diff options
| author | Lester Caine <lester@lsces.co.uk> | 2026-05-14 09:55:19 +0100 |
|---|---|---|
| committer | Lester Caine <lester@lsces.co.uk> | 2026-05-14 09:55:19 +0100 |
| commit | 513bc9e03522f0bfc0e307a8e40a517e746de2bc (patch) | |
| tree | bed44d24c1ef1ee8d3801b74fe0fac68e1f779f4 /hauth | |
| parent | 70ebf6a972f511a904a7775ec792dc2523bf3e13 (diff) | |
| download | users-513bc9e03522f0bfc0e307a8e40a517e746de2bc.tar.gz users-513bc9e03522f0bfc0e307a8e40a517e746de2bc.tar.bz2 users-513bc9e03522f0bfc0e307a8e40a517e746de2bc.zip | |
php-cs-fixer tidies to php8.5 standards
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'hauth')
44 files changed, 4152 insertions, 4161 deletions
diff --git a/hauth/Hybrid/Auth.php b/hauth/Hybrid/Auth.php index aa0a610..fb30ef9 100644 --- a/hauth/Hybrid/Auth.php +++ b/hauth/Hybrid/Auth.php @@ -1,11 +1,11 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2017, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_Auth class
*
@@ -13,34 +13,34 @@ *
* Generally, Hybrid_Auth is the only class you should instanciate and use throughout your application.
*/
-class Hybrid_Auth {
-
- public static $version = "2.14.0";
-
+class Hybrid_Auth { + + public static $version = "2.14.0"; + /**
* Configuration array
* @var array
*/
- public static $config = array();
-
+ public static $config = []; + /**
* Auth cache
* @var Hybrid_Storage
*/
- public static $store = null;
-
+ public static $store = null; + /**
* Error pool
* @var Hybrid_Error
*/
- public static $error = null;
-
+ public static $error = null; + /**
* Logger
* @var Hybrid_Logger
*/
- public static $logger = null;
-
+ public static $logger = null; + /**
* Try to start a new session of none then initialize Hybrid_Auth
*
@@ -53,8 +53,8 @@ class Hybrid_Auth { */
function __construct($config) {
Hybrid_Auth::initialize($config);
- }
-
+ } + /**
* Try to initialize Hybrid_Auth with given $config hash or file
*
@@ -64,115 +64,114 @@ class Hybrid_Auth { */
public static function initialize($config) {
if (!is_array($config) && !file_exists($config)) {
- throw new Exception("Hybriauth config does not exist on the given path.", 1);
- }
-
+ throw new Exception("Hybriauth config does not exist on the given path.", 1); + } + if (!is_array($config)) {
$config = include $config;
- }
-
+ } + // build some need'd paths
$config["path_base"] = realpath(dirname(__FILE__)) . "/";
$config["path_libraries"] = $config["path_base"] . "thirdparty/";
$config["path_resources"] = $config["path_base"] . "resources/";
- $config["path_providers"] = $config["path_base"] . "Providers/";
-
+ $config["path_providers"] = $config["path_base"] . "Providers/"; + // reset debug mode
if (!isset($config["debug_mode"])) {
$config["debug_mode"] = false;
$config["debug_file"] = null;
- }
-
+ } + # load hybridauth required files, a autoload is on the way...
require_once $config["path_base"] . "Error.php";
require_once $config["path_base"] . "Exception.php";
- require_once $config["path_base"] . "Logger.php";
-
- require_once $config["path_base"] . "Provider_Adapter.php";
-
+ require_once $config["path_base"] . "Logger.php"; + + require_once $config["path_base"] . "Provider_Adapter.php"; + require_once $config["path_base"] . "Provider_Model.php";
require_once $config["path_base"] . "Provider_Model_OpenID.php";
require_once $config["path_base"] . "Provider_Model_OAuth1.php";
- require_once $config["path_base"] . "Provider_Model_OAuth2.php";
-
+ require_once $config["path_base"] . "Provider_Model_OAuth2.php"; + require_once $config["path_base"] . "User.php";
require_once $config["path_base"] . "User_Profile.php";
require_once $config["path_base"] . "User_Contact.php";
- require_once $config["path_base"] . "User_Activity.php";
-
+ require_once $config["path_base"] . "User_Activity.php"; + if (!class_exists("Hybrid_Storage", false)) {
require_once $config["path_base"] . "Storage.php";
- }
-
+ } + // hash given config
- Hybrid_Auth::$config = $config;
-
+ Hybrid_Auth::$config = $config; + // instance of log mng
- Hybrid_Auth::$logger = new Hybrid_Logger();
-
+ Hybrid_Auth::$logger = new Hybrid_Logger(); + // instance of errors mng
- Hybrid_Auth::$error = new Hybrid_Error();
-
+ Hybrid_Auth::$error = new Hybrid_Error(); + // start session storage mng
- Hybrid_Auth::$store = new Hybrid_Storage();
-
+ Hybrid_Auth::$store = new Hybrid_Storage(); + Hybrid_Logger::info("Enter Hybrid_Auth::initialize()");
Hybrid_Logger::info("Hybrid_Auth::initialize(). PHP version: " . PHP_VERSION);
Hybrid_Logger::info("Hybrid_Auth::initialize(). Hybrid_Auth version: " . Hybrid_Auth::$version);
- Hybrid_Logger::info("Hybrid_Auth::initialize(). Hybrid_Auth called from: " . Hybrid_Auth::getCurrentUrl());
-
+ Hybrid_Logger::info("Hybrid_Auth::initialize(). Hybrid_Auth called from: " . Hybrid_Auth::getCurrentUrl()); + // PHP Curl extension [http://www.php.net/manual/en/intro.curl.php]
if (!function_exists('curl_init')) {
Hybrid_Logger::error('Hybridauth Library needs the CURL PHP extension.');
- throw new Exception('Hybridauth Library needs the CURL PHP extension.');
- }
-
+ throw new Exception('Hybridauth Library needs the CURL PHP extension.'); + } + // PHP JSON extension [http://php.net/manual/en/book.json.php]
if (!function_exists('json_decode')) {
Hybrid_Logger::error('Hybridauth Library needs the JSON PHP extension.');
- throw new Exception('Hybridauth Library needs the JSON PHP extension.');
- }
-
+ throw new Exception('Hybridauth Library needs the JSON PHP extension.'); + } + // session.name
if (session_name() != "PHPSESSID") {
Hybrid_Logger::info('PHP session.name diff from default PHPSESSID. http://php.net/manual/en/session.configuration.php#ini.session.name.');
- }
-
+ } + // safe_mode is on
if (ini_get('safe_mode')) {
Hybrid_Logger::info('PHP safe_mode is on. http://php.net/safe-mode.');
- }
-
+ } + // open basedir is on
if (ini_get('open_basedir')) {
Hybrid_Logger::info('PHP open_basedir is on. http://php.net/open-basedir.');
- }
-
+ } + Hybrid_Logger::debug("Hybrid_Auth initialize. dump used config: ", serialize($config));
Hybrid_Logger::debug("Hybrid_Auth initialize. dump current session: ", Hybrid_Auth::storage()->getSessionData());
- Hybrid_Logger::info("Hybrid_Auth initialize: check if any error is stored on the endpoint...");
-
+ Hybrid_Logger::info("Hybrid_Auth initialize: check if any error is stored on the endpoint..."); + if (Hybrid_Error::hasError()) {
$m = Hybrid_Error::getErrorMessage();
$c = Hybrid_Error::getErrorCode();
- $p = Hybrid_Error::getErrorPrevious();
-
- Hybrid_Logger::error("Hybrid_Auth initialize: A stored Error found, Throw an new Exception and delete it from the store: Error#$c, '$m'");
-
- Hybrid_Error::clearError();
-
+ $p = Hybrid_Error::getErrorPrevious(); + + Hybrid_Logger::error("Hybrid_Auth initialize: A stored Error found, Throw an new Exception and delete it from the store: Error#$c, '$m'"); + + Hybrid_Error::clearError(); + // try to provide the previous if any
// Exception::getPrevious (PHP 5 >= 5.3.0) http://php.net/manual/en/exception.getprevious.php
if (version_compare(PHP_VERSION, '5.3.0', '>=') && ($p instanceof Exception)) {
- throw new Exception($m, $c, $p);
- } else {
- throw new Exception($m, $c);
+ throw new Exception($m, $c, $p); }
- }
-
+ throw new Exception($m, $c); + } + Hybrid_Logger::info("Hybrid_Auth initialize: no error found. initialization succeed.");
- }
-
+ } + /**
* Hybrid storage system accessor
*
@@ -184,16 +183,16 @@ class Hybrid_Auth { */
public static function storage() {
return Hybrid_Auth::$store;
- }
-
+ } + /**
* Get hybridauth session data
* @return string|null
*/
function getSessionData() {
return Hybrid_Auth::storage()->getSessionData();
- }
-
+ } + /**
* Restore hybridauth session data
*
@@ -202,8 +201,8 @@ class Hybrid_Auth { */
function restoreSessionData($sessiondata = null) {
Hybrid_Auth::storage()->restoreSessionData($sessiondata);
- }
-
+ } + /**
* Try to authenticate the user with a given provider.
*
@@ -221,8 +220,8 @@ class Hybrid_Auth { * @return
*/
public static function authenticate($providerId, $params = null) {
- Hybrid_Logger::info("Enter Hybrid_Auth::authenticate( $providerId )");
-
+ Hybrid_Logger::info("Enter Hybrid_Auth::authenticate( $providerId )"); + if (!Hybrid_Auth::storage()->get("hauth_session.$providerId.is_logged_in")) {
// if user not connected to $providerId then try setup a new adapter and start the login process for this provider
Hybrid_Logger::info("Hybrid_Auth::authenticate( $providerId ), User not connected to the provider. Try to authenticate..");
@@ -233,8 +232,8 @@ class Hybrid_Auth { Hybrid_Logger::info("Hybrid_Auth::authenticate( $providerId ), User is already connected to this provider. Return the adapter instance.");
return Hybrid_Auth::getAdapter($providerId);
}
- }
-
+ } + /**
* Return the adapter instance for an authenticated provider
*
@@ -244,8 +243,8 @@ class Hybrid_Auth { public static function getAdapter($providerId = null) {
Hybrid_Logger::info("Enter Hybrid_Auth::getAdapter( $providerId )");
return Hybrid_Auth::setup($providerId);
- }
-
+ } + /**
* Setup an adapter for a given provider
*
@@ -254,30 +253,30 @@ class Hybrid_Auth { * @return Hybrid_Provider_Adapter
*/
public static function setup($providerId, $params = null) {
- Hybrid_Logger::debug("Enter Hybrid_Auth::setup( $providerId )", $params);
-
+ Hybrid_Logger::debug("Enter Hybrid_Auth::setup( $providerId )", $params); + if (!$params) {
- $params = Hybrid_Auth::storage()->get("hauth_session.$providerId.id_provider_params");
-
+ $params = Hybrid_Auth::storage()->get("hauth_session.$providerId.id_provider_params"); + Hybrid_Logger::debug("Hybrid_Auth::setup( $providerId ), no params given. Trying to get the stored for this provider.", $params);
- }
-
+ } + if (!$params) {
- $params = array();
+ $params = [];
Hybrid_Logger::info("Hybrid_Auth::setup( $providerId ), no stored params found for this provider. Initialize a new one for new session");
- }
-
+ } + if (is_array($params) && !isset($params["hauth_return_to"])) {
$params["hauth_return_to"] = Hybrid_Auth::getCurrentUrl();
Hybrid_Logger::debug("Hybrid_Auth::setup( $providerId ). HybridAuth Callback URL set to: ", $params["hauth_return_to"]);
- }
-
+ } + # instantiate a new IDProvider Adapter
$provider = new Hybrid_Provider_Adapter();
$provider->factory($providerId, $params);
return $provider;
- }
-
+ } + /**
* Check if the current user is connected to a given provider
*
@@ -286,24 +285,24 @@ class Hybrid_Auth { */
public static function isConnectedWith($providerId) {
return (bool) Hybrid_Auth::storage()->get("hauth_session.{$providerId}.is_logged_in");
- }
-
+ } + /**
* Return array listing all authenticated providers
* @return array
*/
public static function getConnectedProviders() {
- $idps = array();
-
+ $idps = []; + foreach (Hybrid_Auth::$config["providers"] as $idpid => $params) {
if (Hybrid_Auth::isConnectedWith($idpid)) {
$idps[] = $idpid;
}
- }
-
+ } + return $idps;
- }
-
+ } + /**
* Return array listing all enabled providers as well as a flag if you are connected
*
@@ -317,34 +316,34 @@ class Hybrid_Auth { * @return array
*/
public static function getProviders() {
- $idps = array();
-
+ $idps = []; + foreach (Hybrid_Auth::$config["providers"] as $idpid => $params) {
if ($params['enabled']) {
- $idps[$idpid] = array('connected' => false);
-
+ $idps[$idpid] = ['connected' => false]; + if (Hybrid_Auth::isConnectedWith($idpid)) {
$idps[$idpid]['connected'] = true;
}
}
- }
-
+ } + return $idps;
- }
-
+ } + /**
* A generic function to logout all connected provider at once
* @return void
*/
public static function logoutAllProviders() {
- $idps = Hybrid_Auth::getConnectedProviders();
-
+ $idps = Hybrid_Auth::getConnectedProviders(); + foreach ($idps as $idp) {
$adapter = Hybrid_Auth::getAdapter($idp);
$adapter->logout();
}
- }
-
+ } + /**
* Utility function, redirect to a given URL with php header or using javascript location.href
*
@@ -355,13 +354,13 @@ class Hybrid_Auth { if(!$mode){
$mode = 'PHP';
}
- Hybrid_Logger::info("Enter Hybrid_Auth::redirect( $url, $mode )");
-
+ Hybrid_Logger::info("Enter Hybrid_Auth::redirect( $url, $mode )"); + // Ensure session is saved before sending response, see https://github.com/symfony/symfony/pull/12341
if ((PHP_VERSION_ID >= 50400 && PHP_SESSION_ACTIVE === session_status()) || (PHP_VERSION_ID < 50400 && isset($_SESSION) && session_id())) {
session_write_close();
- }
-
+ } + if ($mode == "PHP") {
header("Location: $url");
} elseif ($mode == "JS") {
@@ -375,11 +374,11 @@ class Hybrid_Auth { echo 'Redirecting, please wait...';
echo '</body>';
echo '</html>';
- }
-
+ } + die();
- }
-
+ } + /**
* Utility function, return the current url
*
@@ -389,18 +388,18 @@ class Hybrid_Auth { public static function getCurrentUrl($request_uri = true) {
if (php_sapi_name() == 'cli') {
return '';
- }
-
- $protocol = 'http://';
-
+ } + + $protocol = 'http://'; + if ((isset($_SERVER['HTTPS']) && ( $_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1 ))
|| (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))
{
$protocol = 'https://';
- }
-
- $url = $protocol . $_SERVER['HTTP_HOST'];
-
+ } + + $url = $protocol . $_SERVER['HTTP_HOST']; + if ($request_uri) {
// If $_SERVER['REQUEST_URI'] is already a FQDN, use it
if (stripos($_SERVER['REQUEST_URI'], $url) === 0) {
@@ -410,10 +409,10 @@ class Hybrid_Auth { }
} else {
$url .= $_SERVER['PHP_SELF'];
- }
-
+ } + // return current url
return $url;
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/Endpoint.php b/hauth/Hybrid/Endpoint.php index 7813fee..de03601 100644 --- a/hauth/Hybrid/Endpoint.php +++ b/hauth/Hybrid/Endpoint.php @@ -90,7 +90,7 @@ class Hybrid_Endpoint { header("Content-Type: application/xrds+xml"); $output = str_replace("{RETURN_TO_URL}", str_replace( - array("<", ">", "\"", "'", "&"), array("<", ">", """, "'", "&"), Hybrid_Auth::getCurrentUrl(false) + ["<", ">", "\"", "'", "&"], ["<", ">", """, "'", "&"], Hybrid_Auth::getCurrentUrl(false), ), file_get_contents(dirname(__FILE__) . "/resources/openid_xrds.xml")); print $output; die(); @@ -103,7 +103,7 @@ class Hybrid_Endpoint { protected function processOpenidRealm() { $output = str_replace("{X_XRDS_LOCATION}", htmlentities(Hybrid_Auth::getCurrentUrl(false), ENT_QUOTES, 'UTF-8') . "?get=openid_xrds&v=" - . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/resources/openid_realm.html")); + . Hybrid_Auth::$version, file_get_contents(dirname(__FILE__) . "/resources/openid_realm.html"), ); print $output; die(); } diff --git a/hauth/Hybrid/Error.php b/hauth/Hybrid/Error.php index 7013b49..d1dc496 100644 --- a/hauth/Hybrid/Error.php +++ b/hauth/Hybrid/Error.php @@ -1,18 +1,18 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Errors manager
*
* HybridAuth errors are stored in Hybrid::storage() and not displayed directly to the end user
*/
-class Hybrid_Error {
-
+class Hybrid_Error { + /**
* Store error in session
*
@@ -22,67 +22,67 @@ class Hybrid_Error { * @param string $previous Previous exception
*/
public static function setError($message, $code = null, $trace = null, $previous = null) {
- Hybrid_Logger::info("Enter Hybrid_Error::setError( $message )");
-
+ Hybrid_Logger::info("Enter Hybrid_Error::setError( $message )"); + Hybrid_Auth::storage()->set("hauth_session.error.status", 1);
Hybrid_Auth::storage()->set("hauth_session.error.message", $message);
Hybrid_Auth::storage()->set("hauth_session.error.code", $code);
Hybrid_Auth::storage()->set("hauth_session.error.trace", $trace);
Hybrid_Auth::storage()->set("hauth_session.error.previous", $previous);
- }
-
+ } + /**
* Clear the last error
* @return void
*/
public static function clearError() {
- Hybrid_Logger::info("Enter Hybrid_Error::clearError()");
-
+ Hybrid_Logger::info("Enter Hybrid_Error::clearError()"); + Hybrid_Auth::storage()->delete("hauth_session.error.status");
Hybrid_Auth::storage()->delete("hauth_session.error.message");
Hybrid_Auth::storage()->delete("hauth_session.error.code");
Hybrid_Auth::storage()->delete("hauth_session.error.trace");
Hybrid_Auth::storage()->delete("hauth_session.error.previous");
- }
-
+ } + /**
* Checks to see if there is a an error.
* @return boolean true if there is an error.
*/
public static function hasError() {
return (bool) Hybrid_Auth::storage()->get("hauth_session.error.status");
- }
-
+ } + /**
* Return error message
* @return string
*/
public static function getErrorMessage() {
return Hybrid_Auth::storage()->get("hauth_session.error.message");
- }
-
+ } + /**
* Return error code
* @return int
*/
public static function getErrorCode() {
return Hybrid_Auth::storage()->get("hauth_session.error.code");
- }
-
+ } + /**
* Return string detailed error backtrace as string
* @return string
*/
public static function getErrorTrace() {
return Hybrid_Auth::storage()->get("hauth_session.error.trace");
- }
-
+ } + /**
* Detailed error backtrace as string
* @return string
*/
public static function getErrorPrevious() {
return Hybrid_Auth::storage()->get("hauth_session.error.previous");
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/Exception.php b/hauth/Hybrid/Exception.php index 8c8c2d1..8c8c2d1 100644..100755 --- a/hauth/Hybrid/Exception.php +++ b/hauth/Hybrid/Exception.php diff --git a/hauth/Hybrid/Logger.php b/hauth/Hybrid/Logger.php index f948913..e6a769a 100644 --- a/hauth/Hybrid/Logger.php +++ b/hauth/Hybrid/Logger.php @@ -1,16 +1,16 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Debugging and Logging manager
*/
-class Hybrid_Logger {
-
+class Hybrid_Logger { + /**
* Constructor
*/
@@ -18,17 +18,17 @@ class Hybrid_Logger { // if debug mode is set to true, then check for the writable log file
if (Hybrid_Auth::$config["debug_mode"]) {
if (!isset(Hybrid_Auth::$config["debug_file"])) {
- throw new Exception("'debug_mode' is set to 'true' but no log file path 'debug_file' is set.", 1);
+ throw new Exception("'debug_mode' is set to 'true' but no log file path 'debug_file' is set.", 1); } elseif (!file_exists(Hybrid_Auth::$config["debug_file"]) && !is_writable(Hybrid_Auth::$config["debug_file"])) {
if (!touch(Hybrid_Auth::$config["debug_file"])) {
- throw new Exception("'debug_mode' is set to 'true', but the file " . Hybrid_Auth::$config['debug_file'] . " in 'debug_file' can not be created.", 1);
+ throw new Exception("'debug_mode' is set to 'true', but the file " . Hybrid_Auth::$config['debug_file'] . " in 'debug_file' can not be created.", 1); }
} elseif (!is_writable(Hybrid_Auth::$config["debug_file"])) {
- throw new Exception("'debug_mode' is set to 'true', but the given log file path 'debug_file' is not a writable file.", 1);
+ throw new Exception("'debug_mode' is set to 'true', but the given log file path 'debug_file' is not a writable file.", 1); }
}
- }
-
+ } + /**
* Logs a debug message with an object dump
*
@@ -38,18 +38,18 @@ class Hybrid_Logger { */
public static function debug($message, $object = null) {
if (Hybrid_Auth::$config["debug_mode"] === true) {
- $dt = new DateTime('now', new DateTimeZone( 'UTC' ));
- file_put_contents(Hybrid_Auth::$config["debug_file"], implode(' -- ', array(
+ $dt = new DateTime('now', new DateTimeZone( 'UTC' ));
+ file_put_contents(Hybrid_Auth::$config["debug_file"], implode(' -- ', [
"DEBUG",
$_SERVER['REMOTE_ADDR'],
$dt->format(DATE_ATOM),
$message,
print_r($object, true) . PHP_EOL,
- )), FILE_APPEND
+ ]), FILE_APPEND,
);
}
- }
-
+ } + /**
* Logs an info message
*
@@ -57,17 +57,17 @@ class Hybrid_Logger { * @return void
*/
public static function info($message) {
- if (in_array(Hybrid_Auth::$config["debug_mode"], array(true, 'info'), true)) {
- $dt = new DateTime('now', new DateTimeZone( 'UTC' ));
- file_put_contents(Hybrid_Auth::$config["debug_file"], implode(' -- ', array(
+ if (in_array(Hybrid_Auth::$config["debug_mode"], [true, 'info'], true)) {
+ $dt = new DateTime('now', new DateTimeZone( 'UTC' ));
+ file_put_contents(Hybrid_Auth::$config["debug_file"], implode(' -- ', [
"INFO",
$_SERVER['REMOTE_ADDR'],
$dt->format(DATE_ATOM),
$message . PHP_EOL,
- )), FILE_APPEND);
+ ]), FILE_APPEND);
}
- }
-
+ } + /**
* Logs an error message with an object dump
*
@@ -76,27 +76,27 @@ class Hybrid_Logger { * @return void
*/
public static function error($message, $object = null) {
- if (isset(Hybrid_Auth::$config["debug_mode"]) && in_array(Hybrid_Auth::$config["debug_mode"], array(true, 'info', 'error'), true)) {
- $dt = new DateTime('now', new DateTimeZone( 'UTC' ));
- file_put_contents(Hybrid_Auth::$config["debug_file"], implode(' -- ', array(
+ if (isset(Hybrid_Auth::$config["debug_mode"]) && in_array(Hybrid_Auth::$config["debug_mode"], [true, 'info', 'error'], true)) {
+ $dt = new DateTime('now', new DateTimeZone( 'UTC' ));
+ file_put_contents(Hybrid_Auth::$config["debug_file"], implode(' -- ', [
'ERROR',
$_SERVER['REMOTE_ADDR'],
$dt->format(DATE_ATOM),
$message,
- print_r($object, true) . PHP_EOL
- )), FILE_APPEND);
+ print_r($object, true) . PHP_EOL,
+ ]), FILE_APPEND);
}
- }
-
- /**
- * Dumps the data in the way suitable to be output in log files for debug purposes
- *
- * @param mixed $data
- *
- * @return string
- */
- public static function dumpData($data) {
+ } + + /**
+ * Dumps the data in the way suitable to be output in log files for debug purposes
+ *
+ * @param mixed $data
+ *
+ * @return string
+ */
+ public static function dumpData($data) {
return var_export($data, true);
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/Provider_Adapter.php b/hauth/Hybrid/Provider_Adapter.php index f96a500..e440aec 100644 --- a/hauth/Hybrid/Provider_Adapter.php +++ b/hauth/Hybrid/Provider_Adapter.php @@ -1,11 +1,11 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_Provider_Adapter is the basic class which Hybrid_Auth will use
* to connect users to a given provider.
@@ -16,38 +16,38 @@ * Hybrid_Auth will automatically load Hybrid_Provider_Adapter and create
* an instance of it for each authenticated provider.
*/
-class Hybrid_Provider_Adapter {
-
+class Hybrid_Provider_Adapter { + /**
* Provider ID (or unique name)
* @var mixed
*/
- public $id = null;
-
+ public $id = null; + /**
* Provider adapter specific config
* @var array
*/
- public $config = null;
-
+ public $config = null; + /**
* Provider adapter extra parameters
* @var array
*/
- public $params = array();
-
+ public $params = []; + /**
* Provider adapter wrapper path
* @var string
*/
- public $wrapper = null;
-
+ public $wrapper = null; + /**
* Provider adapter instance
* @var Hybrid_Provider_Model
*/
- public $adapter = null;
-
+ public $adapter = null; + /**
* Create a new adapter switch IDp name or ID
*
@@ -56,53 +56,53 @@ class Hybrid_Provider_Adapter { * @return Hybrid_Provider_Adapter
* @throws Exception
*/
- function factory($id, $params = array()) {
- Hybrid_Logger::info("Enter Hybrid_Provider_Adapter::factory( $id )");
-
+ function factory($id, $params = []) {
+ Hybrid_Logger::info("Enter Hybrid_Provider_Adapter::factory( $id )"); + # init the adapter config and params
$this->id = $id;
$this->params = $params;
$this->id = $this->getProviderCiId($this->id);
- $this->config = $this->getConfigById($this->id);
-
+ $this->config = $this->getConfigById($this->id); + # check the IDp id
if (!$this->id) {
- throw new Exception("No provider ID specified.", 2);
- }
-
+ throw new Exception("No provider ID specified.", 2); + } + # check the IDp config
if (!$this->config) {
- throw new Exception("Unknown Provider ID, check your configuration file.", 3);
- }
-
+ throw new Exception("Unknown Provider ID, check your configuration file.", 3); + } + # check the IDp adapter is enabled
if (!$this->config["enabled"]) {
- throw new Exception("The provider '{$this->id}' is not enabled.", 3);
- }
-
+ throw new Exception("The provider '{$this->id}' is not enabled.", 3); + } + # include the adapter wrapper
if (isset($this->config["wrapper"]) && is_array($this->config["wrapper"])) {
if (isset($this->config["wrapper"]["path"])) {
require_once $this->config["wrapper"]["path"];
- }
-
+ } + if (!class_exists($this->config["wrapper"]["class"])) {
- throw new Exception("Unable to load the adapter class.", 3);
- }
-
+ throw new Exception("Unable to load the adapter class.", 3); + } + $this->wrapper = $this->config["wrapper"]["class"];
} else {
- require_once Hybrid_Auth::$config["path_providers"] . $this->id . ".php";
-
+ require_once Hybrid_Auth::$config["path_providers"] . $this->id . ".php"; + $this->wrapper = "Hybrid_Providers_" . $this->id;
- }
-
+ } + # create the adapter instance, and pass the current params and config
- $this->adapter = new $this->wrapper($this->id, $this->config, $this->params);
-
+ $this->adapter = new $this->wrapper($this->id, $this->config, $this->params); + return $this;
- }
-
+ } + /**
* Hybrid_Provider_Adapter::login(), prepare the user session and the authentication request
* for index.php
@@ -110,22 +110,22 @@ class Hybrid_Provider_Adapter { * @throw Exception
*/
function login() {
- Hybrid_Logger::info("Enter Hybrid_Provider_Adapter::login( {$this->id} ) ");
-
+ Hybrid_Logger::info("Enter Hybrid_Provider_Adapter::login( {$this->id} ) "); + if (!$this->adapter) {
- throw new Exception("Hybrid_Provider_Adapter::login() should not directly used.");
- }
-
+ throw new Exception("Hybrid_Provider_Adapter::login() should not directly used."); + } + // clear all unneeded params
foreach (Hybrid_Auth::$config["providers"] as $idpid => $params) {
Hybrid_Auth::storage()->delete("hauth_session.{$idpid}.hauth_return_to");
Hybrid_Auth::storage()->delete("hauth_session.{$idpid}.hauth_endpoint");
Hybrid_Auth::storage()->delete("hauth_session.{$idpid}.id_provider_params");
- }
-
+ } + // make a fresh start
- $this->logout();
-
+ $this->logout(); + # get hybridauth base url
if (empty(Hybrid_Auth::$config["base_url"])) {
// the base url wasn't provide, so we must use the current
@@ -136,86 +136,86 @@ class Hybrid_Provider_Adapter { $HYBRID_AUTH_URL_BASE = $url;
} else {
$HYBRID_AUTH_URL_BASE = Hybrid_Auth::$config["base_url"];
- }
-
+ } + // make sure params is array
if (!is_array($this->params)) {
- $this->params = array();
- }
-
+ $this->params = [];
+ } + # we make use of session_id() as storage hash to identify the current user
# using session_regenerate_id() will be a problem, but ..
- $this->params["hauth_token"] = session_id();
-
+ $this->params["hauth_token"] = session_id(); + # set request timestamp
- $this->params["hauth_time"] = time();
-
+ $this->params["hauth_time"] = time(); + # for default HybridAuth endpoint url hauth_login_start_url
# auth.start required the IDp ID
# auth.time optional login request timestamp
if (!isset($this->params["login_start"]) ) {
$this->params["login_start"] = $HYBRID_AUTH_URL_BASE . ( strpos($HYBRID_AUTH_URL_BASE, '?') ? '&' : '?' ) . "hauth.start={$this->id}&hauth.time={$this->params["hauth_time"]}";
- }
-
+ } + # for default HybridAuth endpoint url hauth_login_done_url
# auth.done required the IDp ID
if (!isset($this->params["login_done"]) ) {
$this->params["login_done"] = $HYBRID_AUTH_URL_BASE . ( strpos($HYBRID_AUTH_URL_BASE, '?') ? '&' : '?' ) . "hauth.done={$this->id}";
- }
-
+ } + # workaround to solve windows live authentication since microsoft disallowed redirect urls to contain any parameters
# http://mywebsite.com/path_to_hybridauth/?hauth.done=Live will not work
- if ($this->id=="Live") {
- $this->params["login_done"] = $HYBRID_AUTH_URL_BASE."live.php";
- }
-
+ if ($this->id=="Live") {
+ $this->params["login_done"] = $HYBRID_AUTH_URL_BASE."live.php";
+ } + # Workaround to fix broken callback urls for the Facebook OAuth client
if ($this->adapter->useSafeUrls) {
$this->params['login_done'] = str_replace('hauth.done', 'hauth_done', $this->params['login_done']);
- }
-
+ } + if (isset($this->params["hauth_return_to"])) {
Hybrid_Auth::storage()->set("hauth_session.{$this->id}.hauth_return_to", $this->params["hauth_return_to"]);
}
if (isset($this->params["login_done"])) {
Hybrid_Auth::storage()->set("hauth_session.{$this->id}.hauth_endpoint", $this->params["login_done"]);
}
- Hybrid_Auth::storage()->set("hauth_session.{$this->id}.id_provider_params", $this->params);
-
+ Hybrid_Auth::storage()->set("hauth_session.{$this->id}.id_provider_params", $this->params); + // store config to be used by the end point
- Hybrid_Auth::storage()->config("CONFIG", Hybrid_Auth::$config);
-
+ Hybrid_Auth::storage()->config("CONFIG", Hybrid_Auth::$config); + // move on
- Hybrid_Logger::debug("Hybrid_Provider_Adapter::login( {$this->id} ), redirect the user to login_start URL.");
-
+ Hybrid_Logger::debug("Hybrid_Provider_Adapter::login( {$this->id} ), redirect the user to login_start URL."); + // redirect
if (empty($this->params["redirect_mode"])) {
- Hybrid_Auth::redirect($this->params["login_start"]);
+ Hybrid_Auth::redirect($this->params["login_start"]);
} else {
Hybrid_Auth::redirect($this->params["login_start"],$this->params["redirect_mode"]);
}
- }
-
+ } + /**
* Let hybridauth forget all about the user for the current provider
* @return bool
*/
function logout() {
$this->adapter->logout();
- }
-
- // --------------------------------------------------------------------
-
+ } + + // -------------------------------------------------------------------- + /**
* Return true if the user is connected to the current provider
* @return bool
*/
public function isUserConnected() {
return $this->adapter->isUserConnected();
- }
-
- // --------------------------------------------------------------------
-
+ } + + // -------------------------------------------------------------------- + /**
* Call adapter methods defined in the adapter model:
* getUserProfile()
@@ -229,19 +229,19 @@ class Hybrid_Provider_Adapter { * @throws Exception
*/
public function __call($name, $arguments) {
- Hybrid_Logger::info("Enter Hybrid_Provider_Adapter::$name(), Provider: {$this->id}");
-
+ Hybrid_Logger::info("Enter Hybrid_Provider_Adapter::$name(), Provider: {$this->id}"); + if (!$this->isUserConnected()) {
- throw new Exception("User not connected to the provider {$this->id}.", 7);
- }
-
+ throw new Exception("User not connected to the provider {$this->id}.", 7); + } + if (!method_exists($this->adapter, $name)) {
- throw new Exception("Call to undefined function Hybrid_Providers_{$this->id}::$name().");
- }
-
- return call_user_func_array(array($this->adapter, $name), $arguments);
- }
-
+ throw new Exception("Call to undefined function Hybrid_Providers_{$this->id}::$name()."); + } + + return call_user_func_array([$this->adapter, $name], $arguments);
+ } + /**
* If the user is connected, then return the access_token and access_token_secret
* if the provider api use oauth
@@ -260,18 +260,18 @@ class Hybrid_Provider_Adapter { public function getAccessToken() {
if (!$this->adapter->isUserConnected()) {
Hybrid_Logger::error("User not connected to the provider.");
- throw new Exception("User not connected to the provider.", 7);
- }
-
- return array(
+ throw new Exception("User not connected to the provider.", 7); + } + + return [
"access_token" => $this->adapter->token("access_token"), // OAuth access token
"access_token_secret" => $this->adapter->token("access_token_secret"), // OAuth access token secret
"refresh_token" => $this->adapter->token("refresh_token"), // OAuth refresh token
"expires_in" => $this->adapter->token("expires_in"), // OPTIONAL. The duration in seconds of the access token lifetime
"expires_at" => $this->adapter->token("expires_at"), // OPTIONAL. Timestamp when the access_token expire. if not provided by the social api, then it should be calculated: expires_at = now + expires_in
- );
- }
-
+ ];
+ } + /**
* Naive getter of the current connected IDp API client
* @return stdClass
@@ -279,36 +279,36 @@ class Hybrid_Provider_Adapter { */
function api() {
if (!$this->adapter->isUserConnected()) {
- Hybrid_Logger::error("User not connected to the provider.");
-
- throw new Exception("User not connected to the provider.", 7);
+ Hybrid_Logger::error("User not connected to the provider."); + + throw new Exception("User not connected to the provider.", 7); }
return $this->adapter->api;
- }
-
+ } + /**
* Redirect the user to hauth_return_to (the callback url)
* @return void
*/
function returnToCallbackUrl() {
// get the stored callback url
- $callback_url = Hybrid_Auth::storage()->get("hauth_session.{$this->id}.hauth_return_to");
-
+ $callback_url = Hybrid_Auth::storage()->get("hauth_session.{$this->id}.hauth_return_to"); + // if the user presses the back button in the browser and we already deleted the hauth_return_to from
// the session in the previous request, we will redirect to '/' instead of displaying a blank page.
if (!$callback_url) {
$callback_url = '/';
- }
-
+ } + // remove some unneeded stored data
Hybrid_Auth::storage()->delete("hauth_session.{$this->id}.hauth_return_to");
Hybrid_Auth::storage()->delete("hauth_session.{$this->id}.hauth_endpoint");
- Hybrid_Auth::storage()->delete("hauth_session.{$this->id}.id_provider_params");
-
+ Hybrid_Auth::storage()->delete("hauth_session.{$this->id}.id_provider_params"); + // back to home
Hybrid_Auth::redirect($callback_url);
- }
-
+ } + /**
* Return the provider config by id
*
@@ -320,8 +320,8 @@ class Hybrid_Provider_Adapter { return Hybrid_Auth::$config["providers"][$id];
}
return null;
- }
-
+ } + /**
* Return the provider config by id; case insensitive
*
@@ -335,6 +335,6 @@ class Hybrid_Provider_Adapter { }
}
return null;
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/Provider_Model.php b/hauth/Hybrid/Provider_Model.php index cd72f54..5364542 100644 --- a/hauth/Hybrid/Provider_Model.php +++ b/hauth/Hybrid/Provider_Model.php @@ -1,11 +1,11 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_Provider_Model provide a common interface for supported IDps on HybridAuth.
*
@@ -20,56 +20,56 @@ * Class Hybrid_Provider_Model_OAuth1 for providers that uses the OAuth 1 protocol.
* Class Hybrid_Provider_Model_OAuth2 for providers that uses the OAuth 2 protocol.
*/
-abstract class Hybrid_Provider_Model {
-
+abstract class Hybrid_Provider_Model { + /**
* IDp ID (or unique name)
* @var mixed
*/
- public $providerId = null;
-
+ public $providerId = null; + /**
* Specific provider adapter config
* @var array
*/
- public $config = null;
-
+ public $config = null; + /**
* Provider extra parameters
* @var array
*/
- public $params = null;
-
+ public $params = null; + /**
* Endpoint URL for that provider
* @var string
*/
- public $endpoint = null;
-
+ public $endpoint = null; + /**
* Hybrid_User obj, represents the current loggedin user
* @var Hybrid_User
*/
- public $user = null;
-
+ public $user = null; + /**
* The provider api client (optional)
* @var stdClass
*/
- public $api = null;
-
+ public $api = null; + /**
* Model should use "gzip,deflate" for CURLOPT_ENCODING
* @var stdClass
*/
- public $compressed = false;
-
+ public $compressed = false; + /**
* Enable this to replace '.' with '_' characters in the callback urls
* @var bool $useSafeUrls
*/
- public $useSafeUrls = false;
-
+ public $useSafeUrls = false; + /**
* Common providers adapter constructor
*
@@ -78,32 +78,32 @@ abstract class Hybrid_Provider_Model { * @param array $params Provider extra params
*/
function __construct($providerId, $config, $params = null) {
- # init the IDp adapter parameters, get them from the cache if possible
- if (!$params) {
- $this->params = Hybrid_Auth::storage()->get("hauth_session.$providerId.id_provider_params");
- } else {
- $this->params = $params;
- }
-
- // idp id
- $this->providerId = $providerId;
-
- // set HybridAuth endpoint for this provider
- $this->endpoint = Hybrid_Auth::storage()->get("hauth_session.$providerId.hauth_endpoint");
-
- // idp config
- $this->config = $config;
-
- // new user instance
- $this->user = new Hybrid_User();
- $this->user->providerId = $providerId;
-
- // initialize the current provider adapter
- $this->initialize();
-
- Hybrid_Logger::debug("Hybrid_Provider_Model::__construct( $providerId ) initialized. dump current adapter instance: ", serialize($this));
- }
-
+ # init the IDp adapter parameters, get them from the cache if possible
+ if (!$params) {
+ $this->params = Hybrid_Auth::storage()->get("hauth_session.$providerId.id_provider_params");
+ } else {
+ $this->params = $params;
+ } + + // idp id
+ $this->providerId = $providerId; + + // set HybridAuth endpoint for this provider
+ $this->endpoint = Hybrid_Auth::storage()->get("hauth_session.$providerId.hauth_endpoint"); + + // idp config
+ $this->config = $config; + + // new user instance
+ $this->user = new Hybrid_User();
+ $this->user->providerId = $providerId; + + // initialize the current provider adapter
+ $this->initialize(); + + Hybrid_Logger::debug("Hybrid_Provider_Model::__construct( $providerId ) initialized. dump current adapter instance: ", serialize($this));
+ } + /**
* IDp wrappers initializer
*
@@ -116,157 +116,156 @@ abstract class Hybrid_Provider_Model { * @return void
* @throws Exception
*/
- abstract protected function initialize();
-
+ abstract protected function initialize(); + /**
* Begin login
*
* @return void
* @throws Exception
*/
- abstract public function loginBegin();
-
+ abstract public function loginBegin(); + /**
* Finish login
* @return void
* @throws Exception
*/
- abstract public function loginFinish();
-
-
+ abstract public function loginFinish(); + /**
* Require autoload.php for 3rd party libraries
*/
protected function autoLoaderInit() {
- // Check if there is SDK in thirdparty/[providerId].
