Home Explore Help
Sign In
bachir
/
popsu-d7
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8f4ce63da5
Branches Tags
popsu-d7
/
sites
/
all
/
modules
/
oauth
/
oauth_common.pages.inc

oauth_common.pages.inc 13 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * Combined menu callback for tests of consumers and access tokens
    5. 

  5.  */
    6. 

  6. function _oauth_common_validate_request_callback($type, $unsigned = NULL) {
    7. 

  7.   try {
    8. 

  8.     module_load_include('inc', 'oauth_common');
    9. 

  9. 

  10.     list($signed, $consumer, $token) = oauth_common_verify_request();
    11. 

  11. 

  12.     if ($consumer == NULL) {
    13. 

  13.       throw new OAuthException('Missing consumer token');
    14. 

  14.     }
    15. 

  15. 

  16.     if (!$signed && $unsigned != 'unsigned') {
    17. 

  17.       throw new OAuthException("The request wasn't signed");
    18. 

  18.     }
    19. 

  19. 

  20.     if ($token == NULL && $type == 'access token') {
    21. 

  21.       throw new OAuthException('Missing access token');
    22. 

  22.     }
    23. 

  23.   }
    24. 

  24.   catch (OAuthException $e) {
    25. 

  25.     drupal_add_http_header('Status', '401 Unauthorized: ' . $e->getMessage());
    26. 

  26.     drupal_add_http_header('WWW-Authenticate', sprintf('OAuth realm="%s"', url('', array('absolute' => TRUE))));
    27. 

  27.   }
    28. 

  28.   exit;
    29. 

  29. }
    30. 

  30. 

  31. /**
    32. 

  32.  * Menu callback for when something has been authorized - used in both client and provider flow
    33. 

  33.  *
    34. 

  34.  * @param $csid Should contain the id of the consumer when used in the client flow
    35. 

  35.  */
    36. 

  36. function oauth_common_page_authorized($csid = NULL) {
    37. 

  37.   // If we have an oauth_token we're acting as a consumer and just got authorized
    38. 

  38.   if (!empty($_GET['oauth_token'])) {
    39. 

  39.     //TODO: Add documentation on how to use the callback url with
    40. 

  40.     $consumer = $csid ? DrupalOAuthConsumer::loadById($csid, FALSE) : FALSE;
    41. 

  41.     if ($consumer) {
    42. 

  42.       $request_token = DrupalOAuthToken::loadByKey($_GET['oauth_token'], $consumer, OAUTH_COMMON_TOKEN_TYPE_REQUEST);
    43. 

  43.     }
    44. 

  44.     else {
    45. 

  45.       // Backwards compatibility with 6.x-3.0-beta3
    46. 

  46.       $request_token = DrupalOAuthToken::load($_GET['oauth_token'], FALSE);
    47. 

  47.       $consumer = $request_token ? $request_token->consumer : FALSE;
    48. 

  48.     }
    49. 

  49.     if (!empty($request_token)) {
    50. 

  50.       $client = new DrupalOAuthClient($consumer, $request_token);
    51. 

  51. 

  52.       $verifier = isset($_GET['oauth_verifier']) ? $_GET['oauth_verifier'] : NULL;
    53. 

  53. 

  54.       $access_token = $client->getAccessToken(NULL, array('verifier' => $verifier));
    55. 

  55.       if ($access_token) {
    56. 

  56.         // We recieved a new token - save it
    57. 

  57.         if (!$access_token->in_database) {
    58. 

  58.           $access_token->write();
    59. 

  59.         }
    60. 

  60.         $request_token->delete();
    61. 

  61.         module_invoke_all('oauth_common_authorized', $consumer, $access_token, $request_token);
    62. 

  62.       }
    63. 

  63.     }
    64. 

  64.   }
    65. 

  65.   return t('The application has been authorized');
    66. 

  66. }
    67. 

  67. 

  68. /**
    69. 

  69.  * Form for granting access to the consumer
    70. 

  70.  */
    71. 

  71. function oauth_common_form_authorize() {
    72. 

  72.   module_load_include('inc', 'oauth_common');
    73. 

