X-Git-Url: https://git.cweiske.de/grauphel.git/blobdiff_plain/db2f09d46ce2f3a46be1b6f6e031492966242025..381f04b7e408baccc64588a865bff33bcd87e152:/lib/oauth.php diff --git a/lib/oauth.php b/lib/oauth.php index 7cfd4e0..6900c20 100644 --- a/lib/oauth.php +++ b/lib/oauth.php @@ -98,6 +98,11 @@ class OAuth public function accessTokenHandler(\OAuthProvider $provider) { + if ($provider->token == '') { + //conboy sends empty token when not authed yet + return OAUTH_PARAMETER_ABSENT; + } + $token = $this->tokens->load('access', $provider->token); $provider->token_secret = $token->secret; return OAUTH_OK; @@ -106,7 +111,7 @@ class OAuth public function verifyOAuthUser($username, $url) { try { - $provider = new \OAuthProvider(); + $provider = OAuth::getProvider(); $this->registerHandler($provider); $this->registerAccessTokenHandler($provider); //do not use "user" in signature @@ -131,5 +136,36 @@ class OAuth //var_dump($e); exit(1); } + + /** + * Get a new oauth provider instance. + * Used to work around the fastcgi bug in oauthprovider. + * + * @return \OAuthProvider + */ + public static function getProvider() + { + //$_SERVER['REDIRECT_HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION']; + //unset($_SERVER['HTTP_AUTHORIZATION']); + + $params = array(); + if (!isset($_SERVER['HTTP_AUTHORIZATION']) + && isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) + ) { + //FastCgi puts the headers in REDIRECT_HTTP_AUTHORIZATION, + // but the oauth extension does not read that. + // we have to parse the parameters manually + $regex = "/(oauth_[a-z_-]*)=(?:\"([^\"]*)\"|([^,]*))/"; + preg_match_all( + $regex, $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches + ); + + foreach ($matches[1] as $key => $paramName) { + $params[$paramName] = urldecode($matches[2][$key]); + } + } + + return new \OAuthProvider($params); + } } ?>