- $filename = Hybrid_Auth::$config["path_libraries"] . "{$this->providerId}/autoload.php";
- if (file_exists($filename)) {
- require_once $filename;
- }
- else {
- // If Composer install was executed, try to find autoload.php.
- $vendorDir = dirname(Hybrid_Auth::$config['path_base']);
- do {
- if (file_exists($vendorDir . "/vendor/autoload.php")) {
- require_once $vendorDir . "/vendor/autoload.php";
- break;
- }
- } while (($vendorDir = dirname($vendorDir)) !== '/');
- }
- }
-
+ // Check if there is SDK in thirdparty/[providerId].
+ $filename = Hybrid_Auth::$config["path_libraries"] . "{$this->providerId}/autoload.php";
+ if (file_exists($filename)) {
+ require_once $filename;
+ }
+ else {
+ // If Composer install was executed, try to find autoload.php.
+ $vendorDir = dirname(Hybrid_Auth::$config['path_base']);
+ do {
+ if (file_exists($vendorDir . "/vendor/autoload.php")) {
+ require_once $vendorDir . "/vendor/autoload.php";
+ break;
+ }
+ } while (($vendorDir = dirname($vendorDir)) !== '/');
+ }
+ } + /**
* Generic logout, just erase current provider adapter stored data to let Hybrid_Auth all forget about it
* @return bool
*/
function logout() {
- Hybrid_Logger::info("Enter [{$this->providerId}]::logout()");
- $this->clearTokens();
- return true;
- }
-
+ Hybrid_Logger::info("Enter [{$this->providerId}]::logout()");
+ $this->clearTokens();
+ return true;
+ } + /**
* Grab the user profile from the IDp api client
* @return Hybrid_User_Profile
* @throws Exception
*/
function getUserProfile() {
- Hybrid_Logger::error("HybridAuth do not provide users contacts list for {$this->providerId} yet.");
- throw new Exception("Provider does not support this feature.", 8);
- }
-
+ Hybrid_Logger::error("HybridAuth do not provide users contacts list for {$this->providerId} yet.");
+ throw new Exception("Provider does not support this feature.", 8); + } + /**
* Load the current logged in user contacts list from the IDp api client
* @return Hybrid_User_Contact[]
* @throws Exception
*/
function getUserContacts() {
- Hybrid_Logger::error("HybridAuth do not provide users contacts list for {$this->providerId} yet.");
- throw new Exception("Provider does not support this feature.", 8);
- }
-
+ Hybrid_Logger::error("HybridAuth do not provide users contacts list for {$this->providerId} yet.");
+ throw new Exception("Provider does not support this feature.", 8); + } + /**
* Return the user activity stream
* @return Hybrid_User_Activity[]
* @throws Exception
*/
function getUserActivity($stream) {
- Hybrid_Logger::error("HybridAuth do not provide user's activity stream for {$this->providerId} yet.");
- throw new Exception("Provider does not support this feature.", 8);
- }
-
+ Hybrid_Logger::error("HybridAuth do not provide user's activity stream for {$this->providerId} yet.");
+ throw new Exception("Provider does not support this feature.", 8); + } + /**
* Set user status
* @return mixed Provider response
* @throws Exception
*/
function setUserStatus($status) {
- Hybrid_Logger::error("HybridAuth do not provide user's activity stream for {$this->providerId} yet.");
- throw new Exception("Provider does not support this feature.", 8);
- }
-
+ Hybrid_Logger::error("HybridAuth do not provide user's activity stream for {$this->providerId} yet.");
+ throw new Exception("Provider does not support this feature.", 8); + } + /**
* Return the user status
* @return mixed Provider response
* @throws Exception
*/
function getUserStatus($statusid) {
- Hybrid_Logger::error("HybridAuth do not provide user's status for {$this->providerId} yet.");
- throw new Exception("Provider does not support this feature.", 8);
- }
-
+ Hybrid_Logger::error("HybridAuth do not provide user's status for {$this->providerId} yet.");
+ throw new Exception("Provider does not support this feature.", 8); + } + /**
* Return true if the user is connected to the current provider
* @return bool
*/
public function isUserConnected() {
- return (bool) Hybrid_Auth::storage()->get("hauth_session.{$this->providerId}.is_logged_in");
- }
-
+ return (bool) Hybrid_Auth::storage()->get("hauth_session.{$this->providerId}.is_logged_in");
+ } + /**
* Set user to connected
* @return void
*/
public function setUserConnected() {
- Hybrid_Logger::info("Enter [{$this->providerId}]::setUserConnected()");
- Hybrid_Auth::storage()->set("hauth_session.{$this->providerId}.is_logged_in", 1);
- }
-
+ Hybrid_Logger::info("Enter [{$this->providerId}]::setUserConnected()");
+ Hybrid_Auth::storage()->set("hauth_session.{$this->providerId}.is_logged_in", 1);
+ } + /**
* Set user to unconnected
* @return void
*/
public function setUserUnconnected() {
- Hybrid_Logger::info("Enter [{$this->providerId}]::setUserUnconnected()");
- Hybrid_Auth::storage()->set("hauth_session.{$this->providerId}.is_logged_in", 0);
- }
-
+ Hybrid_Logger::info("Enter [{$this->providerId}]::setUserUnconnected()");
+ Hybrid_Auth::storage()->set("hauth_session.{$this->providerId}.is_logged_in", 0);
+ } + /**
* Get or set a token
* @return string
*/
public function token($token, $value = null) {
- if ($value === null) {
- return Hybrid_Auth::storage()->get("hauth_session.{$this->providerId}.token.$token");
- } else {
- Hybrid_Auth::storage()->set("hauth_session.{$this->providerId}.token.$token", $value);
- }
- }
-
+ if ($value === null) {
+ return Hybrid_Auth::storage()->get("hauth_session.{$this->providerId}.token.$token");
+ }
+ Hybrid_Auth::storage()->set("hauth_session.{$this->providerId}.token.$token", $value); + + } + /**
* Delete a stored token
* @return void
*/
public function deleteToken($token) {
- Hybrid_Auth::storage()->delete("hauth_session.{$this->providerId}.token.$token");
- }
-
+ Hybrid_Auth::storage()->delete("hauth_session.{$this->providerId}.token.$token");
+ } + /**
* Clear all existent tokens for this provider
* @return void
*/
public function clearTokens() {
- Hybrid_Auth::storage()->deleteMatch("hauth_session.{$this->providerId}.");
- }
-
-}
+ Hybrid_Auth::storage()->deleteMatch("hauth_session.{$this->providerId}.");
+ } + +} diff --git a/hauth/Hybrid/Provider_Model_OAuth1.php b/hauth/Hybrid/Provider_Model_OAuth1.php index 23fd2d3..f14ec4d 100644 --- a/hauth/Hybrid/Provider_Model_OAuth1.php +++ b/hauth/Hybrid/Provider_Model_OAuth1.php @@ -1,11 +1,11 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* To implement an OAuth 1 based service provider, Hybrid_Provider_Model_OAuth1
* can be used to save the hassle of the authentication flow.
@@ -18,26 +18,26 @@ * Hybrid_Provider_Model_OAuth1 use OAuth1Client v0.1 which can be found on
* Hybrid/thirdparty/OAuth/OAuth1Client.php
*/
-class Hybrid_Provider_Model_OAuth1 extends Hybrid_Provider_Model {
-
+class Hybrid_Provider_Model_OAuth1 extends Hybrid_Provider_Model { + /**
* Provider API client
* @var OAuth1Client
*/
- public $api = null;
-
+ public $api = null; + /**
* Request_tokens as received from provider
* @var stdClas
*/
- public $request_tokens_raw = null;
-
+ public $request_tokens_raw = null; + /**
* Access_tokens as received from provider
* @var stdClass
*/
- public $access_tokens_raw = null;
-
+ public $access_tokens_raw = null; + /**
* Try to get the error message from provider api
*
@@ -45,7 +45,7 @@ class Hybrid_Provider_Model_OAuth1 extends Hybrid_Provider_Model { * @return string
*/
function errorMessageByStatus($code = null) {
- $http_status_codes = array(
+ $http_status_codes = [
200 => "OK: Success!",
304 => "Not Modified: There was no new data to return.",
400 => "Bad Request: The request was invalid.",
@@ -55,120 +55,120 @@ class Hybrid_Provider_Model_OAuth1 extends Hybrid_Provider_Model { 406 => "Not Acceptable.",
500 => "Internal Server Error: Something is broken.",
502 => "Bad Gateway.",
- 503 => "Service Unavailable."
- );
-
+ 503 => "Service Unavailable.",
+ ]; + if (!$code && $this->api) {
$code = $this->api->http_code;
- }
-
+ } + if (isset($http_status_codes[$code])) {
return $code . " " . $http_status_codes[$code];
}
- }
-
+ } + /**
* {@inheritdoc}
*/
function initialize() {
// 1 - check application credentials
if (!$this->config["keys"]["key"] || !$this->config["keys"]["secret"]) {
- throw new Exception("Your application key and secret are required in order to connect to {$this->providerId}.", 4);
- }
-
+ throw new Exception("Your application key and secret are required in order to connect to {$this->providerId}.", 4); + } + // 2 - include OAuth lib and client
if (! class_exists('OAuthConsumer') ) {
- require_once Hybrid_Auth::$config["path_libraries"] . "OAuth/OAuth.php";
- }
- require_once Hybrid_Auth::$config["path_libraries"] . "OAuth/OAuth1Client.php";
-
+ require_once Hybrid_Auth::$config["path_libraries"] . "OAuth/OAuth.php";
+ }
+ require_once Hybrid_Auth::$config["path_libraries"] . "OAuth/OAuth1Client.php"; + // 3.1 - setup access_token if any stored
if ($this->token("access_token")) {
$this->api = new OAuth1Client(
- $this->config["keys"]["key"], $this->config["keys"]["secret"], $this->token("access_token"), $this->token("access_token_secret")
+ $this->config["keys"]["key"], $this->config["keys"]["secret"], $this->token("access_token"), $this->token("access_token_secret"),
);
- }
-
+ } + // 3.2 - setup request_token if any stored, in order to exchange with an access token
elseif ($this->token("request_token")) {
$this->api = new OAuth1Client(
- $this->config["keys"]["key"], $this->config["keys"]["secret"], $this->token("request_token"), $this->token("request_token_secret")
+ $this->config["keys"]["key"], $this->config["keys"]["secret"], $this->token("request_token"), $this->token("request_token_secret"),
);
- }
-
+ } + // 3.3 - instanciate OAuth client with client credentials
else {
$this->api = new OAuth1Client($this->config["keys"]["key"], $this->config["keys"]["secret"]);
- }
-
+ } + // Set curl proxy if exist
if (isset(Hybrid_Auth::$config["proxy"])) {
$this->api->curl_proxy = Hybrid_Auth::$config["proxy"];
}
- }
-
+ } + /**
* {@inheritdoc}
*/
function loginBegin() {
- $tokens = $this->api->requestToken($this->endpoint);
-
+ $tokens = $this->api->requestToken($this->endpoint); + // request tokens as received from provider
- $this->request_tokens_raw = $tokens;
-
+ $this->request_tokens_raw = $tokens; + // check the last HTTP status code returned
if ($this->api->http_code != 200) {
- throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5);
- }
-
+ throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5); + } + if (!isset($tokens["oauth_token"])) {
- throw new Exception("Authentication failed! {$this->providerId} returned an invalid oauth token.", 5);
- }
-
+ throw new Exception("Authentication failed! {$this->providerId} returned an invalid oauth token.", 5); + } + $this->token("request_token", $tokens["oauth_token"]);
- $this->token("request_token_secret", $tokens["oauth_token_secret"]);
-
+ $this->token("request_token_secret", $tokens["oauth_token_secret"]); + # redirect the user to the provider authentication url
Hybrid_Auth::redirect($this->api->authorizeUrl($tokens));
- }
-
+ } + /**
* {@inheritdoc}
*/
function loginFinish() {
$oauth_token = (array_key_exists('oauth_token', $_REQUEST)) ? $_REQUEST['oauth_token'] : "";
- $oauth_verifier = (array_key_exists('oauth_verifier', $_REQUEST)) ? $_REQUEST['oauth_verifier'] : "";
-
+ $oauth_verifier = (array_key_exists('oauth_verifier', $_REQUEST)) ? $_REQUEST['oauth_verifier'] : ""; + if (!$oauth_token || !$oauth_verifier) {
- throw new Exception("Authentication failed! {$this->providerId} returned an invalid oauth verifier.", 5);
- }
-
+ throw new Exception("Authentication failed! {$this->providerId} returned an invalid oauth verifier.", 5); + } + // request an access token
- $tokens = $this->api->accessToken($oauth_verifier);
-
+ $tokens = $this->api->accessToken($oauth_verifier); + // access tokens as received from provider
- $this->access_tokens_raw = $tokens;
-
+ $this->access_tokens_raw = $tokens; + // check the last HTTP status code returned
if ($this->api->http_code != 200) {
- throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5);
- }
-
+ throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5); + } + // we should have an access_token, or else, something has gone wrong
if (!isset($tokens["oauth_token"])) {
- throw new Exception("Authentication failed! {$this->providerId} returned an invalid access token.", 5);
- }
-
+ throw new Exception("Authentication failed! {$this->providerId} returned an invalid access token.", 5); + } + // we no more need to store request tokens
$this->deleteToken("request_token");
- $this->deleteToken("request_token_secret");
-
+ $this->deleteToken("request_token_secret"); + // store access_token for later user
$this->token("access_token", $tokens['oauth_token']);
- $this->token("access_token_secret", $tokens['oauth_token_secret']);
-
+ $this->token("access_token_secret", $tokens['oauth_token_secret']); + // set user as logged in to the current provider
$this->setUserConnected();
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/Provider_Model_OAuth2.php b/hauth/Hybrid/Provider_Model_OAuth2.php index b9de4e2..d0825a5 100644 --- a/hauth/Hybrid/Provider_Model_OAuth2.php +++ b/hauth/Hybrid/Provider_Model_OAuth2.php @@ -1,11 +1,11 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* To implement an OAuth 2 based service provider, Hybrid_Provider_Model_OAuth2
* can be used to save the hassle of the authentication flow.
@@ -18,20 +18,20 @@ * Hybrid_Provider_Model_OAuth2 use OAuth2Client v0.1 which can be found on
* Hybrid/thirdparty/OAuth/OAuth2Client.php
*/
-class Hybrid_Provider_Model_OAuth2 extends Hybrid_Provider_Model {
-
+class Hybrid_Provider_Model_OAuth2 extends Hybrid_Provider_Model { + /**
* Default permissions
* @var string
*/
- public $scope = "";
-
+ public $scope = ""; + /**
* Provider API wrapper
* @var OAuth2Client
*/
- public $api = null;
-
+ public $api = null; + /**
* Try to get the error message from provider api
*
@@ -39,146 +39,146 @@ class Hybrid_Provider_Model_OAuth2 extends Hybrid_Provider_Model { * @return string
*/
function errorMessageByStatus($code = null) {
- $http_status_codes = array(
- 200 => "OK: Success!",
- 304 => "Not Modified: There was no new data to return.",
- 400 => "Bad Request: The request was invalid.",
- 401 => "Unauthorized.",
- 403 => "Forbidden: The request is understood, but it has been refused.",
- 404 => "Not Found: The URI requested is invalid or the resource requested does not exists.",
- 406 => "Not Acceptable.",
- 500 => "Internal Server Error: Something is broken.",
- 502 => "Bad Gateway.",
- 503 => "Service Unavailable."
- );
-
- if (!$code && $this->api) {
- $code = $this->api->http_code;
- }
-
- if (isset($http_status_codes[$code])) {
- return $code . " " . $http_status_codes[$code];
- }
- }
-
+ $http_status_codes = [
+ 200 => "OK: Success!",
+ 304 => "Not Modified: There was no new data to return.",
+ 400 => "Bad Request: The request was invalid.",
+ 401 => "Unauthorized.",
+ 403 => "Forbidden: The request is understood, but it has been refused.",
+ 404 => "Not Found: The URI requested is invalid or the resource requested does not exists.",
+ 406 => "Not Acceptable.",
+ 500 => "Internal Server Error: Something is broken.",
+ 502 => "Bad Gateway.",
+ 503 => "Service Unavailable.",
+ ]; + + if (!$code && $this->api) {
+ $code = $this->api->http_code;
+ } + + if (isset($http_status_codes[$code])) {
+ return $code . " " . $http_status_codes[$code];
+ }
+ } + /**
* Adapter initializer
*/
function initialize() {
- if (!$this->config["keys"]["id"] || !$this->config["keys"]["secret"]) {
- throw new Exception("Your application id and secret are required in order to connect to {$this->providerId}.", 4);
- }
-
- // override requested scope
- if (isset($this->config["scope"]) && !empty($this->config["scope"])) {
- $this->scope = $this->config["scope"];
- }
-
- // include OAuth2 client
- require_once Hybrid_Auth::$config["path_libraries"] . "OAuth/OAuth2Client.php";
-
- // create a new OAuth2 client instance
- $this->api = new OAuth2Client($this->config["keys"]["id"], $this->config["keys"]["secret"], $this->endpoint, $this->compressed);
-
- // If we have an access token, set it
- if ($this->token("access_token")) {
- $this->api->access_token = $this->token("access_token");
- $this->api->refresh_token = $this->token("refresh_token");
- $this->api->access_token_expires_in = $this->token("expires_in");
- $this->api->access_token_expires_at = $this->token("expires_at");
- }
-
- // Set curl proxy if exist
- if (isset(Hybrid_Auth::$config["proxy"])) {
- $this->api->curl_proxy = Hybrid_Auth::$config["proxy"];
- }
- }
-
+ if (!$this->config["keys"]["id"] || !$this->config["keys"]["secret"]) {
+ throw new Exception("Your application id and secret are required in order to connect to {$this->providerId}.", 4); + } + + // override requested scope
+ if (isset($this->config["scope"]) && !empty($this->config["scope"])) {
+ $this->scope = $this->config["scope"];
+ } + + // include OAuth2 client
+ require_once Hybrid_Auth::$config["path_libraries"] . "OAuth/OAuth2Client.php"; + + // create a new OAuth2 client instance
+ $this->api = new OAuth2Client($this->config["keys"]["id"], $this->config["keys"]["secret"], $this->endpoint, $this->compressed); + + // If we have an access token, set it
+ if ($this->token("access_token")) {
+ $this->api->access_token = $this->token("access_token");
+ $this->api->refresh_token = $this->token("refresh_token");
+ $this->api->access_token_expires_in = $this->token("expires_in");
+ $this->api->access_token_expires_at = $this->token("expires_at");
+ } + + // Set curl proxy if exist
+ if (isset(Hybrid_Auth::$config["proxy"])) {
+ $this->api->curl_proxy = Hybrid_Auth::$config["proxy"];
+ }
+ } + /**
* {@inheritdoc}
*/
function loginBegin() {
- // redirect the user to the provider authentication url
- Hybrid_Auth::redirect($this->api->authorizeUrl(array("scope" => $this->scope)));
- }
-
+ // redirect the user to the provider authentication url
+ Hybrid_Auth::redirect($this->api->authorizeUrl(["scope" => $this->scope]));
+ } + /**
* {@inheritdoc}
*/
function loginFinish() {
- $error = (array_key_exists('error', $_REQUEST)) ? $_REQUEST['error'] : "";
-
- // check for errors
- if ($error) {
- throw new Exception("Authentication failed! {$this->providerId} returned an error: $error", 5);
- }
-
- // try to authenticate user
- $code = (array_key_exists('code', $_REQUEST)) ? $_REQUEST['code'] : "";
-
- try {
- $this->api->authenticate($code);
- } catch (Exception $e) {
- throw new Exception("User profile request failed! {$this->providerId} returned an error: " . $e->getMessage(), 6);
- }
-
- // check if authenticated
- if (!$this->api->access_token) {
- throw new Exception("Authentication failed! {$this->providerId} returned an invalid access token.", 5);
- }
-
- // store tokens
- $this->token("access_token", $this->api->access_token);
- $this->token("refresh_token", $this->api->refresh_token);
- $this->token("expires_in", $this->api->access_token_expires_in);
- $this->token("expires_at", $this->api->access_token_expires_at);
-
- // set user connected locally
- $this->setUserConnected();
- }
-
+ $error = (array_key_exists('error', $_REQUEST)) ? $_REQUEST['error'] : ""; + + // check for errors
+ if ($error) {
+ throw new Exception("Authentication failed! {$this->providerId} returned an error: $error", 5); + } + + // try to authenticate user
+ $code = (array_key_exists('code', $_REQUEST)) ? $_REQUEST['code'] : ""; + + try {
+ $this->api->authenticate($code);
+ } catch (Exception $e) {
+ throw new Exception("User profile request failed! {$this->providerId} returned an error: " . $e->getMessage(), 6); + } + + // check if authenticated
+ if (!$this->api->access_token) {
+ throw new Exception("Authentication failed! {$this->providerId} returned an invalid access token.", 5); + } + + // store tokens
+ $this->token("access_token", $this->api->access_token);
+ $this->token("refresh_token", $this->api->refresh_token);
+ $this->token("expires_in", $this->api->access_token_expires_in);
+ $this->token("expires_at", $this->api->access_token_expires_at); + + // set user connected locally
+ $this->setUserConnected();
+ } + /**
* {@inheritdoc}
*/
function refreshToken() {
- // have an access token?
- if ($this->api->access_token) {
-
- // have to refresh?
- if ($this->api->refresh_token && $this->api->access_token_expires_at) {
-
- // expired?
- if ($this->api->access_token_expires_at <= time()) {
- $response = $this->api->refreshToken(array("refresh_token" => $this->api->refresh_token));
-
- if (!isset($response->access_token) || !$response->access_token) {
- // set the user as disconnected at this point and throw an exception
- $this->setUserUnconnected();
-
- throw new Exception("The Authorization Service has return an invalid response while requesting a new access token. " . (string) $response->error);
- }
-
- // set new access_token
- $this->api->access_token = $response->access_token;
-
- if (isset($response->refresh_token))
- $this->api->refresh_token = $response->refresh_token;
-
- if (isset($response->expires_in)) {
- $this->api->access_token_expires_in = $response->expires_in;
-
- // even given by some idp, we should calculate this
- $this->api->access_token_expires_at = time() + $response->expires_in;
- }
- }
- }
-
- // re store tokens
- $this->token("access_token", $this->api->access_token);
- $this->token("refresh_token", $this->api->refresh_token);
- $this->token("expires_in", $this->api->access_token_expires_in);
- $this->token("expires_at", $this->api->access_token_expires_at);
- }
- }
-
-}
+ // have an access token?
+ if ($this->api->access_token) { + + // have to refresh?
+ if ($this->api->refresh_token && $this->api->access_token_expires_at) { + + // expired?
+ if ($this->api->access_token_expires_at <= time()) {
+ $response = $this->api->refreshToken(["refresh_token" => $this->api->refresh_token]); + + if (!isset($response->access_token) || !$response->access_token) {
+ // set the user as disconnected at this point and throw an exception
+ $this->setUserUnconnected(); + + throw new Exception("The Authorization Service has return an invalid response while requesting a new access token. " . (string) $response->error); + } + + // set new access_token
+ $this->api->access_token = $response->access_token; + + if (isset($response->refresh_token))
+ $this->api->refresh_token = $response->refresh_token; + + if (isset($response->expires_in)) {
+ $this->api->access_token_expires_in = $response->expires_in; + + // even given by some idp, we should calculate this
+ $this->api->access_token_expires_at = time() + $response->expires_in;
+ }
+ }
+ } + + // re store tokens
+ $this->token("access_token", $this->api->access_token);
+ $this->token("refresh_token", $this->api->refresh_token);
+ $this->token("expires_in", $this->api->access_token_expires_in);
+ $this->token("expires_at", $this->api->access_token_expires_at);
+ }
+ } + +} diff --git a/hauth/Hybrid/Provider_Model_OpenID.php b/hauth/Hybrid/Provider_Model_OpenID.php index 08fa36c..a30e9ee 100644 --- a/hauth/Hybrid/Provider_Model_OpenID.php +++ b/hauth/Hybrid/Provider_Model_OpenID.php @@ -1,11 +1,11 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* To implement an OpenID based service provider, Hybrid_Provider_Model_OpenID
* can be used to save the hassle of the authentication flow.
@@ -16,56 +16,56 @@ * Hybrid_Provider_Model_OpenID use LightOpenID lib which can be found on
* Hybrid/thirdparty/OpenID/LightOpenID.php
*/
-class Hybrid_Provider_Model_OpenID extends Hybrid_Provider_Model {
-
+class Hybrid_Provider_Model_OpenID extends Hybrid_Provider_Model { + /**
* Provider API client
* @var LightOpenID
*/
- public $api = null;
-
+ public $api = null; + /**
* Openid provider identifier
* @var string
*/
- public $openidIdentifier = "";
-
+ public $openidIdentifier = ""; + /**
* {@inheritdoc}
*/
function initialize() {
if (isset($this->params["openid_identifier"])) {
$this->openidIdentifier = $this->params["openid_identifier"];
- }
-
+ } + // include LightOpenID lib
- require_once Hybrid_Auth::$config["path_libraries"] . "OpenID/LightOpenID.php";
-
+ require_once Hybrid_Auth::$config["path_libraries"] . "OpenID/LightOpenID.php"; + // An error was occurring when proxy wasn't set. Not sure where proxy was meant to be set/initialized.
- Hybrid_Auth::$config['proxy'] = isset(Hybrid_Auth::$config['proxy']) ? Hybrid_Auth::$config['proxy'] : '';
-
+ Hybrid_Auth::$config['proxy'] = Hybrid_Auth::$config['proxy'] ?? ''; + $hostPort = parse_url(Hybrid_Auth::$config["base_url"], PHP_URL_PORT);
- $hostUrl = parse_url(Hybrid_Auth::$config["base_url"], PHP_URL_HOST);
-
+ $hostUrl = parse_url(Hybrid_Auth::$config["base_url"], PHP_URL_HOST); + // Check for port on url
if ($hostPort) {
$hostUrl .= ':' . $hostPort;
- }
-
+ } + $this->api = new LightOpenID($hostUrl, Hybrid_Auth::$config["proxy"]);
- }
-
+ } + /**
* {@inheritdoc}
*/
function loginBegin() {
if (empty($this->openidIdentifier)) {
- throw new Exception("OpenID adapter require the identity provider identifier 'openid_identifier' as an extra parameter.", 4);
- }
-
+ throw new Exception("OpenID adapter require the identity provider identifier 'openid_identifier' as an extra parameter.", 4); + } + $this->api->identity = $this->openidIdentifier;
$this->api->returnUrl = $this->endpoint;
- $this->api->required = array(
+ $this->api->required = [
'namePerson/first',
'namePerson/last',
'namePerson/friendly',
@@ -81,32 +81,32 @@ class Hybrid_Provider_Model_OpenID extends Hybrid_Provider_Model { 'contact/city/home',
'contact/country/home',
'media/image/default',
- );
-
+ ]; + # redirect the user to the provider authentication url
Hybrid_Auth::redirect($this->api->authUrl());
- }
-
+ } + /**
* {@inheritdoc}
*/
function loginFinish() {
# if user don't grant access of their data to your site, halt with an Exception
if ($this->api->mode == 'cancel') {
- throw new Exception("Authentication failed! User has canceled authentication!", 5);
- }
-
+ throw new Exception("Authentication failed! User has canceled authentication!", 5); + } + # if something goes wrong
if (!$this->api->validate()) {
- throw new Exception("Authentication failed. Invalid request received!", 5);
- }
-
+ throw new Exception("Authentication failed. Invalid request received!", 5); + } + # fetch received user data
- $response = $this->api->getAttributes();
-
+ $response = $this->api->getAttributes(); + # store the user profile
- $this->user->profile->identifier = $this->api->identity;
-
+ $this->user->profile->identifier = $this->api->identity; + $this->user->profile->firstName = (array_key_exists("namePerson/first", $response)) ? $response["namePerson/first"] : "";
$this->user->profile->lastName = (array_key_exists("namePerson/last", $response)) ? $response["namePerson/last"] : "";
$this->user->profile->displayName = (array_key_exists("namePerson", $response)) ? $response["namePerson"] : "";
@@ -115,56 +115,56 @@ class Hybrid_Provider_Model_OpenID extends Hybrid_Provider_Model { $this->user->profile->country = (array_key_exists("contact/country/home", $response)) ? $response["contact/country/home"] : "";
$this->user->profile->zip = (array_key_exists("contact/postalCode/home", $response)) ? $response["contact/postalCode/home"] : "";
$this->user->profile->gender = (array_key_exists("person/gender", $response)) ? $response["person/gender"] : "";
- $this->user->profile->photoURL = (array_key_exists("media/image/default", $response)) ? $response["media/image/default"] : "";
-
+ $this->user->profile->photoURL = (array_key_exists("media/image/default", $response)) ? $response["media/image/default"] : ""; + $this->user->profile->birthDay = (array_key_exists("birthDate/birthDay", $response)) ? $response["birthDate/birthDay"] : "";
$this->user->profile->birthMonth = (array_key_exists("birthDate/birthMonth", $response)) ? $response["birthDate/birthMonth"] : "";
- $this->user->profile->birthYear = (array_key_exists("birthDate/birthDate", $response)) ? $response["birthDate/birthDate"] : "";
-
+ $this->user->profile->birthYear = (array_key_exists("birthDate/birthDate", $response)) ? $response["birthDate/birthDate"] : ""; + if (isset($response['namePerson/friendly']) && !empty($response['namePerson/friendly']) && !$this->user->profile->displayName) {
$this->user->profile->displayName = $response["namePerson/friendly"];
- }
-
+ } + if (isset($response['birthDate']) && !empty($response['birthDate']) && !$this->user->profile->birthDay) {
- list( $birthday_year, $birthday_month, $birthday_day ) = $response['birthDate'];
-
+ list( $birthday_year, $birthday_month, $birthday_day ) = $response['birthDate']; + $this->user->profile->birthDay = (int) $birthday_day;
$this->user->profile->birthMonth = (int) $birthday_month;
$this->user->profile->birthYear = (int) $birthday_year;
- }
-
+ } + if (!$this->user->profile->displayName) {
$this->user->profile->displayName = trim($this->user->profile->firstName . " " . $this->user->profile->lastName);
- }
-
+ } + if ($this->user->profile->gender == "f") {
$this->user->profile->gender = "female";
- }
-
+ } + if ($this->user->profile->gender == "m") {
$this->user->profile->gender = "male";
- }
-
+ } + // set user as logged in
- $this->setUserConnected();
-
+ $this->setUserConnected(); + // with openid providers we get the user profile only once, so store it
Hybrid_Auth::storage()->set("hauth_session.{$this->providerId}.user", $this->user);
- }
-
+ } + /**
* {@inheritdoc}
*/
function getUserProfile() {
// try to get the user profile from stored data
- $this->user = Hybrid_Auth::storage()->get("hauth_session.{$this->providerId}.user");
-
+ $this->user = Hybrid_Auth::storage()->get("hauth_session.{$this->providerId}.user"); + // if not found
if (!is_object($this->user)) {
- throw new Exception("User profile request failed! User is not connected to {$this->providerId} or his session has expired.", 6);
- }
-
+ throw new Exception("User profile request failed! User is not connected to {$this->providerId} or his session has expired.", 6); + } + return $this->user->profile;
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/Providers/AOL.php b/hauth/Hybrid/Providers/AOL.php index 19028c0..bb34d02 100644 --- a/hauth/Hybrid/Providers/AOL.php +++ b/hauth/Hybrid/Providers/AOL.php @@ -1,18 +1,18 @@ <?php
-
+ /* !
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2012, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_Providers_AOL provider adapter based on OpenID protocol
*
* http://hybridauth.sourceforge.net/userguide/IDProvider_info_AOL.html
*/
-class Hybrid_Providers_AOL extends Hybrid_Provider_Model_OpenID {
-
- var $openidIdentifier = "http://openid.aol.com/";
-
-}
+class Hybrid_Providers_AOL extends Hybrid_Provider_Model_OpenID { + + var $openidIdentifier = "http://openid.aol.com/"; + +} diff --git a/hauth/Hybrid/Providers/Amazon.php b/hauth/Hybrid/Providers/Amazon.php index cc7d14c..f8a10de 100644 --- a/hauth/Hybrid/Providers/Amazon.php +++ b/hauth/Hybrid/Providers/Amazon.php @@ -48,7 +48,7 @@ class Hybrid_Providers_Amazon extends Hybrid_Provider_Model_OAuth2 { $this->api->authorize_url = 'https://www.amazon.com/ap/oa'; $this->api->token_url = 'https://api.amazon.com/auth/o2/token'; - $this->api->curl_header = array( 'Content-Type: application/x-www-form-urlencoded' ); + $this->api->curl_header = [ 'Content-Type: application/x-www-form-urlencoded' ]; // If we have an access token, set it if ( $this->token( 'access_token' ) ) { diff --git a/hauth/Hybrid/Providers/Dropbox.php b/hauth/Hybrid/Providers/Dropbox.php index cc072ab..f903d94 100644 --- a/hauth/Hybrid/Providers/Dropbox.php +++ b/hauth/Hybrid/Providers/Dropbox.php @@ -12,18 +12,18 @@ */ class Hybrid_Providers_Dropbox extends Hybrid_Provider_Model_OAuth2 -{ +{ /** * IDp wrappers initializer */ - function initialize() + function initialize() { parent::initialize(); // Provider apis end-points $this->api->api_base_url = "https://api.dropbox.com/1/"; $this->api->authorize_url = "https://www.dropbox.com/1/oauth2/authorize"; - $this->api->token_url = "https://api.dropbox.com/1/oauth2/token"; + $this->api->token_url = "https://api.dropbox.com/1/oauth2/token"; } /** @@ -31,7 +31,7 @@ class Hybrid_Providers_Dropbox extends Hybrid_Provider_Model_OAuth2 */ function getUserProfile() { - // refresh tokens if needed + // refresh tokens if needed $this->refreshToken(); try{ @@ -49,7 +49,7 @@ class Hybrid_Providers_Dropbox extends Hybrid_Provider_Model_OAuth2 if ( ! is_object( $response ) || ! isset( $response->uid ) ){ throw new Exception( "User profile request failed! {$this->providerId} api returned an invalid response.", 6 ); } - # store the user profile. + # store the user profile. $this->user->profile->identifier = (property_exists($response,'uid'))?$response->uid:""; $this->user->profile->profileURL = ""; $this->user->profile->webSiteURL = ""; diff --git a/hauth/Hybrid/Providers/Facebook.php b/hauth/Hybrid/Providers/Facebook.php index ab48370..c5c74e2 100644 --- a/hauth/Hybrid/Providers/Facebook.php +++ b/hauth/Hybrid/Providers/Facebook.php @@ -1,402 +1,401 @@ <?php
-
-use Facebook\Exceptions\FacebookSDKException;
-use Facebook\Facebook as FacebookSDK;
-
+ +use Facebook\Exceptions\FacebookSDKException; +use Facebook\Facebook as FacebookSDK; + /* !
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2012, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_Providers_Facebook provider adapter based on OAuth2 protocol
* Hybrid_Providers_Facebook use the Facebook PHP SDK created by Facebook
* http://hybridauth.sourceforge.net/userguide/IDProvider_info_Facebook.html
*/
-class Hybrid_Providers_Facebook extends Hybrid_Provider_Model {
-
- /**
- * Default permissions, and a lot of them. You can change them from the configuration by setting the scope to what you want/need.
- * For a complete list see: https://developers.facebook.com/docs/facebook-login/permissions
- *
- * @link https://developers.facebook.com/docs/facebook-login/permissions
- * @var array $scope
- */
- public $scope = array('email', 'public_profile');
-
- /**
- * Provider API client
- *
- * @var \Facebook\Facebook
- */
- public $api;
-
- public $useSafeUrls = true;
-
- /**
- * {@inheritdoc}
- */
- function initialize() {
- if (!$this->config["keys"]["id"] || !$this->config["keys"]["secret"]) {
- throw new Exception("Your application id and secret are required in order to connect to {$this->providerId}.", 4);
- }
-
- if (isset($this->config['scope'])) {
- $scope = $this->config['scope'];
- if (is_string($scope)) {
- $scope = explode(",", $scope);
- }
- $scope = array_map('trim', $scope);
- $this->scope = $scope;
- }
-
- $trustForwarded = isset($this->config['trustForwarded']) ? (bool)$this->config['trustForwarded'] : false;
-
- // Include 3rd-party SDK.
- $this->autoLoaderInit();
-
- $this->api = new FacebookSDK([
- 'app_id' => $this->config["keys"]["id"],
- 'app_secret' => $this->config["keys"]["secret"],
- 'default_graph_version' => !empty($this->config['default_graph_version']) ? $this->config['default_graph_version'] : 'v2.12',
- 'trustForwarded' => $trustForwarded,
- ]);
- }
-
- /**
- * {@inheritdoc}
- */
- function loginBegin() {
-
- $this->endpoint = $this->params['login_done'];
- $helper = $this->api->getRedirectLoginHelper();
-
- // Use re-request, because this will trigger permissions window if not all permissions are granted.
- $url = $helper->getReRequestUrl($this->endpoint, $this->scope);
-
- // Redirect to Facebook
- Hybrid_Auth::redirect($url);
- }
-
- /**
- * {@inheritdoc}
- */
- function loginFinish() {
-
- $helper = $this->api->getRedirectLoginHelper();
- if (isset($_GET['state'])) {
- $helper->getPersistentDataHandler()->set('state', $_GET['state']);
- }
- try {
- $accessToken = $helper->getAccessToken($this->params['login_done']);
- } catch (Facebook\Exceptions\FacebookResponseException $e) {
- throw new Hybrid_Exception('Facebook Graph returned an error: ' . $e->getMessage());
- } catch (Facebook\Exceptions\FacebookSDKException $e) {
- throw new Hybrid_Exception('Facebook SDK returned an error: ' . $e->getMessage());
- }
-
- if (!isset($accessToken)) {
- if ($helper->getError()) {
- throw new Hybrid_Exception(sprintf("Could not authorize user, reason: %s (%d)", $helper->getErrorDescription(), $helper->getErrorCode()));
- } else {
- throw new Hybrid_Exception("Could not authorize user. Bad request");
- }
- }
-
- try {
- // Validate token
- $oAuth2Client = $this->api->getOAuth2Client();
- $tokenMetadata = $oAuth2Client->debugToken($accessToken);
- $tokenMetadata->validateAppId($this->config["keys"]["id"]);
- $tokenMetadata->validateExpiration();
-
- // Exchanges a short-lived access token for a long-lived one
- if (!$accessToken->isLongLived()) {
- $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
- }
- } catch (FacebookSDKException $e) {
- throw new Hybrid_Exception($e->getMessage(), 0, $e);
- }
-
- $this->setUserConnected();
- $this->token("access_token", $accessToken->getValue());
- }
-
- /**
- * {@inheritdoc}
- */
- function logout() {
- parent::logout();
- }
-
- /**
- * Update user status
- *
- * @param mixed $status An array describing the status, or string
- * @param string $pageid (optional) User page id
- * @return array
- * @throw Exception
- */
- function setUserStatus($status, $pageid = null) {
-
- if (!is_array($status)) {
- $status = array('message' => $status);
- }
-
- $access_token = null;
-
- if (is_null($pageid)) {
- $pageid = 'me';
- $access_token = $this->token('access_token');
-
- // if post on page, get access_token page
- } else {
-
- foreach ($this->getUserPages(true) as $p) {
- if (isset($p['id']) && intval($p['id']) == intval($pageid)) {
- $access_token = $p['access_token'];
- break;
- }
- }
-
- if (is_null($access_token)) {
- throw new Exception("Update user page failed, page not found or not writable!");
- }
- }
-
- try {
- $response = $this->api->post('/' . $pageid . '/feed', $status, $access_token);
- } catch (FacebookSDKException $e) {
- throw new Exception("Update user status failed! {$this->providerId} returned an error {$e->getMessage()}", 0, $e);
- }
-
- return $response;
- }
-
- /**
- * {@inheridoc}
- */
+class Hybrid_Providers_Facebook extends Hybrid_Provider_Model { + + /**
+ * Default permissions, and a lot of them. You can change them from the configuration by setting the scope to what you want/need.