  73.   $req = DrupalOAuthRequest::from_request();
    74. 

  74.   $context = oauth_common_context_from_request($req);
    75. 

  75.   $auth_ops = $context->authorization_options;
    76. 

  76.          
    77. 

  77.   if (!$context) {
    78. 

  78.     drupal_set_message(t("Can't find OAuth context, check the site's settings."), 'error');
    79. 

  79.     return;
    80. 

  80.   }
    81. 

  81. 

  82.   $token = $req->get_parameter('oauth_token');
    83. 

  83.   $callback = $req->get_parameter('oauth_callback');
    84. 

  84.   $token = DrupalOAuthToken::loadByKey($token, FALSE, OAUTH_COMMON_TOKEN_TYPE_REQUEST);
    85. 

  85. 

  86.   // Check that we have a valid token
    87. 

  87.   if (!$token) {
    88. 

  88.     drupal_set_message(t('Please include a valid OAuth token in your request.'), 'error');
    89. 

  89.     return;
    90. 

  90.   }
    91. 

  91. 

  92.   $consumer = $token->consumer;
    93. 

  93. 

  94.   // Redirect to the right form, or present an error.
    95. 

  95.   global $user;
    96. 

  96.   if ($user->uid) {
    97. 

  97.     // There's some strange bug in the ?destination=... handling
    98. 

  98.     // This is not exactly beautiful, but it gets the work done
    99. 

  99.     // TODO: Find out why!
    100. 

  100.     if (drupal_substr($_SERVER['REQUEST_URI'], 0, 2) == '//') {
    101. 

  101.       header('Location: ' . drupal_substr($_SERVER['REQUEST_URI'], 1), TRUE, 302);
    102. 

  102.     }
    103. 

  103. 

  104.     if (!(user_access('oauth authorize any consumers') || user_access('oauth authorize consumers in ' . $consumer->context))) {
    105. 

  105.       drupal_set_message(t('You are not authorized to allow external services access to this system.'), 'error');
    106. 

  106.       return drupal_access_denied();
    107. 

  107.     }
    108. 

  108.        
    109. 

  109.     if (!empty($auth_ops['automatic_authorization'])
    110. 

  110.         && $auth_ops['automatic_authorization']
    111. 

  111.         && !empty($consumer->callback_url)) {
    112. 

  112.       // Authorize the request token
    113. 

  113.       $token->uid = $user->uid;
    114. 

  114.       $token->authorized = 1;
    115. 

  115.       $token->services = $context->authorization_options['default_authorization_levels'];
    116. 

  116.       $token->write(TRUE);
    117. 

  117. 

  118.       // Pick the callback url apart and add the token parameter
    119. 

  119.       $callback = parse_url($consumer->callback_url);
    120. 

  120.       $query = array();
    121. 

  121.       parse_str($callback['query'], $query);
    122. 

  122.       $query['oauth_token'] = $token->key;
    123. 

  123.       $callback['query'] = http_build_query($query, 'idx_', '&');
    124. 

  124. 

  125.       // Return to the consumer site
    126. 

  126.       header('Location: ' . _oauth_common_glue_url($callback), TRUE, 302);
    127. 

  127.       exit;
    128. 

  128.     }
    129. 

  129. 

  130.     $tvars = array(
    131. 

  131.       '@user' => $user->name,
    132. 

  132.       '@appname' => $consumer->name,
    133. 

  133.       '@sitename' => variable_get('site_name', ''),
    134. 

  134.     );
    135. 

  135. 

  136.     $title = !empty($context->title) ? $context->title : 'Authorize @appname';
    137. 

  137.     drupal_set_title(t($title, $tvars), PASS_THROUGH);
    138. 

  138. 

  139.     $form = array();
    140. 

  140. 

  141.     $form['token'] = array(
    142. 

  142.       '#type'  => 'value',
    143. 

  143.       '#value' => $token,
    144. 

  144.     );
    145. 

  145. 

  146.     $message = !empty($auth_ops['message']) ? $auth_ops['message'] :
    147. 

  147.       'The application @appname wants to access @sitename on your behalf, check the permissions that you would like the application to have.';
    148. 

