apioauthaccesstoken.php 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. <?php
  2. /**
  3. * StatusNet, the distributed open-source microblogging tool
  4. *
  5. * Action for getting OAuth token credentials (exchange an authorized
  6. * request token for an access token)
  7. *
  8. * PHP version 5
  9. *
  10. * LICENCE: This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as published by
  12. * the Free Software Foundation, either version 3 of the License, or
  13. * (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. * @category API
  24. * @package StatusNet
  25. * @author Zach Copley <zach@status.net>
  26. * @copyright 2010 StatusNet, Inc.
  27. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  28. * @link http://status.net/
  29. */
  30. if (!defined('GNUSOCIAL')) { exit(1); }
  31. /**
  32. * Action for getting OAuth token credentials (exchange an authorized
  33. * request token for an access token)
  34. *
  35. * @category API
  36. * @package StatusNet
  37. * @author Zach Copley <zach@status.net>
  38. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  39. * @link http://status.net/
  40. */
  41. class ApiOAuthAccessTokenAction extends ApiOAuthAction
  42. {
  43. protected $reqToken = null;
  44. protected $verifier = null;
  45. /**
  46. * Class handler.
  47. *
  48. * @param array $args array of arguments
  49. *
  50. * @return void
  51. */
  52. function handle($args)
  53. {
  54. parent::handle($args);
  55. $datastore = new ApiGNUsocialOAuthDataStore();
  56. $server = new OAuthServer($datastore);
  57. $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
  58. $server->add_signature_method($hmac_method);
  59. $atok = $app = null;
  60. // XXX: Insist that oauth_token and oauth_verifier be populated?
  61. // Spec doesn't say they MUST be.
  62. try {
  63. $req = OAuthRequest::from_request();
  64. $this->reqToken = $req->get_parameter('oauth_token');
  65. $this->verifier = $req->get_parameter('oauth_verifier');
  66. $app = $datastore->getAppByRequestToken($this->reqToken);
  67. $atok = $server->fetch_access_token($req);
  68. } catch (Exception $e) {
  69. common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage());
  70. common_debug(var_export($req, true));
  71. $code = $e->getCode();
  72. $this->clientError($e->getMessage(), empty($code) ? 401 : $code, 'text');
  73. }
  74. if (empty($atok)) {
  75. // Token exchange failed -- log it
  76. $msg = sprintf(
  77. 'API OAuth - Failure exchanging OAuth request token for access token, '
  78. . 'request token = %s, verifier = %s',
  79. $this->reqToken,
  80. $this->verifier
  81. );
  82. common_log(LOG_WARNING, $msg);
  83. // TRANS: Client error given from the OAuth API when the request token or verifier is invalid.
  84. $this->clientError(_('Invalid request token or verifier.'), 400, 'text');
  85. } else {
  86. common_log(
  87. LOG_INFO,
  88. sprintf(
  89. "Issued access token '%s' for application %d (%s).",
  90. $atok->key,
  91. $app->id,
  92. $app->name
  93. )
  94. );
  95. $this->showAccessToken($atok);
  96. }
  97. }
  98. /*
  99. * Display OAuth token credentials
  100. *
  101. * @param OAuthToken token the access token
  102. */
  103. function showAccessToken($token)
  104. {
  105. header('Content-Type: application/x-www-form-urlencoded');
  106. print $token;
  107. }
  108. }