+ * For a complete list see: https://developers.facebook.com/docs/facebook-login/permissions
+ *
+ * @link https://developers.facebook.com/docs/facebook-login/permissions
+ * @var array $scope
+ */
+ public $scope = ['email', 'public_profile']; + + /**
+ * Provider API client
+ *
+ * @var \Facebook\Facebook
+ */
+ public $api; + + public $useSafeUrls = true; + + /**
+ * {@inheritdoc}
+ */
+ function initialize() {
+ if (!$this->config["keys"]["id"] || !$this->config["keys"]["secret"]) {
+ throw new Exception("Your application id and secret are required in order to connect to {$this->providerId}.", 4); + } + + if (isset($this->config['scope'])) {
+ $scope = $this->config['scope'];
+ if (is_string($scope)) {
+ $scope = explode(",", $scope);
+ }
+ $scope = array_map('trim', $scope);
+ $this->scope = $scope;
+ } + + $trustForwarded = isset($this->config['trustForwarded']) ? (bool)$this->config['trustForwarded'] : false; + + // Include 3rd-party SDK.
+ $this->autoLoaderInit(); + + $this->api = new FacebookSDK([
+ 'app_id' => $this->config["keys"]["id"],
+ 'app_secret' => $this->config["keys"]["secret"],
+ 'default_graph_version' => !empty($this->config['default_graph_version']) ? $this->config['default_graph_version'] : 'v2.12',
+ 'trustForwarded' => $trustForwarded,
+ ]);
+ } + + /**
+ * {@inheritdoc}
+ */
+ function loginBegin() { + + $this->endpoint = $this->params['login_done'];
+ $helper = $this->api->getRedirectLoginHelper(); + + // Use re-request, because this will trigger permissions window if not all permissions are granted.
+ $url = $helper->getReRequestUrl($this->endpoint, $this->scope); + + // Redirect to Facebook
+ Hybrid_Auth::redirect($url);
+ } + + /**
+ * {@inheritdoc}
+ */
+ function loginFinish() { + + $helper = $this->api->getRedirectLoginHelper();
+ if (isset($_GET['state'])) {
+ $helper->getPersistentDataHandler()->set('state', $_GET['state']);
+ }
+ try {
+ $accessToken = $helper->getAccessToken($this->params['login_done']);
+ } catch (Facebook\Exceptions\FacebookResponseException $e) {
+ throw new Hybrid_Exception('Facebook Graph returned an error: ' . $e->getMessage()); + } catch (Facebook\Exceptions\FacebookSDKException $e) {
+ throw new Hybrid_Exception('Facebook SDK returned an error: ' . $e->getMessage()); + } + + if (!isset($accessToken)) {
+ if ($helper->getError()) {
+ throw new Hybrid_Exception(sprintf("Could not authorize user, reason: %s (%d)", $helper->getErrorDescription(), $helper->getErrorCode())); + }
+ throw new Hybrid_Exception("Could not authorize user. Bad request"); + } + + try {
+ // Validate token
+ $oAuth2Client = $this->api->getOAuth2Client();
+ $tokenMetadata = $oAuth2Client->debugToken($accessToken);
+ $tokenMetadata->validateAppId($this->config["keys"]["id"]);
+ $tokenMetadata->validateExpiration(); + + // Exchanges a short-lived access token for a long-lived one
+ if (!$accessToken->isLongLived()) {
+ $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
+ }
+ } catch (FacebookSDKException $e) {
+ throw new Hybrid_Exception($e->getMessage(), 0, $e); + } + + $this->setUserConnected();
+ $this->token("access_token", $accessToken->getValue());
+ } + + /**
+ * {@inheritdoc}
+ */
+ function logout() {
+ parent::logout();
+ } + + /**
+ * Update user status
+ *
+ * @param mixed $status An array describing the status, or string
+ * @param string $pageid (optional) User page id
+ * @return array
+ * @throw Exception
+ */
+ function setUserStatus($status, $pageid = null) { + + if (!is_array($status)) {
+ $status = ['message' => $status];
+ } + + $access_token = null; + + if (is_null($pageid)) {
+ $pageid = 'me';
+ $access_token = $this->token('access_token'); + + // if post on page, get access_token page
+ } else { + + foreach ($this->getUserPages(true) as $p) {
+ if (isset($p['id']) && (int) ($p['id']) == (int) $pageid) {
+ $access_token = $p['access_token'];
+ break;
+ }
+ } + + if (is_null($access_token)) {
+ throw new Exception("Update user page failed, page not found or not writable!"); + }
+ } + + try {
+ $response = $this->api->post('/' . $pageid . '/feed', $status, $access_token);
+ } catch (FacebookSDKException $e) {
+ throw new Exception("Update user status failed! {$this->providerId} returned an error {$e->getMessage()}", 0, $e); + } + + return $response;
+ } + + /**
+ * {@inheridoc}
+ */
function getUserPages($writableonly = false) {
- if (!in_array('manage_pages', $this->scope)) {
- throw new Exception("Get user pages requires manage_page permission!");
- }
-
- try {
- $pages = $this->api->get("/me/accounts", $this->token('access_token'));
- $pages = $pages->getDecodedBody();
- } catch (FacebookApiException $e) {
- throw new Exception("Cannot retrieve user pages! {$this->providerId} returned an error: {$e->getMessage()}", 0, $e);
- }
-
- if (!isset($pages['data'])) {
- return array();
- }
-
- if (!$writableonly) {
- return $pages['data'];
- }
-
- $wrpages = array();
- foreach ($pages['data'] as $p) {
- if (isset($p['perms']) && in_array('CREATE_CONTENT', $p['perms'])) {
- $wrpages[] = $p;
- }
- }
-
- return $wrpages;
- }
-
- /**
- * {@inheritdoc}
- */
- function getUserProfile() {
- try {
- $fields = array(
- 'id',
- 'name',
- 'first_name',
- 'last_name',
- 'link',
- 'website',
- 'gender',
- 'locale',
- 'about',
- 'email',
- 'hometown',
- 'location',
- 'birthday'
- );
- $response = $this->api->get('/me?fields=' . implode(',', $fields), $this->token('access_token'));
- $data = $response->getDecodedBody();
- } catch (FacebookSDKException $e) {
- throw new Exception("User profile request failed! {$this->providerId} returned an error: {$e->getMessage()}", 6, $e);
- }
-
- // Store the user profile.
- $this->user->profile->identifier = (array_key_exists('id', $data)) ? $data['id'] : "";
- $this->user->profile->displayName = (array_key_exists('name', $data)) ? $data['name'] : "";
- $this->user->profile->firstName = (array_key_exists('first_name', $data)) ? $data['first_name'] : "";
- $this->user->profile->lastName = (array_key_exists('last_name', $data)) ? $data['last_name'] : "";
- $this->user->profile->photoURL = $this->getUserPhoto($this->user->profile->identifier);
- $this->user->profile->profileURL = (array_key_exists('link', $data)) ? $data['link'] : "";
- $this->user->profile->webSiteURL = (array_key_exists('website', $data)) ? $data['website'] : "";
- $this->user->profile->gender = (array_key_exists('gender', $data)) ? $data['gender'] : "";
- $this->user->profile->language = (array_key_exists('locale', $data)) ? $data['locale'] : "";
- $this->user->profile->description = (array_key_exists('about', $data)) ? $data['about'] : "";
- $this->user->profile->email = (array_key_exists('email', $data)) ? $data['email'] : "";
- $this->user->profile->emailVerified = (array_key_exists('email', $data)) ? $data['email'] : "";
- $this->user->profile->region = (array_key_exists("location", $data) && array_key_exists("name", $data['location'])) ? $data['location']["name"] : "";
-
- if (!empty($this->user->profile->region)) {
- $regionArr = explode(',', $this->user->profile->region);
- if (count($regionArr) > 1) {
- $this->user->profile->city = trim($regionArr[0]);
- $this->user->profile->country = trim(end($regionArr));
- }
- }
-
- if (array_key_exists('birthday', $data)) {
- $birtydayPieces = explode('/', $data['birthday']);
-
- if (count($birtydayPieces) == 1) {
- $this->user->profile->birthYear = (int)$birtydayPieces[0];
- } elseif (count($birtydayPieces) == 2) {
- $this->user->profile->birthMonth = (int)$birtydayPieces[0];
- $this->user->profile->birthDay = (int)$birtydayPieces[1];
- } elseif (count($birtydayPieces) == 3) {
- $this->user->profile->birthMonth = (int)$birtydayPieces[0];
- $this->user->profile->birthDay = (int)$birtydayPieces[1];
- $this->user->profile->birthYear = (int)$birtydayPieces[2];
- }
- }
-
- return $this->user->profile;
- }
-
- /**
- * Since the Graph API 2.0, the /friends endpoint only returns friend that also use your Facebook app.
- * {@inheritdoc}
- */
- function getUserContacts() {
- if (!in_array('user_friends', $this->scope)) {
- throw new Exception("Get user contacts requires user_friends permission!");
- }
-
- $apiCall = '?fields=link,name';
- $returnedContacts = array();
- $pagedList = true;
-
- while ($pagedList) {
- try {
- $response = $this->api->get('/me/friends' . $apiCall, $this->token('access_token'));
- $response = $response->getDecodedBody();
- } catch (FacebookSDKException $e) {
- throw new Hybrid_Exception("User contacts request failed! {$this->providerId} returned an error {$e->getMessage()}", 0, $e);
- }
-
- // Prepare the next call if paging links have been returned
- if (array_key_exists('paging', $response) && array_key_exists('next', $response['paging'])) {
- $pagedList = true;
- $next_page = explode('friends', $response['paging']['next']);
- $apiCall = $next_page[1];
- } else {
- $pagedList = false;
- }
-
- // Add the new page contacts
- $returnedContacts = array_merge($returnedContacts, $response['data']);
- }
-
- $contacts = array();
- foreach ($returnedContacts as $item) {
-
- $uc = new Hybrid_User_Contact();
- $uc->identifier = (array_key_exists("id", $item)) ? $item["id"] : "";
- $uc->displayName = (array_key_exists("name", $item)) ? $item["name"] : "";
- $uc->profileURL = (array_key_exists("link", $item)) ? $item["link"] : "https://www.facebook.com/profile.php?id=" . $uc->identifier;
- $uc->photoURL = $this->getUserPhoto($uc->identifier);
-
- $contacts[] = $uc;
- }
-
- return $contacts;
- }
-
- /**
- * Load the user latest activity, needs 'read_stream' permission
- *
- * @param string $stream Which activity to fetch:
- * - timeline : all the stream
- * - me : the user activity only
- * {@inheritdoc}
- */
- function getUserActivity($stream = 'timeline') {
- try {
- if ($stream == "me") {
- $response = $this->api->get('/me/feed', $this->token('access_token'));
- } else {
- $response = $this->api->get('/me/home', $this->token('access_token'));
- }
- $response = $response->getDecodedBody();
- } catch (FacebookSDKException $e) {
- throw new Hybrid_Exception("User activity stream request failed! {$this->providerId} returned an error: {$e->getMessage()}", 0, $e);
- }
-
- if (!$response || !count($response['data'])) {
- return array();
- }
-
- $activities = array();
- foreach ($response['data'] as $item) {
-
- $ua = new Hybrid_User_Activity();
-
- $ua->id = (array_key_exists("id", $item)) ? $item["id"] : "";
- $ua->date = (array_key_exists("created_time", $item)) ? strtotime($item["created_time"]) : "";
-
- if ($item["type"] == "video") {
- $ua->text = (array_key_exists("link", $item)) ? $item["link"] : "";
- }
-
- if ($item["type"] == "link") {
- $ua->text = (array_key_exists("link", $item)) ? $item["link"] : "";
- }
-
- if (empty($ua->text) && isset($item["story"])) {
- $ua->text = (array_key_exists("link", $item)) ? $item["link"] : "";
- }
-
- if (empty($ua->text) && isset($item["message"])) {
- $ua->text = (array_key_exists("message", $item)) ? $item["message"] : "";
- }
-
- if (!empty($ua->text)) {
- $ua->user->identifier = (array_key_exists("id", $item["from"])) ? $item["from"]["id"] : "";
- $ua->user->displayName = (array_key_exists("name", $item["from"])) ? $item["from"]["name"] : "";
- $ua->user->profileURL = "https://www.facebook.com/profile.php?id=" . $ua->user->identifier;
- $ua->user->photoURL = $this->getUserPhoto($ua->user->identifier);
-
- $activities[] = $ua;
- }
- }
-
- return $activities;
- }
-
- /**
- * Returns a photo URL for give user.
- *
- * @param string $id
- * The User ID.
- *
- * @return string
- * A photo URL.
- */
- function getUserPhoto($id) {
- $photo_size = isset($this->config['photo_size']) ? $this->config['photo_size'] : 150;
-
- return "https://graph.facebook.com/{$id}/picture?width={$photo_size}&height={$photo_size}";
- }
-
-}
+ if (!in_array('manage_pages', $this->scope)) {
+ throw new Exception("Get user pages requires manage_page permission!"); + } + + try {
+ $pages = $this->api->get("/me/accounts", $this->token('access_token'));
+ $pages = $pages->getDecodedBody();
+ } catch (FacebookApiException $e) {
+ throw new Exception("Cannot retrieve user pages! {$this->providerId} returned an error: {$e->getMessage()}", 0, $e); + } + + if (!isset($pages['data'])) {
+ return [];
+ } + + if (!$writableonly) {
+ return $pages['data'];
+ } + + $wrpages = [];
+ foreach ($pages['data'] as $p) {
+ if (isset($p['perms']) && in_array('CREATE_CONTENT', $p['perms'])) {
+ $wrpages[] = $p;
+ }
+ } + + return $wrpages;
+ } + + /**
+ * {@inheritdoc}
+ */
+ function getUserProfile() {
+ try {
+ $fields = [
+ 'id',
+ 'name',
+ 'first_name',
+ 'last_name',
+ 'link',
+ 'website',
+ 'gender',
+ 'locale',
+ 'about',
+ 'email',
+ 'hometown',
+ 'location',
+ 'birthday',
+ ];
+ $response = $this->api->get('/me?fields=' . implode(',', $fields), $this->token('access_token'));
+ $data = $response->getDecodedBody();
+ } catch (FacebookSDKException $e) {
+ throw new Exception("User profile request failed! {$this->providerId} returned an error: {$e->getMessage()}", 6, $e); + } + + // Store the user profile.
+ $this->user->profile->identifier = (array_key_exists('id', $data)) ? $data['id'] : "";
+ $this->user->profile->displayName = (array_key_exists('name', $data)) ? $data['name'] : "";
+ $this->user->profile->firstName = (array_key_exists('first_name', $data)) ? $data['first_name'] : "";
+ $this->user->profile->lastName = (array_key_exists('last_name', $data)) ? $data['last_name'] : "";
+ $this->user->profile->photoURL = $this->getUserPhoto($this->user->profile->identifier);
+ $this->user->profile->profileURL = (array_key_exists('link', $data)) ? $data['link'] : "";
+ $this->user->profile->webSiteURL = (array_key_exists('website', $data)) ? $data['website'] : "";
+ $this->user->profile->gender = (array_key_exists('gender', $data)) ? $data['gender'] : "";
+ $this->user->profile->language = (array_key_exists('locale', $data)) ? $data['locale'] : "";
+ $this->user->profile->description = (array_key_exists('about', $data)) ? $data['about'] : "";
+ $this->user->profile->email = (array_key_exists('email', $data)) ? $data['email'] : "";
+ $this->user->profile->emailVerified = (array_key_exists('email', $data)) ? $data['email'] : "";
+ $this->user->profile->region = (array_key_exists("location", $data) && array_key_exists("name", $data['location'])) ? $data['location']["name"] : ""; + + if (!empty($this->user->profile->region)) {
+ $regionArr = explode(',', $this->user->profile->region);
+ if (count($regionArr) > 1) {
+ $this->user->profile->city = trim($regionArr[0]);
+ $this->user->profile->country = trim(end($regionArr));
+ }
+ } + + if (array_key_exists('birthday', $data)) {
+ $birtydayPieces = explode('/', $data['birthday']); + + if (count($birtydayPieces) == 1) {
+ $this->user->profile->birthYear = (int)$birtydayPieces[0];
+ } elseif (count($birtydayPieces) == 2) {
+ $this->user->profile->birthMonth = (int)$birtydayPieces[0];
+ $this->user->profile->birthDay = (int)$birtydayPieces[1];
+ } elseif (count($birtydayPieces) == 3) {
+ $this->user->profile->birthMonth = (int)$birtydayPieces[0];
+ $this->user->profile->birthDay = (int)$birtydayPieces[1];
+ $this->user->profile->birthYear = (int)$birtydayPieces[2];
+ }
+ } + + return $this->user->profile;
+ } + + /**
+ * Since the Graph API 2.0, the /friends endpoint only returns friend that also use your Facebook app.
+ * {@inheritdoc}
+ */
+ function getUserContacts() {
+ if (!in_array('user_friends', $this->scope)) {
+ throw new Exception("Get user contacts requires user_friends permission!"); + } + + $apiCall = '?fields=link,name';
+ $returnedContacts = [];
+ $pagedList = true; + + while ($pagedList) {
+ try {
+ $response = $this->api->get('/me/friends' . $apiCall, $this->token('access_token'));
+ $response = $response->getDecodedBody();
+ } catch (FacebookSDKException $e) {
+ throw new Hybrid_Exception("User contacts request failed! {$this->providerId} returned an error {$e->getMessage()}", 0, $e); + } + + // Prepare the next call if paging links have been returned
+ if (array_key_exists('paging', $response) && array_key_exists('next', $response['paging'])) {
+ $pagedList = true;
+ $next_page = explode('friends', $response['paging']['next']);
+ $apiCall = $next_page[1];
+ } else {
+ $pagedList = false;
+ } + + // Add the new page contacts
+ $returnedContacts = array_merge($returnedContacts, $response['data']);
+ } + + $contacts = [];
+ foreach ($returnedContacts as $item) { + + $uc = new Hybrid_User_Contact();
+ $uc->identifier = (array_key_exists("id", $item)) ? $item["id"] : "";
+ $uc->displayName = (array_key_exists("name", $item)) ? $item["name"] : "";
+ $uc->profileURL = (array_key_exists("link", $item)) ? $item["link"] : "https://www.facebook.com/profile.php?id=" . $uc->identifier;
+ $uc->photoURL = $this->getUserPhoto($uc->identifier); + + $contacts[] = $uc;
+ } + + return $contacts;
+ } + + /**
+ * Load the user latest activity, needs 'read_stream' permission
+ *
+ * @param string $stream Which activity to fetch:
+ * - timeline : all the stream
+ * - me : the user activity only
+ * {@inheritdoc}
+ */
+ function getUserActivity($stream = 'timeline') {
+ try {
+ if ($stream == "me") {
+ $response = $this->api->get('/me/feed', $this->token('access_token'));
+ } else {
+ $response = $this->api->get('/me/home', $this->token('access_token'));
+ }
+ $response = $response->getDecodedBody();
+ } catch (FacebookSDKException $e) {
+ throw new Hybrid_Exception("User activity stream request failed! {$this->providerId} returned an error: {$e->getMessage()}", 0, $e); + } + + if (!$response || !count($response['data'])) {
+ return [];
+ } + + $activities = [];
+ foreach ($response['data'] as $item) { + + $ua = new Hybrid_User_Activity(); + + $ua->id = (array_key_exists("id", $item)) ? $item["id"] : "";
+ $ua->date = (array_key_exists("created_time", $item)) ? strtotime($item["created_time"]) : ""; + + if ($item["type"] == "video") {
+ $ua->text = (array_key_exists("link", $item)) ? $item["link"] : "";
+ } + + if ($item["type"] == "link") {
+ $ua->text = (array_key_exists("link", $item)) ? $item["link"] : "";
+ } + + if (empty($ua->text) && isset($item["story"])) {
+ $ua->text = (array_key_exists("link", $item)) ? $item["link"] : "";
+ } + + if (empty($ua->text) && isset($item["message"])) {
+ $ua->text = (array_key_exists("message", $item)) ? $item["message"] : "";
+ } + + if (!empty($ua->text)) {
+ $ua->user->identifier = (array_key_exists("id", $item["from"])) ? $item["from"]["id"] : "";
+ $ua->user->displayName = (array_key_exists("name", $item["from"])) ? $item["from"]["name"] : "";
+ $ua->user->profileURL = "https://www.facebook.com/profile.php?id=" . $ua->user->identifier;
+ $ua->user->photoURL = $this->getUserPhoto($ua->user->identifier); + + $activities[] = $ua;
+ }
+ } + + return $activities;
+ } + + /**
+ * Returns a photo URL for give user.
+ *
+ * @param string $id
+ * The User ID.
+ *
+ * @return string
+ * A photo URL.
+ */
+ function getUserPhoto($id) {
+ $photo_size = $this->config['photo_size'] ?? 150; + + return "https://graph.facebook.com/{$id}/picture?width={$photo_size}&height={$photo_size}";
+ } + +} diff --git a/hauth/Hybrid/Providers/Foursquare.php b/hauth/Hybrid/Providers/Foursquare.php index 5c64e96..1a290fe 100644 --- a/hauth/Hybrid/Providers/Foursquare.php +++ b/hauth/Hybrid/Providers/Foursquare.php @@ -1,17 +1,17 @@ <?php
-
+ /* !
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_Providers_Foursquare provider adapter based on OAuth2 protocol
*
* http://hybridauth.sourceforge.net/userguide/IDProvider_info_Foursquare.html
- */
-
+ */ + /**
* Howto define profile photo size:
* - add params key into hybridauth config
@@ -25,37 +25,37 @@ * - list of valid photo_size values is described here https://developer.foursquare.com/docs/responses/photo.html
* - default photo_size is 100x100
*/
-class Hybrid_Providers_Foursquare extends Hybrid_Provider_Model_OAuth2 {
-
- private static $apiVersion = array("v" => "20120610");
- private static $defPhotoSize = "100x100";
-
+class Hybrid_Providers_Foursquare extends Hybrid_Provider_Model_OAuth2 { + + private static $apiVersion = ["v" => "20120610"];
+ private static $defPhotoSize = "100x100"; + /**
* {@inheritdoc}
*/
function initialize() {
- parent::initialize();
-
+ parent::initialize(); + // Provider apis end-points
$this->api->api_base_url = "https://api.foursquare.com/v2/";
$this->api->authorize_url = "https://foursquare.com/oauth2/authenticate";
- $this->api->token_url = "https://foursquare.com/oauth2/access_token";
-
+ $this->api->token_url = "https://foursquare.com/oauth2/access_token"; + $this->api->sign_token_name = "oauth_token";
- }
-
+ } + /**
* {@inheritdoc}
*/
function getUserProfile() {
- $data = $this->api->api("users/self", "GET", Hybrid_Providers_Foursquare::$apiVersion);
-
+ $data = $this->api->api("users/self", "GET", Hybrid_Providers_Foursquare::$apiVersion); + if (!isset($data->response->user->id)) {
- throw new Exception("User profile request failed! {$this->providerId} returned an invalid response:" . Hybrid_Logger::dumpData( $data ), 6);
- }
-
- $data = $data->response->user;
-
+ throw new Exception("User profile request failed! {$this->providerId} returned an invalid response:" . Hybrid_Logger::dumpData( $data ), 6); + } + + $data = $data->response->user; + $this->user->profile->identifier = $data->id;
$this->user->profile->firstName = $data->firstName;
$this->user->profile->lastName = $data->lastName;
@@ -65,27 +65,27 @@ class Hybrid_Providers_Foursquare extends Hybrid_Provider_Model_OAuth2 { $this->user->profile->gender = $data->gender;
$this->user->profile->city = $data->homeCity;
$this->user->profile->email = $data->contact->email;
- $this->user->profile->emailVerified = $data->contact->email;
-
+ $this->user->profile->emailVerified = $data->contact->email; + return $this->user->profile;
- }
-
+ } + /**
* {@inheritdoc}
*/
function getUserContacts() {
// refresh tokens if needed
- $this->refreshToken();
-
+ $this->refreshToken(); + //
- $response = array();
- $contacts = array();
+ $response = [];
+ $contacts = [];
try {
$response = $this->api->api("users/self/friends", "GET", Hybrid_Providers_Foursquare::$apiVersion);
} catch (Exception $e) {
- throw new Exception("User contacts request failed! {$this->providerId} returned an error: {$e->getMessage()}", 0, $e);
- }
-
+ throw new Exception("User contacts request failed! {$this->providerId} returned an error: {$e->getMessage()}", 0, $e); + } + if (isset($response) && $response->meta->code == 200) {
foreach ($response->response->friends->items as $contact) {
$uc = new Hybrid_User_Contact();
@@ -102,20 +102,20 @@ class Hybrid_Providers_Foursquare extends Hybrid_Provider_Model_OAuth2 { }
}
return $contacts;
- }
-
+ } + /**
* {@inheritdoc}
*/
private function buildDisplayName($firstName, $lastName) {
return trim($firstName . " " . $lastName);
- }
-
+ } + private function buildPhotoURL($prefix, $suffix) {
if (isset($prefix) && isset($suffix)) {
return $prefix . ((isset($this->config["params"]["photo_size"])) ? ($this->config["params"]["photo_size"]) : (Hybrid_Providers_Foursquare::$defPhotoSize)) . $suffix;
}
return ("");
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/Providers/Google.php b/hauth/Hybrid/Providers/Google.php index bcafa94..bdc3959 100644 --- a/hauth/Hybrid/Providers/Google.php +++ b/hauth/Hybrid/Providers/Google.php @@ -1,54 +1,54 @@ <?php
-
+ /* !
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_Providers_Google provider adapter based on OAuth2 protocol
*
* http://hybridauth.sourceforge.net/userguide/IDProvider_info_Google.html
*/
-class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 {
-
+class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { + /**
* > more infos on google APIs: http://developer.google.com (official site)
* or here: http://discovery-check.appspot.com/ (unofficial but up to date)
* default permissions
* {@inheritdoc}
*/
- public $scope = "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.google.com/m8/feeds/";
-
+ public $scope = "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.google.com/m8/feeds/"; + /**
* {@inheritdoc}
*/
function initialize() {
- parent::initialize();
-
+ parent::initialize(); + // Provider api end-points
$this->api->authorize_url = "https://accounts.google.com/o/oauth2/auth";
$this->api->token_url = "https://accounts.google.com/o/oauth2/token";
- $this->api->token_info_url = "https://www.googleapis.com/oauth2/v2/tokeninfo";
-
+ $this->api->token_info_url = "https://www.googleapis.com/oauth2/v2/tokeninfo"; + // Google POST methods require an access_token in the header
- $this->api->curl_header = array("Authorization: OAuth " . $this->api->access_token);
-
+ $this->api->curl_header = ["Authorization: OAuth " . $this->api->access_token]; + // Override the redirect uri when it's set in the config parameters. This way we prevent
// redirect uri mismatches when authenticating with Google.
if (isset($this->config['redirect_uri']) && !empty($this->config['redirect_uri'])) {
$this->api->redirect_uri = $this->config['redirect_uri'];
}
- }
-
+ } + /**
* {@inheritdoc}
*/
function loginBegin() {
- $parameters = array("scope" => $this->scope, "access_type" => "offline");
- $optionals = array("scope", "access_type", "redirect_uri", "approval_prompt", "hd", "state");
-
+ $parameters = ["scope" => $this->scope, "access_type" => "offline"];
+ $optionals = ["scope", "access_type", "redirect_uri", "approval_prompt", "hd", "state"]; + foreach ($optionals as $parameter) {
if (isset($this->config[$parameter]) && !empty($this->config[$parameter])) {
$parameters[$parameter] = $this->config[$parameter];
@@ -56,27 +56,27 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { if (isset($this->config["scope"]) && !empty($this->config["scope"])) {
$this->scope = $this->config["scope"];
}
- }
-
+ } + if (isset($this->config['force']) && $this->config['force'] === true) {
$parameters['approval_prompt'] = 'force';
- }
-
+ } + Hybrid_Auth::redirect($this->api->authorizeUrl($parameters));
- }
-
+ } + /**
* {@inheritdoc}
*/
function getUserProfile() {
// refresh tokens if needed
- $this->refreshToken();
-
+ $this->refreshToken(); + $response = $this->api->api("https://www.googleapis.com/oauth2/v3/userinfo");
if (!isset($response->sub) || isset($response->error)) {
- throw new Exception("User profile request failed! {$this->providerId} returned an invalid response:" . Hybrid_Logger::dumpData( $response ), 6);
- }
-
+ throw new Exception("User profile request failed! {$this->providerId} returned an invalid response:" . Hybrid_Logger::dumpData( $response ), 6); + } + $this->user->profile->identifier = (property_exists($response, 'sub')) ? $response->sub : "";
$this->user->profile->firstName = (property_exists($response, 'given_name')) ? $response->given_name : "";
$this->user->profile->lastName = (property_exists($response, 'family_name')) ? $response->family_name : "";
@@ -86,33 +86,33 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { $this->user->profile->gender = (property_exists($response, 'gender')) ? $response->gender : "";
$this->user->profile->language = (property_exists($response, 'locale')) ? $response->locale : "";
$this->user->profile->email = (property_exists($response, 'email')) ? $response->email : "";
- $this->user->profile->emailVerified = (property_exists($response, 'email_verified')) ? ($response->email_verified === true || $response->email_verified === 1 ? $response->email : "") : "";
-
+ $this->user->profile->emailVerified = (property_exists($response, 'email_verified')) ? ($response->email_verified === true || $response->email_verified === 1 ? $response->email : "") : ""; + return $this->user->profile;
- }
-
+ } + /**
* {@inheritdoc}
*/
function getUserContacts() {
// refresh tokens if needed
- $this->refreshToken();
-
- $contacts = array();
+ $this->refreshToken(); + + $contacts = [];
if (!isset($this->config['contacts_param'])) {
- $this->config['contacts_param'] = array("max-results" => 500);
- }
-
+ $this->config['contacts_param'] = ["max-results" => 500];
+ } + // Google Gmail and Android contacts
- if (strpos($this->scope, '/m8/feeds/') !== false) {
-
+ if (strpos($this->scope, '/m8/feeds/') !== false) { + $response = $this->api->api("https://www.google.com/m8/feeds/contacts/default/full?"
- . http_build_query(array_merge(array('alt' => 'json'), $this->config['contacts_param'])));
-
+ . http_build_query(array_merge(['alt' => 'json'], $this->config['contacts_param'])), ); + if (!$response) {
- return array();
- }
-
+ return [];
+ } + if (isset($response->feed->entry)) {
foreach ($response->feed->entry as $idx => $entry) {
$uc = new Hybrid_User_Contact();
@@ -127,9 +127,9 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { if (is_array($entry->link)) {
foreach ($entry->link as $l) {
if (property_exists($l, 'gd$etag') && $l->type == "image/*") {
- $uc->photoURL = $this->addUrlParam($l->href, array('access_token' => $this->api->access_token));
+ $uc->photoURL = $this->addUrlParam($l->href, ['access_token' => $this->api->access_token]);
} else if ($l->type == "self") {
- $uc->profileURL = $this->addUrlParam($l->href, array('access_token' => $this->api->access_token));
+ $uc->profileURL = $this->addUrlParam($l->href, ['access_token' => $this->api->access_token]);
}
}
}
@@ -147,16 +147,16 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { }
} else {
$uc->webSiteURL = '';
- }
-
+ } + $contacts[] = $uc;
}
}
- }
-
+ } + return $contacts;
- }
-
+ } + /**
* Add query parameters to the $url
*
@@ -164,9 +164,9 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { * @param array $params Parameters to add
* @return string
*/
- function addUrlParam($url, array $params){
- $query = parse_url($url, PHP_URL_QUERY);
-
+ function addUrlParam($url, array $params){
+ $query = parse_url($url, PHP_URL_QUERY); + // Returns the URL string with new parameters
if ($query) {
$url .= '&' . http_build_query($params);
@@ -174,7 +174,7 @@ class Hybrid_Providers_Google extends Hybrid_Provider_Model_OAuth2 { $url .= '?' . http_build_query($params);
}
return $url;
- }
-
-}
-
+ } + +} + diff --git a/hauth/Hybrid/Providers/Instagram.php b/hauth/Hybrid/Providers/Instagram.php index 3f958a0..d18f887 100644 --- a/hauth/Hybrid/Providers/Instagram.php +++ b/hauth/Hybrid/Providers/Instagram.php @@ -9,9 +9,9 @@ * Hybrid_Providers_Instagram (By Sebastian Lasse - https://github.com/sebilasse) */ class Hybrid_Providers_Instagram extends Hybrid_Provider_Model_OAuth2 -{ - // default permissions - public $scope = "basic"; +{ + // default permissions + public $scope = "basic"; /** * IDp wrappers initializer @@ -29,21 +29,21 @@ class Hybrid_Providers_Instagram extends Hybrid_Provider_Model_OAuth2 /** * load the user profile from the IDp api client */ - function getUserProfile(){ - $data = $this->api->api("users/self/" ); + function getUserProfile(){ + $data = $this->api->api("users/self/" ); if ( $data->meta->code != 200 ){ throw new Exception( "User profile request failed! {$this->providerId} returned an invalid response.", 6 ); } - $this->user->profile->identifier = $data->data->id; - $this->user->profile->displayName = $data->data->full_name ? $data->data->full_name : $data->data->username; + $this->user->profile->identifier = $data->data->id; + $this->user->profile->displayName = $data->data->full_name ? $data->data->full_name : $data->data->username; $this->user->profile->description = $data->data->bio; $this->user->profile->photoURL = $data->data->profile_picture; - $this->user->profile->webSiteURL = $data->data->website; - - $this->user->profile->username = $data->data->username; + $this->user->profile->webSiteURL = $data->data->website; + + $this->user->profile->username = $data->data->username; return $this->user->profile; } @@ -55,24 +55,24 @@ class Hybrid_Providers_Instagram extends Hybrid_Provider_Model_OAuth2 $this->refreshToken(); // - $response = array(); - $contacts = array(); - $profile = ( ( isset( $this->user->profile->identifier ) )?( $this->user->profile ):( $this->getUserProfile() ) ); + $response = []; + $contacts = []; + $profile = ( ( isset( $this->user->profile->identifier ) )?( $this->user->profile ):( $this->getUserProfile() ) ); try { - $response = $this->api->api( "users/{$this->user->profile->identifier}/follows" ); - } catch (Exception $e) { - throw new Exception("User contacts request failed! {$this->providerId} returned an error: $e"); - } - // + $response = $this->api->api( "users/{$this->user->profile->identifier}/follows" ); + } catch (Exception $e) { + throw new Exception("User contacts request failed! {$this->providerId} returned an error: $e"); + } + // if ( isset( $response ) && $response->meta->code == 200 ) { foreach ($response->data as $contact) { - try { - $contactInfo = $this->api->api( "users/".$contact->id ); - } catch (Exception $e) { - throw new Exception("Contact info request failed for user {$contact->username}! {$this->providerId} returned an error: $e"); - } - // + try { + $contactInfo = $this->api->api( "users/".$contact->id ); + } catch (Exception $e) { + throw new Exception("Contact info request failed for user {$contact->username}! {$this->providerId} returned an error: $e"); + } + // $uc = new Hybrid_User_Contact(); // $uc->identifier = $contact->id; diff --git a/hauth/Hybrid/Providers/LinkedIn.php b/hauth/Hybrid/Providers/LinkedIn.php index 4631b52..e327a1a 100644 --- a/hauth/Hybrid/Providers/LinkedIn.php +++ b/hauth/Hybrid/Providers/LinkedIn.php @@ -1,178 +1,178 @@ <?php
-
+ /* !
* Hybridauth
* https://hybridauth.github.io/hybridauth | https://github.com/hybridauth/hybridauth
* (c) 2017 Hybridauth authors | https://hybridauth.github.io/license.html
- */
-
+ */ + /**
* Hybrid_Providers_LinkedIn OAuth2 provider adapter.
*/
-class Hybrid_Providers_LinkedIn extends Hybrid_Provider_Model_OAuth2 {
-
- /**
- * {@inheritdoc}
- */
- public $scope = "r_basicprofile r_emailaddress";
-
- /**
- * {@inheritdoc}
- */
- function initialize() {
- parent::initialize();
-
- // Provider api end-points.
- $this->api->api_base_url = "https://api.linkedin.com/v1/";
- $this->api->authorize_url = "https://www.linkedin.com/oauth/v2/authorization";
- $this->api->token_url = "https://www.linkedin.com/oauth/v2/accessToken";
- }
-
- /**
- * {@inheritdoc}
- */
- function loginBegin() {
- if (is_array($this->scope)) {
- $this->scope = implode(" ", $this->scope);
- }
- if (isset($this->scope)) {
- $extra_params['scope'] = $this->scope;
- }
- if (!isset($this->state)) {
- $this->state = hash("sha256",(uniqid(rand(), TRUE)));
- }
- $extra_params['state'] = $this->state;
- Hybrid_Auth::redirect($this->api->authorizeUrl($extra_params));
- }
-
- /**
- * {@inheritdoc}
- *
- * @see https://developer.linkedin.com/docs/rest-api
- */
- function getUserProfile() {
- // Refresh tokens if needed.
- $this->setHeaders("token");
- $this->refreshToken();
-
- // https://developer.linkedin.com/docs/fields.
- $fields = isset($this->config["fields"]) ? $this->config["fields"] : array(
- "id",
- "email-address",
- "first-name",
- "last-name",
- "headline",
- "location",
- "industry",
- "picture-url",
- "public-profile-url",
- );
-
- $this->setHeaders();
- $response = $this->api->get(
- "people/~:(" . implode(",", $fields) . ")",
- array(
- "format" => "json",
- )
- );
-
- if (!isset($response->id)) {
- throw new Exception("User profile request failed! {$this->providerId} returned an invalid response: " . Hybrid_Logger::dumpData($response), 6);
- }
-
- $this->user->profile->identifier = isset($response->id) ? $response->id : "";
- $this->user->profile->firstName = isset($response->firstName) ? $response->firstName : "";
- $this->user->profile->lastName = isset($response->lastName) ? $response->lastName : "";
- $this->user->profile->photoURL = isset($response->pictureUrl) ? $response->pictureUrl : "";
- $this->user->profile->profileURL = isset($response->publicProfileUrl) ? $response->publicProfileUrl : "";
- $this->user->profile->email = isset($response->emailAddress) ? $response->emailAddress : "";
- $this->user->profile->description = isset($response->headline) ? $response->headline : "";
- $this->user->profile->country = isset($response->location) ? $response->location->name : "";
- $this->user->profile->emailVerified = $this->user->profile->email;
- $this->user->profile->displayName = trim($this->user->profile->firstName . " " . $this->user->profile->lastName);
-
- return $this->user->profile;
- }
-
- /**
- * {@inheritdoc}
- *
- * @param array $status
- * An associative array containing:
- * - content: A collection of fields describing the shared content.
- * - comment: A comment by the member to associated with the share.
- * - visibility: A collection of visibility information about the share.
- * @param string $companyId (optional) User company id
- *
- * @return object
- * An object containing:
- * - updateKey - A unique ID for the shared content posting that was just created.
- * - updateUrl - A direct link to the newly shared content on LinkedIn.com that you can direct the user's web browser to.
- * @throws Exception
- * @see https://developer.linkedin.com/docs/share-on-linkedin
- */
- function setUserStatus($status, $companyId = null) {
- // Refresh tokens if needed.
- $this->setHeaders("token");
- $this->refreshToken();
-
- try {
- // Define default visibility.
- if (!isset($status["visibility"])) {
- $status["visibility"]["code"] = "anyone";
- }
-
- $this->setHeaders("share");
- $url = $companyId ? "companies/{$companyId}/shares?format=json" : "people/~/shares?format=json";
- $response = $this->api->post($url,
- array(
- "body" => $status,
- )
- );
- } catch (Exception $e) {
- throw new Exception("Update user status failed! {$this->providerId} returned an error: {$e->getMessage()}", 0, $e);
- }
-
- if (!isset($response->updateKey)) {
- throw new Exception("Update user status failed! {$this->providerId} returned an error: {$response->message}", $response->errorCode);
- }
-
- return $response;
- }
-
- /**
- * Set correct request headers.
