Author: chabotc
Date: Sat Nov 8 11:26:10 2008
New Revision: 712424
URL: http://svn.apache.org/viewvc?rev=712424&view=rev
Log:
OAuth support fixups and SPI rework, we now assume all the questions like 'does
this user have this app', and 'does this user have this app installed' are delt
with inside of the getSecurityToken function .. if not, return NULL, if
everything checks out, return a token :) ps java folks, hope you'll be able to
follow this change in the future when you have time to catch up on 3legged
oauth support
Modified:
incubator/shindig/trunk/php/src/common/OAuthLookupService.php
incubator/shindig/trunk/php/src/common/sample/BasicOAuthLookupService.php
incubator/shindig/trunk/php/src/social/service/PersonHandler.php
incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php
Modified: incubator/shindig/trunk/php/src/common/OAuthLookupService.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/common/OAuthLookupService.php?rev=712424&r1=712423&r2=712424&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/common/OAuthLookupService.php (original)
+++ incubator/shindig/trunk/php/src/common/OAuthLookupService.php Sat Nov 8
11:26:10 2008
@@ -22,9 +22,6 @@
* Interface for handling the validation of OAuth requests.
*/
abstract class OAuthLookupService {
-
- abstract public function thirdPartyHasAccessToUser($oauthRequest,
$appUrl, $userId);
-
- abstract public function getSecurityToken($appUrl, $userId);
+ abstract public function getSecurityToken($oauthRequest, $appUrl,
$userId);
}
Modified:
incubator/shindig/trunk/php/src/common/sample/BasicOAuthLookupService.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/common/sample/BasicOAuthLookupService.php?rev=712424&r1=712423&r2=712424&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/common/sample/BasicOAuthLookupService.php
(original)
+++ incubator/shindig/trunk/php/src/common/sample/BasicOAuthLookupService.php
Sat Nov 8 11:26:10 2008
@@ -23,33 +23,7 @@
*/
class BasicOAuthLookupService extends OAuthLookupService {
- public function thirdPartyHasAccessToUser($oauthRequest, $appUrl,
$userId)
- {
- $appId = $this->getAppId($appUrl);
- return $this->hasValidSignature($oauthRequest, $appUrl, $appId)
&& $this->userHasAppInstalled($userId, $appId);
- }
-
- private function hasValidSignature($oauthRequest, $appUrl, $appId)
- {
- try {
- $server = new OAuthServer(new BasicOAuthDataStore());
- $server->add_signature_method(new
OAuthSignatureMethod_HMAC_SHA1());
- $server->add_signature_method(new
OAuthSignatureMethod_PLAINTEXT());
- list($consumer, $token) =
$server->verify_request($oauthRequest);
- return true;
- } catch (OAuthException $e) {
- //FIXME seems some old debugging code? should clean
this up if so
- echo "OAuthException: " . $e->getMessage();
- }
- return false;
- }
-
- private function userHasAppInstalled($apUrl, $appId)
- {
- return true; // a real implementation would look this up
- }
-
- public function getSecurityToken($appUrl, $userId)
+ public function getSecurityToken($oauthRequest, $appUrl, $userId)
{
return new OAuthSecurityToken($userId, $appUrl,
$this->getAppId($appUrl), "samplecontainer");
}
Modified: incubator/shindig/trunk/php/src/social/service/PersonHandler.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social/service/PersonHandler.php?rev=712424&r1=712423&r2=712424&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/social/service/PersonHandler.php (original)
+++ incubator/shindig/trunk/php/src/social/service/PersonHandler.php Sat Nov 8
11:26:10 2008
@@ -74,7 +74,7 @@
$options->setFilterValue($request->getFilterValue());
$options->setStartIndex($request->getStartIndex());
$options->setCount($request->getCount());
-
+ // personId: Array ( [0] => 8 )
if (count($userIds) == 1) {
if (count($optionalPersonId) == 0) {
if ($groupId->getType() == 'self') {
@@ -83,8 +83,7 @@
return
$this->personService->getPeople($userIds, $groupId, $options, $fields,
$request->getToken());
}
} elseif (count($optionalPersonId) == 1) {
- // TODO: Add some crazy concept to handle the
userId?
- return $this->personService->getPerson(new
UserId('userId', $optionalPersonId[0]), $groupId, $fields,
$request->getToken());
+ return
$this->personService->getPerson($optionalPersonId[0], $groupId, $fields,
$request->getToken());
} else {
$personIds = array();
foreach ($optionalPersonId as $pid) {
Modified: incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php?rev=712424&r1=712423&r2=712424&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php (original)
+++ incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php Sat Nov 8
11:26:10 2008
@@ -87,29 +87,35 @@
$userId = $request->get_parameter('xoauth_requestor_id'); //
from Consumer Request extension (2-legged OAuth)
$signature = $request->get_parameter('oauth_signature');
- // TODO: also allow userId to be specified via oauth token
and/or in URL?
if ($appUrl && $signature) {
//if ($appUrl && $signature && $userId) {
// look up the user and perms for this oauth request
$oauthLookupService =
Config::get('oauth_lookup_service');
$oauthLookupService = new $oauthLookupService();
- if
($oauthLookupService->thirdPartyHasAccessToUser($request, $appUrl, $userId)) {
- return
$oauthLookupService->getSecurityToken($appUrl, $userId);
+ $token =
$oauthLookupService->getSecurityToken($request, $appUrl, $userId);
+ if ($token) {
+ return $token;
} else {
- return null; // invalid oauth request
+ return null; // invalid oauth request, or 3rd
party doesn't have access to this user
}
} // else, not a valid oauth request, so don't bother
+
// look for encrypted security token
$token = isset($_POST['st']) ? $_POST['st'] :
(isset($_GET['st']) ? $_GET['st'] : '');
if (empty($token)) {
- // no security token, continue anonymously, remeber to
check
- // for private profiles etc in your code so their not
publicly
- // accessable to anoymous users! Anonymous == owner =
viewer = appId = modId = 0
- //FIXME change this to a new AnonymousToken when
reworking auth token
- $gadgetSigner = Config::get('security_token');
- // create token with 0 values, no gadget url, no domain
and 0 duration
- return new $gadgetSigner(null, 0, 0, 0, 0, '', '', 0);
+ if (Config::get('allow_anonymous_token')) {
+ // no security token, continue anonymously,
remeber to check
+ // for private profiles etc in your code so
their not publicly
+ // accessable to anoymous users! Anonymous ==
owner = viewer = appId = modId = 0
+ // create token with 0 values, no gadget url,
no domain and 0 duration
+
+ //FIXME change this to a new AnonymousToken
when reworking auth token
+ $gadgetSigner = Config::get('security_token');
+ return new $gadgetSigner(null, 0, 0, 0, 0, '',
'', 0);
+ } else {
+ return null;
+ }
}
if (count(explode(':', $token)) != 6) {
$token = urldecode(base64_decode($token));
