X-Git-Url: https://git.cweiske.de/grauphel.git/blobdiff_plain/92938f0e591286b67a752af441e55626155af524..09ec1e7a9bc65820b216e8f337d7f88f29f746a1:/lib/oauth.php

diff --git a/lib/oauth.php b/lib/oauth.php
index e2eb651..3cd695c 100644
--- a/lib/oauth.php
+++ b/lib/oauth.php
@@ -98,7 +98,25 @@ class OAuth
 
     public function accessTokenHandler(\OAuthProvider $provider)
     {
-        $token = $this->tokens->load('access', $provider->token);
+        if ($provider->token == '') {
+            //conboy sends empty token when not authed yet
+            return OAUTH_PARAMETER_ABSENT;
+        }
+
+        try {
+            $token = $this->tokens->load('access', $provider->token);
+        } catch (OAuthException $e) {
+            if ($e->getCode() == OAUTH_TOKEN_REJECTED) {
+                return OAUTH_TOKEN_REJECTED;
+            }
+            throw $e;
+        }
+
+        if (time() - $token->lastuse > 60) {
+            //time to update lastuse after at least a minute
+            $this->tokens->updateLastUse($token->tokenKey);
+        }
+
         $provider->token_secret = $token->secret;
         return OAUTH_OK;
     }
@@ -135,12 +153,68 @@ class OAuth
     /**
      * Get a new oauth provider instance.
      * Used to work around the fastcgi bug in oauthprovider.
-     * 
+     *
      * @return \OAuthProvider
      */
     public static function getProvider()
     {
-        return new \OAuthProvider();
+        $params = array();
+        //$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION'];
+
+        if (isset($_SERVER['HTTP_AUTHORIZATION'])
+            && $_SERVER['HTTP_AUTHORIZATION'] == ''
+        ) {
+            //work around bug https://bugs.php.net/bug.php?id=68168
+            //#68168: HTTP Basic auth and empty auth header reported
+            //        as "signature_method_rejected"
+            $params['oauth_signature_method'] = OAUTH_SIG_METHOD_PLAINTEXT;
+        }
+
+        if (!isset($_SERVER['HTTP_AUTHORIZATION'])
+            && isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
+        ) {
+            //FastCgi puts the headers in REDIRECT_HTTP_AUTHORIZATION,
+            // but the oauth extension does not read that.
+            // we have to parse the parameters manually
+            $params = static::parseOAuthHeader(
+                $_SERVER['REDIRECT_HTTP_AUTHORIZATION']
+            );
+        }
+
+        //work around https://github.com/tomboy-notes/tomboy.osx/issues/39
+        //,oauth_signature="anyone%2526",oauth_signature_method="PLAINTEXT",
+        if (isset($_SERVER['HTTP_AUTHORIZATION'])
+            && strpos($_SERVER['HTTP_AUTHORIZATION'], '"anyone%2526"') !== false
+        ) {
+            $params = static::parseOAuthHeader($_SERVER['HTTP_AUTHORIZATION']);
+        }
+        if (isset($params['oauth_signature'])
+            && $params['oauth_signature'] == 'anyone%26'
+        ) {
+            //second if to catch the REDIRECT values
+            $params['oauth_signature']  ='anyone&';
+        }
+
+        return new \OAuthProvider($params);
+    }
+
+    /**
+     * Parse an OAuth HTTP header into an array
+     *
+     * @param string $headerValue HTTP header value (after "Authorization:")
+     *
+     * @return array Array of parameters
+     */
+    protected static function parseOAuthHeader($headerValue)
+    {
+        $regex = "/(oauth_[a-z_-]*)=(?:\"([^\"]*)\"|([^,]*))/";
+        preg_match_all($regex, $headerValue, $matches);
+
+        $params = array();
+        foreach ($matches[1] as $key => $paramName) {
+            $params[$paramName] = urldecode($matches[2][$key]);
+        }
+        return $params;
     }
 }
 ?>