- *
- * @param string $api_type
- * (optional) Specify api type.
- *
- * @return void
- */
- private function setHeaders($api_type = null) {
- $this->api->curl_header = array(
- "Authorization: Bearer {$this->api->access_token}",
- );
-
- switch ($api_type) {
- case "share":
- $this->api->curl_header = array_merge(
- $this->api->curl_header,
- array(
- "Content-Type: application/json",
- "x-li-format: json",
- )
- );
- break;
-
- case "token":
- $this->api->curl_header = array_merge(
- $this->api->curl_header,
- array(
- "Content-Type: application/x-www-form-urlencoded",
- )
- );
- break;
- }
- }
-
-}
+class Hybrid_Providers_LinkedIn extends Hybrid_Provider_Model_OAuth2 { + + /**
+ * {@inheritdoc}
+ */
+ public $scope = "r_basicprofile r_emailaddress"; + + /**
+ * {@inheritdoc}
+ */
+ function initialize() {
+ parent::initialize(); + + // Provider api end-points.
+ $this->api->api_base_url = "https://api.linkedin.com/v1/";
+ $this->api->authorize_url = "https://www.linkedin.com/oauth/v2/authorization";
+ $this->api->token_url = "https://www.linkedin.com/oauth/v2/accessToken";
+ } + + /**
+ * {@inheritdoc}
+ */
+ function loginBegin() {
+ if (is_array($this->scope)) {
+ $this->scope = implode(" ", $this->scope);
+ }
+ if (isset($this->scope)) {
+ $extra_params['scope'] = $this->scope;
+ }
+ if (!isset($this->state)) {
+ $this->state = hash("sha256",(uniqid(rand(), TRUE)));
+ }
+ $extra_params['state'] = $this->state;
+ Hybrid_Auth::redirect($this->api->authorizeUrl($extra_params));
+ } + + /**
+ * {@inheritdoc}
+ *
+ * @see https://developer.linkedin.com/docs/rest-api
+ */
+ function getUserProfile() {
+ // Refresh tokens if needed.
+ $this->setHeaders("token");
+ $this->refreshToken(); + + // https://developer.linkedin.com/docs/fields.
+ $fields = $this->config["fields"] ?? [
+ "id",
+ "email-address",
+ "first-name",
+ "last-name",
+ "headline",
+ "location",
+ "industry",
+ "picture-url",
+ "public-profile-url",
+ ]; + + $this->setHeaders();
+ $response = $this->api->get(
+ "people/~:(" . implode(",", $fields) . ")",
+ [
+ "format" => "json",
+ ],
+ ); + + if (!isset($response->id)) {
+ throw new Exception("User profile request failed! {$this->providerId} returned an invalid response: " . Hybrid_Logger::dumpData($response), 6); + } + + $this->user->profile->identifier = $response->id ?? "";
+ $this->user->profile->firstName = $response->firstName ?? "";
+ $this->user->profile->lastName = $response->lastName ?? "";
+ $this->user->profile->photoURL = $response->pictureUrl ?? "";
+ $this->user->profile->profileURL = $response->publicProfileUrl ?? "";
+ $this->user->profile->email = $response->emailAddress ?? "";
+ $this->user->profile->description = $response->headline ?? "";
+ $this->user->profile->country = isset($response->location) ? $response->location->name : "";
+ $this->user->profile->emailVerified = $this->user->profile->email;
+ $this->user->profile->displayName = trim($this->user->profile->firstName . " " . $this->user->profile->lastName); + + return $this->user->profile;
+ } + + /**
+ * {@inheritdoc}
+ *
+ * @param array $status
+ * An associative array containing:
+ * - content: A collection of fields describing the shared content.
+ * - comment: A comment by the member to associated with the share.
+ * - visibility: A collection of visibility information about the share.
+ * @param string $companyId (optional) User company id
+ *
+ * @return object
+ * An object containing:
+ * - updateKey - A unique ID for the shared content posting that was just created.
+ * - updateUrl - A direct link to the newly shared content on LinkedIn.com that you can direct the user's web browser to.
+ * @throws Exception
+ * @see https://developer.linkedin.com/docs/share-on-linkedin
+ */
+ function setUserStatus($status, $companyId = null) {
+ // Refresh tokens if needed.
+ $this->setHeaders("token");
+ $this->refreshToken(); + + try {
+ // Define default visibility.
+ if (!isset($status["visibility"])) {
+ $status["visibility"]["code"] = "anyone";
+ } + + $this->setHeaders("share");
+ $url = $companyId ? "companies/{$companyId}/shares?format=json" : "people/~/shares?format=json";
+ $response = $this->api->post($url,
+ [
+ "body" => $status,
+ ],
+ );
+ } catch (Exception $e) {
+ throw new Exception("Update user status failed! {$this->providerId} returned an error: {$e->getMessage()}", 0, $e); + } + + if (!isset($response->updateKey)) {
+ throw new Exception("Update user status failed! {$this->providerId} returned an error: {$response->message}", $response->errorCode); + } + + return $response;
+ } + + /**
+ * Set correct request headers.
+ *
+ * @param string $api_type
+ * (optional) Specify api type.
+ *
+ * @return void
+ */
+ private function setHeaders($api_type = null) {
+ $this->api->curl_header = [
+ "Authorization: Bearer {$this->api->access_token}",
+ ]; + + switch ($api_type) {
+ case "share":
+ $this->api->curl_header = array_merge(
+ $this->api->curl_header,
+ [
+ "Content-Type: application/json",
+ "x-li-format: json",
+ ],
+ );
+ break; + + case "token":
+ $this->api->curl_header = array_merge(
+ $this->api->curl_header,
+ [
+ "Content-Type: application/x-www-form-urlencoded",
+ ],
+ );
+ break;
+ }
+ } + +} diff --git a/hauth/Hybrid/Providers/Live.php b/hauth/Hybrid/Providers/Live.php index 0cc2951..34c05a7 100644 --- a/hauth/Hybrid/Providers/Live.php +++ b/hauth/Hybrid/Providers/Live.php @@ -1,11 +1,11 @@ <?php
-
+ /* !
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2012, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Windows Live OAuth2 Class
*
@@ -13,88 +13,88 @@ * @author Lukasz Koprowski <azram19@gmail.com>
* @version 0.2
* @license BSD License
- */
-
+ */ + /**
* Hybrid_Providers_Live - Windows Live provider adapter based on OAuth2 protocol
*/
-class Hybrid_Providers_Live extends Hybrid_Provider_Model_OAuth2 {
-
+class Hybrid_Providers_Live extends Hybrid_Provider_Model_OAuth2 { + /**
* {@inheritdoc}
*/
- public $scope = 'wl.basic wl.contacts_emails wl.emails wl.signin wl.share wl.birthday';
-
+ public $scope = 'wl.basic wl.contacts_emails wl.emails wl.signin wl.share wl.birthday'; + /**
* {@inheritdoc}
*/
function initialize() {
- parent::initialize();
-
+ parent::initialize(); + // Provider api end-points
$this->api->api_base_url = 'https://apis.live.net/v5.0/';
$this->api->authorize_url = 'https://login.live.com/oauth20_authorize.srf';
$this->api->token_url = 'https://login.live.com/oauth20_token.srf';
- }
-
+ } + /**
* {@inheritdoc}
*/
function getUserProfile() {
- $data = $this->api->get("me");
-
+ $data = $this->api->get("me"); + if (!isset($data->id)) {
- throw new Exception("User profile request failed! {$this->providerId} returned an invalid response: " . Hybrid_Logger::dumpData( $data ), 6);
- }
-
+ throw new Exception("User profile request failed! {$this->providerId} returned an invalid response: " . Hybrid_Logger::dumpData( $data ), 6); + } + $this->user->profile->identifier = (property_exists($data, 'id')) ? $data->id : "";
$this->user->profile->firstName = (property_exists($data, 'first_name')) ? $data->first_name : "";
$this->user->profile->lastName = (property_exists($data, 'last_name')) ? $data->last_name : "";
$this->user->profile->displayName = (property_exists($data, 'name')) ? trim($data->name) : "";
- $this->user->profile->gender = (property_exists($data, 'gender')) ? $data->gender : "";
-
+ $this->user->profile->gender = (property_exists($data, 'gender')) ? $data->gender : ""; + //wl.basic
- $this->user->profile->profileURL = (property_exists($data, 'link')) ? $data->link : "";
-
+ $this->user->profile->profileURL = (property_exists($data, 'link')) ? $data->link : ""; + //wl.emails
$this->user->profile->email = (property_exists($data, 'emails')) ? $data->emails->preferred : "";
- $this->user->profile->emailVerified = (property_exists($data, 'emails')) ? $data->emails->account : "";
-
+ $this->user->profile->emailVerified = (property_exists($data, 'emails')) ? $data->emails->account : ""; + //wl.birthday
$this->user->profile->birthDay = (property_exists($data, 'birth_day')) ? $data->birth_day : "";
$this->user->profile->birthMonth = (property_exists($data, 'birth_month')) ? $data->birth_month : "";
- $this->user->profile->birthYear = (property_exists($data, 'birth_year')) ? $data->birth_year : "";
-
+ $this->user->profile->birthYear = (property_exists($data, 'birth_year')) ? $data->birth_year : ""; + return $this->user->profile;
- }
-
+ } + /**
* Windows Live api does not support retrieval of email addresses (only hashes :/)
* {@inheritdoc}
*/
function getUserContacts() {
- $response = $this->api->get('me/contacts');
-
+ $response = $this->api->get('me/contacts'); + if ($this->api->http_code != 200) {
- throw new Exception('User contacts request failed! ' . $this->providerId . ' returned an error: ' . $this->errorMessageByStatus($this->api->http_code));
- }
-
+ throw new Exception('User contacts request failed! ' . $this->providerId . ' returned an error: ' . $this->errorMessageByStatus($this->api->http_code)); + } + if (!isset($response->data) || ( isset($response->errcode) && $response->errcode != 0 )) {
- return array();
- }
-
- $contacts = array();
-
+ return [];
+ } + + $contacts = []; + foreach ($response->data as $item) {
- $uc = new Hybrid_User_Contact();
-
+ $uc = new Hybrid_User_Contact(); + $uc->identifier = (property_exists($item, 'id')) ? $item->id : "";
$uc->displayName = (property_exists($item, 'name')) ? $item->name : "";
$uc->email = (property_exists($item, 'emails')) ? $item->emails->preferred : "";
$contacts[] = $uc;
- }
-
+ } + return $contacts;
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/Providers/OpenID.php b/hauth/Hybrid/Providers/OpenID.php index 8f7903c..823f857 100644 --- a/hauth/Hybrid/Providers/OpenID.php +++ b/hauth/Hybrid/Providers/OpenID.php @@ -1,16 +1,16 @@ <?php
-
+ /* !
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2012, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_Providers_OpenID provider adapter for any idp openid based
*
* http://hybridauth.sourceforge.net/userguide/IDProvider_info_OpenID.html
*/
-class Hybrid_Providers_OpenID extends Hybrid_Provider_Model_OpenID {
-
-}
+class Hybrid_Providers_OpenID extends Hybrid_Provider_Model_OpenID { + +} diff --git a/hauth/Hybrid/Providers/Paypal.php b/hauth/Hybrid/Providers/Paypal.php index be0a64b..480c4e7 100644 --- a/hauth/Hybrid/Providers/Paypal.php +++ b/hauth/Hybrid/Providers/Paypal.php @@ -28,184 +28,184 @@ use PayPal\Rest\ApiContext; class Hybrid_Providers_Paypal extends Hybrid_Provider_Model { - /** - * The access privileges that you are requesting for - * from the user. Pass empty array for all scopes. - * - * @var array $scope - * @see https://developer.paypal.com/docs/integration/direct/identity/attributes - */ - public $scope = array(); + /** + * The access privileges that you are requesting for + * from the user. Pass empty array for all scopes. + * + * @var array $scope + * @see https://developer.paypal.com/docs/integration/direct/identity/attributes + */ + public $scope = []; - /** - * The provider api client - * - * @var ApiContext $api - */ - public $api; + /** + * The provider api client + * + * @var ApiContext $api + */ + public $api; - /** - * TRUE if sandbox mode is ON otherwise FALSE - * - * @var bool $sandbox - */ - public $sandbox = true; + /** + * TRUE if sandbox mode is ON otherwise FALSE + * + * @var bool $sandbox + */ + public $sandbox = true; - /** - * {@inheritdoc} - */ - function initialize() - { - if (!$this->config["keys"]["id"] || !$this->config["keys"]["secret"]) { - throw new Exception("Your application id and secret are required in order to connect to {$this->providerId}.", 4); - } + /** + * {@inheritdoc} + */ + function initialize() + { + if (!$this->config["keys"]["id"] || !$this->config["keys"]["secret"]) { + throw new Exception("Your application id and secret are required in order to connect to {$this->providerId}.", 4); + } - // Set scope from config. - if (isset($this->config["scope"])) { - $scope = $this->config["scope"]; - if (is_string($scope)) { - $scope = explode(" ", $scope); - } - $scope = array_map("trim", $scope); - $this->scope = $scope; - } + // Set scope from config. + if (isset($this->config["scope"])) { + $scope = $this->config["scope"]; + if (is_string($scope)) { + $scope = explode(" ", $scope); + } + $scope = array_map("trim", $scope); + $this->scope = $scope; + } - // Set sandbox from config. - if (isset($this->config["sandbox"]) && is_bool($this->config["sandbox"])) { - $this->sandbox = $this->config["sandbox"]; - } + // Set sandbox from config. + if (isset($this->config["sandbox"]) && is_bool($this->config["sandbox"])) { + $this->sandbox = $this->config["sandbox"]; + } - // Include 3rd-party SDK. - $this->autoLoaderInit(); + // Include 3rd-party SDK. + $this->autoLoaderInit(); - // Set up ApiContext. - $this->api = new ApiContext( - new OAuthTokenCredential( - $this->config["keys"]["id"], - $this->config["keys"]["secret"] - ) - ); + // Set up ApiContext. + $this->api = new ApiContext( + new OAuthTokenCredential( + $this->config["keys"]["id"], + $this->config["keys"]["secret"], + ), + ); - // Set up config. - $this->api->setConfig(array( - "log.LogEnabled" => Hybrid_Auth::$config["debug_mode"], - "log.FileName" => Hybrid_Auth::$config["debug_file"], - "log.LogLevel" => "DEBUG", - "http.CURLOPT_SSLVERSION" => CURL_SSLVERSION_TLSv1, - "mode" => $this->sandbox ? "sandbox" : "live", - )); - } + // Set up config. + $this->api->setConfig([ + "log.LogEnabled" => Hybrid_Auth::$config["debug_mode"], + "log.FileName" => Hybrid_Auth::$config["debug_file"], + "log.LogLevel" => "DEBUG", + "http.CURLOPT_SSLVERSION" => CURL_SSLVERSION_TLSv1, + "mode" => $this->sandbox ? "sandbox" : "live", + ]); + } - /** - * {@inheritdoc} - */ - function loginBegin() - { - $url = OpenIdSession::getAuthorizationUrl( - $this->endpoint, - $this->scope, - null, - null, - null, - $this->api - ); - // Redirect to PayPal. - Hybrid_Auth::redirect($url); - } + /** + * {@inheritdoc} + */ + function loginBegin() + { + $url = OpenIdSession::getAuthorizationUrl( + $this->endpoint, + $this->scope, + null, + null, + null, + $this->api, + ); + // Redirect to PayPal. + Hybrid_Auth::redirect($url); + } - /** - * {@inheritdoc} - */ - function loginFinish() - { - if (!isset($_GET["code"])) { - throw new Exception("Authentication failed! User has canceled authentication!", 5); - } + /** + * {@inheritdoc} + */ + function loginFinish() + { + if (!isset($_GET["code"])) { + throw new Exception("Authentication failed! User has canceled authentication!", 5); + } - $code = $_GET["code"]; - try { - // Obtain Authorization Code from Code, Client ID and Client Secret - $accessToken = OpenIdTokeninfo::createFromAuthorizationCode(array("code" => $code), null, null, $this->api); - if ($accessToken) { - $this->setUserConnected(); + $code = $_GET["code"]; + try { + // Obtain Authorization Code from Code, Client ID and Client Secret + $accessToken = OpenIdTokeninfo::createFromAuthorizationCode(["code" => $code], null, null, $this->api); + if ($accessToken) { + $this->setUserConnected(); - // Store tokens. - $this->token("id_token", $accessToken->getIdToken()); - $this->token("access_token", $accessToken->getAccessToken()); - $this->token("refresh_token", $accessToken->getRefreshToken()); - } - } catch (PayPalConnectionException $e) { - throw new Hybrid_Exception($e->getMessage(), $e->getCode(), $e); - } - } + // Store tokens. + $this->token("id_token", $accessToken->getIdToken()); + $this->token("access_token", $accessToken->getAccessToken()); + $this->token("refresh_token", $accessToken->getRefreshToken()); + } + } catch (PayPalConnectionException $e) { + throw new Hybrid_Exception($e->getMessage(), $e->getCode(), $e); + } + } - /** - * {@inheritdoc} - */ - function logout() - { - parent::logout(); - if ($idToken = $this->token("id_token")) { - $url = OpenIdSession::getLogoutUrl( - $this->params["hauth_return_to"], - $idToken, - $this->api - ); - // Redirect to PayPal. - Hybrid_Auth::redirect($url); - } - } + /** + * {@inheritdoc} + */ + function logout() + { + parent::logout(); + if ($idToken = $this->token("id_token")) { + $url = OpenIdSession::getLogoutUrl( + $this->params["hauth_return_to"], + $idToken, + $this->api, + ); + // Redirect to PayPal. + Hybrid_Auth::redirect($url); + } + } - /** - * {@inheritdoc} - */ - function getUserProfile() - { - try { - $params = array("access_token" => $this->token("access_token")); - $userInfo = OpenIdUserinfo::getUserinfo($params, $this->api); + /** + * {@inheritdoc} + */ + function getUserProfile() + { + try { + $params = ["access_token" => $this->token("access_token")]; + $userInfo = OpenIdUserinfo::getUserinfo($params, $this->api); - $profile = new Hybrid_User_Profile(); + $profile = new Hybrid_User_Profile(); - $profile->identifier = $userInfo->getUserId(); - $profile->firstName = $userInfo->getGivenName(); - $profile->lastName = $userInfo->getFamilyName(); - $profile->displayName = $userInfo->getName(); - $profile->photoURL = $userInfo->getPicture(); - $profile->gender = $userInfo->getGender(); - $profile->email = $userInfo->getEmail(); - $profile->emailVerified = $userInfo->getEmailVerified(); - $profile->language = $userInfo->getLocale(); - $profile->phone = $userInfo->getPhoneNumber(); - if ($address = $userInfo->getAddress()) { - $profile->address = $address->getStreetAddress(); - $profile->city = $address->getLocality(); - $profile->zip = $address->getPostalCode(); - $profile->country = $address->getCountry(); - $profile->region = $address->getRegion(); - } + $profile->identifier = $userInfo->getUserId(); + $profile->firstName = $userInfo->getGivenName(); + $profile->lastName = $userInfo->getFamilyName(); + $profile->displayName = $userInfo->getName(); + $profile->photoURL = $userInfo->getPicture(); + $profile->gender = $userInfo->getGender(); + $profile->email = $userInfo->getEmail(); + $profile->emailVerified = $userInfo->getEmailVerified(); + $profile->language = $userInfo->getLocale(); + $profile->phone = $userInfo->getPhoneNumber(); + if ($address = $userInfo->getAddress()) { + $profile->address = $address->getStreetAddress(); + $profile->city = $address->getLocality(); + $profile->zip = $address->getPostalCode(); + $profile->country = $address->getCountry(); + $profile->region = $address->getRegion(); + } - if ($birthdate = $userInfo->getBirthday()) { - if (strpos($birthdate, "-") === FALSE) { - if ($birthdate !== "0000") { - $profile->birthYear = (int)$birthdate; - } - } else { - list($birthday_year, $birthday_month, $birthday_day) = explode("-", $birthdate); + if ($birthdate = $userInfo->getBirthday()) { + if (strpos($birthdate, "-") === FALSE) { + if ($birthdate !== "0000") { + $profile->birthYear = (int)$birthdate; + } + } else { + list($birthday_year, $birthday_month, $birthday_day) = explode("-", $birthdate); - $profile->birthDay = (int) $birthday_day; - $profile->birthMonth = (int) $birthday_month; - if ($birthday_year !== "0000") { - $profile->birthYear = (int) $birthday_year; - } - } - } + $profile->birthDay = (int) $birthday_day; + $profile->birthMonth = (int) $birthday_month; + if ($birthday_year !== "0000") { + $profile->birthYear = (int) $birthday_year; + } + } + } - $this->user->profile = $profile; + $this->user->profile = $profile; - return $this->user->profile; - } catch (Exception $e) { - throw new Hybrid_Exception($e->getMessage(), $e->getCode(), $e); - } - } + return $this->user->profile; + } catch (Exception $e) { + throw new Hybrid_Exception($e->getMessage(), $e->getCode(), $e); + } + } } diff --git a/hauth/Hybrid/Providers/PaypalOpenID.php b/hauth/Hybrid/Providers/PaypalOpenID.php index 6d4b9eb..b53ffba 100644 --- a/hauth/Hybrid/Providers/PaypalOpenID.php +++ b/hauth/Hybrid/Providers/PaypalOpenID.php @@ -10,7 +10,7 @@ */ class Hybrid_Providers_PaypalOpenID extends Hybrid_Provider_Model_OpenID { - var $openidIdentifier = "https://www.sandbox.paypal.com/webapps/auth/server"; + var $openidIdentifier = "https://www.sandbox.paypal.com/webapps/auth/server"; /** * begin login step @@ -23,7 +23,7 @@ class Hybrid_Providers_PaypalOpenID extends Hybrid_Provider_Model_OpenID $this->api->identity = $this->openidIdentifier; $this->api->returnUrl = $this->endpoint; - $this->api->required = ARRAY( + $this->api->required = [ /*'namePerson/first' , 'namePerson/last' , 'namePerson/friendly' , @@ -43,139 +43,139 @@ class Hybrid_Providers_PaypalOpenID extends Hybrid_Provider_Model_OpenID 'contact/city/home' , 'contact/country/home' , - 'media/image/default' ,*/ + 'media/image/default' ,*/ - 'namePerson/prefix', - 'namePerson/first', - 'namePerson/last', - 'namePerson/middle', - 'namePerson/suffix', - 'namePerson/friendly', - 'person/guid', - 'birthDate/birthYear', - 'birthDate/birthMonth', - 'birthDate/birthday', - 'gender', - 'language/pref', - 'contact/phone/default', - 'contact/phone/home', - 'contact/phone/business', - 'contact/phone/cell', - 'contact/phone/fax', - 'contact/postaladdress/home', - 'contact/postaladdressadditional/home', - 'contact/city/home', - 'contact/state/home', - 'contact/country/home', - 'contact/postalcode/home', - 'contact/postaladdress/business', - 'contact/postaladdressadditional/business', - 'contact/city/business', - 'contact/state/business', - 'contact/country/business', - 'contact/postalcode/business', - /*'contact/IM/default', - 'contact/IM/AIM', - 'contact/IM/ICQ', - 'contact/IM/MSN', - 'contact/IM/Yahoo', - 'contact/IM/Jabber', - 'contact/IM/Skype', - 'contact/internet/email', - 'contact/web/default', - 'contact/web/blog', - 'contact/web/Linkedin', - 'contact/web/Amazon', - 'contact/web/Flickr', - 'contact/web/Delicious',*/ - 'company/name', - 'company/title', - /*'media/spokenname', - 'media/greeting/audio', - 'media/greeting/video', - 'media/biography', - 'media/image', - 'media/image/16x16', - 'media/image/32x32', - 'media/image/48x48', - 'media/image/64x64', - 'media/image/80x80', - 'media/image/128x128', - 'media/image/160x120', - 'media/image/320x240', - 'media/image/640x480', - 'media/image/120x160', - 'media/image/240x320', - 'media/image/480x640', - 'media/image/favicon', - 'timezone',*/ - ); - $this->api->optional = array();ARRAY( - 'namePerson/prefix', - 'namePerson/first', - 'namePerson/last', - 'namePerson/middle', - 'namePerson/suffix', - 'namePerson/friendly', - 'person/guid', - 'birthDate/birthYear', - 'birthDate/birthMonth', - 'birthDate/birthday', - 'gender', - 'language/pref', - 'contact/phone/default', - 'contact/phone/home', - 'contact/phone/business', - 'contact/phone/cell', - 'contact/phone/fax', - 'contact/postaladdress/home', - 'contact/postaladdressadditional/home', - 'contact/city/home', - 'contact/state/home', - 'contact/country/home', - 'contact/postalcode/home', - 'contact/postaladdress/business', - 'contact/postaladdressadditional/business', - 'contact/city/business', - 'contact/state/business', - 'contact/country/business', - 'contact/postalcode/business', - /*'contact/IM/default', - 'contact/IM/AIM', - 'contact/IM/ICQ', - 'contact/IM/MSN', - 'contact/IM/Yahoo', - 'contact/IM/Jabber', - 'contact/IM/Skype', - 'contact/internet/email', - 'contact/web/default', - 'contact/web/blog', - 'contact/web/Linkedin', - 'contact/web/Amazon', - 'contact/web/Flickr', - 'contact/web/Delicious',*/ - 'company/name', - 'company/title', - /*'media/spokenname', - 'media/greeting/audio', - 'media/greeting/video', - 'media/biography', - 'media/image', - 'media/image/16x16', - 'media/image/32x32', - 'media/image/48x48', - 'media/image/64x64', - 'media/image/80x80', - 'media/image/128x128', - 'media/image/160x120', - 'media/image/320x240', - 'media/image/640x480', - 'media/image/120x160', - 'media/image/240x320', - 'media/image/480x640', - 'media/image/favicon', - 'timezone',*/ - ); + 'namePerson/prefix', + 'namePerson/first', + 'namePerson/last', + 'namePerson/middle', + 'namePerson/suffix', + 'namePerson/friendly', + 'person/guid', + 'birthDate/birthYear', + 'birthDate/birthMonth', + 'birthDate/birthday', + 'gender', + 'language/pref', + 'contact/phone/default', + 'contact/phone/home', + 'contact/phone/business', + 'contact/phone/cell', + 'contact/phone/fax', + 'contact/postaladdress/home', + 'contact/postaladdressadditional/home', + 'contact/city/home', + 'contact/state/home', + 'contact/country/home', + 'contact/postalcode/home', + 'contact/postaladdress/business', + 'contact/postaladdressadditional/business', + 'contact/city/business', + 'contact/state/business', + 'contact/country/business', + 'contact/postalcode/business', + /*'contact/IM/default', + 'contact/IM/AIM', + 'contact/IM/ICQ', + 'contact/IM/MSN', + 'contact/IM/Yahoo', + 'contact/IM/Jabber', + 'contact/IM/Skype', + 'contact/internet/email', + 'contact/web/default', + 'contact/web/blog', + 'contact/web/Linkedin', + 'contact/web/Amazon', + 'contact/web/Flickr', + 'contact/web/Delicious',*/ + 'company/name', + 'company/title', + /*'media/spokenname', + 'media/greeting/audio', + 'media/greeting/video', + 'media/biography', + 'media/image', + 'media/image/16x16', + 'media/image/32x32', + 'media/image/48x48', + 'media/image/64x64', + 'media/image/80x80', + 'media/image/128x128', + 'media/image/160x120', + 'media/image/320x240', + 'media/image/640x480', + 'media/image/120x160', + 'media/image/240x320', + 'media/image/480x640', + 'media/image/favicon', + 'timezone',*/ + ]; + $this->api->optional = [];[ + 'namePerson/prefix', + 'namePerson/first', + 'namePerson/last', + 'namePerson/middle', + 'namePerson/suffix', + 'namePerson/friendly', + 'person/guid', + 'birthDate/birthYear', + 'birthDate/birthMonth', + 'birthDate/birthday', + 'gender', + 'language/pref', + 'contact/phone/default', + 'contact/phone/home', + 'contact/phone/business', + 'contact/phone/cell', + 'contact/phone/fax', + 'contact/postaladdress/home', + 'contact/postaladdressadditional/home', + 'contact/city/home', + 'contact/state/home', + 'contact/country/home', + 'contact/postalcode/home', + 'contact/postaladdress/business', + 'contact/postaladdressadditional/business', + 'contact/city/business', + 'contact/state/business', + 'contact/country/business', + 'contact/postalcode/business', + /*'contact/IM/default', + 'contact/IM/AIM', + 'contact/IM/ICQ', + 'contact/IM/MSN', + 'contact/IM/Yahoo', + 'contact/IM/Jabber', + 'contact/IM/Skype', + 'contact/internet/email', + 'contact/web/default', + 'contact/web/blog', + 'contact/web/Linkedin', + 'contact/web/Amazon', + 'contact/web/Flickr', + 'contact/web/Delicious',*/ + 'company/name', + 'company/title', + /*'media/spokenname', + 'media/greeting/audio', + 'media/greeting/video', + 'media/biography', + 'media/image', + 'media/image/16x16', + 'media/image/32x32', + 'media/image/48x48', + 'media/image/64x64', + 'media/image/80x80', + 'media/image/128x128', + 'media/image/160x120', + 'media/image/320x240', + 'media/image/640x480', + 'media/image/120x160', + 'media/image/240x320', + 'media/image/480x640', + 'media/image/favicon', + 'timezone',*/ + ]; # redirect the user to the provider authentication url Hybrid_Auth::redirect( $this->api->authUrl() ); diff --git a/hauth/Hybrid/Providers/Twitter.php b/hauth/Hybrid/Providers/Twitter.php index 6ea6231..107ff86 100644 --- a/hauth/Hybrid/Providers/Twitter.php +++ b/hauth/Hybrid/Providers/Twitter.php @@ -1,81 +1,81 @@ <?php
-
+ /* !
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2012, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_Providers_Twitter provider adapter based on OAuth1 protocol
*/
-class Hybrid_Providers_Twitter extends Hybrid_Provider_Model_OAuth1 {
-
+class Hybrid_Providers_Twitter extends Hybrid_Provider_Model_OAuth1 { + /**
* {@inheritdoc}
*/
function initialize() {
- parent::initialize();
-
- // Provider api end-points
+ parent::initialize(); + + // Provider api end-points
$this->api->api_base_url = "https://api.twitter.com/1.1/";
$this->api->authorize_url = "https://api.twitter.com/oauth/authenticate";
$this->api->request_token_url = "https://api.twitter.com/oauth/request_token";
- $this->api->access_token_url = "https://api.twitter.com/oauth/access_token";
-
+ $this->api->access_token_url = "https://api.twitter.com/oauth/access_token"; + if (isset($this->config['api_version']) && $this->config['api_version']) {
$this->api->api_base_url = "https://api.twitter.com/{$this->config['api_version']}/";
- }
-
+ } + if (isset($this->config['authorize']) && $this->config['authorize']) {
$this->api->authorize_url = "https://api.twitter.com/oauth/authorize";
- }
-
+ } + $this->api->curl_auth_header = false;
- }
-
+ } + /**
* {@inheritdoc}
*/
function loginBegin() {
// Initiate the Reverse Auth flow; cf. https://dev.twitter.com/docs/ios/using-reverse-auth
if (isset($_REQUEST['reverse_auth']) && ($_REQUEST['reverse_auth'] == 'yes')) {
- $stage1 = $this->api->signedRequest($this->api->request_token_url, 'POST', array('x_auth_mode' => 'reverse_auth'));
+ $stage1 = $this->api->signedRequest($this->api->request_token_url, 'POST', ['x_auth_mode' => 'reverse_auth']);
if ($this->api->http_code != 200) {
- throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5);
+ throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5); }
- $responseObj = array('x_reverse_auth_parameters' => $stage1, 'x_reverse_auth_target' => $this->config["keys"]["key"]);
+ $responseObj = ['x_reverse_auth_parameters' => $stage1, 'x_reverse_auth_target' => $this->config["keys"]["key"]];
$response = json_encode($responseObj);
header("Content-Type: application/json", true, 200);
echo $response;
die();
}
- $tokens = $this->api->requestToken($this->endpoint);
-
+ $tokens = $this->api->requestToken($this->endpoint); + // request tokens as received from provider
- $this->request_tokens_raw = $tokens;
-
+ $this->request_tokens_raw = $tokens; + // check the last HTTP status code returned
if ($this->api->http_code != 200) {
- throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5);
- }
-
+ throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5); + } + if (!isset($tokens["oauth_token"])) {
- throw new Exception("Authentication failed! {$this->providerId} returned an invalid oauth token.", 5);
- }
-
+ throw new Exception("Authentication failed! {$this->providerId} returned an invalid oauth token.", 5); + } + $this->token("request_token", $tokens["oauth_token"]);
- $this->token("request_token_secret", $tokens["oauth_token_secret"]);
-
+ $this->token("request_token_secret", $tokens["oauth_token_secret"]); + // redirect the user to the provider authentication url with force_login
if (( isset($this->config['force_login']) && $this->config['force_login'] ) || ( isset($this->config['force']) && $this->config['force'] === true )) {
- Hybrid_Auth::redirect($this->api->authorizeUrl($tokens, array('force_login' => true)));
- }
-
+ Hybrid_Auth::redirect($this->api->authorizeUrl($tokens, ['force_login' => true]));
+ } + // else, redirect the user to the provider authentication url
Hybrid_Auth::redirect($this->api->authorizeUrl($tokens));
- }
-
+ } + /**
* {@inheritdoc}
*/
@@ -83,45 +83,45 @@ class Hybrid_Providers_Twitter extends Hybrid_Provider_Model_OAuth1 { // in case we are completing a Reverse Auth flow; cf. https://dev.twitter.com/docs/ios/using-reverse-auth
if (isset($_REQUEST['oauth_token_secret'])) {
$tokens = $_REQUEST;
- $this->access_tokens_raw = $tokens;
-
+ $this->access_tokens_raw = $tokens; + // we should have an access_token unless something has gone wrong
if (!isset($tokens["oauth_token"])) {
- throw new Exception("Authentication failed! {$this->providerId} returned an invalid access token.", 5);
- }
-
+ throw new Exception("Authentication failed! {$this->providerId} returned an invalid access token.", 5); + } + // Get rid of tokens we don't need
$this->deleteToken("request_token");
- $this->deleteToken("request_token_secret");
-
+ $this->deleteToken("request_token_secret"); + // Store access_token and secret for later use
$this->token("access_token", $tokens['oauth_token']);
- $this->token("access_token_secret", $tokens['oauth_token_secret']);
-
+ $this->token("access_token_secret", $tokens['oauth_token_secret']); + // set user as logged in to the current provider
$this->setUserConnected();
return;
}
parent::loginFinish();
- }
-
+ } + /**
* {@inheritdoc}
*/
function getUserProfile() {
$includeEmail = isset($this->config['includeEmail']) ? (bool) $this->config['includeEmail'] : false;
- $response = $this->api->get('account/verify_credentials.json'. ($includeEmail ? '?include_email=true' : ''));
-
+ $response = $this->api->get('account/verify_credentials.json'. ($includeEmail ? '?include_email=true' : '')); + // check the last HTTP status code returned
if ($this->api->http_code != 200) {
- throw new Exception("User profile request failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 6);
- }
-
+ throw new Exception("User profile request failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 6); + } + if (!is_object($response) || !isset($response->id)) {
- throw new Exception("User profile request failed! {$this->providerId} api returned an invalid response: " . Hybrid_Logger::dumpData( $response ), 6);
- }
-
- # store the user profile.
+ throw new Exception("User profile request failed! {$this->providerId} api returned an invalid response: " . Hybrid_Logger::dumpData( $response ), 6); + } + + # store the user profile.
$this->user->profile->identifier = (property_exists($response, 'id')) ? $response->id : "";
$this->user->profile->displayName = (property_exists($response, 'screen_name')) ? $response->screen_name : "";
$this->user->profile->description = (property_exists($response, 'description')) ? $response->description : "";
@@ -131,92 +131,92 @@ class Hybrid_Providers_Twitter extends Hybrid_Provider_Model_OAuth1 { $this->user->profile->webSiteURL = (property_exists($response, 'url')) ? $response->url : "";
$this->user->profile->region = (property_exists($response, 'location')) ? $response->location : "";
if($includeEmail) $this->user->profile->email = (property_exists($response, 'email')) ? $response->email : "";
- if($includeEmail) $this->user->profile->emailVerified = (property_exists($response, 'email')) ? $response->email : "";
-
+ if($includeEmail) $this->user->profile->emailVerified = (property_exists($response, 'email')) ? $response->email : ""; + return $this->user->profile;
- }
-
+ } + /**
* {@inheritdoc}
*/
function getUserContacts() {
- $parameters = array('cursor' => '-1');
- $response = $this->api->get('friends/ids.json', $parameters);
-
+ $parameters = ['cursor' => '-1'];
+ $response = $this->api->get('friends/ids.json', $parameters); + // check the last HTTP status code returned
if ($this->api->http_code != 200) {
- throw new Exception("User contacts request failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code));
- }
-
+ throw new Exception("User contacts request failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code)); + } + if (!$response || !count($response->ids)) {
- return array();
- }
-
+ return [];
+ } + // 75 id per time should be okey
- $contactsids = array_chunk($response->ids, 75);
-
- $contacts = array();
-
+ $contactsids = array_chunk($response->ids, 75); + + $contacts = []; + foreach ($contactsids as $chunk) {
- $parameters = array('user_id' => implode(",", $chunk));
- $response = $this->api->get('users/lookup.json', $parameters);
-
+ $parameters = ['user_id' => implode(",", $chunk)];
+ $response = $this->api->get('users/lookup.json', $parameters); + // check the last HTTP status code returned
if ($this->api->http_code != 200) {
- throw new Exception("User contacts request failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code));
- }
-
+ throw new Exception("User contacts request failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code)); + } + if ($response && count($response)) {
foreach ($response as $item) {
- $uc = new Hybrid_User_Contact();
-
+ $uc = new Hybrid_User_Contact(); + $uc->identifier = (property_exists($item, 'id')) ? $item->id : "";
$uc->displayName = (property_exists($item, 'name')) ? $item->name : "";
$uc->profileURL = (property_exists($item, 'screen_name')) ? ("http://twitter.com/" . $item->screen_name) : "";
$uc->photoURL = (property_exists($item, 'profile_image_url')) ? $item->profile_image_url : "";
- $uc->description = (property_exists($item, 'description')) ? $item->description : "";
-
+ $uc->description = (property_exists($item, 'description')) ? $item->description : ""; + $contacts[] = $uc;
}
}
- }
-
+ } + return $contacts;
- }
-
+ } + /**
* {@inheritdoc}
*/
- function setUserStatus($status) {
-
+ function setUserStatus($status) { + if (is_array($status) && isset($status['message']) && isset($status['picture'])) {
- $response = $this->api->post('statuses/update_with_media.json', array('status' => $status['message'], 'media[]' => file_get_contents($status['picture'])), null, null, true);
+ $response = $this->api->post('statuses/update_with_media.json', ['status' => $status['message'], 'media[]' => file_get_contents($status['picture'])], null, null, true);
} else {
- $response = $this->api->post('statuses/update.json', array('status' => $status));
- }
-
+ $response = $this->api->post('statuses/update.json', ['status' => $status]);
+ } + // check the last HTTP status code returned
if ($this->api->http_code != 200) {
- throw new Exception("Update user status failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code));
- }
-
+ throw new Exception("Update user status failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code)); + } + return $response;
- }
-
+ } + /**
* {@inheritdoc}
*/
function getUserStatus($tweetid) {
- $info = $this->api->get('statuses/show.json?id=' . $tweetid . '&include_entities=true');
-
+ $info = $this->api->get('statuses/show.json?id=' . $tweetid . '&include_entities=true'); + // check the last HTTP status code returned
if ($this->api->http_code != 200 || !isset($info->id)) {
- throw new Exception("Cannot retrieve user status! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code));
- }
-
+ throw new Exception("Cannot retrieve user status! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code)); + } + return $info;
- }
-
+ } + /**
* load the user latest activity
* - timeline : all the stream
@@ -230,35 +230,35 @@ class Hybrid_Providers_Twitter extends Hybrid_Provider_Model_OAuth1 { $response = $this->api->get('statuses/user_timeline.json');
} else {
$response = $this->api->get('statuses/home_timeline.json');
- }
-
+ } + // check the last HTTP status code returned
if ($this->api->http_code != 200) {
- throw new Exception("User activity stream request failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code));
- }
-
+ throw new Exception("User activity stream request failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code)); + } + if (!$response) {
- return array();
- }
-
- $activities = array();
-
+ return [];
+ } + + $activities = []; + foreach ($response as $item) {
- $ua = new Hybrid_User_Activity();
-
+ $ua = new Hybrid_User_Activity(); + $ua->id = (property_exists($item, 'id')) ? $item->id : "";
$ua->date = (property_exists($item, 'created_at')) ? strtotime($item->created_at) : "";
- $ua->text = (property_exists($item, 'text')) ? $item->text : "";
-
+ $ua->text = (property_exists($item, 'text')) ? $item->text : ""; + $ua->user->identifier = (property_exists($item->user, 'id')) ? $item->user->id : "";
$ua->user->displayName = (property_exists($item->user, 'name')) ? $item->user->name : "";
$ua->user->profileURL = (property_exists($item->user, 'screen_name')) ? ("http://twitter.com/" . $item->user->screen_name) : "";
- $ua->user->photoURL = (property_exists($item->user, 'profile_image_url')) ? $item->user->profile_image_url : "";
-
+ $ua->user->photoURL = (property_exists($item->user, 'profile_image_url')) ? $item->user->profile_image_url : ""; + $activities[] = $ua;
- }
-
+ } + return $activities;
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/Providers/Yahoo.php b/hauth/Hybrid/Providers/Yahoo.php index 82e3972..cd23270 100644 --- a/hauth/Hybrid/Providers/Yahoo.php +++ b/hauth/Hybrid/Providers/Yahoo.php @@ -1,11 +1,11 @@ <?php
-
+ /* !