  148.     $form['message'] = array(
    149. 

  149.       '#type' => 'item',
    150. 

  150.       '#markup' => t($message, $tvars),
    151. 

  151.     );
    152. 

  152. 

  153.     $message = !empty($auth_ops['warning']) ? $auth_ops['warning'] :
    154. 

  154.       'If you don\'t know what @appname is, or don\'t want to give it access to your content, just click here and we\'ll take you away from this page without granting @appname any access to @sitename.';
    155. 

  155.     $form['warning'] = array(
    156. 

  156.       '#type' => 'item',
    157. 

  157.       '#markup' => l(t($message, $tvars), 'oauth/authorization/deny/' . $token->key),
    158. 

  158.       '#attributes' => array(
    159. 

  159.         'class' => array('abort-authorization'),
    160. 

  160.       ),
    161. 

  161.     );
    162. 

  162. 

  163.     $disable_selection = !empty($auth_ops['disable_auth_level_selection'])
    164. 

  164.       && !empty($auth_ops['default_authorization_levels'])
    165. 

  165.       && $auth_ops['disable_auth_level_selection'];
    166. 

  166. 

  167.     if (!$disable_selection) {
    168. 

  168.       $authorization_title = !empty($auth_ops['authorization_title']) ? $auth_ops['authorization_title'] :
    169. 

  169.          'Permissions';
    170. 

  170.       $form['authorization'] = array(
    171. 

  171.         '#type' => 'fieldset',
    172. 

  172.         '#title' => t($authorization_title, $tvars),
    173. 

  173.       );
    174. 

  174. 

  175.       $form['authorization']['levels'] = array(
    176. 

  176.         '#tree' => TRUE,
    177. 

  177.       );
    178. 

  178.       foreach ($context->authorization_levels as $name => $level) {
    179. 

  179.         $auth_level_opt = array(
    180. 

  180.           '#type' => 'checkbox',
    181. 

  181.           '#title' => t($level['title'], $tvars),
    182. 

  182.           '#description' => t($level['description'], $tvars),
    183. 

  183.           '#value' => $level['default'],
    184. 

  184.         );
    185. 

  185.         $form['authorization']['levels'][$name] = $auth_level_opt;
    186. 

  186.       }
    187. 

  187.     }
    188. 

  188.     else {
    189. 

  189.       $form['authorization']['levels'] = array(
    190. 

  190.         '#tree' => TRUE,
    191. 

  191.       );
    192. 

  192.       foreach ($auth_ops['default_authorization_levels'] as $level) {
    193. 

  193.         $form['authorization']['levels'][$level] = array(
    194. 

  194.           '#type' => 'value',
    195. 

  195.           '#value' => $level,
    196. 

  196.         );
    197. 

  197.       }
    198. 

  198.     }
    199. 

  199. 

  200.     $deny_title = !empty($auth_ops['deny_access_title']) ? $auth_ops['deny_access_title'] :
    201. 

  201.       'Deny access';
    202. 

  202.     $form['deny'] = array(
    203. 

  203.       '#type' => 'item',
    204. 

  204.       '#markup' => l(t($deny_title), 'oauth/authorization/deny/' . $token->key),
    205. 

  205.       '#attributes' => array(
    206. 

  206.         'class' => array('deny-access'),
    207. 

  207.       ),
    208. 

  208.     );
    209. 

  209. 

  210.     $grant_title = !empty($auth_ops['grant_access_title']) ? $auth_ops['grant_access_title'] :
    211. 

  211.       'Grant access';
    212. 

  212.     $form['actions'] = array('#type' => 'actions');
    213. 

  213.     $form['actions']['confirm'] = array(
    214. 

  214.       '#type'   => 'submit',
    215. 

  215.       '#value'  => t($grant_title),
    216. 

  216.     );
    217. 

  217. 

  218.     return $form;
    219. 

  219.   }
    220. 

  220.   else {
    221. 

  221.     $query = $_GET;
    222. 

  222.     unset($query['q']); // why are there so few q's?
    223. 

  223.     drupal_goto('user/login', array('query' => array(
    224. 

  224.       'destination' => url('oauth/authorize', array(
    225. 

