X-Git-Url: https://git.cweiske.de/grauphel.git/blobdiff_plain/95103edfeeaf1bc750369ec35346fb53225af83b..8ee6bfe97633d31c6b89cebbc434837eca04d6dd:/lib/oauth.php diff --git a/lib/oauth.php b/lib/oauth.php index d6c72e8..4a652fc 100644 --- a/lib/oauth.php +++ b/lib/oauth.php @@ -98,7 +98,25 @@ class OAuth public function accessTokenHandler(\OAuthProvider $provider) { - $token = $this->tokens->load('access', $provider->token); + if ($provider->token == '') { + //conboy sends empty token when not authed yet + return OAUTH_PARAMETER_ABSENT; + } + + try { + $token = $this->tokens->load('access', $provider->token); + } catch (OAuthException $e) { + if ($e->getCode() == OAUTH_TOKEN_REJECTED) { + return OAUTH_TOKEN_REJECTED; + } + throw $e; + } + + if (time() - $token->lastuse > 60) { + //time to update lastuse after at least a minute + $this->tokens->updateLastUse($token->tokenKey); + } + $provider->token_secret = $token->secret; return OAUTH_OK; } @@ -135,15 +153,23 @@ class OAuth /** * Get a new oauth provider instance. * Used to work around the fastcgi bug in oauthprovider. - * + * * @return \OAuthProvider */ public static function getProvider() { + $params = array(); //$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION']; - //unset($_SERVER['HTTP_AUTHORIZATION']); - $params = array(); + if (isset($_SERVER['HTTP_AUTHORIZATION']) + && $_SERVER['HTTP_AUTHORIZATION'] == '' + ) { + //work around bug https://bugs.php.net/bug.php?id=68168 + //#68168: HTTP Basic auth and empty auth header reported + // as "signature_method_rejected" + $params['oauth_signature_method'] = OAUTH_SIG_METHOD_PLAINTEXT; + } + if (!isset($_SERVER['HTTP_AUTHORIZATION']) && isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) ) {