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2012, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Yahoo OAuth Class.
*
@@ -14,256 +14,256 @@ * @author Oleg Kuzava <olegkuzava@gmail.com>
* @version 1.0
* @license BSD License
- */
-
+ */ + /**
* Hybrid_Providers_Yahoo - Yahoo provider adapter based on OAuth2 protocol.
*/
-class Hybrid_Providers_Yahoo extends Hybrid_Provider_Model_OAuth2 {
-
- /**
- * Define Yahoo scopes.
- *
- * @var array $scope
- * If empty will be used YDN App scopes.
- * @see https://developer.yahoo.com/oauth2/guide/yahoo_scopes.
- */
- public $scope = array();
-
- /**
- * {@inheritdoc}
- */
- function initialize() {
- parent::initialize();
-
- // Provider api end-points.
- $this->api->api_base_url = "https://social.yahooapis.com/v1/";
- $this->api->authorize_url = "https://api.login.yahoo.com/oauth2/request_auth";
- $this->api->token_url = "https://api.login.yahoo.com/oauth2/get_token";
-
- // Set token headers.
- $this->setAuthorizationHeaders("basic");
- }
-
- /**
- * {@inheritdoc}
- */
- function loginBegin() {
- if (is_array($this->scope)) {
- $this->scope = implode(",", $this->scope);
- }
- parent::loginBegin();
- }
-
- /**
- * {@inheritdoc}
- */
- function getUserProfile() {
- $userId = $this->getCurrentUserId();
-
- $response = $this->api->get("user/{$userId}/profile", array(
- "format" => "json",
- ));
-
- if (!isset($response->profile)) {
- throw new Exception("User profile request failed! {$this->providerId} returned an invalid response: " . Hybrid_Logger::dumpData($response), 6);
- }
-
- $data = $response->profile;
-
- $this->user->profile->identifier = isset($data->guid) ? $data->guid : "";
- $this->user->profile->firstName = isset($data->givenName) ? $data->givenName : "";
- $this->user->profile->lastName = isset($data->familyName) ? $data->familyName : "";
- $this->user->profile->displayName = isset($data->nickname) ? trim($data->nickname) : "";
- $this->user->profile->profileURL = isset($data->profileUrl) ? $data->profileUrl : "";
- $this->user->profile->gender = isset($data->gender) ? $data->gender : "";
-
- if ($this->user->profile->gender === "F") {
- $this->user->profile->gender = "female";
- }
- elseif ($this->user->profile->gender === "M") {
- $this->user->profile->gender = "male";
- }
-
- if (isset($data->emails)) {
- $email = "";
- foreach ($data->emails as $v) {
- if (isset($v->primary) && $v->primary) {
- $email = isset($v->handle) ? $v->handle : "";
- break;
- }
- }
- $this->user->profile->email = $email;
- $this->user->profile->emailVerified = $email;
- }
-
- $this->user->profile->age = isset($data->displayAge) ? $data->displayAge : "";
- $this->user->profile->photoURL = isset($data->image) ? $data->image->imageUrl : "";
-
- $this->user->profile->address = isset($data->location) ? $data->location : "";
- $this->user->profile->language = isset($data->lang) ? $data->lang : "";
-
- return $this->user->profile;
- }
-
- /**
- * {@inheritdoc}
- */
- function getUserContacts() {
- $userId = $this->getCurrentUserId();
-
- $response = $this->api->get("user/{$userId}/contacts", array(
- "format" => "json",
- "count" => "max",
- ));
-
- if ($this->api->http_code != 200) {
- throw new Exception("User contacts request failed! {$this->providerId} returned an error: " . $this->errorMessageByStatus());
- }
-
- if (!isset($response->contacts) || !isset($response->contacts->contact) || (isset($response->errcode) && $response->errcode != 0)) {
- return array();
- }
-
- $contacts = array();
- foreach ($response->contacts->contact as $item) {
- $uc = new Hybrid_User_Contact();
-
- $uc->identifier = isset($item->id) ? $item->id : "";
- $uc->email = $this->selectEmail($item->fields);
- $uc->displayName = $this->selectName($item->fields);
- $uc->photoURL = $this->selectPhoto($item->fields);
-
- $contacts[] = $uc;
- }
-
- return $contacts;
- }
-
- /**
- * Returns current user id.
- *
- * @return string
- * Current user ID.
- * @throws Exception
- */
- function getCurrentUserId() {
- // Set headers to get refresh token.
- $this->setAuthorizationHeaders("basic");
-
- // Refresh tokens if needed.
- $this->refreshToken();
-
- // Set headers to make api call.
- $this->setAuthorizationHeaders("bearer");
-
- $response = $this->api->get("me/guid", array(
- "format" => "json",
- ));
-
- if (!isset($response->guid->value)) {
- throw new Exception("User id request failed! {$this->providerId} returned an invalid response: " . Hybrid_Logger::dumpData($response));
- }
-
- return $response->guid->value;
- }
-
- /**
- * Utility function for returning values from XML-like objects.
- *
- * @param stdClass $vs
- * Object.
- * @param string $t
- * Property name.
- * @return mixed
- */
- private function select($vs, $t) {
- foreach ($vs as $v) {
- if ($v->type == $t) {
- return $v;
- }
- }
-
- return null;
- }
-
- /**
- * Parses user name.
- *
- * @param stdClass $v
- * Object.
- * @return string
- * User name.
- */
- private function selectName($v) {
- $s = $this->select($v, "name");
- if (!$s) {
- $s = $this->select($v, "nickname");
- return isset($s->value) ? $s->value : "";
- }
- return isset($s->value) ? "{$s->value->givenName} {$s->value->familyName}" : "";
- }
-
- /**
- * Parses photo URL.
- *
- * @param stdClass $v
- * Object.
- * @return string
- * Photo URL.
- */
- private function selectPhoto($v) {
- $s = $this->select($v, "image");
-
- return isset($s->value) ? $s->value->imageUrl : "";
- }
-
- /**
- * Parses email.
- *
- * @param stdClass $v
- * Object
- * @return string
- * An email address.
- */
- private function selectEmail($v) {
- $s = $this->select($v, "email");
- if (empty($s)) {
- $s = $this->select($v, "yahooid");
- if (isset($s->value) && strpos($s->value, "@") === FALSE) {
- $s->value .= "@yahoo.com";
- }
- }
-
- return isset($s->value) ? $s->value : "";
- }
-
- /**
- * Set correct Authorization headers.
- *
- * @param string $token_type
- * Specify token type.
- *
- * @return void
- */
- private function setAuthorizationHeaders($token_type) {
- switch ($token_type) {
- case "basic":
- // The /get_token requires authorization header.
- $token = base64_encode("{$this->config["keys"]["id"]}:{$this->config["keys"]["secret"]}");
- $this->api->curl_header = array(
- "Authorization: Basic {$token}",
- "Content-Type: application/x-www-form-urlencoded",
- );
- break;
-
- case "bearer":
- // Yahoo API requires the token to be passed as a Bearer within the authorization header.
- $this->api->curl_header = array(
- "Authorization: Bearer {$this->api->access_token}",
- );
- break;
- }
- }
-
-}
+class Hybrid_Providers_Yahoo extends Hybrid_Provider_Model_OAuth2 { + + /**
+ * Define Yahoo scopes.
+ *
+ * @var array $scope
+ * If empty will be used YDN App scopes.
+ * @see https://developer.yahoo.com/oauth2/guide/yahoo_scopes.
+ */
+ public $scope = []; + + /**
+ * {@inheritdoc}
+ */
+ function initialize() {
+ parent::initialize(); + + // Provider api end-points.
+ $this->api->api_base_url = "https://social.yahooapis.com/v1/";
+ $this->api->authorize_url = "https://api.login.yahoo.com/oauth2/request_auth";
+ $this->api->token_url = "https://api.login.yahoo.com/oauth2/get_token"; + + // Set token headers.
+ $this->setAuthorizationHeaders("basic");
+ } + + /**
+ * {@inheritdoc}
+ */
+ function loginBegin() {
+ if (is_array($this->scope)) {
+ $this->scope = implode(",", $this->scope);
+ }
+ parent::loginBegin();
+ } + + /**
+ * {@inheritdoc}
+ */
+ function getUserProfile() {
+ $userId = $this->getCurrentUserId(); + + $response = $this->api->get("user/{$userId}/profile", [
+ "format" => "json",
+ ]); + + if (!isset($response->profile)) {
+ throw new Exception("User profile request failed! {$this->providerId} returned an invalid response: " . Hybrid_Logger::dumpData($response), 6); + } + + $data = $response->profile; + + $this->user->profile->identifier = $data->guid ?? "";
+ $this->user->profile->firstName = $data->givenName ?? "";
+ $this->user->profile->lastName = $data->familyName ?? "";
+ $this->user->profile->displayName = isset($data->nickname) ? trim($data->nickname) : "";
+ $this->user->profile->profileURL = $data->profileUrl ?? "";
+ $this->user->profile->gender = $data->gender ?? ""; + + if ($this->user->profile->gender === "F") {
+ $this->user->profile->gender = "female";
+ }
+ elseif ($this->user->profile->gender === "M") {
+ $this->user->profile->gender = "male";
+ } + + if (isset($data->emails)) {
+ $email = "";
+ foreach ($data->emails as $v) {
+ if (isset($v->primary) && $v->primary) {
+ $email = $v->handle ?? "";
+ break;
+ }
+ }
+ $this->user->profile->email = $email;
+ $this->user->profile->emailVerified = $email;
+ } + + $this->user->profile->age = $data->displayAge ?? "";
+ $this->user->profile->photoURL = isset($data->image) ? $data->image->imageUrl : ""; + + $this->user->profile->address = $data->location ?? "";
+ $this->user->profile->language = $data->lang ?? ""; + + return $this->user->profile;
+ } + + /**
+ * {@inheritdoc}
+ */
+ function getUserContacts() {
+ $userId = $this->getCurrentUserId(); + + $response = $this->api->get("user/{$userId}/contacts", [
+ "format" => "json",
+ "count" => "max",
+ ]); + + if ($this->api->http_code != 200) {
+ throw new Exception("User contacts request failed! {$this->providerId} returned an error: " . $this->errorMessageByStatus()); + } + + if (!isset($response->contacts) || !isset($response->contacts->contact) || (isset($response->errcode) && $response->errcode != 0)) {
+ return [];
+ } + + $contacts = [];
+ foreach ($response->contacts->contact as $item) {
+ $uc = new Hybrid_User_Contact(); + + $uc->identifier = $item->id ?? "";
+ $uc->email = $this->selectEmail($item->fields);
+ $uc->displayName = $this->selectName($item->fields);
+ $uc->photoURL = $this->selectPhoto($item->fields); + + $contacts[] = $uc;
+ } + + return $contacts;
+ } + + /**
+ * Returns current user id.
+ *
+ * @return string
+ * Current user ID.
+ * @throws Exception
+ */
+ function getCurrentUserId() {
+ // Set headers to get refresh token.
+ $this->setAuthorizationHeaders("basic"); + + // Refresh tokens if needed.
+ $this->refreshToken(); + + // Set headers to make api call.
+ $this->setAuthorizationHeaders("bearer"); + + $response = $this->api->get("me/guid", [
+ "format" => "json",
+ ]); + + if (!isset($response->guid->value)) {
+ throw new Exception("User id request failed! {$this->providerId} returned an invalid response: " . Hybrid_Logger::dumpData($response)); + } + + return $response->guid->value;
+ } + + /**
+ * Utility function for returning values from XML-like objects.
+ *
+ * @param stdClass $vs
+ * Object.
+ * @param string $t
+ * Property name.
+ * @return mixed
+ */
+ private function select($vs, $t) {
+ foreach ($vs as $v) {
+ if ($v->type == $t) {
+ return $v;
+ }
+ } + + return null;
+ } + + /**
+ * Parses user name.
+ *
+ * @param stdClass $v
+ * Object.
+ * @return string
+ * User name.
+ */
+ private function selectName($v) {
+ $s = $this->select($v, "name");
+ if (!$s) {
+ $s = $this->select($v, "nickname");
+ return $s->value ?? "";
+ }
+ return isset($s->value) ? "{$s->value->givenName} {$s->value->familyName}" : "";
+ } + + /**
+ * Parses photo URL.
+ *
+ * @param stdClass $v
+ * Object.
+ * @return string
+ * Photo URL.
+ */
+ private function selectPhoto($v) {
+ $s = $this->select($v, "image"); + + return isset($s->value) ? $s->value->imageUrl : "";
+ } + + /**
+ * Parses email.
+ *
+ * @param stdClass $v
+ * Object
+ * @return string
+ * An email address.
+ */
+ private function selectEmail($v) {
+ $s = $this->select($v, "email");
+ if (empty($s)) {
+ $s = $this->select($v, "yahooid");
+ if (isset($s->value) && strpos($s->value, "@") === FALSE) {
+ $s->value .= "@yahoo.com";
+ }
+ } + + return $s->value ?? "";
+ } + + /**
+ * Set correct Authorization headers.
+ *
+ * @param string $token_type
+ * Specify token type.
+ *
+ * @return void
+ */
+ private function setAuthorizationHeaders($token_type) {
+ switch ($token_type) {
+ case "basic":
+ // The /get_token requires authorization header.
+ $token = base64_encode("{$this->config["keys"]["id"]}:{$this->config["keys"]["secret"]}");
+ $this->api->curl_header = [
+ "Authorization: Basic {$token}",
+ "Content-Type: application/x-www-form-urlencoded",
+ ];
+ break; + + case "bearer":
+ // Yahoo API requires the token to be passed as a Bearer within the authorization header.
+ $this->api->curl_header = [
+ "Authorization: Bearer {$this->api->access_token}",
+ ];
+ break;
+ }
+ } + +} diff --git a/hauth/Hybrid/Storage.php b/hauth/Hybrid/Storage.php index d82b4af..b9fa366 100644 --- a/hauth/Hybrid/Storage.php +++ b/hauth/Hybrid/Storage.php @@ -1,31 +1,31 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
*/
-require_once realpath(dirname(__FILE__)) . "/StorageInterface.php";
-
+require_once realpath(dirname(__FILE__)) . "/StorageInterface.php"; + /**
* HybridAuth storage manager
*/
-class Hybrid_Storage implements Hybrid_Storage_Interface {
-
+class Hybrid_Storage implements Hybrid_Storage_Interface { + /**
* Constructor
*/
function __construct() {
if (!session_id()) {
if (!session_start()) {
- throw new Exception("Hybridauth requires the use of 'session_start()' at the start of your script, which appears to be disabled.", 1);
+ throw new Exception("Hybridauth requires the use of 'session_start()' at the start of your script, which appears to be disabled.", 1); }
- }
-
+ } + $this->config("php_session_id", session_id());
$this->config("version", Hybrid_Auth::$version);
- }
-
+ } + /**
* Saves a value in the config storage, or returns config if value is null
*
@@ -34,17 +34,17 @@ class Hybrid_Storage implements Hybrid_Storage_Interface { * @return array|null
*/
public function config($key, $value = null) {
- $key = strtolower($key);
-
+ $key = strtolower($key); + if ($value) {
$_SESSION["HA::CONFIG"][$key] = serialize($value);
} elseif (isset($_SESSION["HA::CONFIG"][$key])) {
return unserialize($_SESSION["HA::CONFIG"][$key]);
- }
-
+ } + return null;
- }
-
+ } + /**
* Returns value from session storage
*
@@ -52,15 +52,15 @@ class Hybrid_Storage implements Hybrid_Storage_Interface { * @return string|null
*/
public function get($key) {
- $key = strtolower($key);
-
+ $key = strtolower($key); + if (isset($_SESSION["HA::STORE"], $_SESSION["HA::STORE"][$key])) {
return unserialize($_SESSION["HA::STORE"][$key]);
- }
-
+ } + return null;
- }
-
+ } + /**
* Saves a key value pair to the session storage
*
@@ -71,16 +71,16 @@ class Hybrid_Storage implements Hybrid_Storage_Interface { public function set($key, $value) {
$key = strtolower($key);
$_SESSION["HA::STORE"][$key] = serialize($value);
- }
-
+ } + /**
* Clear session storage
* @return void
*/
function clear() {
- $_SESSION["HA::STORE"] = array();
- }
-
+ $_SESSION["HA::STORE"] = [];
+ } + /**
* Delete a specific key from session storage
*
@@ -88,15 +88,15 @@ class Hybrid_Storage implements Hybrid_Storage_Interface { * @return void
*/
function delete($key) {
- $key = strtolower($key);
-
+ $key = strtolower($key); + if (isset($_SESSION["HA::STORE"], $_SESSION["HA::STORE"][$key])) {
$f = $_SESSION['HA::STORE'];
unset($f[$key]);
$_SESSION["HA::STORE"] = $f;
}
- }
-
+ } + /**
* Delete all keys recursively from session storage
*
@@ -104,8 +104,8 @@ class Hybrid_Storage implements Hybrid_Storage_Interface { * @retun void
*/
function deleteMatch($key) {
- $key = strtolower($key);
-
+ $key = strtolower($key); + if (isset($_SESSION["HA::STORE"]) && count($_SESSION["HA::STORE"])) {
$f = $_SESSION['HA::STORE'];
foreach ($f as $k => $v) {
@@ -115,8 +115,8 @@ class Hybrid_Storage implements Hybrid_Storage_Interface { }
$_SESSION["HA::STORE"] = $f;
}
- }
-
+ } + /**
* Returns session storage as a serialized string
* @return string|null
@@ -126,8 +126,8 @@ class Hybrid_Storage implements Hybrid_Storage_Interface { return serialize($_SESSION["HA::STORE"]);
}
return null;
- }
-
+ } + /**
* Restores the session from serialized session data
*
@@ -136,6 +136,6 @@ class Hybrid_Storage implements Hybrid_Storage_Interface { */
function restoreSessionData($sessiondata = null) {
$_SESSION["HA::STORE"] = unserialize($sessiondata);
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/StorageInterface.php b/hauth/Hybrid/StorageInterface.php index 5b171ec..5b171ec 100644..100755 --- a/hauth/Hybrid/StorageInterface.php +++ b/hauth/Hybrid/StorageInterface.php diff --git a/hauth/Hybrid/User.php b/hauth/Hybrid/User.php index 6461671..6668aca 100644 --- a/hauth/Hybrid/User.php +++ b/hauth/Hybrid/User.php @@ -1,40 +1,40 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* The Hybrid_User class represents the current logged in user
*/
-class Hybrid_User {
-
+class Hybrid_User { + /**
* The ID (name) of the connected provider
* @var mixed
*/
- public $providerId = null;
-
+ public $providerId = null; + /**
* Timestamp connection to the provider
* @var int
*/
- public $timestamp = null;
-
+ public $timestamp = null; + /**
* User profile, contains the list of fields available in the normalized user profile structure used by HybridAuth
* @var Hybrid_User_Profile
*/
- public $profile = null;
-
+ public $profile = null; + /**
* Initialize the user object
*/
function __construct() {
$this->timestamp = time();
$this->profile = new Hybrid_User_Profile();
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/User_Activity.php b/hauth/Hybrid/User_Activity.php index 4a57e16..7dc9376 100644 --- a/hauth/Hybrid/User_Activity.php +++ b/hauth/Hybrid/User_Activity.php @@ -1,11 +1,11 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_User_Activity
*
@@ -13,43 +13,43 @@ *
* http://hybridauth.sourceforge.net/userguide/Profile_Data_User_Activity.html
*/
-class Hybrid_User_Activity {
-
+class Hybrid_User_Activity { + /**
* Activity id on the provider side, usually given as integer
* @var mixed
*/
- public $id = null;
-
+ public $id = null; + /**
* Activity date of creation
* @var int
*/
- public $date = null;
-
+ public $date = null; + /**
* Activity content as a string
* @var string
*/
- public $text = null;
-
+ public $text = null; + /**
* User who created the activity
* @var stdClass
*/
- public $user = null;
-
+ public $user = null; + /**
* Constructor
*/
public function __construct() {
- $this->user = new stdClass();
-
+ $this->user = new stdClass(); + // typically, we should have a few information about the user who created the event from social apis
$this->user->identifier = null;
$this->user->displayName = null;
$this->user->profileURL = null;
$this->user->photoURL = null;
- }
-
-}
+ } + +} diff --git a/hauth/Hybrid/User_Contact.php b/hauth/Hybrid/User_Contact.php index facbfc4..33a7fc8 100644 --- a/hauth/Hybrid/User_Contact.php +++ b/hauth/Hybrid/User_Contact.php @@ -1,11 +1,11 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_User_Contact
*
@@ -13,48 +13,48 @@ *
* http://hybridauth.sourceforge.net/userguide/Profile_Data_User_Contacts.html
*/
-class Hybrid_User_Contact {
-
+class Hybrid_User_Contact { + /**
* The Unique contact user ID
* @var mixed
*/
- public $identifier = null;
-
+ public $identifier = null; + /**
* User website, blog, web page
* @var string
*/
- public $webSiteURL = null;
-
+ public $webSiteURL = null; + /**
* URL link to profile page on the IDp web site
* @var string
*/
- public $profileURL = null;
-
+ public $profileURL = null; + /**
* URL link to user photo or avatar
* @var string
*/
- public $photoURL = null;
-
+ public $photoURL = null; + /**
* User displayName provided by the IDp or a concatenation of first and last name
* @var string
*/
- public $displayName = null;
-
+ public $displayName = null; + /**
* A short about_me
* @var string
*/
- public $description = null;
-
+ public $description = null; + /**
* User email. Not all of IDp grant access to the user email
* @var string
*/
- public $email = null;
-
-}
+ public $email = null; + +} diff --git a/hauth/Hybrid/User_Profile.php b/hauth/Hybrid/User_Profile.php index 403be89..0cf299c 100644 --- a/hauth/Hybrid/User_Profile.php +++ b/hauth/Hybrid/User_Profile.php @@ -1,11 +1,11 @@ <?php
-
+ /**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
- */
-
+ */ + /**
* Hybrid_User_Profile object represents the current logged in user profile.
* The list of fields available in the normalized user profile structure used by HybridAuth.
@@ -15,149 +15,149 @@ *
* http://hybridauth.sourceforge.net/userguide/Profile_Data_User_Profile.html
*/
-class Hybrid_User_Profile {
-
+class Hybrid_User_Profile { + /**
* The Unique user's ID on the connected provider
* @var mixed
*/
- public $identifier = null;
-
+ public $identifier = null; + /**
* User website, blog, web page
* @var string
*/
- public $webSiteURL = null;
-
+ public $webSiteURL = null; + /**
* URL link to profile page on the IDp web site
* @var string
*/
- public $profileURL = null;
-
+ public $profileURL = null; + /**
* URL link to user photo or avatar
* @var string
*/
- public $photoURL = null;
-
+ public $photoURL = null; + /**
* User displayName provided by the IDp or a concatenation of first and last name.
* @var string
*/
- public $displayName = null;
-
+ public $displayName = null; + /**
* A short about_me
* @var string
*/
- public $description = null;
-
+ public $description = null; + /**
* User's first name
* @var string
*/
- public $firstName = null;
-
+ public $firstName = null; + /**
* User's last name
* @var string
*/
- public $lastName = null;
-
+ public $lastName = null; + /**
* Male or female
* @var string
*/
- public $gender = null;
-
+ public $gender = null; + /**
* Language
* @var string
*/
- public $language = null;
-
+ public $language = null; + /**
* User age, we don't calculate it. we return it as is if the IDp provide it.
* @var int
*/
- public $age = null;
-
+ public $age = null; + /**
* User birth Day
* @var int
*/
- public $birthDay = null;
-
+ public $birthDay = null; + /**
* User birth Month
* @var int
*/
- public $birthMonth = null;
-
+ public $birthMonth = null; + /**
* User birth Year
* @var int
*/
- public $birthYear = null;
-
+ public $birthYear = null; + /**
* User email. Note: not all of IDp grant access to the user email
* @var string
*/
- public $email = null;
-
+ public $email = null; + /**
* Verified user email. Note: not all of IDp grant access to verified user email
* @var string
*/
- public $emailVerified = null;
-
+ public $emailVerified = null; + /**
* Phone number
* @var string
*/
- public $phone = null;
-
+ public $phone = null; + /**
* Complete user address
* @var string
*/
- public $address = null;
-
+ public $address = null; + /**
* User country
* @var string
*/
- public $country = null;
-
+ public $country = null; + /**
* Region
* @var string
*/
- public $region = null;
-
+ public $region = null; + /**
* City
* @var string
*/
- public $city = null;
-
+ public $city = null; + /**
* Postal code
* @var string
*/
- public $zip = null;
-
+ public $zip = null; + /**
* Job title
* @var string
*/
- public $job_title = null;
-
+ public $job_title = null; + /**
* Organization name
* @var string
*/
public $organization_name = null;
-}
+} diff --git a/hauth/Hybrid/index.html b/hauth/Hybrid/index.html index 065d2da..065d2da 100644..100755 --- a/hauth/Hybrid/index.html +++ b/hauth/Hybrid/index.html diff --git a/hauth/Hybrid/resources/index.html b/hauth/Hybrid/resources/index.html index 065d2da..065d2da 100644..100755 --- a/hauth/Hybrid/resources/index.html +++ b/hauth/Hybrid/resources/index.html diff --git a/hauth/Hybrid/resources/openid_policy.html b/hauth/Hybrid/resources/openid_policy.html index bf5c52c..bf5c52c 100644..100755 --- a/hauth/Hybrid/resources/openid_policy.html +++ b/hauth/Hybrid/resources/openid_policy.html diff --git a/hauth/Hybrid/resources/openid_realm.html b/hauth/Hybrid/resources/openid_realm.html index e26a5a1..e26a5a1 100644..100755 --- a/hauth/Hybrid/resources/openid_realm.html +++ b/hauth/Hybrid/resources/openid_realm.html diff --git a/hauth/Hybrid/resources/openid_xrds.xml b/hauth/Hybrid/resources/openid_xrds.xml index 9d50170..9d50170 100644..100755 --- a/hauth/Hybrid/resources/openid_xrds.xml +++ b/hauth/Hybrid/resources/openid_xrds.xml diff --git a/hauth/Hybrid/thirdparty/Amazon/AmazonOAuth2Client.php b/hauth/Hybrid/thirdparty/Amazon/AmazonOAuth2Client.php index 9c8a363..723dbdb 100644 --- a/hauth/Hybrid/thirdparty/Amazon/AmazonOAuth2Client.php +++ b/hauth/Hybrid/thirdparty/Amazon/AmazonOAuth2Client.php @@ -25,13 +25,13 @@ class AmazonOAuth2Client extends OAuth2Client { public function authenticate( $code ) { - $params = array( + $params = [ "client_id" => $this->client_id, "client_secret" => $this->client_secret, "grant_type" => 'authorization_code', "redirect_uri" => $this->redirect_uri, "code" => $code, - ); + ]; $response = $this->request( $this->token_url, http_build_query($params), $this->curl_authenticate_method ); @@ -62,7 +62,7 @@ class AmazonOAuth2Client extends OAuth2Client { $url = $url . ( strpos( $url, '?' ) ? '&' : '?' ) . http_build_query($params, '', '&'); } - $this->http_info = array(); + $this->http_info = []; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL , $url ); diff --git a/hauth/Hybrid/thirdparty/OAuth/OAuth.php b/hauth/Hybrid/thirdparty/OAuth/OAuth.php index 4d06837..9f82cb8 100755 --- a/hauth/Hybrid/thirdparty/OAuth/OAuth.php +++ b/hauth/Hybrid/thirdparty/OAuth/OAuth.php @@ -1,62 +1,62 @@ <?php
// http://oauth.googlecode.com/svn/code/php/OAuth.php
-// rev 1276, July 4, 2014
-
-// vim: foldmethod=marker
-
+// rev 1276, July 4, 2014 + +// vim: foldmethod=marker + /* Generic exception class
*/
if (!class_exists('OAuthException', false)) {
class OAuthException extends Exception {
- // pass
+ // pass
}
-}
-
+} + class OAuthConsumer {
public $key;
- public $secret;
-
+ public $secret; + function __construct($key, $secret, $callback_url=null) {
- $this->key = $key;
- $this->secret = $secret;
- $this->callback_url = $callback_url;
- }
-
+ $this->key = $key;
+ $this->secret = $secret;
+ $this->callback_url = $callback_url;
+ } + function __toString() {
- return "OAuthConsumer[key=$this->key,secret=$this->secret]";
+ return "OAuthConsumer[key=$this->key,secret=$this->secret]";
}
-}
-
+} + class OAuthToken {
// access tokens and request tokens
public $key;
- public $secret;
-
+ public $secret; + /**
* key = the token
* secret = the token secret
*/
function __construct($key, $secret) {
- $this->key = $key;
- $this->secret = $secret;
- }
-
+ $this->key = $key;
+ $this->secret = $secret;
+ } + /**
* generates the basic string serialization of a token that a server
* would respond to request_token and access_token calls with
*/
function to_string() {
- return "oauth_token=" .
- OAuthUtil::urlencode_rfc3986($this->key) .
- "&oauth_token_secret=" .
- OAuthUtil::urlencode_rfc3986($this->secret);
- }
-
+ return "oauth_token=" .
+ OAuthUtil::urlencode_rfc3986($this->key) .
+ "&oauth_token_secret=" .
+ OAuthUtil::urlencode_rfc3986($this->secret);
+ } + function __toString() {
- return $this->to_string();
+ return $this->to_string();
}
-}
-
+} + /**
* A class for implementing a Signature Method
* See section 9 ("Signing Requests") in the spec
@@ -66,8 +66,8 @@ abstract class OAuthSignatureMethod { * Needs to return the name of the Signature Method (ie HMAC-SHA1)
* @return string
*/
- abstract public function get_name();
-
+ abstract public function get_name(); + /**
* Build up the signature
* NOTE: The output of this function MUST NOT be urlencoded.
@@ -78,8 +78,8 @@ abstract class OAuthSignatureMethod { * @param OAuthToken $token
* @return string
*/
- abstract public function build_signature($request, $consumer, $token);
-
+ abstract public function build_signature($request, $consumer, $token); + /**
* Verifies that a given signature is correct
* @param OAuthRequest $request
@@ -89,27 +89,27 @@ abstract class OAuthSignatureMethod { * @return bool
*/
public function check_signature($request, $consumer, $token, $signature) {
- $built = $this->build_signature($request, $consumer, $token);
-
- // Check for zero length, although unlikely here
- if (strlen($built) == 0 || strlen($signature) == 0) {
- return false;
- }
-
- if (strlen($built) != strlen($signature)) {
- return false;
- }
-
- // Avoid a timing leak with a (hopefully) time insensitive compare
- $result = 0;
- for ($i = 0; $i < strlen($signature); $i++) {
- $result |= ord($built[$i]) ^ ord($signature[$i]);
- }
-
- return $result == 0;
+ $built = $this->build_signature($request, $consumer, $token); + + // Check for zero length, although unlikely here
+ if (strlen($built) == 0 || strlen($signature) == 0) {
+ return false;
+ } + + if (strlen($built) != strlen($signature)) {
+ return false;
+ } + + // Avoid a timing leak with a (hopefully) time insensitive compare
+ $result = 0;
+ for ($i = 0; $i < strlen($signature); $i++) {
+ $result |= ord($built[$i]) ^ ord($signature[$i]);
+ } + + return $result == 0;
}
-}
-
+} + /**
* The HMAC-SHA1 signature method uses the HMAC-SHA1 signature algorithm as defined in [RFC2104]
* where the Signature Base String is the text and the key is the concatenated values (each first
@@ -119,25 +119,25 @@ abstract class OAuthSignatureMethod { */
class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {
function get_name() {
- return "HMAC-SHA1";
- }
-
+ return "HMAC-SHA1";
+ } + public function build_signature($request, $consumer, $token) {
- $base_string = $request->get_signature_base_string();
- $request->base_string = $base_string;
-
- $key_parts = array(
- $consumer->secret,
- ($token) ? $token->secret : ""
- );
-
- $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
- $key = implode('&', $key_parts);
-
- return base64_encode(hash_hmac('sha1', $base_string, $key, true));
+ $base_string = $request->get_signature_base_string();
+ $request->base_string = $base_string; + + $key_parts = [
+ $consumer->secret,
+ ($token) ? $token->secret : "",
+ ]; + + $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
+ $key = implode('&', $key_parts); + + return base64_encode(hash_hmac('sha1', $base_string, $key, true));
}
-}
-
+} + /**
* The PLAINTEXT method does not provide any security protection and SHOULD only be used
* over a secure channel such as HTTPS. It does not use the Signature Base String.
@@ -145,9 +145,9 @@ class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod { */
class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod {
public function get_name() {
- return "PLAINTEXT";
- }
-
+ return "PLAINTEXT";
+ } + /**
* oauth_signature is set to the concatenated encoded values of the Consumer Secret and
* Token Secret, separated by a '&' character (ASCII code 38), even if either secret is
@@ -158,19 +158,19 @@ class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod { * OAuthRequest handles this!
*/
public function build_signature($request, $consumer, $token) {
- $key_parts = array(
- $consumer->secret,
- ($token) ? $token->secret : ""
- );
-
- $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
- $key = implode('&', $key_parts);
- $request->base_string = $key;
-
- return $key;
+ $key_parts = [
+ $consumer->secret,
+ ($token) ? $token->secret : "",
+ ]; + + $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
+ $key = implode('&', $key_parts);
+ $request->base_string = $key; + + return $key;
}
-}
-
+} + /**
* The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in
* [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for
@@ -181,63 +181,63 @@ class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod { */
abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
public function get_name() {
- return "RSA-SHA1";
- }
-
+ return "RSA-SHA1";
+ } + // Up to the SP to implement this lookup of keys. Possible ideas are:
// (1) do a lookup in a table of trusted certs keyed off of consumer
// (2) fetch via http using a url provided by the requester
// (3) some sort of specific discovery code based on request
//
// Either way should return a string representation of the certificate
- protected abstract function fetch_public_cert(&$request);
-
+ protected abstract function fetch_public_cert(&$request); + // Up to the SP to implement this lookup of keys. Possible ideas are:
// (1) do a lookup in a table of trusted certs keyed off of consumer
//
// Either way should return a string representation of the certificate
- protected abstract function fetch_private_cert(&$request);
-
+ protected abstract function fetch_private_cert(&$request); + public function build_signature($request, $consumer, $token) {
- $base_string = $request->get_signature_base_string();
- $request->base_string = $base_string;
-
- // Fetch the private key cert based on the request
- $cert = $this->fetch_private_cert($request);
-
- // Pull the private key ID from the certificate
- $privatekeyid = openssl_get_privatekey($cert);
-
- // Sign using the key
- $ok = openssl_sign($base_string, $signature, $privatekeyid);
-
- // Release the key resource
- openssl_free_key($privatekeyid);
-
- return base64_encode($signature);
- }
-
+ $base_string = $request->get_signature_base_string();
+ $request->base_string = $base_string; + + // Fetch the private key cert based on the request
+ $cert = $this->fetch_private_cert($request); + + // Pull the private key ID from the certificate
+ $privatekeyid = openssl_get_privatekey($cert); + + // Sign using the key
+ $ok = openssl_sign($base_string, $signature, $privatekeyid); + + // Release the key resource
+ openssl_free_key($privatekeyid); + + return base64_encode($signature);
+ } + public function check_signature($request, $consumer, $token, $signature) {
- $decoded_sig = base64_decode($signature);
-
- $base_string = $request->get_signature_base_string();
-
- // Fetch the public key cert based on the request
- $cert = $this->fetch_public_cert($request);
-
- // Pull the public key ID from the certificate
- $publickeyid = openssl_get_publickey($cert);
-
- // Check the computed signature against the one passed in the query
- $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
-
- // Release the key resource
- openssl_free_key($publickeyid);
-
- return $ok == 1;
+ $decoded_sig = base64_decode($signature); + + $base_string = $request->get_signature_base_string(); + + // Fetch the public key cert based on the request
+ $cert = $this->fetch_public_cert($request); + + // Pull the public key ID from the certificate
+ $publickeyid = openssl_get_publickey($cert); + + // Check the computed signature against the one passed in the query
+ $ok = openssl_verify($base_string, $decoded_sig, $publickeyid); + + // Release the key resource
+ openssl_free_key($publickeyid); + + return $ok == 1;
}
-}
-
+} + class OAuthRequest {
protected $parameters;
protected $http_method;
@@ -245,133 +245,132 @@ class OAuthRequest { // for debug purposes
public $base_string;
public static $version = '1.0';
- public static $POST_INPUT = 'php://input';
-
+ public static $POST_INPUT = 'php://input'; + function __construct($http_method, $http_url, $parameters=null) {
- $parameters = ($parameters) ? $parameters : array();
- $parameters = array_merge( OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
- $this->parameters = $parameters;
- $this->http_method = $http_method;
- $this->http_url = $http_url;
- }
-
-
+ $parameters = ($parameters) ? $parameters : [];
+ $parameters = array_merge( OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
+ $this->parameters = $parameters;
+ $this->http_method = $http_method;
+ $this->http_url = $http_url;
+ } + /**
* attempt to build up a request from what was passed to the server
*/
public static function from_request($http_method=null, $http_url=null, $parameters=null) {
- $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
- ? 'http'
- : 'https';
- if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
- $scheme = $_SERVER['HTTP_X_FORWARDED_PROTO'];
- }
- $http_url = ($http_url) ? $http_url : $scheme .
- '://' . $_SERVER['SERVER_NAME'] .
- ':' .
- $_SERVER['SERVER_PORT'] .
- $_SERVER['REQUEST_URI'];
- $http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD'];
-
- // We weren't handed any parameters, so let's find the ones relevant to
- // this request.
- // If you run XML-RPC or similar you should use this to provide your own
- // parsed parameter-list
- if (!$parameters) {
- // Find request headers
- $request_headers = OAuthUtil::get_headers();
-
- // Parse the query-string to find GET parameters
- $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
-
- // It's a POST request of the proper content-type, so parse POST
- // parameters and add those overriding any duplicates from GET
- if ($http_method == "POST"
- && isset($request_headers['Content-Type'])
- && strstr($request_headers['Content-Type'],
- 'application/x-www-form-urlencoded')
- ) {
- $post_data = OAuthUtil::parse_parameters(
- file_get_contents(self::$POST_INPUT)
- );
- $parameters = array_merge($parameters, $post_data);
- }
-
- // We have a Authorization-header with OAuth data. Parse the header
- // and add those overriding any duplicates from GET or POST
- if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
- $header_parameters = OAuthUtil::split_header(
- $request_headers['Authorization']
- );
- $parameters = array_merge($parameters, $header_parameters);
- }
-
- }
-
- return new OAuthRequest($http_method, $http_url, $parameters);
- }
-
+ $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
+ ? 'http'
+ : 'https';
+ if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+ $scheme = $_SERVER['HTTP_X_FORWARDED_PROTO'];
+ }
+ $http_url = ($http_url) ? $http_url : $scheme .