  225.         'query' => $query,
    226. 

  226.       )),
    227. 

  227.     )));
    228. 

  228.   }
    229. 

  229. }
    230. 

  230. 

  231. /**
    232. 

  232.  * Validation of the form for granting access to the consumer
    233. 

  233.  */
    234. 

  234. function oauth_common_form_authorize_validate($form, &$form_state) {
    235. 

  235.   $values = $form_state['values'];
    236. 

  236.   $got_permission = FALSE;
    237. 

  237. 

  238.   $consumer = $values['token']->consumer;
    239. 

  239.   $context = oauth_common_context_load($consumer->context);
    240. 

  240. 

  241.   if (!$context) {
    242. 

  242.     form_set_error('confirm', t("Can't find OAuth context."));
    243. 

  243.     return;
    244. 

  244.   }
    245. 

  245. 

  246.   if (!$context->authorization_options['disable_auth_level_selection']) {
    247. 

  247.     foreach ($context->authorization_levels as $name => $level) {
    248. 

  248.       if ($values['levels'][$name]) {
    249. 

  249.         $got_permission = TRUE;
    250. 

  250.         break;
    251. 

  251.       }
    252. 

  252.     }
    253. 

  253. 

  254.     if (!$got_permission) {
    255. 

  255.       form_set_error('confirm', t("You haven't given the application access to anything. Click on 'Deny access' or just close this window if you don't want to authorize it."));
    256. 

  256.     }
    257. 

  257.   }
    258. 

  258. }
    259. 

  259. 

  260. /**
    261. 

  261.  * Form submit handler that grants access to the consumer
    262. 

  262.  */
    263. 

  263. function oauth_common_form_authorize_submit(&$form, &$form_state) {
    264. 

  264.   global $user;
    265. 

  265.   $values = $form_state['values'];
    266. 

  266. 

  267.   // Save the list of all services that the user allowed the
    268. 

  268.   // consumer to do
    269. 

  269.   $token = $values['token'];
    270. 

  270.   $token->uid = $user->uid;
    271. 

  271.   $token->authorized = 1;
    272. 

  272.   $consumer = $token->consumer;
    273. 

  273.   $context = oauth_common_context_load($consumer->context);
    274. 

  274. 

  275.   if (!$context) {
    276. 

  276.     drupal_set_message(t("Can't find OAuth context, check the site's settings."), 'error');
    277. 

  277.     return;
    278. 

  278.   }
    279. 

  279. 

  280.   // Add services
    281. 

  281.   if (!empty($values['full_access'])) { // TODO: Full access should be a configurable auth level
    282. 

  282.     $token->services = array('*');
    283. 

  283.   }
    284. 

  284.   elseif (!empty($values['levels'])) {
    285. 

  285.     $token->services = array_keys(array_filter($values['levels']));
    286. 

  286.   }
    287. 

  287.   else {
    288. 

  288.     $token->services = array();
    289. 

  289.   }
    290. 

  290. 

  291.   $token->write(TRUE);
    292. 

  292. 

  293.   if (!empty($consumer->callback_url) && $consumer->callback_url !== 'oob') {
    294. 

  294.     // Pick the callback url apart and add the token parameter
    295. 

  295.     $callback = parse_url($consumer->callback_url);
    296. 

  296.     $query = array();
    297. 

  297.     if (!empty($callback['query'])) {
    298. 

  298.       parse_str($callback['query'], $query);
    299. 

  299.     }
    300. 

  300.     $query['oauth_token'] = $token->key;
    301. 

  301.     $callback['query'] = http_build_query($query, 'idx_', '&');
    302. 

  302. 

  303.     // Return to the consumer site
    304. 

  304.     header('Location: ' . _oauth_common_glue_url($callback), TRUE, 302);
    305. 

  305.     exit;
    306. 

  306.   }
    307. 

  307.   else {
    308. 

  308.     drupal_goto('oauth/authorized');
    309. 

  309.   }
    310. 

  310. }
    311. 

  311. 

  312. /**
    313. 

  313.  * Constructs the url to which to return someone who has asked for access to a consumer
    314. 

