headers in REDIRECT_HTTP_AUTHORIZATION,
             // but the oauth extension does not read that.
             // we have to parse the parameters manually
-            $regex = "/(oauth_[a-z_-]*)=(?:\"([^\"]*)\"|([^,]*))/";
-            preg_match_all(
-                $regex, $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches
+            $params = static::parseOAuthHeader(
+                $_SERVER['REDIRECT_HTTP_AUTHORIZATION']
             );
+        }
 
-            foreach ($matches[1] as $key => $paramName) {
-                $params[$paramName] = urldecode($matches[2][$key]);
-            }
+        //work around https://github.com/tomboy-notes/tomboy.osx/issues/39
+        //,oauth_signature="anyone%2526",oauth_signature_method="PLAINTEXT",
+        if (isset($_SERVER['HTTP_AUTHORIZATION'])
+            && strpos($_SERVER['HTTP_AUTHORIZATION'], '"anyone%2526"') !== false
+        ) {
+            $params = static::parseOAuthHeader($_SERVER['HTTP_AUTHORIZATION']);
+        }
+        if (isset($params['oauth_signature'])
+            && $params['oauth_signature'] == 'anyone%26'
+        ) {
+            //second if to catch the REDIRECT values
+            $params['oauth_signature']  ='anyone&';
         }
 
         return new \OAuthProvider($params);
     }
+
+    /**
+     * Parse an OAuth HTTP header into an array
+     *
+     * @param string $headerValue HTTP header value (after "Authorization:")
+     *
+     * @return array Array of parameters
+     */
+    protected static function parseOAuthHeader($headerValue)
+    {
+        $regex = "/(oauth_[a-z_-]*)=(?:\"([^\"]*)\"|([^,]*))/";
+        preg_match_all($regex, $headerValue, $matches);
+
+        $params = array();
+        foreach ($matches[1] as $key => $paramName) {
+            $params[$paramName] = urldecode($matches[2][$key]);
+        }
+        return $params;
+    }
 }
 ?>