+ '://' . $_SERVER['SERVER_NAME'] .
+ ':' .
+ $_SERVER['SERVER_PORT'] .
+ $_SERVER['REQUEST_URI'];
+ $http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD']; + + // We weren't handed any parameters, so let's find the ones relevant to
+ // this request.
+ // If you run XML-RPC or similar you should use this to provide your own
+ // parsed parameter-list
+ if (!$parameters) {
+ // Find request headers
+ $request_headers = OAuthUtil::get_headers(); + + // Parse the query-string to find GET parameters
+ $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']); + + // It's a POST request of the proper content-type, so parse POST
+ // parameters and add those overriding any duplicates from GET
+ if ($http_method == "POST"
+ && isset($request_headers['Content-Type'])
+ && strstr($request_headers['Content-Type'],
+ 'application/x-www-form-urlencoded', )
+ ) {
+ $post_data = OAuthUtil::parse_parameters(
+ file_get_contents(self::$POST_INPUT),
+ );
+ $parameters = array_merge($parameters, $post_data);
+ } + + // We have a Authorization-header with OAuth data. Parse the header
+ // and add those overriding any duplicates from GET or POST
+ if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
+ $header_parameters = OAuthUtil::split_header(
+ $request_headers['Authorization'],
+ );
+ $parameters = array_merge($parameters, $header_parameters);
+ } + + } + + return new OAuthRequest($http_method, $http_url, $parameters);
+ } + /**
* pretty much a helper function to set up the request
*/
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=null) {
- $parameters = ($parameters) ? $parameters : array();
- $defaults = array("oauth_version" => OAuthRequest::$version,
- "oauth_nonce" => OAuthRequest::generate_nonce(),
- "oauth_timestamp" => OAuthRequest::generate_timestamp(),
- "oauth_consumer_key" => $consumer->key);
- if ($token)
- $defaults['oauth_token'] = $token->key;
-
- $parameters = array_merge($defaults, $parameters);
-
- return new OAuthRequest($http_method, $http_url, $parameters);
- }
-
+ $parameters = ($parameters) ? $parameters : [];
+ $defaults = ["oauth_version" => OAuthRequest::$version,
+ "oauth_nonce" => OAuthRequest::generate_nonce(),
+ "oauth_timestamp" => OAuthRequest::generate_timestamp(),
+ "oauth_consumer_key" => $consumer->key, ];
+ if ($token)
+ $defaults['oauth_token'] = $token->key; + + $parameters = array_merge($defaults, $parameters); + + return new OAuthRequest($http_method, $http_url, $parameters);
+ } + public function set_parameter($name, $value, $allow_duplicates = true) {
- if ($allow_duplicates && isset($this->parameters[$name])) {
- // We have already added parameter(s) with this name, so add to the list
- if (is_scalar($this->parameters[$name])) {
- // This is the first duplicate, so transform scalar (string)
- // into an array so we can add the duplicates
- $this->parameters[$name] = array($this->parameters[$name]);
- }
-
- $this->parameters[$name][] = $value;
- } else {
- $this->parameters[$name] = $value;
- }
- }
-
+ if ($allow_duplicates && isset($this->parameters[$name])) {
+ // We have already added parameter(s) with this name, so add to the list
+ if (is_scalar($this->parameters[$name])) {
+ // This is the first duplicate, so transform scalar (string)
+ // into an array so we can add the duplicates
+ $this->parameters[$name] = [$this->parameters[$name]];
+ } + + $this->parameters[$name][] = $value;
+ } else {
+ $this->parameters[$name] = $value;
+ }
+ } + public function get_parameter($name) {
- return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
- }
-
+ return $this->parameters[$name] ?? null;
+ } + public function get_parameters() {
- return $this->parameters;
- }
-
+ return $this->parameters;
+ } + public function unset_parameter($name) {
- unset($this->parameters[$name]);
- }
-
+ unset($this->parameters[$name]);
+ } + /**
* The request parameters, sorted and concatenated into a normalized string.
* @return string
*/
public function get_signable_parameters() {
- // Grab all parameters
- $params = $this->parameters;
-
- // Remove oauth_signature if present
- // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
- if (isset($params['oauth_signature'])) {
- unset($params['oauth_signature']);
- }
-
- return OAuthUtil::build_http_query($params);
- }
-
+ // Grab all parameters
+ $params = $this->parameters; + + // Remove oauth_signature if present
+ // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
+ if (isset($params['oauth_signature'])) {
+ unset($params['oauth_signature']);
+ } + + return OAuthUtil::build_http_query($params);
+ } + /**
* Returns the base string of this request
*
@@ -380,522 +379,520 @@ class OAuthRequest { * and the concated with &.
*/
public function get_signature_base_string() {
- $parts = array(
- $this->get_normalized_http_method(),
- $this->get_normalized_http_url(),
- $this->get_signable_parameters()
- );
-
- $parts = OAuthUtil::urlencode_rfc3986($parts);
-
- return implode('&', $parts);
- }
-
+ $parts = [
+ $this->get_normalized_http_method(),
+ $this->get_normalized_http_url(),
+ $this->get_signable_parameters(),
+ ]; + + $parts = OAuthUtil::urlencode_rfc3986($parts); + + return implode('&', $parts);
+ } + /**
* just uppercases the http method
*/
public function get_normalized_http_method() {
- return strtoupper($this->http_method);
- }
-
+ return strtoupper($this->http_method);
+ } + /**
* parses the url and rebuilds it to be
* scheme://host/path
*/
public function get_normalized_http_url() {
- $parts = parse_url($this->http_url);
-
- $scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
- $port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
- $host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
- $path = (isset($parts['path'])) ? $parts['path'] : '';
-
- if (($scheme == 'https' && $port != '443')
- || ($scheme == 'http' && $port != '80')) {
- $host = "$host:$port";
- }
- return "$scheme://$host$path";
- }
-
+ $parts = parse_url($this->http_url); + + $scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
+ $port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
+ $host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
+ $path = (isset($parts['path'])) ? $parts['path'] : ''; + + if (($scheme == 'https' && $port != '443')
+ || ($scheme == 'http' && $port != '80')) {
+ $host = "$host:$port";
+ }
+ return "$scheme://$host$path";
+ } + /**
* builds a url usable for a GET request
*/
public function to_url() {
- $post_data = $this->to_postdata();
- $out = $this->get_normalized_http_url();
- if ($post_data) {
- $out .= '?'.$post_data;
- }
- return $out;
- }
-
+ $post_data = $this->to_postdata();
+ $out = $this->get_normalized_http_url();
+ if ($post_data) {
+ $out .= '?'.$post_data;
+ }
+ return $out;
+ } + /**
* builds the data one would send in a POST request
*/
public function to_postdata() {
- return OAuthUtil::build_http_query($this->parameters);
- }
-
+ return OAuthUtil::build_http_query($this->parameters);
+ } + /**
* builds the Authorization: header
*/
public function to_header($realm=null) {
- $first = true;
+ $first = true;
if($realm) {
- $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
- $first = false;
- } else
- $out = 'Authorization: OAuth';
-
- $total = array();
- foreach ($this->parameters as $k => $v) {
- if (substr($k, 0, 5) != "oauth") continue;
- if (is_array($v)) {
- throw new OAuthException('arrays not supported in headers');
- }
- $out .= ($first) ? ' ' : ',';
- $out .= OAuthUtil::urlencode_rfc3986($k) .
- '="' .
- OAuthUtil::urlencode_rfc3986($v) .
- '"';
- $first = false;
- }
- return $out;
- }
-
+ $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
+ $first = false;
+ } else
+ $out = 'Authorization: OAuth'; + + $total = [];
+ foreach ($this->parameters as $k => $v) {
+ if (substr($k, 0, 5) != "oauth") continue;
+ if (is_array($v)) {
+ throw new OAuthException('arrays not supported in headers'); + }
+ $out .= ($first) ? ' ' : ',';
+ $out .= OAuthUtil::urlencode_rfc3986($k) .
+ '="' .
+ OAuthUtil::urlencode_rfc3986($v) .
+ '"';
+ $first = false;
+ }
+ return $out;
+ } + public function __toString() {
- return $this->to_url();
- }
-
-
+ return $this->to_url();
+ } + public function sign_request($signature_method, $consumer, $token) {
- $this->set_parameter(
- "oauth_signature_method",
- $signature_method->get_name(),
- false
- );
- $signature = $this->build_signature($signature_method, $consumer, $token);
- $this->set_parameter("oauth_signature", $signature, false);
- }
-
+ $this->set_parameter(
+ "oauth_signature_method",
+ $signature_method->get_name(),
+ false,
+ );
+ $signature = $this->build_signature($signature_method, $consumer, $token);
+ $this->set_parameter("oauth_signature", $signature, false);
+ } + public function build_signature($signature_method, $consumer, $token) {
- $signature = $signature_method->build_signature($this, $consumer, $token);
- return $signature;
- }
-
+ $signature = $signature_method->build_signature($this, $consumer, $token);
+ return $signature;
+ } + /**
* util function: current timestamp
*/
private static function generate_timestamp() {
- return time();
- }
-
+ return time();
+ } + /**
* util function: current nonce
*/
private static function generate_nonce() {
- $mt = microtime();
- $rand = mt_rand();
-
- return md5($mt . $rand); // md5s look nicer than numbers
+ $mt = microtime();
+ $rand = mt_rand(); + + return md5($mt . $rand); // md5s look nicer than numbers
}
-}
-
+} + class OAuthServer {
protected $timestamp_threshold = 300; // in seconds, five minutes
protected $version = '1.0'; // hi blaine
- protected $signature_methods = array();
-
- protected $data_store;
-
+ protected $signature_methods = []; + + protected $data_store; + function __construct($data_store) {
- $this->data_store = $data_store;
- }
-
+ $this->data_store = $data_store;
+ } + public function add_signature_method($signature_method) {
- $this->signature_methods[$signature_method->get_name()] =
- $signature_method;
- }
-
- // high level functions
-
+ $this->signature_methods[$signature_method->get_name()] =
+ $signature_method;
+ } + + // high level functions + /**
* process a request_token request
* returns the request token on success
*/
public function fetch_request_token(&$request) {
- $this->get_version($request);
-
- $consumer = $this->get_consumer($request);
-
- // no token required for the initial token request
- $token = null;
-
- $this->check_signature($request, $consumer, $token);
-
- // Rev A change
- $callback = $request->get_parameter('oauth_callback');
- $new_token = $this->data_store->new_request_token($consumer, $callback);
-
- return $new_token;
- }
-
+ $this->get_version($request); + + $consumer = $this->get_consumer($request); + + // no token required for the initial token request
+ $token = null; + + $this->check_signature($request, $consumer, $token); + + // Rev A change
+ $callback = $request->get_parameter('oauth_callback');
+ $new_token = $this->data_store->new_request_token($consumer, $callback); + + return $new_token;
+ } + /**
* process an access_token request
* returns the access token on success
*/
public function fetch_access_token(&$request) {
- $this->get_version($request);
-
- $consumer = $this->get_consumer($request);
-
- // requires authorized request token
- $token = $this->get_token($request, $consumer, "request");
-
- $this->check_signature($request, $consumer, $token);
-
- // Rev A change
- $verifier = $request->get_parameter('oauth_verifier');
- $new_token = $this->data_store->new_access_token($token, $consumer, $verifier);
-
- return $new_token;
- }
-
+ $this->get_version($request); + + $consumer = $this->get_consumer($request); + + // requires authorized request token
+ $token = $this->get_token($request, $consumer, "request"); + + $this->check_signature($request, $consumer, $token); + + // Rev A change
+ $verifier = $request->get_parameter('oauth_verifier');
+ $new_token = $this->data_store->new_access_token($token, $consumer, $verifier); + + return $new_token;
+ } + /**
* verify an api call, checks all the parameters
*/
public function verify_request(&$request) {
- $this->get_version($request);
- $consumer = $this->get_consumer($request);
- $token = $this->get_token($request, $consumer, "access");
- $this->check_signature($request, $consumer, $token);
- return array($consumer, $token);
- }
-
+ $this->get_version($request);
+ $consumer = $this->get_consumer($request);
+ $token = $this->get_token($request, $consumer, "access");
+ $this->check_signature($request, $consumer, $token);
+ return [$consumer, $token];
+ } + // Internals from here
/**
* version 1
*/
private function get_version(&$request) {
- $version = $request->get_parameter("oauth_version");
- if (!$version) {
- // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
- // Chapter 7.0 ("Accessing Protected Ressources")
- $version = '1.0';
- }
- if ($version !== $this->version) {
- throw new OAuthException("OAuth version '$version' not supported");
- }
- return $version;
- }
-
+ $version = $request->get_parameter("oauth_version");
+ if (!$version) {
+ // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
+ // Chapter 7.0 ("Accessing Protected Ressources")
+ $version = '1.0';
+ }
+ if ($version !== $this->version) {
+ throw new OAuthException("OAuth version '$version' not supported"); + }
+ return $version;
+ } + /**
* figure out the signature with some defaults
*/
private function get_signature_method($request) {
- $signature_method = $request instanceof OAuthRequest
- ? $request->get_parameter("oauth_signature_method")
- : null;
-
- if (!$signature_method) {
- // According to chapter 7 ("Accessing Protected Ressources") the signature-method
- // parameter is required, and we can't just fallback to PLAINTEXT
- throw new OAuthException('No signature method parameter. This parameter is required');
- }
-
- if (!in_array($signature_method,
- array_keys($this->signature_methods))) {
- throw new OAuthException(
- "Signature method '$signature_method' not supported " .
- "try one of the following: " .
- implode(", ", array_keys($this->signature_methods))
- );
- }
- return $this->signature_methods[$signature_method];
- }
-
+ $signature_method = $request instanceof OAuthRequest
+ ? $request->get_parameter("oauth_signature_method")
+ : null; + + if (!$signature_method) {
+ // According to chapter 7 ("Accessing Protected Ressources") the signature-method
+ // parameter is required, and we can't just fallback to PLAINTEXT
+ throw new OAuthException('No signature method parameter. This parameter is required'); + } + + if (!in_array($signature_method,
+ array_keys($this->signature_methods), )) {
+ throw new OAuthException( + "Signature method '$signature_method' not supported " .
+ "try one of the following: " .
+ implode(", ", array_keys($this->signature_methods)),
+ );
+ }
+ return $this->signature_methods[$signature_method];
+ } + /**
* try to find the consumer for the provided request's consumer key
*/
private function get_consumer($request) {
- $consumer_key = $request instanceof OAuthRequest
- ? $request->get_parameter("oauth_consumer_key")
- : null;
-
- if (!$consumer_key) {
- throw new OAuthException("Invalid consumer key");
- }
-
- $consumer = $this->data_store->lookup_consumer($consumer_key);
- if (!$consumer) {
- throw new OAuthException("Invalid consumer");
- }
-
- return $consumer;
- }
-
+ $consumer_key = $request instanceof OAuthRequest
+ ? $request->get_parameter("oauth_consumer_key")
+ : null; + + if (!$consumer_key) {
+ throw new OAuthException("Invalid consumer key"); + } + + $consumer = $this->data_store->lookup_consumer($consumer_key);
+ if (!$consumer) {
+ throw new OAuthException("Invalid consumer"); + } + + return $consumer;
+ } + /**
* try to find the token for the provided request's token key
*/
private function get_token($request, $consumer, $token_type="access") {
- $token_field = $request instanceof OAuthRequest
- ? $request->get_parameter('oauth_token')
- : null;
-
- $token = $this->data_store->lookup_token(
- $consumer, $token_type, $token_field
- );
- if (!$token) {
- throw new OAuthException("Invalid $token_type token: $token_field");
- }
- return $token;
- }
-
+ $token_field = $request instanceof OAuthRequest
+ ? $request->get_parameter('oauth_token')
+ : null; + + $token = $this->data_store->lookup_token(
+ $consumer, $token_type, $token_field,
+ );
+ if (!$token) {
+ throw new OAuthException("Invalid $token_type token: $token_field"); + }
+ return $token;
+ } + /**
* all-in-one function to check the signature on a request
* should guess the signature method appropriately
*/
private function check_signature($request, $consumer, $token) {
- // this should probably be in a different method
- $timestamp = $request instanceof OAuthRequest
- ? $request->get_parameter('oauth_timestamp')
- : null;
- $nonce = $request instanceof OAuthRequest
- ? $request->get_parameter('oauth_nonce')
- : null;
-
- $this->check_timestamp($timestamp);
- $this->check_nonce($consumer, $token, $nonce, $timestamp);
-
- $signature_method = $this->get_signature_method($request);
-
- $signature = $request->get_parameter('oauth_signature');
- $valid_sig = $signature_method->check_signature(
- $request,
- $consumer,
- $token,
- $signature
- );
-
- if (!$valid_sig) {
- throw new OAuthException("Invalid signature");
- }
- }
-
+ // this should probably be in a different method
+ $timestamp = $request instanceof OAuthRequest
+ ? $request->get_parameter('oauth_timestamp')
+ : null;
+ $nonce = $request instanceof OAuthRequest
+ ? $request->get_parameter('oauth_nonce')
+ : null; + + $this->check_timestamp($timestamp);
+ $this->check_nonce($consumer, $token, $nonce, $timestamp); + + $signature_method = $this->get_signature_method($request); + + $signature = $request->get_parameter('oauth_signature');
+ $valid_sig = $signature_method->check_signature(
+ $request,
+ $consumer,
+ $token,
+ $signature,
+ ); + + if (!$valid_sig) {
+ throw new OAuthException("Invalid signature"); + }
+ } + /**
* check that the timestamp is new enough
*/
private function check_timestamp($timestamp) {
- if( ! $timestamp )
- throw new OAuthException(
- 'Missing timestamp parameter. The parameter is required'
- );
-
- // verify that timestamp is recentish
- $now = time();
- if (abs($now - $timestamp) > $this->timestamp_threshold) {
- throw new OAuthException(
- "Expired timestamp, yours $timestamp, ours $now"
- );
- }
- }
-
+ if( ! $timestamp )
+ throw new OAuthException(
+ 'Missing timestamp parameter. The parameter is required',
+ ); + + // verify that timestamp is recentish
+ $now = time();
+ if (abs($now - $timestamp) > $this->timestamp_threshold) {
+ throw new OAuthException( + "Expired timestamp, yours $timestamp, ours $now",
+ );
+ }
+ } + /**
* check that the nonce is not repeated
*/
private function check_nonce($consumer, $token, $nonce, $timestamp) {
- if( ! $nonce )
- throw new OAuthException(
- 'Missing nonce parameter. The parameter is required'
- );
-
- // verify that the nonce is uniqueish
- $found = $this->data_store->lookup_nonce(
- $consumer,
- $token,
- $nonce,
- $timestamp
- );
- if ($found) {
- throw new OAuthException("Nonce already used: $nonce");
- }
- }
-
-}
-
+ if( ! $nonce )
+ throw new OAuthException(
+ 'Missing nonce parameter. The parameter is required',
+ ); + + // verify that the nonce is uniqueish
+ $found = $this->data_store->lookup_nonce(
+ $consumer,
+ $token,
+ $nonce,
+ $timestamp,
+ );
+ if ($found) {
+ throw new OAuthException("Nonce already used: $nonce"); + }
+ } + +} + class OAuthDataStore {
function lookup_consumer($consumer_key) {
- // implement me
- }
-
+ // implement me
+ } + function lookup_token($consumer, $token_type, $token) {
- // implement me
- }
-
+ // implement me
+ } + function lookup_nonce($consumer, $token, $nonce, $timestamp) {
- // implement me
- }
-
+ // implement me
+ } + function new_request_token($consumer, $callback = null) {
- // return a new token attached to this consumer
- }
-
+ // return a new token attached to this consumer
+ } + function new_access_token($token, $consumer, $verifier = null) {
- // return a new access token attached to this consumer
- // for the user associated with this token if the request token
- // is authorized
- // should also invalidate the request token
- }
-
-}
-
+ // return a new access token attached to this consumer
+ // for the user associated with this token if the request token
+ // is authorized
+ // should also invalidate the request token
+ } + +} + class OAuthUtil {
public static function urlencode_rfc3986($input) {
if (is_array($input)) {
- return array_map(array('OAuthUtil', 'urlencode_rfc3986'), $input);
+ return array_map(['OAuthUtil', 'urlencode_rfc3986'], $input);
} else if (is_scalar($input)) {
- return str_replace(
- '+',
- ' ',
- str_replace('%7E', '~', rawurlencode($input))
- );
+ return str_replace(
+ '+',
+ ' ',
+ str_replace('%7E', '~', rawurlencode($input)),
+ );
} else {
- return '';
+ return '';
}
-}
-
-
+} + // This decode function isn't taking into consideration the above
// modifications to the encoding process. However, this method doesn't
// seem to be used anywhere so leaving it as is.
public static function urldecode_rfc3986($string) {
- return urldecode($string);
- }
-
+ return urldecode($string);
+ } + // Utility function for turning the Authorization: header into
// parameters, has to do some unescaping
// Can filter out any non-oauth parameters if needed (default behaviour)
// May 28th, 2010 - method updated to tjerk.meesters for a speed improvement.
// see http://code.google.com/p/oauth/issues/detail?id=163
public static function split_header($header, $only_allow_oauth_parameters = true) {
- $params = array();
- if (preg_match_all('/('.($only_allow_oauth_parameters ? 'oauth_' : '').'[a-z_-]*)=(:?"([^"]*)"|([^,]*))/', $header, $matches)) {
- foreach ($matches[1] as $i => $h) {
- $params[$h] = OAuthUtil::urldecode_rfc3986(empty($matches[3][$i]) ? $matches[4][$i] : $matches[3][$i]);
- }
- if (isset($params['realm'])) {
- unset($params['realm']);
- }
- }
- return $params;
- }
-
+ $params = [];
+ if (preg_match_all('/('.($only_allow_oauth_parameters ? 'oauth_' : '').'[a-z_-]*)=(:?"([^"]*)"|([^,]*))/', $header, $matches)) {
+ foreach ($matches[1] as $i => $h) {
+ $params[$h] = OAuthUtil::urldecode_rfc3986(empty($matches[3][$i]) ? $matches[4][$i] : $matches[3][$i]);
+ }
+ if (isset($params['realm'])) {
+ unset($params['realm']);
+ }
+ }
+ return $params;
+ } + // helper to try to sort out headers for people who aren't running apache
public static function get_headers() {
- if (function_exists('apache_request_headers')) {
- // we need this to get the actual Authorization: header
- // because apache tends to tell us it doesn't exist
- $headers = apache_request_headers();
-
- // sanitize the output of apache_request_headers because
- // we always want the keys to be Cased-Like-This and arh()
- // returns the headers in the same case as they are in the
- // request
- $out = array();
- foreach ($headers AS $key => $value) {
- $key = str_replace(
- " ",
- "-",
- ucwords(strtolower(str_replace("-", " ", $key)))
- );
- $out[$key] = $value;
- }
- } else {
- // otherwise we don't have apache and are just going to have to hope
- // that $_SERVER actually contains what we need
- $out = array();
- if( isset($_SERVER['CONTENT_TYPE']) )
- $out['Content-Type'] = $_SERVER['CONTENT_TYPE'];
- if( isset($_ENV['CONTENT_TYPE']) )
- $out['Content-Type'] = $_ENV['CONTENT_TYPE'];
-
- foreach ($_SERVER as $key => $value) {
- if (substr($key, 0, 5) == "HTTP_") {
- // this is chaos, basically it is just there to capitalize the first
- // letter of every word that is not an initial HTTP and strip HTTP
- // code from przemek
- $key = str_replace(
- " ",
- "-",
- ucwords(strtolower(str_replace("_", " ", substr($key, 5))))
- );
- $out[$key] = $value;
- }
- }
- }
- return $out;
- }
-
+ if (function_exists('apache_request_headers')) {
+ // we need this to get the actual Authorization: header
+ // because apache tends to tell us it doesn't exist
+ $headers = apache_request_headers(); + + // sanitize the output of apache_request_headers because
+ // we always want the keys to be Cased-Like-This and arh()
+ // returns the headers in the same case as they are in the
+ // request
+ $out = [];
+ foreach ($headers AS $key => $value) {
+ $key = str_replace(
+ " ",
+ "-",
+ ucwords(strtolower(str_replace("-", " ", $key))),
+ );
+ $out[$key] = $value;
+ }
+ } else {
+ // otherwise we don't have apache and are just going to have to hope
+ // that $_SERVER actually contains what we need
+ $out = [];
+ if( isset($_SERVER['CONTENT_TYPE']) )
+ $out['Content-Type'] = $_SERVER['CONTENT_TYPE'];
+ if( isset($_ENV['CONTENT_TYPE']) )
+ $out['Content-Type'] = $_ENV['CONTENT_TYPE']; + + foreach ($_SERVER as $key => $value) {
+ if (substr($key, 0, 5) == "HTTP_") {
+ // this is chaos, basically it is just there to capitalize the first
+ // letter of every word that is not an initial HTTP and strip HTTP
+ // code from przemek
+ $key = str_replace(
+ " ",
+ "-",
+ ucwords(strtolower(str_replace("_", " ", substr($key, 5)))),
+ );
+ $out[$key] = $value;
+ }
+ }
+ }
+ return $out;
+ } + // This function takes a input like a=b&a=c&d=e and returns the parsed
// parameters like this
// array('a' => array('b','c'), 'd' => 'e')
public static function parse_parameters( $input ) {
- if (!isset($input) || !$input) return array();
-
- $pairs = explode('&', $input);
-
- $parsed_parameters = array();
- foreach ($pairs as $pair) {
- $split = explode('=', $pair, 2);
- $parameter = OAuthUtil::urldecode_rfc3986($split[0]);
- $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : '';
-
- if (isset($parsed_parameters[$parameter])) {
- // We have already recieved parameter(s) with this name, so add to the list
- // of parameters with this name
-
- if (is_scalar($parsed_parameters[$parameter])) {
- // This is the first duplicate, so transform scalar (string) into an array
- // so we can add the duplicates
- $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]);
- }
-
- $parsed_parameters[$parameter][] = $value;
- } else {
- $parsed_parameters[$parameter] = $value;
- }
- }
- return $parsed_parameters;
- }
-
+ if (!isset($input) || !$input) return []; + + $pairs = explode('&', $input); + + $parsed_parameters = [];
+ foreach ($pairs as $pair) {
+ $split = explode('=', $pair, 2);
+ $parameter = OAuthUtil::urldecode_rfc3986($split[0]);
+ $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : ''; + + if (isset($parsed_parameters[$parameter])) {
+ // We have already recieved parameter(s) with this name, so add to the list
+ // of parameters with this name + + if (is_scalar($parsed_parameters[$parameter])) {
+ // This is the first duplicate, so transform scalar (string) into an array
+ // so we can add the duplicates
+ $parsed_parameters[$parameter] = [$parsed_parameters[$parameter]];
+ } + + $parsed_parameters[$parameter][] = $value;
+ } else {
+ $parsed_parameters[$parameter] = $value;
+ }
+ }
+ return $parsed_parameters;
+ } + public static function build_http_query($params) {
- if (!$params) return '';
-
- // Urlencode both keys and values
- $keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
- $values = OAuthUtil::urlencode_rfc3986(array_values($params));
- $params = array_combine($keys, $values);
-
- // Parameters are sorted by name, using lexicographical byte value ordering.
- // Ref: Spec: 9.1.1 (1)
- uksort($params, 'strcmp');
-
- $pairs = array();
- foreach ($params as $parameter => $value) {
- if (is_array($value)) {
- // If two or more parameters share the same name, they are sorted by their value
- // Ref: Spec: 9.1.1 (1)
- // June 12th, 2010 - changed to sort because of issue 164 by hidetaka
- sort($value, SORT_STRING);
- foreach ($value as $duplicate_value) {
- $pairs[] = $parameter . '=' . $duplicate_value;
- }
- } else {
- $pairs[] = $parameter . '=' . $value;
- }
- }
- // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
- // Each name-value pair is separated by an '&' character (ASCII code 38)
- return implode('&', $pairs);
+ if (!$params) return ''; + + // Urlencode both keys and values
+ $keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
+ $values = OAuthUtil::urlencode_rfc3986(array_values($params));
+ $params = array_combine($keys, $values); + + // Parameters are sorted by name, using lexicographical byte value ordering.
