X-Git-Url: https://git.cweiske.de/grauphel.git/blobdiff_plain/95103edfeeaf1bc750369ec35346fb53225af83b..09ec1e7a9bc65820b216e8f337d7f88f29f746a1:/lib/oauth.php diff --git a/lib/oauth.php b/lib/oauth.php index d6c72e8..3cd695c 100644 --- a/lib/oauth.php +++ b/lib/oauth.php @@ -98,7 +98,25 @@ class OAuth public function accessTokenHandler(\OAuthProvider $provider) { - $token = $this->tokens->load('access', $provider->token); + if ($provider->token == '') { + //conboy sends empty token when not authed yet + return OAUTH_PARAMETER_ABSENT; + } + + try { + $token = $this->tokens->load('access', $provider->token); + } catch (OAuthException $e) { + if ($e->getCode() == OAUTH_TOKEN_REJECTED) { + return OAUTH_TOKEN_REJECTED; + } + throw $e; + } + + if (time() - $token->lastuse > 60) { + //time to update lastuse after at least a minute + $this->tokens->updateLastUse($token->tokenKey); + } + $provider->token_secret = $token->secret; return OAUTH_OK; } @@ -135,32 +153,68 @@ class OAuth /** * Get a new oauth provider instance. * Used to work around the fastcgi bug in oauthprovider. - * + * * @return \OAuthProvider */ public static function getProvider() { + $params = array(); //$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION']; - //unset($_SERVER['HTTP_AUTHORIZATION']); - $params = array(); + if (isset($_SERVER['HTTP_AUTHORIZATION']) + && $_SERVER['HTTP_AUTHORIZATION'] == '' + ) { + //work around bug https://bugs.php.net/bug.php?id=68168 + //#68168: HTTP Basic auth and empty auth header reported + // as "signature_method_rejected" + $params['oauth_signature_method'] = OAUTH_SIG_METHOD_PLAINTEXT; + } + if (!isset($_SERVER['HTTP_AUTHORIZATION']) && isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) ) { //FastCgi puts the headers in REDIRECT_HTTP_AUTHORIZATION, // but the oauth extension does not read that. // we have to parse the parameters manually - $regex = "/(oauth_[a-z_-]*)=(?:\"([^\"]*)\"|([^,]*))/"; - preg_match_all( - $regex, $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches + $params = static::parseOAuthHeader( + $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ); + } - foreach ($matches[1] as $key => $paramName) { - $params[$paramName] = urldecode($matches[2][$key]); - } + //work around https://github.com/tomboy-notes/tomboy.osx/issues/39 + //,oauth_signature="anyone%2526",oauth_signature_method="PLAINTEXT", + if (isset($_SERVER['HTTP_AUTHORIZATION']) + && strpos($_SERVER['HTTP_AUTHORIZATION'], '"anyone%2526"') !== false + ) { + $params = static::parseOAuthHeader($_SERVER['HTTP_AUTHORIZATION']); + } + if (isset($params['oauth_signature']) + && $params['oauth_signature'] == 'anyone%26' + ) { + //second if to catch the REDIRECT values + $params['oauth_signature'] ='anyone&'; } return new \OAuthProvider($params); } + + /** + * Parse an OAuth HTTP header into an array + * + * @param string $headerValue HTTP header value (after "Authorization:") + * + * @return array Array of parameters + */ + protected static function parseOAuthHeader($headerValue) + { + $regex = "/(oauth_[a-z_-]*)=(?:\"([^\"]*)\"|([^,]*))/"; + preg_match_all($regex, $headerValue, $matches); + + $params = array(); + foreach ($matches[1] as $key => $paramName) { + $params[$paramName] = urldecode($matches[2][$key]); + } + return $params; + } } ?>