  314.  */
    315. 

  315. function _oauth_common_glue_url($parsed) {
    316. 

  316.   $uri = isset($parsed['scheme']) ? $parsed['scheme'] . '://' : '';
    317. 

  317.   $uri .= isset($parsed['user']) ? $parsed['user'] . (isset($parsed['pass']) ? ':' . $parsed['pass'] : '') . '@' : '';
    318. 

  318.   $uri .= isset($parsed['host']) ? $parsed['host'] : '';
    319. 

  319.   $uri .= isset($parsed['port']) ? ':' . $parsed['port'] : '';
    320. 

  320. 

  321.   if (isset($parsed['path'])) {
    322. 

  322.     $uri .= (substr($parsed['path'], 0, 1) == '/') ?
    323. 

  323.       $parsed['path'] :
    324. 

  324.       ((!empty($uri) ? '/' : '' ) . $parsed['path']);
    325. 

  325.   }
    326. 

  326. 

  327.   $uri .= isset($parsed['query']) ? '?' . $parsed['query'] : '';
    328. 

  328. 

  329.   return $uri;
    330. 

  330. }
    331. 

  331. 

  332. /**
    333. 

  333.  * Generate a request token from the request.
    334. 

  334.  */
    335. 

  335. function oauth_common_callback_request_token() {
    336. 

  336.   try {
    337. 

  337.     $req = DrupalOAuthRequest::from_request();
    338. 

  338.     $context = oauth_common_context_from_request($req);
    339. 

  339.     if (!$context) {
    340. 

  340.       throw new OAuthException('No OAuth context found');
    341. 

  341.     }
    342. 

  342.     $server = new DrupalOAuthServer($context);
    343. 

  343.     print $server->fetch_request_token($req);
    344. 

  344.   }
    345. 

  345.   catch (OAuthException $e) {
    346. 

  346.     drupal_add_http_header('Status', '401 Unauthorized: ' . $e->getMessage());
    347. 

  347.     drupal_add_http_header('WWW-Authenticate', sprintf('OAuth realm="%s"', url('', array('absolute' => TRUE))));
    348. 

  348.   }
    349. 

  349. }
    350. 

  350. 

  351. /**
    352. 

  352.  * Get a access token for the request
    353. 

  353.  */
    354. 

  354. function oauth_common_callback_access_token() {
    355. 

  355.   try {
    356. 

  356.     $req = DrupalOAuthRequest::from_request();
    357. 

  357.     $context = oauth_common_context_from_request($req);
    358. 

  358.     if (!$context) {
    359. 

  359.       throw new OAuthException('No OAuth context found');
    360. 

  360.     }
    361. 

  361.     $server = new DrupalOAuthServer($context);
    362. 

  362.     $access_token = $server->fetch_access_token($req);
    363. 

  363. 

  364.     // Set the expiry time based on context settings or get parameter
    365. 

  365.     $expires = !empty($context->authorization_options['access_token_lifetime']) ? REQUEST_TIME + $context->authorization_options['access_token_lifetime'] : 0;
    366. 

  366.     if ($_GET['expires'] && intval($_GET['expires'])) {
    367. 

  367.       $hint = intval($_GET['expires']);
    368. 

  368.       // Only accept more restrictive expiry times
    369. 

  369.       if ($expires == 0 || $hint < $expires) {
    370. 

  370.         $expires = $hint;
    371. 

  371.       }
    372. 

  372.     }
    373. 

  373. 

  374.     // Store the expiry time if the access token should expire
    375. 

  375.     if ($expires) {
    376. 

  376.       $access_token->expires = $expires;
    377. 

  377.       $access_token->write(TRUE);
    378. 

  378.     }
    379. 

  379. 

  380.     print $access_token;
    381. 

  381.   }
    382. 

  382.   catch (OAuthException $e) {
    383. 

  383.     drupal_add_http_header('Status', '401 Unauthorized: ' . $e->getMessage());
    384. 

  384.     drupal_add_http_header('WWW-Authenticate', sprintf('OAuth realm="%s"', url('', array('absolute' => TRUE))));
    385. 

  385.   }
    386. 

  386. }
    387.