+ // Ref: Spec: 9.1.1 (1)
+ uksort($params, 'strcmp'); + + $pairs = [];
+ foreach ($params as $parameter => $value) {
+ if (is_array($value)) {
+ // If two or more parameters share the same name, they are sorted by their value
+ // Ref: Spec: 9.1.1 (1)
+ // June 12th, 2010 - changed to sort because of issue 164 by hidetaka
+ sort($value, SORT_STRING);
+ foreach ($value as $duplicate_value) {
+ $pairs[] = $parameter . '=' . $duplicate_value;
+ }
+ } else {
+ $pairs[] = $parameter . '=' . $value;
+ }
+ }
+ // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
+ // Each name-value pair is separated by an '&' character (ASCII code 38)
+ return implode('&', $pairs);
}
-}
+} diff --git a/hauth/Hybrid/thirdparty/OAuth/OAuth1Client.php b/hauth/Hybrid/thirdparty/OAuth/OAuth1Client.php index 64c03c8..2cdf249 100644 --- a/hauth/Hybrid/thirdparty/OAuth/OAuth1Client.php +++ b/hauth/Hybrid/thirdparty/OAuth/OAuth1Client.php @@ -52,20 +52,20 @@ class OAuth1Client{ * * @return string */ - function authorizeUrl( $token, $extras =array() ) + function authorizeUrl( $token, $extras =[] ) { if ( is_array( $token ) ){ $token = $token['oauth_token']; } - $parameters = array( "oauth_token" => $token ); + $parameters = [ "oauth_token" => $token ]; if( count($extras) ) foreach( $extras as $k=>$v ) $parameters[$k] = $v; return $this->authorize_url . "?" . http_build_query( $parameters ); - } + } /** * Get a request_token from provider @@ -74,7 +74,7 @@ class OAuth1Client{ */ function requestToken( $callback = null ) { - $parameters = array(); + $parameters = []; if ( $callback ) { $this->redirect_uri = $parameters['oauth_callback'] = $callback; @@ -94,7 +94,7 @@ class OAuth1Client{ */ function accessToken( $oauth_verifier = false, $oauth_token = false ) { - $parameters = array(); + $parameters = []; // 1.0a if ( $oauth_verifier ) { @@ -111,7 +111,7 @@ class OAuth1Client{ /** * GET wrapper for provider apis request */ - function get($url, $parameters = array(), $content_type = null) + function get($url, $parameters = [], $content_type = null) { return $this->api($url, 'GET', $parameters, null, $content_type); } @@ -119,7 +119,7 @@ class OAuth1Client{ /** * POST wrapper for provider apis request */ - function post($url, $parameters = array(), $body = null, $content_type = null, $multipart = false) + function post($url, $parameters = [], $body = null, $content_type = null, $multipart = false) { return $this->api($url, 'POST', $parameters, $body, $content_type, $multipart ); } @@ -127,7 +127,7 @@ class OAuth1Client{ /** * Format and sign an oauth for provider api */ - function api( $url, $method = 'GET', $parameters = array(), $body = null, $content_type = null, $multipart = false ) + function api( $url, $method = 'GET', $parameters = [], $body = null, $content_type = null, $multipart = false ) { if ( strrpos($url, 'http://') !== 0 && strrpos($url, 'https://') !== 0 ) { $url = $this->api_base_url . $url; @@ -149,7 +149,7 @@ class OAuth1Client{ */ public function getResponse() { - return $this->response; + return $this->response; } /** @@ -158,14 +158,14 @@ class OAuth1Client{ function signedRequest( $url, $method, $parameters, $body = null, $content_type = null, $multipart = false ) { - $signature_parameters = array(); + $signature_parameters = []; - // when making a multipart request, use only oauth_* keys for signature - foreach( $parameters AS $key => $value ){ - if( !$multipart || strpos( $key, 'oauth_' ) === 0 ){ - $signature_parameters[$key] = $value; - } - } + // when making a multipart request, use only oauth_* keys for signature + foreach( $parameters AS $key => $value ){ + if( !$multipart || strpos( $key, 'oauth_' ) === 0 ){ + $signature_parameters[$key] = $value; + } + } $request = OAuthRequest::from_consumer_and_token($this->consumer, $this->token, $method, $url, $signature_parameters); $request->sign_request($this->sha1_method, $this->consumer, $this->token); @@ -174,7 +174,7 @@ class OAuth1Client{ default : if ($body) return $this->request( $request->to_url(), $method, $body, $request->to_header(), $content_type ); - else + return $this->request( $request->get_normalized_http_url(), $method, ($multipart ? $parameters : $request->to_postdata()), $request->to_header(), $content_type, $multipart ) ; } } @@ -187,7 +187,7 @@ class OAuth1Client{ Hybrid_Logger::info( "Enter OAuth1Client::request( $method, $url )" ); Hybrid_Logger::debug( "OAuth1Client::request(). dump post fields: ", serialize( $postfields ) ); - $this->http_info = array(); + $this->http_info = []; $ci = curl_init(); /* Curl settings */ @@ -195,16 +195,16 @@ class OAuth1Client{ curl_setopt( $ci, CURLOPT_CONNECTTIMEOUT, $this->curl_connect_time_out ); curl_setopt( $ci, CURLOPT_TIMEOUT , $this->curl_time_out ); curl_setopt( $ci, CURLOPT_RETURNTRANSFER, true ); - curl_setopt( $ci, CURLOPT_HTTPHEADER , array('Expect:') ); + curl_setopt( $ci, CURLOPT_HTTPHEADER , ['Expect:'] ); curl_setopt( $ci, CURLOPT_SSL_VERIFYPEER, $this->curl_ssl_verifypeer ); - curl_setopt( $ci, CURLOPT_HEADERFUNCTION, array($this, 'getHeader') ); + curl_setopt( $ci, CURLOPT_HEADERFUNCTION, [$this, 'getHeader'] ); curl_setopt( $ci, CURLOPT_HEADER , false ); - if( $multipart ){ - curl_setopt( $ci, CURLOPT_HTTPHEADER, array( 'Expect:', $auth_header ) ); + if( $multipart ){ + curl_setopt( $ci, CURLOPT_HTTPHEADER, [ 'Expect:', $auth_header ] ); - }elseif ($content_type) - curl_setopt( $ci, CURLOPT_HTTPHEADER, array('Expect:', "Content-Type: $content_type") ); + }elseif ($content_type) + curl_setopt( $ci, CURLOPT_HTTPHEADER, ['Expect:', "Content-Type: $content_type"] ); if($this->curl_proxy){ curl_setopt( $ci, CURLOPT_PROXY , $this->curl_proxy); @@ -219,7 +219,7 @@ class OAuth1Client{ } if ( !empty($auth_header) && $this->curl_auth_header && !$multipart ){ - curl_setopt( $ci, CURLOPT_HTTPHEADER, array( 'Content-Type: application/atom+xml', $auth_header ) ); + curl_setopt( $ci, CURLOPT_HTTPHEADER, [ 'Content-Type: application/atom+xml', $auth_header ] ); } break; case 'DELETE': @@ -235,7 +235,6 @@ class OAuth1Client{ Hybrid_Logger::error( "OAuth1Client::request(). curl_exec error: ", curl_error($ci) ); } - Hybrid_Logger::debug( "OAuth1Client::request(). dump request info: ", serialize( curl_getinfo($ci) ) ); Hybrid_Logger::debug( "OAuth1Client::request(). dump request result: ", serialize( $response ) ); diff --git a/hauth/Hybrid/thirdparty/OAuth/OAuth2Client.php b/hauth/Hybrid/thirdparty/OAuth/OAuth2Client.php index 0046d2c..568232d 100644 --- a/hauth/Hybrid/thirdparty/OAuth/OAuth2Client.php +++ b/hauth/Hybrid/thirdparty/OAuth/OAuth2Client.php @@ -30,7 +30,7 @@ class OAuth2Client public $curl_connect_time_out = 30; public $curl_ssl_verifypeer = false; public $curl_ssl_verifyhost = false; - public $curl_header = array(); + public $curl_header = []; public $curl_useragent = "OAuth/2 Simple PHP Client v0.1.1; HybridAuth http://hybridauth.sourceforge.net/"; public $curl_authenticate_method = "POST"; public $curl_proxy = null; @@ -45,108 +45,108 @@ class OAuth2Client public function __construct( $client_id = false, $client_secret = false, $redirect_uri='', $compressed = false ) { - $this->client_id = $client_id; - $this->client_secret = $client_secret; - $this->redirect_uri = $redirect_uri; - $this->curl_compressed = $compressed; + $this->client_id = $client_id; + $this->client_secret = $client_secret; + $this->redirect_uri = $redirect_uri; + $this->curl_compressed = $compressed; } - public function authorizeUrl( $extras = array() ) + public function authorizeUrl( $extras = [] ) { - $params = array( - "client_id" => $this->client_id, - "redirect_uri" => $this->redirect_uri, - "response_type" => "code" - ); + $params = [ + "client_id" => $this->client_id, + "redirect_uri" => $this->redirect_uri, + "response_type" => "code", + ]; - if( count($extras) ) - foreach( $extras as $k=>$v ) - $params[$k] = $v; + if( count($extras) ) + foreach( $extras as $k=>$v ) + $params[$k] = $v; - return $this->authorize_url . "?" . http_build_query($params, '', '&'); + return $this->authorize_url . "?" . http_build_query($params, '', '&'); } public function authenticate( $code ) { - $params = array( - "client_id" => $this->client_id, - "client_secret" => $this->client_secret, - "grant_type" => "authorization_code", - "redirect_uri" => $this->redirect_uri, - "code" => $code - ); + $params = [ + "client_id" => $this->client_id, + "client_secret" => $this->client_secret, + "grant_type" => "authorization_code", + "redirect_uri" => $this->redirect_uri, + "code" => $code, + ]; - $response = $this->request( $this->token_url, $params, $this->curl_authenticate_method ); + $response = $this->request( $this->token_url, $params, $this->curl_authenticate_method ); - $response = $this->parseRequestResult( $response ); + $response = $this->parseRequestResult( $response ); - if( ! $response || ! isset( $response->access_token ) ){ - throw new Exception( "The Authorization Service has return: " . $response->error ); - } + if( ! $response || ! isset( $response->access_token ) ){ + throw new Exception( "The Authorization Service has return: " . $response->error ); + } - if( isset( $response->access_token ) ) $this->access_token = $response->access_token; - if( isset( $response->refresh_token ) ) $this->refresh_token = $response->refresh_token; - if( isset( $response->expires_in ) ) $this->access_token_expires_in = $response->expires_in; + if( isset( $response->access_token ) ) $this->access_token = $response->access_token; + if( isset( $response->refresh_token ) ) $this->refresh_token = $response->refresh_token; + if( isset( $response->expires_in ) ) $this->access_token_expires_in = $response->expires_in; - // calculate when the access token expire - if( isset($response->expires_in)) { - $this->access_token_expires_at = time() + $response->expires_in; - } + // calculate when the access token expire + if( isset($response->expires_in)) { + $this->access_token_expires_at = time() + $response->expires_in; + } - return $response; + return $response; } public function authenticated() { - if ( $this->access_token ){ - if ( $this->token_info_url && $this->refresh_token ){ - // check if this access token has expired, - $tokeninfo = $this->tokenInfo( $this->access_token ); + if ( $this->access_token ){ + if ( $this->token_info_url && $this->refresh_token ){ + // check if this access token has expired, + $tokeninfo = $this->tokenInfo( $this->access_token ); - // if yes, access_token has expired, then ask for a new one - if( $tokeninfo && isset( $tokeninfo->error ) ){ - $response = $this->refreshToken( $this->refresh_token ); + // if yes, access_token has expired, then ask for a new one + if( $tokeninfo && isset( $tokeninfo->error ) ){ + $response = $this->refreshToken( $this->refresh_token ); - // if wrong response - if( ! isset( $response->access_token ) || ! $response->access_token ){ - throw new Exception( "The Authorization Service has return an invalid response while requesting a new access token. given up!" ); - } + // if wrong response + if( ! isset( $response->access_token ) || ! $response->access_token ){ + throw new Exception( "The Authorization Service has return an invalid response while requesting a new access token. given up!" ); + } - // set new access_token - $this->access_token = $response->access_token; - } - } + // set new access_token + $this->access_token = $response->access_token; + } + } - return true; - } + return true; + } - return false; + return false; } /** * Format and sign an oauth for provider api */ - public function api( $url, $method = "GET", $parameters = array(), $decode_json = true ) + public function api( $url, $method = "GET", $parameters = [], $decode_json = true ) { - if ( strrpos($url, 'http://') !== 0 && strrpos($url, 'https://') !== 0 ) { - $url = $this->api_base_url . $url; - } + if ( strrpos($url, 'http://') !== 0 && strrpos($url, 'https://') !== 0 ) { + $url = $this->api_base_url . $url; + } - $parameters[$this->sign_token_name] = $this->access_token; - $response = null; + $parameters[$this->sign_token_name] = $this->access_token; + $response = null; - switch( $method ){ - case 'GET' : $response = $this->request( $url, $parameters, "GET" ); break; - case 'POST' : $response = $this->request( $url, $parameters, "POST" ); break; - case 'DELETE' : $response = $this->request( $url, $parameters, "DELETE" ); break; - case 'PATCH' : $response = $this->request( $url, $parameters, "PATCH" ); break; - } + switch( $method ){ + case 'GET' : $response = $this->request( $url, $parameters, "GET" ); break; + case 'POST' : $response = $this->request( $url, $parameters, "POST" ); break; + case 'DELETE' : $response = $this->request( $url, $parameters, "DELETE" ); break; + case 'PATCH' : $response = $this->request( $url, $parameters, "PATCH" ); break; + } - if( $response && $decode_json ){ - return $this->response = json_decode( $response ); - } + if( $response && $decode_json ){ + return $this->response = json_decode( $response ); + } - return $this->response = $response; + return $this->response = $response; } /** @@ -156,147 +156,147 @@ class OAuth2Client */ public function getResponse() { - return $this->response; + return $this->response; } /** * GET wrapper for provider apis request */ - function get( $url, $parameters = array(), $decode_json = true ) + function get( $url, $parameters = [], $decode_json = true ) { - return $this->api( $url, 'GET', $parameters, $decode_json ); + return $this->api( $url, 'GET', $parameters, $decode_json ); } /** * POST wrapper for provider apis request */ - function post( $url, $parameters = array(), $decode_json = true ) + function post( $url, $parameters = [], $decode_json = true ) { - return $this->api( $url, 'POST', $parameters, $decode_json ); + return $this->api( $url, 'POST', $parameters, $decode_json ); } // -- tokens public function tokenInfo($accesstoken) { - $params['access_token'] = $this->access_token; - $response = $this->request( $this->token_info_url, $params ); - return $this->parseRequestResult( $response ); + $params['access_token'] = $this->access_token; + $response = $this->request( $this->token_info_url, $params ); + return $this->parseRequestResult( $response ); } - public function refreshToken( $parameters = array() ) + public function refreshToken( $parameters = [] ) { - $params = array( - "client_id" => $this->client_id, - "client_secret" => $this->client_secret, - "grant_type" => "refresh_token" - ); + $params = [ + "client_id" => $this->client_id, + "client_secret" => $this->client_secret, + "grant_type" => "refresh_token", + ]; - foreach($parameters as $k=>$v ){ - $params[$k] = $v; - } + foreach($parameters as $k=>$v ){ + $params[$k] = $v; + } - $response = $this->request( $this->token_url, $params, "POST" ); - return $this->parseRequestResult( $response ); + $response = $this->request( $this->token_url, $params, "POST" ); + return $this->parseRequestResult( $response ); } // -- utilities private function request( $url, $params=false, $type="GET" ) { - Hybrid_Logger::info( "Enter OAuth2Client::request( $url )" ); - Hybrid_Logger::debug( "OAuth2Client::request(). dump request params: ", serialize( $params ) ); + Hybrid_Logger::info( "Enter OAuth2Client::request( $url )" ); + Hybrid_Logger::debug( "OAuth2Client::request(). dump request params: ", serialize( $params ) ); $urlEncodedParams = http_build_query($params, '', '&'); - if( $type == "GET" ){ - $url = $url . ( strpos( $url, '?' ) ? '&' : '?' ) . $urlEncodedParams; - } + if( $type == "GET" ){ + $url = $url . ( strpos( $url, '?' ) ? '&' : '?' ) . $urlEncodedParams; + } - $this->http_info = array(); - $ch = curl_init(); + $this->http_info = []; + $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL , $url ); - curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1 ); - curl_setopt($ch, CURLOPT_TIMEOUT , $this->curl_time_out ); - curl_setopt($ch, CURLOPT_USERAGENT , $this->curl_useragent ); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out ); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , $this->curl_ssl_verifypeer ); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , $this->curl_ssl_verifyhost ); - curl_setopt($ch, CURLOPT_HTTPHEADER , $this->curl_header ); + curl_setopt($ch, CURLOPT_URL , $url ); + curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1 ); + curl_setopt($ch, CURLOPT_TIMEOUT , $this->curl_time_out ); + curl_setopt($ch, CURLOPT_USERAGENT , $this->curl_useragent ); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out ); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , $this->curl_ssl_verifypeer ); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , $this->curl_ssl_verifyhost ); + curl_setopt($ch, CURLOPT_HTTPHEADER , $this->curl_header ); - if ($this->curl_compressed){ - curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate"); - } + if ($this->curl_compressed){ + curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate"); + } - if($this->curl_proxy){ - curl_setopt( $ch, CURLOPT_PROXY , $this->curl_proxy); - } + if($this->curl_proxy){ + curl_setopt( $ch, CURLOPT_PROXY , $this->curl_proxy); + } - if ($type == "POST") { - curl_setopt($ch, CURLOPT_POST, 1); + if ($type == "POST") { + curl_setopt($ch, CURLOPT_POST, 1); - // If request body exists then encode it for "application/json". - if (isset($params['body'])) { - $urlEncodedParams = json_encode($params['body']); - } + // If request body exists then encode it for "application/json". + if (isset($params['body'])) { + $urlEncodedParams = json_encode($params['body']); + } - // Using URL encoded params here instead of a more convenient array - // cURL will set a wrong HTTP Content-Type header if using an array (cf. http://www.php.net/manual/en/function.curl-setopt.php, Notes section for "CURLOPT_POSTFIELDS") - // OAuth requires application/x-www-form-urlencoded Content-Type (cf. https://tools.ietf.org/html/rfc6749#section-2.3.1) - if ($params) { - curl_setopt($ch, CURLOPT_POSTFIELDS, $urlEncodedParams); - } - } + // Using URL encoded params here instead of a more convenient array + // cURL will set a wrong HTTP Content-Type header if using an array (cf. http://www.php.net/manual/en/function.curl-setopt.php, Notes section for "CURLOPT_POSTFIELDS") + // OAuth requires application/x-www-form-urlencoded Content-Type (cf. https://tools.ietf.org/html/rfc6749#section-2.3.1) + if ($params) { + curl_setopt($ch, CURLOPT_POSTFIELDS, $urlEncodedParams); + } + } - if( $type == "DELETE" ){ - curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE"); - } - if( $type == "PATCH" ){ - curl_setopt($ch, CURLOPT_POST, 1); - if($params) curl_setopt( $ch, CURLOPT_POSTFIELDS, $params ); - curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PATCH"); - } - $response = curl_exec($ch); - if( $response === false ) { - Hybrid_Logger::error( "OAuth2Client::request(). curl_exec error: ", curl_error($ch) ); - } - Hybrid_Logger::debug( "OAuth2Client::request(). dump request info: ", serialize( curl_getinfo($ch) ) ); - Hybrid_Logger::debug( "OAuth2Client::request(). dump request result: ", serialize( $response ) ); + if( $type == "DELETE" ){ + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE"); + } + if( $type == "PATCH" ){ + curl_setopt($ch, CURLOPT_POST, 1); + if($params) curl_setopt( $ch, CURLOPT_POSTFIELDS, $params ); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PATCH"); + } + $response = curl_exec($ch); + if( $response === false ) { + Hybrid_Logger::error( "OAuth2Client::request(). curl_exec error: ", curl_error($ch) ); + } + Hybrid_Logger::debug( "OAuth2Client::request(). dump request info: ", serialize( curl_getinfo($ch) ) ); + Hybrid_Logger::debug( "OAuth2Client::request(). dump request result: ", serialize( $response ) ); - $this->http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - $this->http_info = array_merge($this->http_info, curl_getinfo($ch)); + $this->http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + $this->http_info = array_merge($this->http_info, curl_getinfo($ch)); - curl_close ($ch); + curl_close ($ch); - return $response; + return $response; } private function parseRequestResult( $result ) { - if( json_decode( $result ) ) return json_decode( $result ); + if( json_decode( $result ) ) return json_decode( $result ); - parse_str( $result, $output ); + parse_str( $result, $output ); - $result = new StdClass(); + $result = new StdClass(); - foreach( $output as $k => $v ) - $result->$k = $v; + foreach( $output as $k => $v ) + $result->$k = $v; - return $result; + return $result; } /** * DELETE wrapper for provider apis request */ - function delete( $url, $parameters = array() ) + function delete( $url, $parameters = [] ) { return $this->api( $url, 'DELETE', $parameters ); } /** * PATCH wrapper for provider apis request */ - function patch( $url, $parameters = array() ) + function patch( $url, $parameters = [] ) { - return $this->api( $url, 'PATCH', $parameters ); + return $this->api( $url, 'PATCH', $parameters ); } } diff --git a/hauth/Hybrid/thirdparty/OpenID/LightOpenID.php b/hauth/Hybrid/thirdparty/OpenID/LightOpenID.php index a257d6c..9e0a5e6 100644 --- a/hauth/Hybrid/thirdparty/OpenID/LightOpenID.php +++ b/hauth/Hybrid/thirdparty/OpenID/LightOpenID.php @@ -13,1039 +13,1037 @@ */
class LightOpenID
{
- public $returnUrl
- , $required = array()
- , $optional = array()
- , $verify_peer = null
- , $capath = null
- , $cainfo = null
- , $cnmatch = null
- , $data
- , $oauth = array()
- , $curl_time_out = 30
- , $curl_connect_time_out = 30;
- private $identity, $claimed_id;
- protected $server, $version, $trustRoot, $aliases, $identifier_select = false
- , $ax = false, $sreg = false, $setup_url = null, $headers = array()
- , $proxy = null, $user_agent = 'LightOpenID'
- , $xrds_override_pattern = null, $xrds_override_replacement = null;
- static protected $ax_to_sreg = array(
- 'namePerson/friendly' => 'nickname',
- 'contact/email' => 'email',
- 'namePerson' => 'fullname',
- 'birthDate' => 'dob',
- 'person/gender' => 'gender',
- 'contact/postalCode/home' => 'postcode',
- 'contact/country/home' => 'country',
- 'pref/language' => 'language',
- 'pref/timezone' => 'timezone',
- );
-
- function __construct($host, $proxy = null)
- {
- $this->set_realm($host);
- $this->set_proxy($proxy);
-
- $uri = rtrim(preg_replace('#((?<=\?)|&)openid\.[^&]+#', '', $_SERVER['REQUEST_URI']), '?');
- $this->returnUrl = $this->trustRoot . $uri;
-
- $this->data = ($_SERVER['REQUEST_METHOD'] === 'POST') ? $_POST : $_GET;
-
- if(!function_exists('curl_init') && !in_array('https', stream_get_wrappers())) {
- throw new ErrorException('You must have either https wrappers or curl enabled.');
- }
- }
-
- function __isset($name)
- {
- return in_array($name, array('identity', 'trustRoot', 'realm', 'xrdsOverride', 'mode'));
- }
-
- function __set($name, $value)
- {
- switch ($name) {
- case 'identity':
- if (strlen($value = trim((String) $value))) {
- if (preg_match('#^xri:/*#i', $value, $m)) {
- $value = substr($value, strlen($m[0]));
- } elseif (!preg_match('/^(?:[=@+\$!\(]|https?:)/i', $value)) {
- $value = "http://$value";
- }
- if (preg_match('#^https?://[^/]+$#i', $value, $m)) {
- $value .= '/';
- }
- }
- $this->$name = $this->claimed_id = $value;
- break;
- case 'trustRoot':
- case 'realm':
- $this->trustRoot = trim($value);
- break;
- case 'xrdsOverride':
- if (is_array($value)) {
- list($pattern, $replacement) = $value;
- $this->xrds_override_pattern = $pattern;
- $this->xrds_override_replacement = $replacement;
- } else {
- trigger_error('Invalid value specified for "xrdsOverride".', E_USER_ERROR);
- }
- break;
- }
- }
-
- function __get($name)
- {
- switch ($name) {
- case 'identity':
- # We return claimed_id instead of identity,
- # because the developer should see the claimed identifier,
- # i.e. what he set as identity, not the op-local identifier (which is what we verify)
- return $this->claimed_id;
- case 'trustRoot':
- case 'realm':
- return $this->trustRoot;
- case 'mode':
- return empty($this->data['openid_mode']) ? null : $this->data['openid_mode'];
- }
- }
-
- function set_proxy($proxy)
- {
- if (!empty($proxy)) {
- // When the proxy is a string - try to parse it.
- if (!is_array($proxy)) {
- $proxy = parse_url($proxy);
- }
-
- // Check if $proxy is valid after the parsing.
- if ($proxy && !empty($proxy['host'])) {
- // Make sure that a valid port number is specified.
- if (array_key_exists('port', $proxy)) {
- if (!is_int($proxy['port'])) {
- $proxy['port'] = is_numeric($proxy['port']) ? intval($proxy['port']) : 0;
- }
-
- if ($proxy['port'] <= 0) {
- throw new ErrorException('The specified proxy port number is invalid.');
- }
- }
-
- $this->proxy = $proxy;
- }
- }
- }
-
- /**
- * Checks if the server specified in the url exists.
- *
- * @param $url url to check
- * @return true, if the server exists; false otherwise
- */
- function hostExists($url)
- {
- if (strpos($url, '/') === false) {
- $server = $url;
- } else {
- $server = @parse_url($url, PHP_URL_HOST);
- }
-
- if (!$server) {
- return false;
- }
-
- return !!gethostbynamel($server);
- }
-
- protected function set_realm($uri)
- {
- $realm = '';
-
- # Set a protocol, if not specified.
- $realm .= (($offset = strpos($uri, '://')) === false) ? $this->get_realm_protocol() : '';
-
- # Set the offset properly.
- $offset = (($offset !== false) ? $offset + 3 : 0);
-
- # Get only the root, without the path.
- $realm .= (($end = strpos($uri, '/', $offset)) === false) ? $uri : substr($uri, 0, $end);
-
- $this->trustRoot = $realm;
- }
-
- protected function get_realm_protocol()
- {
- if (!empty($_SERVER['HTTPS'])) {
- $use_secure_protocol = ($_SERVER['HTTPS'] != 'off');
- } else if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
- $use_secure_protocol = ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
- } else {
- $use_secure_protocol = false;
- }
-
- return $use_secure_protocol ? 'https://' : 'http://';
- }
-
- protected function request_curl($url, $method='GET', $params=array(), $update_claimed_id)
- {
- $params = http_build_query($params, '', '&');
- $curl = curl_init($url . ($method == 'GET' && $params ? '?' . $params : ''));
- curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($curl, CURLOPT_HEADER, false);
- curl_setopt($curl, CURLOPT_USERAGENT, $this->user_agent);
- curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($curl, CURLOPT_TIMEOUT, $this->curl_time_out);
- curl_setopt($curl, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out);
-
-
- if ($method == 'POST') {
- curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-type: application/x-www-form-urlencoded'));
- } else {
- curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/xrds+xml, */*'));
- }
-
- if (!empty($this->proxy)) {
- curl_setopt($curl, CURLOPT_PROXY, $this->proxy['host']);
-
- if (!empty($this->proxy['port'])) {
- curl_setopt($curl, CURLOPT_PROXYPORT, $this->proxy['port']);
- }
-
- if (!empty($this->proxy['user'])) {
- curl_setopt($curl, CURLOPT_PROXYUSERPWD, $this->proxy['user'] . ':' . $this->proxy['pass']);
- }
- }
-
- if($this->verify_peer !== null) {
- curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
- if($this->capath) {
- curl_setopt($curl, CURLOPT_CAPATH, $this->capath);
- }
-
- if($this->cainfo) {
- curl_setopt($curl, CURLOPT_CAINFO, $this->cainfo);
- }
- }
-
- if ($method == 'POST') {
- curl_setopt($curl, CURLOPT_POST, true);
- curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
- } elseif ($method == 'HEAD') {
- curl_setopt($curl, CURLOPT_HEADER, true);
- curl_setopt($curl, CURLOPT_NOBODY, true);
- } else {
- curl_setopt($curl, CURLOPT_HEADER, true);
- curl_setopt($curl, CURLOPT_HTTPGET, true);
- }
- $response = curl_exec($curl);
-
- if($method == 'HEAD' && curl_getinfo($curl, CURLINFO_HTTP_CODE) == 405) {
- curl_setopt($curl, CURLOPT_HTTPGET, true);
- $response = curl_exec($curl);
- $response = substr($response, 0, strpos($response, "\r\n\r\n"));
- }
-
- if($method == 'HEAD' || $method == 'GET') {
- $header_response = $response;
-
- # If it's a GET request, we want to only parse the header part.
- if($method == 'GET') {
- $header_response = substr($response, 0, strpos($response, "\r\n\r\n"));
- }
-
- $headers = array();
- foreach(explode("\n", $header_response) as $header) {
- $pos = strpos($header,':');
- if ($pos !== false) {
- $name = strtolower(trim(substr($header, 0, $pos)));
- $headers[$name] = trim(substr($header, $pos+1));
- }
- }
-
- if($update_claimed_id) {
- # Update the claimed_id value in case of redirections.
- $effective_url = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);
- # Ignore the fragment (some cURL versions don't handle it well).
- if (strtok($effective_url, '#') != strtok($url, '#')) {
- $this->identity = $this->claimed_id = $effective_url;
- }
- }
-
- if($method == 'HEAD') {
- return $headers;
- } else {
- $this->headers = $headers;
- }
- }
-
- if (curl_errno($curl)) {
- throw new ErrorException(curl_error($curl), curl_errno($curl));
- }
-
- return $response;
- }
-
- protected function parse_header_array($array, $update_claimed_id)
- {
- $headers = array();
- foreach($array as $header) {
- $pos = strpos($header,':');
- if ($pos !== false) {
- $name = strtolower(trim(substr($header, 0, $pos)));
- $headers[$name] = trim(substr($header, $pos+1));
-
- # Following possible redirections. The point is just to have
- # claimed_id change with them, because the redirections
- # are followed automatically.
- # We ignore redirections with relative paths.
- # If any known provider uses them, file a bug report.
- if($name == 'location' && $update_claimed_id) {
- if(strpos($headers[$name], 'http') === 0) {
- $this->identity = $this->claimed_id = $headers[$name];
- } elseif($headers[$name][0] == '/') {
- $parsed_url = parse_url($this->claimed_id);
- $this->identity =
- $this->claimed_id = $parsed_url['scheme'] . '://'
- . $parsed_url['host']
- . $headers[$name];
- }
- }
- }
- }
- return $headers;
- }
-
- protected function request_streams($url, $method='GET', $params=array(), $update_claimed_id)
- {
- if(!$this->hostExists($url)) {
- throw new ErrorException("Could not connect to $url.", 404);
- }
-
- if (empty($this->cnmatch)) {
- $this->cnmatch = parse_url($url, PHP_URL_HOST);
- }
-
- $params = http_build_query($params, '', '&');
- switch($method) {
- case 'GET':
- $opts = array(
- 'http' => array(
- 'method' => 'GET',
- 'header' => 'Accept: application/xrds+xml, */*',
- 'user_agent' => $this->user_agent,
- 'ignore_errors' => true,
- ),
- 'ssl' => array(
- 'CN_match' => $this->cnmatch
- )
- );
- $url = $url . ($params ? '?' . $params : '');
- if (!empty($this->proxy)) {
- $opts['http']['proxy'] = $this->proxy_url();
- }
- break;
- case 'POST':
- $opts = array(
- 'http' => array(
- 'method' => 'POST',
- 'header' => 'Content-type: application/x-www-form-urlencoded',
- 'user_agent' => $this->user_agent,
- 'content' => $params,
- 'ignore_errors' => true,
- ),
- 'ssl' => array(
- 'CN_match' => $this->cnmatch
- )
- );
- if (!empty($this->proxy)) {
- $opts['http']['proxy'] = $this->proxy_url();
- }
- break;
- case 'HEAD':
- // We want to send a HEAD request, but since get_headers() doesn't
- // accept $context parameter, we have to change the defaults.
- $default = stream_context_get_options(stream_context_get_default());
-
- // PHP does not reset all options. Instead, it just sets the options
- // available in the passed array, therefore set the defaults manually.
- $default += array(
- 'http' => array(),
- 'ssl' => array()
- );
- $default['http'] += array(
- 'method' => 'GET',
- 'header' => '',
- 'user_agent' => '',
- 'ignore_errors' => false
- );
- $default['ssl'] += array(
- 'CN_match' => ''
- );
-
- $opts = array(
- 'http' => array(
- 'method' => 'HEAD',
- 'header' => 'Accept: application/xrds+xml, */*',
- 'user_agent' => $this->user_agent,
- 'ignore_errors' => true,
- ),
- 'ssl' => array(
- 'CN_match' => $this->cnmatch
- )
- );
-
- // Enable validation of the SSL certificates.
- if ($this->verify_peer) {
- $default['ssl'] += array(
- 'verify_peer' => false,
- 'capath' => '',
- 'cafile' => ''
- );
- $opts['ssl'] += array(
- 'verify_peer' => true,
- 'capath' => $this->capath,
- 'cafile' => $this->cainfo
- );
- }
-
- // Change the stream context options.
- stream_context_get_default($opts);
-
- $headers = get_headers($url . ($params ? '?' . $params : ''));
-
- // Restore the stream context options.
- stream_context_get_default($default);
-
- if (!empty($headers)) {
- if (intval(substr($headers[0], strlen('HTTP/1.1 '))) == 405) {
- // The server doesn't support HEAD - emulate it with a GET.
- $args = func_get_args();
- $args[1] = 'GET';
- call_user_func_array(array($this, 'request_streams'), $args);
- $headers = $this->headers;
- } else {
- $headers = $this->parse_header_array($headers, $update_claimed_id);
- }
- } else {
- $headers = array();
- }
-
- return $headers;
- }
-
- if ($this->verify_peer) {
- $opts['ssl'] += array(
- 'verify_peer' => true,
- 'capath' => $this->capath,
- 'cafile' => $this->cainfo
- );
- }
-
- $context = stream_context_create ($opts);
- $data = file_get_contents($url, false, $context);
- # This is a hack for providers who don't support HEAD requests.
- # It just creates the headers array for the last request in $this->headers.
- if(isset($http_response_header)) {
- $this->headers = $this->parse_header_array($http_response_header, $update_claimed_id);
- }
-
- return $data;
- }
-
- protected function request($url, $method='GET', $params=array(), $update_claimed_id=false)
- {
- $use_curl = false;
-
- if (function_exists('curl_init')) {
- if (!$use_curl) {
- # When allow_url_fopen is disabled, PHP streams will not work.
- $use_curl = !ini_get('allow_url_fopen');
- }
-
- if (!$use_curl) {
- # When there is no HTTPS wrapper, PHP streams cannott be used.
- $use_curl = !in_array('https', stream_get_wrappers());
- }
-
- if (!$use_curl) {
- # With open_basedir or safe_mode set, cURL can't follow redirects.
- $use_curl = !(ini_get('safe_mode') || ini_get('open_basedir'));
- }
- }
-
- return
- $use_curl
- ? $this->request_curl($url, $method, $params, $update_claimed_id)
- : $this->request_streams($url, $method, $params, $update_claimed_id);
- }
-
- protected function proxy_url()
- {
- $result = '';
-
- if (!empty($this->proxy)) {
- $result = $this->proxy['host'];
-
- if (!empty($this->proxy['port'])) {
- $result = $result . ':' . $this->proxy['port'];
- }
-
- if (!empty($this->proxy['user'])) {
- $result = $this->proxy['user'] . ':' . $this->proxy['pass'] . '@' . $result;
- }
-
- $result = 'http://' . $result;
- }
-
- return $result;
- }
-
- protected function build_url($url, $parts)
- {
- if (isset($url['query'], $parts['query'])) {
- $parts['query'] = $url['query'] . '&' . $parts['query'];
- }
-
- $url = $parts + $url;
- $url = $url['scheme'] . '://'
- . (empty($url['username'])?''
- :(empty($url['password'])? "{$url['username']}@"
- :"{$url['username']}:{$url['password']}@"))
- . $url['host']
- . (empty($url['port'])?'':":{$url['port']}")
- . (empty($url['path'])?'':$url['path'])
- . (empty($url['query'])?'':"?{$url['query']}")
- . (empty($url['fragment'])?'':"#{$url['fragment']}");
- return $url;
- }
-
- /**
- * Helper function used to scan for <meta>/<link> tags and extract information
- * from them
- */
- protected function htmlTag($content, $tag, $attrName, $attrValue, $valueName)
- {
- preg_match_all("#<{$tag}[^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*$valueName=['\"](.+?)['\"][^>]*/?>#i", $content, $matches1);
- preg_match_all("#<{$tag}[^>]*$valueName=['\"](.+?)['\"][^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*/?>#i", $content, $matches2);
-
- $result = array_merge($matches1[1], $matches2[1]);
- return empty($result)?false:$result[0];
- }
-
- /**
- * Performs Yadis and HTML discovery. Normally not used.
- * @param $url Identity URL.
- * @return String OP Endpoint (i.e. OpenID provider address).
- * @throws ErrorException
- */
- function discover($url)
- {
- if (!$url) throw new ErrorException('No identity supplied.');
- # Use xri.net proxy to resolve i-name identities
- if (!preg_match('#^https?:#', $url)) {
- $url = "https://xri.net/$url";
- }
-
- # We save the original url in case of Yadis discovery failure.
- # It can happen when we'll be lead to an XRDS document
- # which does not have any OpenID2 services.
- $originalUrl = $url;
-
- # A flag to disable yadis discovery in case of failure in headers.
- $yadis = true;
-
- # Allows optional regex replacement of the URL, e.g. to use Google Apps
- # as an OpenID provider without setting up XRDS on the domain hosting.
- if (!is_null($this->xrds_override_pattern) && !is_null($this->xrds_override_replacement)) {
- $url = preg_replace($this->xrds_override_pattern, $this->xrds_override_replacement, $url);
- }
-
- # We'll jump a maximum of 5 times, to avoid endless redirections.
- for ($i = 0; $i < 5; $i ++) {
- if ($yadis) {
- $headers = $this->request($url, 'HEAD', array(), true);
-
- $next = false;
- if (isset($headers['x-xrds-location'])) {
- $url = $this->build_url(parse_url($url), parse_url(trim($headers['x-xrds-location'])));
- $next = true;
- }
-
- if (isset($headers['content-type']) && $this->is_allowed_type($headers['content-type'])) {
- # Found an XRDS document, now let's find the server, and optionally delegate.
- $content = $this->request($url, 'GET');
-
- preg_match_all('#<Service.*?>(.*?)</Service>#s', $content, $m);
- foreach($m[1] as $content) {
- $content = ' ' . $content; # The space is added, so that strpos doesn't return 0.
-
- # OpenID 2
- $ns = preg_quote('http://specs.openid.net/auth/2.0/', '#');
- if(preg_match('#<Type>\s*'.$ns.'(server|signon)\s*</Type>#s', $content, $type)) {
- if ($type[1] == 'server') $this->identifier_select = true;
-
- preg_match('#<URI.*?>(.*)</URI>#', $content, $server);
- preg_match('#<(Local|Canonical)ID>(.*)</\1ID>#', $content, $delegate);
- if (empty($server)) {
- return false;
- }
- # Does the server advertise support for either AX or SREG?
- $this->ax = (bool) strpos($content, '<Type>http://openid.net/srv/ax/1.0</Type>');
- $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>')
- || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>');
-
- $server = $server[1];
- if (isset($delegate[2])) $this->identity = trim($delegate[2]);
- $this->version = 2;
-
- $this->server = $server;
- return $server;
- }
-
- # OpenID 1.1
- $ns = preg_quote('http://openid.net/signon/1.1', '#');
- if (preg_match('#<Type>\s*'.$ns.'\s*</Type>#s', $content)) {
-
- preg_match('#<URI.*?>(.*)</URI>#', $content, $server);
- preg_match('#<.*?Delegate>(.*)</.*?Delegate>#', $content, $delegate);
- if (empty($server)) {
- return false;
- }
- # AX can be used only with OpenID 2.0, so checking only SREG
- $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>')
- || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>');
-
- $server = $server[1];
- if (isset($delegate[1])) $this->identity = $delegate[1];
- $this->version = 1;
-
- $this->server = $server;
- return $server;
- }
- }
-
- $next = true;
- $yadis = false;
- $url = $originalUrl;
- $content = null;
- break;
- }
- if ($next) continue;
-
- # There are no relevant information in headers, so we search the body.
- $content = $this->request($url, 'GET', array(), true);
-
- if (isset($this->headers['x-xrds-location'])) {
- $url = $this->build_url(parse_url($url), parse_url(trim($this->headers['x-xrds-location'])));
- continue;
- }
-
- $location = $this->htmlTag($content, 'meta', 'http-equiv', 'X-XRDS-Location', 'content');
- if ($location) {
- $url = $this->build_url(parse_url($url), parse_url($location));
- continue;
- }
- }
-
- if (!$content) $content = $this->request($url, 'GET');
-
- # At this point, the YADIS Discovery has failed, so we'll switch
- # to openid2 HTML discovery, then fallback to openid 1.1 discovery.
- $server = $this->htmlTag($content, 'link', 'rel', 'openid2.provider', 'href');
- $delegate = $this->htmlTag($content, 'link', 'rel', 'openid2.local_id', 'href');
- $this->version = 2;
-
- if (!$server) {
- # The same with openid 1.1
- $server = $this->htmlTag($content, 'link', 'rel', 'openid.server', 'href');
- $delegate = $this->htmlTag($content, 'link', 'rel', 'openid.delegate', 'href');
- $this->version = 1;
- }
-
- if ($server) {
- # We found an OpenID2 OP Endpoint
- if ($delegate) {
- # We have also found an OP-Local ID.
- $this->identity = $delegate;
- }
- $this->server = $server;
- return $server;
- }
-
- throw new ErrorException("No OpenID Server found at $url", 404);
- }
- throw new ErrorException('Endless redirection!', 500);
- }
-
- protected function is_allowed_type($content_type) {
- # Apparently, some providers return XRDS documents as text/html.
- # While it is against the spec, allowing this here shouldn't break
- # compatibility with anything.
- $allowed_types = array('application/xrds+xml', 'text/html', 'text/xml');
-
- foreach ($allowed_types as $type) {
- if (strpos($content_type, $type) !== false) {
- return true;
- }
- }
-
- return false;
- }
-
- protected function sregParams()
- {
- $params = array();
- # We always use SREG 1.1, even if the server is advertising only support for 1.0.
- # That's because it's fully backwards compatibile with 1.0, and some providers
- # advertise 1.0 even if they accept only 1.1. One such provider is myopenid.com
- $params['openid.ns.sreg'] = 'http://openid.net/extensions/sreg/1.1';
- if ($this->required) {
- $params['openid.sreg.required'] = array();
- foreach ($this->required as $required) {
- if (!isset(self::$ax_to_sreg[$required])) continue;
- $params['openid.sreg.required'][] = self::$ax_to_sreg[$required];
- }
- $params['openid.sreg.required'] = implode(',', $params['openid.sreg.required']);
- }
-
- if ($this->optional) {
- $params['openid.sreg.optional'] = array();
- foreach ($this->optional as $optional) {
- if (!isset(self::$ax_to_sreg[$optional])) continue;
- $params['openid.sreg.optional'][] = self::$ax_to_sreg[$optional];
- }
- $params['openid.sreg.optional'] = implode(',', $params['openid.sreg.optional']);
- }
- return $params;
- }
-
- protected function axParams()
- {
- $params = array();
- if ($this->required || $this->optional) {
- $params['openid.ns.ax'] = 'http://openid.net/srv/ax/1.0';
- $params['openid.ax.mode'] = 'fetch_request';
- $this->aliases = array();
- $counts = array();
- $required = array();
- $optional = array();
- foreach (array('required','optional') as $type) {
- foreach ($this->$type as $alias => $field) {
- if (is_int($alias)) $alias = strtr($field, '/', '_');
- $this->aliases[$alias] = 'http://axschema.org/' . $field;
- if (empty($counts[$alias])) $counts[$alias] = 0;
- $counts[$alias] += 1;
- ${$type}[] = $alias;
- }
- }
- foreach ($this->aliases as $alias => $ns) {
- $params['openid.ax.type.' . $alias] = $ns;
- }
- foreach ($counts as $alias => $count) {
- if ($count == 1) continue;
- $params['openid.ax.count.' . $alias] = $count;
- }
-
- # Don't send empty ax.requied and ax.if_available.
- # Google and possibly other providers refuse to support ax when one of these is empty.
- if($required) {
- $params['openid.ax.required'] = implode(',', $required);
- }
- if($optional) {
- $params['openid.ax.if_available'] = implode(',', $optional);
- }
- }
- return $params;
- }
-
- protected function authUrl_v1($immediate)
- {
- $returnUrl = $this->returnUrl;
- # If we have an openid.delegate that is different from our claimed id,
- # we need to somehow preserve the claimed id between requests.
- # The simplest way is to just send it along with the return_to url.
- if($this->identity != $this->claimed_id) {
- $returnUrl .= (strpos($returnUrl, '?') ? '&' : '?') . 'openid.claimed_id=' . $this->claimed_id;
- }
-
- $params = array(
- 'openid.return_to' => $returnUrl,
- 'openid.mode' => $immediate ? 'checkid_immediate' : 'checkid_setup',
- 'openid.identity' => $this->identity,
- 'openid.trust_root' => $this->trustRoot,
- ) + $this->sregParams();
-
- return $this->build_url(parse_url($this->server)
- , array('query' => http_build_query($params, '', '&')));
- }
-
- protected function authUrl_v2($immediate)
- {
- $params = array(
- 'openid.ns' => 'http://specs.openid.net/auth/2.0',
- 'openid.mode' => $immediate ? 'checkid_immediate' : 'checkid_setup',
- 'openid.return_to' => $this->returnUrl,
- 'openid.realm' => $this->trustRoot,
- );
-
- if ($this->ax) {
- $params += $this->axParams();
- }
-
- if ($this->sreg) {
- $params += $this->sregParams();
- }
-
- if (!$this->ax && !$this->sreg) {
- # If OP doesn't advertise either SREG, nor AX, let's send them both
- # in worst case we don't get anything in return.
- $params += $this->axParams() + $this->sregParams();
- }
-
- if (!empty($this->oauth) && is_array($this->oauth)) {
- $params['openid.ns.oauth'] = 'http://specs.openid.net/extensions/oauth/1.0';
- $params['openid.oauth.consumer'] = str_replace(array('http://', 'https://'), '', $this->trustRoot);
- $params['openid.oauth.scope'] = implode(' ', $this->oauth);
- }
-
- if ($this->identifier_select) {
- $params['openid.identity'] = $params['openid.claimed_id']
- = 'http://specs.openid.net/auth/2.0/identifier_select';
- } else {
- $params['openid.identity'] = $this->identity;
- $params['openid.claimed_id'] = $this->claimed_id;
- }
-
- return $this->build_url(parse_url($this->server)
- , array('query' => http_build_query($params, '', '&')));
- }
-
- /**
- * Returns authentication url. Usually, you want to redirect your user to it.
- * @return String The authentication url.
- * @param String $select_identifier Whether to request OP to select identity for an user in OpenID 2. Does not affect OpenID 1.
- * @throws ErrorException
- */
- function authUrl($immediate = false)
- {
- if ($this->setup_url && !$immediate) return $this->setup_url;
- if (!$this->server) $this->discover($this->identity);
-
- if ($this->version == 2) {
- return $this->authUrl_v2($immediate);
- }
- return $this->authUrl_v1($immediate);
- }
-
- /**
- * Performs OpenID verification with the OP.
- * @return Bool Whether the verification was successful.
- * @throws ErrorException
- */
- function validate()
- {
- # If the request was using immediate mode, a failure may be reported
- # by presenting user_setup_url (for 1.1) or reporting
- # mode 'setup_needed' (for 2.0). Also catching all modes other than
- # id_res, in order to avoid throwing errors.
- if(isset($this->data['openid_user_setup_url'])) {
- $this->setup_url = $this->data['openid_user_setup_url'];
- return false;
- }
- if($this->mode != 'id_res') {
- return false;
- }
-
- $this->claimed_id = isset($this->data['openid_claimed_id'])?$this->data['openid_claimed_id']:$this->data['openid_identity'];
- $params = array(
- 'openid.assoc_handle' => $this->data['openid_assoc_handle'],
- 'openid.signed' => $this->data['openid_signed'],
- 'openid.sig' => $this->data['openid_sig'],
- );
-
- if (isset($this->data['openid_ns'])) {
- # We're dealing with an OpenID 2.0 server, so let's set an ns
- # Even though we should know location of the endpoint,
- # we still need to verify it by discovery, so $server is not set here
- $params['openid.ns'] = 'http://specs.openid.net/auth/2.0';
- } elseif (isset($this->data['openid_claimed_id'])
- && $this->data['openid_claimed_id'] != $this->data['openid_identity']
- ) {
- # If it's an OpenID 1 provider, and we've got claimed_id,
- # we have to append it to the returnUrl, like authUrl_v1 does.
- $this->returnUrl .= (strpos($this->returnUrl, '?') ? '&' : '?')
- . 'openid.claimed_id=' . $this->claimed_id;
- }
-
- if ($this->data['openid_return_to'] != $this->returnUrl) {
- # The return_to url must match the url of current request.
- # I'm assuing that noone will set the returnUrl to something that doesn't make sense.
- return false;
- }
-
- $server = $this->discover($this->claimed_id);
-
- foreach (explode(',', $this->data['openid_signed']) as $item) {
- # Checking whether magic_quotes_gpc is turned on, because
- # the function may fail if it is. For example, when fetching
- # AX namePerson, it might containg an apostrophe, which will be escaped.
- # In such case, validation would fail, since we'd send different data than OP
- # wants to verify. stripslashes() should solve that problem, but we can't
- # use it when magic_quotes is off.
- $value = $this->data['openid_' . str_replace('.','_',$item)];
- $params['openid.' . $item] = function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() ? stripslashes($value) : $value;
-
- }
-
- $params['openid.mode'] = 'check_authentication';
-
- $response = $this->request($server, 'POST', $params);
-
- return preg_match('/is_valid\s*:\s*true/i', $response);
- }
-
- protected function getAxAttributes()
- {
- $result = array();
-
- if ($alias = $this->getNamespaceAlias('http://openid.net/srv/ax/1.0', 'ax')) {
- $prefix = 'openid_' . $alias;
- $length = strlen('http://axschema.org/');
-
- foreach (explode(',', $this->data['openid_signed']) as $key) {
- $keyMatch = $alias . '.type.';
-
- if (strncmp($key, $keyMatch, strlen($keyMatch)) !== 0) {
- continue;
- }
-
- $key = substr($key, strlen($keyMatch));
- $idv = $prefix . '_value_' . $key;
- $idc = $prefix . '_count_' . $key;
- $key = substr($this->getItem($prefix . '_type_' . $key), $length);
-
- if (!empty($key)) {
- if (($count = intval($this->getItem($idc))) > 0) {
- $value = array();
-
- for ($i = 1; $i <= $count; $i++) {
- $value[] = $this->getItem($idv . '_' . $i);
- }
-
- $value = ($count == 1) ? reset($value) : $value;
- } else {
- $value = $this->getItem($idv);
- }
-
- if (!is_null($value)) {
- $result[$key] = $value;
- }
- }
- }
- } else {
- // No alias for the AX schema has been found,
- // so there is no AX data in the OP's response.
