svn commit: r761105 - in /incubator/shindig/trunk/php/src/gadgets: SigningFetcher.php render/GadgetHrefRenderer.php

Wed, 01 Apr 2009 16:06:07 -0700 

Author: chabotc
Date: Wed Apr  1 23:05:34 2009
New Revision: 761105

URL: http://svn.apache.org/viewvc?rev=761105&view=rev
Log:
switch our signed rquests (called from preloads, makeRequest and 
data-pipelining) use the new oauth_body_hash body signing and a content-type: 
application/json header

Modified:
    incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
    incubator/shindig/trunk/php/src/gadgets/render/GadgetHrefRenderer.php

Modified: incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php?rev=761105&r1=761104&r2=761105&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php Wed Apr  1 
23:05:34 2009
@@ -125,14 +125,25 @@
         }
         $queryParams = $this->sanitize($queryParams);
       }
-      $postParams = array();
+      $contentType = $request->getHeader('Content-Type');
+      $signBody = (stripos($contentType, 'application/x-www-form-urlencoded') 
!== false || $contentType == null);
       if ($request->getPostBody()) {
-        parse_str($request->getPostBody(), $postParams);
-        $postParams = $this->sanitize($postParams);
+        if ($signBody) {
+          $postParams = array();
+          // on normal application/x-www-form-urlencoded type post's encode 
and parse the post vars
+          parse_str($request->getPostBody(), $postParams);
+          $postParams = $this->sanitize($postParams);
+        } else {
+          // on any other content-type of post 
(application/{json,xml,xml+atom}) use the body signing hash
+          // see 
http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html for 
details
+          $queryParams['oauth_body_hash'] = sha1($request->getPostBody());
+        }
       }
       $msgParams = array();
       $msgParams = array_merge($msgParams, $queryParams);
-      $msgParams = array_merge($msgParams, $postParams);
+      if ($signBody) {
+        $msgParams = array_merge($msgParams, $postParams);
+      }
       $this->addOpenSocialParams($msgParams, $request->getToken());
       $this->addOAuthParams($msgParams, $request->getToken());
       $consumer = new OAuthConsumer(NULL, NULL, NULL);
@@ -146,7 +157,7 @@
       // from the query.
       $forPost = array();
       $postData = false;
-      if ($method == 'POST') {
+      if ($method == 'POST' && $signBody) {
         foreach ($postParams as $key => $param) {
           $forPost[$key] = $param;
           if ($postData === false) {
@@ -177,7 +188,9 @@
       // formEncode method.
       $url = $parsedUri['scheme'] . '://' . $parsedUri['host'] . 
(isset($parsedUri['port']) ? ':' . $parsedUri['port'] : '') . 
$parsedUri['path'] . '?' . $newQuery;
       $request->setUri($url);
-      $request->setPostBody($postData);
+      if ($signBody) {
+        $request->setPostBody($postData);
+      }
     } catch (Exception $e) {
       throw new GadgetException($e);
     }

Modified: incubator/shindig/trunk/php/src/gadgets/render/GadgetHrefRenderer.php
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/render/GadgetHrefRenderer.php?rev=761105&r1=761104&r2=761105&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/render/GadgetHrefRenderer.php 
(original)
+++ incubator/shindig/trunk/php/src/gadgets/render/GadgetHrefRenderer.php Wed 
Apr  1 23:05:34 2009
@@ -78,7 +78,6 @@
       $request->setToken($token);
       $request->setAuthType($authz);
       $signingFetcherFactory = new 
SigningFetcherFactory(Config::get("private_key_file"));
-      $_GET = $_POST = array();
     }
 
     $basicFetcher = new BasicRemoteContentFetcher();
@@ -105,7 +104,10 @@
         }
       }
       if (count($requestQueue)) {
-        $result = array_merge($this->performRequests($requestQueue), $result);
+        $returnedResults = $this->performRequests($requestQueue);
+        if (is_array($returnedResults)) {
+          $result = array_merge($returnedResults, $result);
+        }
       }
     } while (count($requestQueue));
     return $result;
@@ -150,7 +152,7 @@
     }
     if (count($jsonRequests)) {
       // perform social api requests
-      $request = new RemoteContentRequest($_SERVER['SERVER_NAME'] . 
Config::get('web_prefix') . '/social/rpc?st=' . urlencode($securityToken) . 
'&format=json', "Content-type: application/json\n", json_encode($jsonRequests));
+      $request = new RemoteContentRequest($_SERVER['SERVER_NAME'] . 
Config::get('web_prefix') . '/social/rpc?st=' . urlencode($securityToken) . 
'&format=json', "Content-Type: application/json\n", json_encode($jsonRequests));
       $request->setMethod('POST');
       $basicFetcher = new BasicRemoteContentFetcher();
       $basicRemoteContent = new BasicRemoteContent($basicFetcher);

Reply via email to