- }
-
- return $result;
- }
-
- protected function getSregAttributes()
- {
- $attributes = array();
- $sreg_to_ax = array_flip(self::$ax_to_sreg);
- foreach (explode(',', $this->data['openid_signed']) as $key) {
- $keyMatch = 'sreg.';
- if (strncmp($key, $keyMatch, strlen($keyMatch)) !== 0) {
- continue;
- }
- $key = substr($key, strlen($keyMatch));
- if (!isset($sreg_to_ax[$key])) {
- # The field name isn't part of the SREG spec, so we ignore it.
- continue;
- }
- $attributes[$sreg_to_ax[$key]] = $this->data['openid_sreg_' . $key];
- }
- return $attributes;
- }
-
- /**
- * Gets AX/SREG attributes provided by OP. should be used only after successful validaton.
- * Note that it does not guarantee that any of the required/optional parameters will be present,
- * or that there will be no other attributes besides those specified.
- * In other words. OP may provide whatever information it wants to.
- * * SREG names will be mapped to AX names.
- * * @return Array Array of attributes with keys being the AX schema names, e.g. 'contact/email'
- * @see http://www.axschema.org/types/
- */
- function getAttributes()
- {
- if (isset($this->data['openid_ns'])
- && $this->data['openid_ns'] == 'http://specs.openid.net/auth/2.0'
- ) { # OpenID 2.0
- # We search for both AX and SREG attributes, with AX taking precedence.
- return $this->getAxAttributes() + $this->getSregAttributes();
- }
- return $this->getSregAttributes();
- }
-
- /**
- * Gets an OAuth request token if the OpenID+OAuth hybrid protocol has been used.
- *
- * In order to use the OpenID+OAuth hybrid protocol, you need to add at least one
- * scope to the $openid->oauth array before you get the call to getAuthUrl(), e.g.:
- * $openid->oauth[] = 'https://www.googleapis.com/auth/plus.me';
- *
- * Furthermore the registered consumer name must fit the OpenID realm.
- * To register an OpenID consumer at Google use: https://www.google.com/accounts/ManageDomains
- *
- * @return string|bool OAuth request token on success, FALSE if no token was provided.
- */
- function getOAuthRequestToken()
- {
- $alias = $this->getNamespaceAlias('http://specs.openid.net/extensions/oauth/1.0');
-
- return !empty($alias) ? $this->data['openid_' . $alias . '_request_token'] : false;
- }
-
- /**
- * Gets the alias for the specified namespace, if it's present.
- *
- * @param string $namespace The namespace for which an alias is needed.
- * @param string $hint Common alias of this namespace, used for optimization.
- * @return string|null The namespace alias if found, otherwise - NULL.
- */
- private function getNamespaceAlias($namespace, $hint = null)
- {
- $result = null;
-
- if (empty($hint) || $this->getItem('openid_ns_' . $hint) != $namespace) {
- // The common alias is either undefined or points to
- // some other extension - search for another alias..
- $prefix = 'openid_ns_';
- $length = strlen($prefix);
-
- foreach ($this->data as $key => $val) {
- if (strncmp($key, $prefix, $length) === 0 && $val === $namespace) {
- $result = trim(substr($key, $length));
- break;
- }
- }
- } else {
- $result = $hint;
- }
-
- return $result;
- }
-
- /**
- * Gets an item from the $data array by the specified id.
- *
- * @param string $id The id of the desired item.
- * @return string|null The item if found, otherwise - NULL.
- */
- private function getItem($id)
- {
- return isset($this->data[$id]) ? $this->data[$id] : null;
- }
-}
+ public $returnUrl
+ , $required = []
+ , $optional = []
+ , $verify_peer = null
+ , $capath = null
+ , $cainfo = null
+ , $cnmatch = null
+ , $data
+ , $oauth = []
+ , $curl_time_out = 30
+ , $curl_connect_time_out = 30;
+ private $identity, $claimed_id;
+ protected $server, $version, $trustRoot, $aliases, $identifier_select = false
+ , $ax = false, $sreg = false, $setup_url = null, $headers = []
+ , $proxy = null, $user_agent = 'LightOpenID'
+ , $xrds_override_pattern = null, $xrds_override_replacement = null;
+ static protected $ax_to_sreg = [
+ 'namePerson/friendly' => 'nickname',
+ 'contact/email' => 'email',
+ 'namePerson' => 'fullname',
+ 'birthDate' => 'dob',
+ 'person/gender' => 'gender',
+ 'contact/postalCode/home' => 'postcode',
+ 'contact/country/home' => 'country',
+ 'pref/language' => 'language',
+ 'pref/timezone' => 'timezone',
+ ]; + + function __construct($host, $proxy = null)
+ {
+ $this->set_realm($host);
+ $this->set_proxy($proxy); + + $uri = rtrim(preg_replace('#((?<=\?)|&)openid\.[^&]+#', '', $_SERVER['REQUEST_URI']), '?');
+ $this->returnUrl = $this->trustRoot . $uri; + + $this->data = ($_SERVER['REQUEST_METHOD'] === 'POST') ? $_POST : $_GET; + + if(!function_exists('curl_init') && !in_array('https', stream_get_wrappers())) {
+ throw new ErrorException('You must have either https wrappers or curl enabled.'); + }
+ } + + function __isset($name)
+ {
+ return in_array($name, ['identity', 'trustRoot', 'realm', 'xrdsOverride', 'mode']);
+ } + + function __set($name, $value)
+ {
+ switch ($name) {
+ case 'identity':
+ if (strlen($value = trim((String) $value))) {
+ if (preg_match('#^xri:/*#i', $value, $m)) {
+ $value = substr($value, strlen($m[0]));
+ } elseif (!preg_match('/^(?:[=@+\$!\(]|https?:)/i', $value)) {
+ $value = "http://$value";
+ }
+ if (preg_match('#^https?://[^/]+$#i', $value, $m)) {
+ $value .= '/';
+ }
+ }
+ $this->$name = $this->claimed_id = $value;
+ break;
+ case 'trustRoot':
+ case 'realm':
+ $this->trustRoot = trim($value);
+ break;
+ case 'xrdsOverride':
+ if (is_array($value)) {
+ list($pattern, $replacement) = $value;
+ $this->xrds_override_pattern = $pattern;
+ $this->xrds_override_replacement = $replacement;
+ } else {
+ trigger_error('Invalid value specified for "xrdsOverride".', E_USER_ERROR);
+ }
+ break;
+ }
+ } + + function __get($name)
+ {
+ switch ($name) {
+ case 'identity':
+ # We return claimed_id instead of identity,
+ # because the developer should see the claimed identifier,
+ # i.e. what he set as identity, not the op-local identifier (which is what we verify)
+ return $this->claimed_id;
+ case 'trustRoot':
+ case 'realm':
+ return $this->trustRoot;
+ case 'mode':
+ return empty($this->data['openid_mode']) ? null : $this->data['openid_mode'];
+ }
+ } + + function set_proxy($proxy)
+ {
+ if (!empty($proxy)) {
+ // When the proxy is a string - try to parse it.
+ if (!is_array($proxy)) {
+ $proxy = parse_url($proxy);
+ } + + // Check if $proxy is valid after the parsing.
+ if ($proxy && !empty($proxy['host'])) {
+ // Make sure that a valid port number is specified.
+ if (array_key_exists('port', $proxy)) {
+ if (!is_int($proxy['port'])) {
+ $proxy['port'] = is_numeric($proxy['port']) ? (int) ($proxy['port']) : 0;
+ } + + if ($proxy['port'] <= 0) {
+ throw new ErrorException('The specified proxy port number is invalid.'); + }
+ } + + $this->proxy = $proxy;
+ }
+ }
+ } + + /**
+ * Checks if the server specified in the url exists.
+ *
+ * @param $url url to check
+ * @return true, if the server exists; false otherwise
+ */
+ function hostExists($url)
+ {
+ if (strpos($url, '/') === false) {
+ $server = $url;
+ } else {
+ $server = @parse_url($url, PHP_URL_HOST);
+ } + + if (!$server) {
+ return false;
+ } + + return !!gethostbynamel($server);
+ } + + protected function set_realm($uri)
+ {
+ $realm = ''; + + # Set a protocol, if not specified.
+ $realm .= (($offset = strpos($uri, '://')) === false) ? $this->get_realm_protocol() : ''; + + # Set the offset properly.
+ $offset = (($offset !== false) ? $offset + 3 : 0); + + # Get only the root, without the path.
+ $realm .= (($end = strpos($uri, '/', $offset)) === false) ? $uri : substr($uri, 0, $end); + + $this->trustRoot = $realm;
+ } + + protected function get_realm_protocol()
+ {
+ if (!empty($_SERVER['HTTPS'])) {
+ $use_secure_protocol = ($_SERVER['HTTPS'] != 'off');
+ } else if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+ $use_secure_protocol = ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
+ } else {
+ $use_secure_protocol = false;
+ } + + return $use_secure_protocol ? 'https://' : 'http://';
+ } + + protected function request_curl($url, $method='GET', $params=[], $update_claimed_id)
+ {
+ $params = http_build_query($params, '', '&');
+ $curl = curl_init($url . ($method == 'GET' && $params ? '?' . $params : ''));
+ curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($curl, CURLOPT_HEADER, false);
+ curl_setopt($curl, CURLOPT_USERAGENT, $this->user_agent);
+ curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($curl, CURLOPT_TIMEOUT, $this->curl_time_out);
+ curl_setopt($curl, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out); + + if ($method == 'POST') {
+ curl_setopt($curl, CURLOPT_HTTPHEADER, ['Content-type: application/x-www-form-urlencoded']);
+ } else {
+ curl_setopt($curl, CURLOPT_HTTPHEADER, ['Accept: application/xrds+xml, */*']);
+ } + + if (!empty($this->proxy)) {
+ curl_setopt($curl, CURLOPT_PROXY, $this->proxy['host']); + + if (!empty($this->proxy['port'])) {
+ curl_setopt($curl, CURLOPT_PROXYPORT, $this->proxy['port']);
+ } + + if (!empty($this->proxy['user'])) {
+ curl_setopt($curl, CURLOPT_PROXYUSERPWD, $this->proxy['user'] . ':' . $this->proxy['pass']);
+ }
+ } + + if($this->verify_peer !== null) {
+ curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+ if($this->capath) {
+ curl_setopt($curl, CURLOPT_CAPATH, $this->capath);
+ } + + if($this->cainfo) {
+ curl_setopt($curl, CURLOPT_CAINFO, $this->cainfo);
+ }
+ } + + if ($method == 'POST') {
+ curl_setopt($curl, CURLOPT_POST, true);
+ curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
+ } elseif ($method == 'HEAD') {
+ curl_setopt($curl, CURLOPT_HEADER, true);
+ curl_setopt($curl, CURLOPT_NOBODY, true);
+ } else {
+ curl_setopt($curl, CURLOPT_HEADER, true);
+ curl_setopt($curl, CURLOPT_HTTPGET, true);
+ }
+ $response = curl_exec($curl); + + if($method == 'HEAD' && curl_getinfo($curl, CURLINFO_HTTP_CODE) == 405) {
+ curl_setopt($curl, CURLOPT_HTTPGET, true);
+ $response = curl_exec($curl);
+ $response = substr($response, 0, strpos($response, "\r\n\r\n"));
+ } + + if($method == 'HEAD' || $method == 'GET') {
+ $header_response = $response; + + # If it's a GET request, we want to only parse the header part.
+ if($method == 'GET') {
+ $header_response = substr($response, 0, strpos($response, "\r\n\r\n"));
+ } + + $headers = [];
+ foreach(explode("\n", $header_response) as $header) {
+ $pos = strpos($header,':');
+ if ($pos !== false) {
+ $name = strtolower(trim(substr($header, 0, $pos)));
+ $headers[$name] = trim(substr($header, $pos+1));
+ }
+ } + + if($update_claimed_id) {
+ # Update the claimed_id value in case of redirections.
+ $effective_url = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);
+ # Ignore the fragment (some cURL versions don't handle it well).
+ if (strtok($effective_url, '#') != strtok($url, '#')) {
+ $this->identity = $this->claimed_id = $effective_url;
+ }
+ } + + if($method == 'HEAD') {
+ return $headers;
+ }
+ $this->headers = $headers; + + } + + if (curl_errno($curl)) {
+ throw new ErrorException(curl_error($curl), curl_errno($curl)); + } + + return $response;
+ } + + protected function parse_header_array($array, $update_claimed_id)
+ {
+ $headers = [];
+ foreach($array as $header) {
+ $pos = strpos($header,':');
+ if ($pos !== false) {
+ $name = strtolower(trim(substr($header, 0, $pos)));
+ $headers[$name] = trim(substr($header, $pos+1)); + + # Following possible redirections. The point is just to have
+ # claimed_id change with them, because the redirections
+ # are followed automatically.
+ # We ignore redirections with relative paths.
+ # If any known provider uses them, file a bug report.
+ if($name == 'location' && $update_claimed_id) {
+ if(strpos($headers[$name], 'http') === 0) {
+ $this->identity = $this->claimed_id = $headers[$name];
+ } elseif($headers[$name][0] == '/') {
+ $parsed_url = parse_url($this->claimed_id);
+ $this->identity =
+ $this->claimed_id = $parsed_url['scheme'] . '://'
+ . $parsed_url['host']
+ . $headers[$name];
+ }
+ }
+ }
+ }
+ return $headers;
+ } + + protected function request_streams($url, $method='GET', $params=[], $update_claimed_id)
+ {
+ if(!$this->hostExists($url)) {
+ throw new ErrorException("Could not connect to $url.", 404); + } + + if (empty($this->cnmatch)) {
+ $this->cnmatch = parse_url($url, PHP_URL_HOST);
+ } + + $params = http_build_query($params, '', '&');
+ switch($method) {
+ case 'GET':
+ $opts = [
+ 'http' => [
+ 'method' => 'GET',
+ 'header' => 'Accept: application/xrds+xml, */*',
+ 'user_agent' => $this->user_agent,
+ 'ignore_errors' => true,
+ ],
+ 'ssl' => [
+ 'CN_match' => $this->cnmatch,
+ ],
+ ];
+ $url = $url . ($params ? '?' . $params : '');
+ if (!empty($this->proxy)) {
+ $opts['http']['proxy'] = $this->proxy_url();
+ }
+ break;
+ case 'POST':
+ $opts = [
+ 'http' => [
+ 'method' => 'POST',
+ 'header' => 'Content-type: application/x-www-form-urlencoded',
+ 'user_agent' => $this->user_agent,
+ 'content' => $params,
+ 'ignore_errors' => true,
+ ],
+ 'ssl' => [
+ 'CN_match' => $this->cnmatch,
+ ],
+ ];
+ if (!empty($this->proxy)) {
+ $opts['http']['proxy'] = $this->proxy_url();
+ }
+ break;
+ case 'HEAD':
+ // We want to send a HEAD request, but since get_headers() doesn't
+ // accept $context parameter, we have to change the defaults.
+ $default = stream_context_get_options(stream_context_get_default()); + + // PHP does not reset all options. Instead, it just sets the options
+ // available in the passed array, therefore set the defaults manually.
+ $default += [
+ 'http' => [],
+ 'ssl' => [],
+ ];
+ $default['http'] += [
+ 'method' => 'GET',
+ 'header' => '',
+ 'user_agent' => '',
+ 'ignore_errors' => false,
+ ];
+ $default['ssl'] += [
+ 'CN_match' => '',
+ ]; + + $opts = [
+ 'http' => [
+ 'method' => 'HEAD',
+ 'header' => 'Accept: application/xrds+xml, */*',
+ 'user_agent' => $this->user_agent,
+ 'ignore_errors' => true,
+ ],
+ 'ssl' => [
+ 'CN_match' => $this->cnmatch,
+ ],
+ ]; + + // Enable validation of the SSL certificates.
+ if ($this->verify_peer) {
+ $default['ssl'] += [
+ 'verify_peer' => false,
+ 'capath' => '',
+ 'cafile' => '',
+ ];
+ $opts['ssl'] += [
+ 'verify_peer' => true,
+ 'capath' => $this->capath,
+ 'cafile' => $this->cainfo,
+ ];
+ } + + // Change the stream context options.
+ stream_context_get_default($opts); + + $headers = get_headers($url . ($params ? '?' . $params : '')); + + // Restore the stream context options.
+ stream_context_get_default($default); + + if (!empty($headers)) {
+ if ((int) (substr($headers[0], strlen('HTTP/1.1 '))) == 405) {
+ // The server doesn't support HEAD - emulate it with a GET.
+ $args = func_get_args();
+ $args[1] = 'GET';
+ call_user_func_array([$this, 'request_streams'], $args);
+ $headers = $this->headers;
+ } else {
+ $headers = $this->parse_header_array($headers, $update_claimed_id);
+ }
+ } else {
+ $headers = [];
+ } + + return $headers;
+ } + + if ($this->verify_peer) {
+ $opts['ssl'] += [
+ 'verify_peer' => true,
+ 'capath' => $this->capath,
+ 'cafile' => $this->cainfo,
+ ];
+ } + + $context = stream_context_create ($opts);
+ $data = file_get_contents($url, false, $context);
+ # This is a hack for providers who don't support HEAD requests.
+ # It just creates the headers array for the last request in $this->headers.
+ if(isset($http_response_header)) {
+ $this->headers = $this->parse_header_array($http_response_header, $update_claimed_id);
+ } + + return $data;
+ } + + protected function request($url, $method='GET', $params=[], $update_claimed_id=false)
+ {
+ $use_curl = false; + + if (function_exists('curl_init')) {
+ if (!$use_curl) {
+ # When allow_url_fopen is disabled, PHP streams will not work.
+ $use_curl = !ini_get('allow_url_fopen');
+ } + + if (!$use_curl) {
+ # When there is no HTTPS wrapper, PHP streams cannott be used.
+ $use_curl = !in_array('https', stream_get_wrappers());
+ } + + if (!$use_curl) {
+ # With open_basedir or safe_mode set, cURL can't follow redirects.
+ $use_curl = !(ini_get('safe_mode') || ini_get('open_basedir'));
+ }
+ } + + return
+ $use_curl
+ ? $this->request_curl($url, $method, $params, $update_claimed_id)
+ : $this->request_streams($url, $method, $params, $update_claimed_id);
+ } + + protected function proxy_url()
+ {
+ $result = ''; + + if (!empty($this->proxy)) {
+ $result = $this->proxy['host']; + + if (!empty($this->proxy['port'])) {
+ $result = $result . ':' . $this->proxy['port'];
+ } + + if (!empty($this->proxy['user'])) {
+ $result = $this->proxy['user'] . ':' . $this->proxy['pass'] . '@' . $result;
+ } + + $result = 'http://' . $result;
+ } + + return $result;
+ } + + protected function build_url($url, $parts)
+ {
+ if (isset($url['query'], $parts['query'])) {
+ $parts['query'] = $url['query'] . '&' . $parts['query'];
+ } + + $url = $parts + $url;
+ $url = $url['scheme'] . '://'
+ . (empty($url['username'])?''
+ :(empty($url['password'])? "{$url['username']}@"
+ :"{$url['username']}:{$url['password']}@"))
+ . $url['host']
+ . (empty($url['port'])?'':":{$url['port']}")
+ . (empty($url['path'])?'':$url['path'])
+ . (empty($url['query'])?'':"?{$url['query']}")
+ . (empty($url['fragment'])?'':"#{$url['fragment']}");
+ return $url;
+ } + + /**
+ * Helper function used to scan for <meta>/<link> tags and extract information
+ * from them
+ */
+ protected function htmlTag($content, $tag, $attrName, $attrValue, $valueName)
+ {
+ preg_match_all("#<{$tag}[^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*$valueName=['\"](.+?)['\"][^>]*/?>#i", $content, $matches1);
+ preg_match_all("#<{$tag}[^>]*$valueName=['\"](.+?)['\"][^>]*$attrName=['\"].*?$attrValue.*?['\"][^>]*/?>#i", $content, $matches2); + + $result = array_merge($matches1[1], $matches2[1]);
+ return empty($result)?false:$result[0];
+ } + + /**
+ * Performs Yadis and HTML discovery. Normally not used.
+ * @param $url Identity URL.
+ * @return String OP Endpoint (i.e. OpenID provider address).
+ * @throws ErrorException
+ */
+ function discover($url)
+ {
+ if (!$url) throw new ErrorException('No identity supplied.');
+ # Use xri.net proxy to resolve i-name identities
+ if (!preg_match('#^https?:#', $url)) {
+ $url = "https://xri.net/$url";
+ } + + # We save the original url in case of Yadis discovery failure.
+ # It can happen when we'll be lead to an XRDS document
+ # which does not have any OpenID2 services.
+ $originalUrl = $url; + + # A flag to disable yadis discovery in case of failure in headers.
+ $yadis = true; + + # Allows optional regex replacement of the URL, e.g. to use Google Apps
+ # as an OpenID provider without setting up XRDS on the domain hosting.
+ if (!is_null($this->xrds_override_pattern) && !is_null($this->xrds_override_replacement)) {
+ $url = preg_replace($this->xrds_override_pattern, $this->xrds_override_replacement, $url);
+ } + + # We'll jump a maximum of 5 times, to avoid endless redirections.
+ for ($i = 0; $i < 5; $i ++) {
+ if ($yadis) {
+ $headers = $this->request($url, 'HEAD', [], true); + + $next = false;
+ if (isset($headers['x-xrds-location'])) {
+ $url = $this->build_url(parse_url($url), parse_url(trim($headers['x-xrds-location'])));
+ $next = true;
+ } + + if (isset($headers['content-type']) && $this->is_allowed_type($headers['content-type'])) {
+ # Found an XRDS document, now let's find the server, and optionally delegate.
+ $content = $this->request($url, 'GET'); + + preg_match_all('#<Service.*?>(.*?)</Service>#s', $content, $m);
+ foreach($m[1] as $content) {
+ $content = ' ' . $content; # The space is added, so that strpos doesn't return 0. + + # OpenID 2
+ $ns = preg_quote('http://specs.openid.net/auth/2.0/', '#');
+ if(preg_match('#<Type>\s*'.$ns.'(server|signon)\s*</Type>#s', $content, $type)) {
+ if ($type[1] == 'server') $this->identifier_select = true; + + preg_match('#<URI.*?>(.*)</URI>#', $content, $server);
+ preg_match('#<(Local|Canonical)ID>(.*)</\1ID>#', $content, $delegate);
+ if (empty($server)) {
+ return false;
+ }
+ # Does the server advertise support for either AX or SREG?
+ $this->ax = (bool) strpos($content, '<Type>http://openid.net/srv/ax/1.0</Type>');
+ $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>')
+ || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>'); + + $server = $server[1];
+ if (isset($delegate[2])) $this->identity = trim($delegate[2]);
+ $this->version = 2; + + $this->server = $server;
+ return $server;
+ } + + # OpenID 1.1
+ $ns = preg_quote('http://openid.net/signon/1.1', '#');
+ if (preg_match('#<Type>\s*'.$ns.'\s*</Type>#s', $content)) { + + preg_match('#<URI.*?>(.*)</URI>#', $content, $server);
+ preg_match('#<.*?Delegate>(.*)</.*?Delegate>#', $content, $delegate);
+ if (empty($server)) {
+ return false;
+ }
+ # AX can be used only with OpenID 2.0, so checking only SREG
+ $this->sreg = strpos($content, '<Type>http://openid.net/sreg/1.0</Type>')
+ || strpos($content, '<Type>http://openid.net/extensions/sreg/1.1</Type>'); + + $server = $server[1];
+ if (isset($delegate[1])) $this->identity = $delegate[1];
+ $this->version = 1; + + $this->server = $server;
+ return $server;
+ }
+ } + + $next = true;
+ $yadis = false;
+ $url = $originalUrl;
+ $content = null;
+ break;
+ }
+ if ($next) continue; + + # There are no relevant information in headers, so we search the body.
+ $content = $this->request($url, 'GET', [], true); + + if (isset($this->headers['x-xrds-location'])) {
+ $url = $this->build_url(parse_url($url), parse_url(trim($this->headers['x-xrds-location'])));
+ continue;
+ } + + $location = $this->htmlTag($content, 'meta', 'http-equiv', 'X-XRDS-Location', 'content');
+ if ($location) {
+ $url = $this->build_url(parse_url($url), parse_url($location));
+ continue;
+ }
+ } + + if (!$content) $content = $this->request($url, 'GET'); + + # At this point, the YADIS Discovery has failed, so we'll switch
+ # to openid2 HTML discovery, then fallback to openid 1.1 discovery.
+ $server = $this->htmlTag($content, 'link', 'rel', 'openid2.provider', 'href');
+ $delegate = $this->htmlTag($content, 'link', 'rel', 'openid2.local_id', 'href');
+ $this->version = 2; + + if (!$server) {
+ # The same with openid 1.1
+ $server = $this->htmlTag($content, 'link', 'rel', 'openid.server', 'href');
+ $delegate = $this->htmlTag($content, 'link', 'rel', 'openid.delegate', 'href');
+ $this->version = 1;
+ } + + if ($server) {
+ # We found an OpenID2 OP Endpoint
+ if ($delegate) {
+ # We have also found an OP-Local ID.
+ $this->identity = $delegate;
+ }
+ $this->server = $server;
+ return $server;
+ } + + throw new ErrorException("No OpenID Server found at $url", 404); + }
+ throw new ErrorException('Endless redirection!', 500); + } + + protected function is_allowed_type($content_type) {
+ # Apparently, some providers return XRDS documents as text/html.
+ # While it is against the spec, allowing this here shouldn't break
+ # compatibility with anything.
+ $allowed_types = ['application/xrds+xml', 'text/html', 'text/xml']; + + foreach ($allowed_types as $type) {
+ if (strpos($content_type, $type) !== false) {
+ return true;
+ }
+ } + + return false;
+ } + + protected function sregParams()
+ {
+ $params = [];
+ # We always use SREG 1.1, even if the server is advertising only support for 1.0.
+ # That's because it's fully backwards compatibile with 1.0, and some providers
+ # advertise 1.0 even if they accept only 1.1. One such provider is myopenid.com
+ $params['openid.ns.sreg'] = 'http://openid.net/extensions/sreg/1.1';
+ if ($this->required) {
+ $params['openid.sreg.required'] = [];
+ foreach ($this->required as $required) {
+ if (!isset(self::$ax_to_sreg[$required])) continue;
+ $params['openid.sreg.required'][] = self::$ax_to_sreg[$required];
+ }
+ $params['openid.sreg.required'] = implode(',', $params['openid.sreg.required']);
+ } + + if ($this->optional) {
+ $params['openid.sreg.optional'] = [];
+ foreach ($this->optional as $optional) {
+ if (!isset(self::$ax_to_sreg[$optional])) continue;
+ $params['openid.sreg.optional'][] = self::$ax_to_sreg[$optional];
+ }
+ $params['openid.sreg.optional'] = implode(',', $params['openid.sreg.optional']);
+ }
+ return $params;
+ } + + protected function axParams()
+ {
+ $params = [];
+ if ($this->required || $this->optional) {
+ $params['openid.ns.ax'] = 'http://openid.net/srv/ax/1.0';
+ $params['openid.ax.mode'] = 'fetch_request';
+ $this->aliases = [];
+ $counts = [];
+ $required = [];
+ $optional = [];
+ foreach (['required','optional'] as $type) {
+ foreach ($this->$type as $alias => $field) {
+ if (is_int($alias)) $alias = strtr($field, '/', '_');
+ $this->aliases[$alias] = 'http://axschema.org/' . $field;
+ if (empty($counts[$alias])) $counts[$alias] = 0;
+ $counts[$alias] += 1;
+ ${$type}[] = $alias;
+ }
+ }
+ foreach ($this->aliases as $alias => $ns) {
+ $params['openid.ax.type.' . $alias] = $ns;
+ }
+ foreach ($counts as $alias => $count) {
+ if ($count == 1) continue;
+ $params['openid.ax.count.' . $alias] = $count;
+ } + + # Don't send empty ax.requied and ax.if_available.
+ # Google and possibly other providers refuse to support ax when one of these is empty.
+ if($required) {
+ $params['openid.ax.required'] = implode(',', $required);
+ }
+ if($optional) {
+ $params['openid.ax.if_available'] = implode(',', $optional);
+ }
+ }
+ return $params;
+ } + + protected function authUrl_v1($immediate)
+ {
+ $returnUrl = $this->returnUrl;
+ # If we have an openid.delegate that is different from our claimed id,
+ # we need to somehow preserve the claimed id between requests.
+ # The simplest way is to just send it along with the return_to url.
+ if($this->identity != $this->claimed_id) {
+ $returnUrl .= (strpos($returnUrl, '?') ? '&' : '?') . 'openid.claimed_id=' . $this->claimed_id;
+ } + + $params = [
+ 'openid.return_to' => $returnUrl,
+ 'openid.mode' => $immediate ? 'checkid_immediate' : 'checkid_setup',
+ 'openid.identity' => $this->identity,
+ 'openid.trust_root' => $this->trustRoot,
+ ] + $this->sregParams(); + + return $this->build_url(parse_url($this->server)
+ , ['query' => http_build_query($params, '', '&')], );
+ } + + protected function authUrl_v2($immediate)
+ {
+ $params = [
+ 'openid.ns' => 'http://specs.openid.net/auth/2.0',
+ 'openid.mode' => $immediate ? 'checkid_immediate' : 'checkid_setup',
+ 'openid.return_to' => $this->returnUrl,
+ 'openid.realm' => $this->trustRoot,
+ ]; + + if ($this->ax) {
+ $params += $this->axParams();
+ } + + if ($this->sreg) {
+ $params += $this->sregParams();
+ } + + if (!$this->ax && !$this->sreg) {
+ # If OP doesn't advertise either SREG, nor AX, let's send them both
+ # in worst case we don't get anything in return.
+ $params += $this->axParams() + $this->sregParams();
+ } + + if (!empty($this->oauth) && is_array($this->oauth)) {
+ $params['openid.ns.oauth'] = 'http://specs.openid.net/extensions/oauth/1.0';
+ $params['openid.oauth.consumer'] = str_replace(['http://', 'https://'], '', $this->trustRoot);
+ $params['openid.oauth.scope'] = implode(' ', $this->oauth);
+ } + + if ($this->identifier_select) {
+ $params['openid.identity'] = $params['openid.claimed_id']
+ = 'http://specs.openid.net/auth/2.0/identifier_select';
+ } else {
+ $params['openid.identity'] = $this->identity;
+ $params['openid.claimed_id'] = $this->claimed_id;
+ } + + return $this->build_url(parse_url($this->server)
+ , ['query' => http_build_query($params, '', '&')], );
+ } + + /**
+ * Returns authentication url. Usually, you want to redirect your user to it.
+ * @return String The authentication url.
+ * @param String $select_identifier Whether to request OP to select identity for an user in OpenID 2. Does not affect OpenID 1.
+ * @throws ErrorException
+ */
+ function authUrl($immediate = false)
+ {
+ if ($this->setup_url && !$immediate) return $this->setup_url;
+ if (!$this->server) $this->discover($this->identity); + + if ($this->version == 2) {
+ return $this->authUrl_v2($immediate);
+ }
+ return $this->authUrl_v1($immediate);
+ } + + /**
+ * Performs OpenID verification with the OP.
+ * @return Bool Whether the verification was successful.
+ * @throws ErrorException
+ */
+ function validate()
+ {
+ # If the request was using immediate mode, a failure may be reported
+ # by presenting user_setup_url (for 1.1) or reporting
+ # mode 'setup_needed' (for 2.0). Also catching all modes other than
+ # id_res, in order to avoid throwing errors.
+ if(isset($this->data['openid_user_setup_url'])) {
+ $this->setup_url = $this->data['openid_user_setup_url'];
+ return false;
+ }
+ if($this->mode != 'id_res') {
+ return false;
+ } + + $this->claimed_id = $this->data['openid_claimed_id']??$this->data['openid_identity'];
+ $params = [
+ 'openid.assoc_handle' => $this->data['openid_assoc_handle'],
+ 'openid.signed' => $this->data['openid_signed'],
+ 'openid.sig' => $this->data['openid_sig'],
+ ]; + + if (isset($this->data['openid_ns'])) {
+ # We're dealing with an OpenID 2.0 server, so let's set an ns
+ # Even though we should know location of the endpoint,
+ # we still need to verify it by discovery, so $server is not set here
+ $params['openid.ns'] = 'http://specs.openid.net/auth/2.0';
+ } elseif (isset($this->data['openid_claimed_id'])
+ && $this->data['openid_claimed_id'] != $this->data['openid_identity']
+ ) {
+ # If it's an OpenID 1 provider, and we've got claimed_id,
+ # we have to append it to the returnUrl, like authUrl_v1 does.
+ $this->returnUrl .= (strpos($this->returnUrl, '?') ? '&' : '?')
+ . 'openid.claimed_id=' . $this->claimed_id;
+ } + + if ($this->data['openid_return_to'] != $this->returnUrl) {
+ # The return_to url must match the url of current request.
+ # I'm assuing that noone will set the returnUrl to something that doesn't make sense.
+ return false;
+ } + + $server = $this->discover($this->claimed_id); + + foreach (explode(',', $this->data['openid_signed']) as $item) {
+ # Checking whether magic_quotes_gpc is turned on, because
+ # the function may fail if it is. For example, when fetching
+ # AX namePerson, it might containg an apostrophe, which will be escaped.
+ # In such case, validation would fail, since we'd send different data than OP
+ # wants to verify. stripslashes() should solve that problem, but we can't
+ # use it when magic_quotes is off.
+ $value = $this->data['openid_' . str_replace('.','_',$item)];
+ $params['openid.' . $item] = function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() ? stripslashes($value) : $value; + + } + + $params['openid.mode'] = 'check_authentication'; + + $response = $this->request($server, 'POST', $params); + + return preg_match('/is_valid\s*:\s*true/i', $response);
+ } + + protected function getAxAttributes()
+ {
+ $result = []; + + if ($alias = $this->getNamespaceAlias('http://openid.net/srv/ax/1.0', 'ax')) {
+ $prefix = 'openid_' . $alias;
+ $length = strlen('http://axschema.org/'); + + foreach (explode(',', $this->data['openid_signed']) as $key) {
+ $keyMatch = $alias . '.type.'; + + if (strncmp($key, $keyMatch, strlen($keyMatch)) !== 0) {
+ continue;
+ } + + $key = substr($key, strlen($keyMatch));
+ $idv = $prefix . '_value_' . $key;
+ $idc = $prefix . '_count_' . $key;
+ $key = substr($this->getItem($prefix . '_type_' . $key), $length); + + if (!empty($key)) {
+ if (($count = (int) ($this->getItem($idc))) > 0) {
+ $value = []; + + for ($i = 1; $i <= $count; $i++) {
+ $value[] = $this->getItem($idv . '_' . $i);
+ } + + $value = ($count == 1) ? reset($value) : $value;
+ } else {
+ $value = $this->getItem($idv);
+ } + + if (!is_null($value)) {
+ $result[$key] = $value;
+ }
+ }
+ }
+ }
+ // No alias for the AX schema has been found,
+ // so there is no AX data in the OP's response. + + return $result;
+ } + + protected function getSregAttributes()
+ {
+ $attributes = [];
+ $sreg_to_ax = array_flip(self::$ax_to_sreg);
+ foreach (explode(',', $this->data['openid_signed']) as $key) {
+ $keyMatch = 'sreg.';
+ if (strncmp($key, $keyMatch, strlen($keyMatch)) !== 0) {
+ continue;
+ }
+ $key = substr($key, strlen($keyMatch));
+ if (!isset($sreg_to_ax[$key])) {
+ # The field name isn't part of the SREG spec, so we ignore it.
+ continue;
+ }
+ $attributes[$sreg_to_ax[$key]] = $this->data['openid_sreg_' . $key];
+ }
+ return $attributes;
+ } + + /**
+ * Gets AX/SREG attributes provided by OP. should be used only after successful validaton.
+ * Note that it does not guarantee that any of the required/optional parameters will be present,
+ * or that there will be no other attributes besides those specified.
+ * In other words. OP may provide whatever information it wants to.
+ * * SREG names will be mapped to AX names.
+ * * @return Array Array of attributes with keys being the AX schema names, e.g. 'contact/email'
+ * @see http://www.axschema.org/types/
+ */
+ function getAttributes()
+ {
+ if (isset($this->data['openid_ns'])
+ && $this->data['openid_ns'] == 'http://specs.openid.net/auth/2.0'
+ ) { # OpenID 2.0
+ # We search for both AX and SREG attributes, with AX taking precedence.
+ return $this->getAxAttributes() + $this->getSregAttributes();
+ }
+ return $this->getSregAttributes();
+ } + + /**
+ * Gets an OAuth request token if the OpenID+OAuth hybrid protocol has been used.
+ *
+ * In order to use the OpenID+OAuth hybrid protocol, you need to add at least one
+ * scope to the $openid->oauth array before you get the call to getAuthUrl(), e.g.:
+ * $openid->oauth[] = 'https://www.googleapis.com/auth/plus.me';
+ *
+ * Furthermore the registered consumer name must fit the OpenID realm.
+ * To register an OpenID consumer at Google use: https://www.google.com/accounts/ManageDomains
+ *
+ * @return string|bool OAuth request token on success, FALSE if no token was provided.
+ */
+ function getOAuthRequestToken()
+ {
+ $alias = $this->getNamespaceAlias('http://specs.openid.net/extensions/oauth/1.0'); + + return !empty($alias) ? $this->data['openid_' . $alias . '_request_token'] : false;
+ } + + /**
+ * Gets the alias for the specified namespace, if it's present.
+ *
+ * @param string $namespace The namespace for which an alias is needed.
+ * @param string $hint Common alias of this namespace, used for optimization.
+ * @return string|null The namespace alias if found, otherwise - NULL.
+ */
+ private function getNamespaceAlias($namespace, $hint = null)
+ {
+ $result = null; + + if (empty($hint) || $this->getItem('openid_ns_' . $hint) != $namespace) {
+ // The common alias is either undefined or points to
+ // some other extension - search for another alias..
+ $prefix = 'openid_ns_';
+ $length = strlen($prefix); + + foreach ($this->data as $key => $val) {
+ if (strncmp($key, $prefix, $length) === 0 && $val === $namespace) {
+ $result = trim(substr($key, $length));
+ break;
+ }
+ }
+ } else {
+ $result = $hint;
+ } + + return $result;
+ } + + /**
+ * Gets an item from the $data array by the specified id.
+ *
+ * @param string $id The id of the desired item.
+ * @return string|null The item if found, otherwise - NULL.
+ */
+ private function getItem($id)
+ {
+ return $this->data[$id] ?? null;
+ }
+} diff --git a/hauth/Hybrid/thirdparty/index.html b/hauth/Hybrid/thirdparty/index.html index 065d2da..065d2da 100644..100755 --- a/hauth/Hybrid/thirdparty/index.html +++ b/hauth/Hybrid/thirdparty/index.html diff --git a/hauth/disconnect.php b/hauth/disconnect.php index 8efd2ca..3db74d8 100644 --- a/hauth/disconnect.php +++ b/hauth/disconnect.php @@ -6,7 +6,7 @@ // | This source file is subject to version 2.0 of the GPL license | // +--------------------------------------------------------------------+ // | Portions Copyright (c) 2003 The zen-cart developers | -// | Portions Copyright (c) 2003 osCommerce | +// | Portions Copyright (c) 2003 osCommerce | // +--------------------------------------------------------------------+ // diff --git a/hauth/images/google.png b/hauth/images/google.png Binary files differindex c1e2c5c..c1e2c5c 100644..100755 --- a/hauth/images/google.png +++ b/hauth/images/google.png diff --git a/hauth/index.php b/hauth/index.php index 29e76db..1386c84 100644 --- a/hauth/index.php +++ b/hauth/index.php @@ -3,19 +3,19 @@ * HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
-*/
-
+*/ + // ------------------------------------------------------------------------
// HybridAuth End Point
// ------------------------------------------------------------------------
require_once( '../../kernel/includes/setup_inc.php' );
-require_once( EXTERNAL_LIBS_PATH . 'facebook/src/Facebook/autoload.php' );
-
+require_once( EXTERNAL_LIBS_PATH . 'facebook/src/Facebook/autoload.php' ); + require_once( "Hybrid/Auth.php" );
-require_once( "Hybrid/Endpoint.php" );
-
+require_once( "Hybrid/Endpoint.php" ); + try {
Hybrid_Endpoint::process();
} catch( Exception $e ) {
$gBitSystem->fatalError( $e->getMessage(), NULL, NULL, HttpStatusCodes::HTTP_UNAUTHORIZED );
-}
+} |
