Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Big sweeping changes that finally got us to a working oauth provider.…

… Further checks needed, but it actually works!
  • Loading branch information...
commit f83986c0ecbee50b81f91faf16aa3ee8a99bd3ed 1 parent b969757
Hugo Wetterberg authored
89 includes/DrupalOAuthDataStore.inc
View
@@ -12,10 +12,12 @@ class DrupalOAuthDataStore extends OAuthDataStore {
* String. The consumer key.
*/
function lookup_consumer($consumer_key) {
- $result = db_query("SELECT * FROM {oauth_consumer}
- WHERE consumer_key = '%s'", $consumer_key);
- if ($object = db_fetch_object($result)) {
- return new OAuthConsumer($object->consumer_key, $object->consumer_secret);
+ $consumer_secret = db_result(db_query("SELECT consumer_secret FROM {services_oauth_consumer}
+ WHERE consumer_key = '%s'", array(
+ ':consumer_key' => $consumer_key,
+ )));
+ if ($consumer_secret) {
+ return new OAuthConsumer($consumer_key, $consumer_secret);
}
throw new OAuthException('Consumer not found');
}
@@ -34,11 +36,15 @@ class DrupalOAuthDataStore extends OAuthDataStore {
* case it doesnt exist.
*/
function lookup_token($consumer, $token_type, $token) {
- $result = db_query("SELECT * FROM {oauth_token}
- WHERE type = '%s' AND consumer_key = '%s' AND token_key = '%s'",
- $token_type, $consumer->key, $token);
- if ($object = db_fetch_object($result)) {
- return new OAuthToken($object->token_key, $object->token_secret);
+ $token_secret = db_result(db_query("SELECT token_secret
+ FROM {services_oauth_token}
+ WHERE type = '%s' AND consumer_key = '%s' AND token_key = '%s'", array(
+ ':type' => $token_type,
+ ':consumer_key' => $consumer->key,
+ ':token_key' => $token,
+ )));
+ if ($token_secret) {
+ return new OAuthToken($token, $token_secret);
}
throw new OAuthException('Token not found');
}
@@ -52,25 +58,33 @@ class DrupalOAuthDataStore extends OAuthDataStore {
* @param $token
* Strint. The current token.
* @param $nonce
- * Strint. A new nonce value, in case a one doesnt current exit.
+ * Strint. A new nonce value, in case a one doesn't current exit.
* @param $timestamp
* Number. The current time.
* @return
* String or NULL. The existing nonce value or NULL in
- * case it doesnt exist.
+ * case it doesn't exist.
*/
function lookup_nonce($consumer, $token, $nonce, $timestamp) {
- if (!$nonce_1 = db_result(db_query("SELECT nonce FROM {oauth_nonce}
- WHERE timestamp <= %d and token = '%s'", $timestamp, $token))) {
- $sql = array(
+ $stored_nonce = db_result(db_query(
+ "SELECT nonce FROM {services_oauth_nonce}
+ WHERE nonce='%s' AND timestamp <= %d and token = '%s'", array(
+ ':nonce' => $nonce,
+ ':timestamp' => $timestamp,
+ ':token' => $token->key,
+ )));
+
+ if (!$stored_nonce) {
+ $values = array(
'nonce' => $nonce,
'timestamp' => $timestamp,
- 'token' => $token,
+ 'token' => $token->key,
);
- drupal_write_record('oauth_nonce', $sql);
+ drupal_write_record('services_oauth_nonce', $values);
return NULL;
}
- return $nonce_1;
+
+ return $stored_nonce;
}
/**
@@ -80,17 +94,15 @@ class DrupalOAuthDataStore extends OAuthDataStore {
* Object. The service consumer information.
*/
function new_request_token($consumer) {
- $user_id = db_result(db_query("SELECT uid FROM {oauth_consumer}
- WHERE consumer_key = '%s'", $consumer->key));
$token = new OAuthToken(user_password(32), user_password(32));
- $sql = array(
+ $values = array(
'consumer_key' => $consumer->key,
'type' => 'request',
'token_key' => $token->key,
'token_secret' => $token->secret,
- 'uid' => $user_id
+ 'uid' => 0,
);
- drupal_write_record('oauth_token', $sql);
+ drupal_write_record('services_oauth_token', $values);
return $token;
}
@@ -103,21 +115,26 @@ class DrupalOAuthDataStore extends OAuthDataStore {
* Object. The service consumer information.
*/
function new_access_token($token_old, $consumer) {
- if ($object = db_fetch_array(db_query("SELECT * FROM {oauth_token}
- WHERE type = 'request' AND token_key = '%s'", $token_old->key))) {
- if ($object['authorized']) {
- $token_new = new OAuthToken(user_password(32), user_password(32));
- $sql = array(
- 'consumer_key' => $consumer->key,
- 'type' => 'access',
- 'token_key' => $token_new->key,
- 'token_secret' => $token_new->secret,
- 'uid' => $object['uid']
- );
- drupal_write_record('oauth_token', $sql, array('uid', 'consumer_key'));
+ module_load_include('inc', 'services_oauth');
+ $obj = services_oauth_get_token($token_old->key);
- return $token_new;
- }
+ if ($obj && $obj->authorized) {
+ $token_new = new OAuthToken(user_password(32), user_password(32));
+ db_query("DELETE FROM {services_oauth_token} WHERE token_key='%s'", array(
+ ':token_key' => $token_old->key,
+ ));
+
+ $values = array(
+ 'token_key' => $token_new->key,
+ 'token_secret' => $token_new->secret,
+ 'type' => 'access',
+ 'uid' => $obj->uid,
+ 'consumer_key' => $consumer->key,
+ 'services' => $obj->services,
+ 'authorized' => 1,
+ );
+ drupal_write_record('services_oauth_token', $values);
+ return $token_new;
}
throw new OAuthException('Invalid request token');
}
38 includes/DrupalOAuthRequest.inc
View
@@ -0,0 +1,38 @@
+<?php
+// $Id$
+
+class DrupalOAuthRequest extends OAuthRequest {
+ public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) {
+ // Preparations that has to be made if we're going to detect parameters
+ if ($parameters==NULL) {
+ // Unset $_GET['q'] if it was created by a redirect
+ if (isset($_SERVER['REDIRECT_URL'])) {
+ $q = $_GET['q'];
+ unset($_GET['q']);
+ }
+ // Check that the q parameter hasn't been created or altered by drupal
+ else if(isset($_GET['q'])) {
+ $q = $_GET['q'];
+ $get = array();
+ parse_str($_SERVER['QUERY_STRING'], $get);
+ // The q parameter was in the original request, make sure it hasn't been altered
+ if (isset($get['q'])) {
+ $_GET['q'] = $get['q'];
+ }
+ // The q parameter was set by drupal, unset it
+ else {
+ unset($_GET['q']);
+ }
+ }
+ }
+
+ $req = parent::from_request($http_method, $http_url, $parameters);
+
+ // Restore $_GET['q'] if it was touched
+ if (isset($q)) {
+ $_GET['q'] = $q;
+ }
+
+ return $req;
+ }
+}
1  services_oauth.admin.inc
View
@@ -30,6 +30,7 @@ function _services_oauth_user($op, &$edit, &$account, $category = NULL) {
global $user;
module_load_include('inc', 'services_oauth');
+
$consumer = _services_oauth_consumer_get($account->uid);
$account->content['services_oauth'] = array(
'#attributes' => array('class' => 'user-member'),
216 services_oauth.inc
View
@@ -1,197 +1,59 @@
<?php
// $Id$
-function _services_oauth_authorize() {
- // Check some important arguments
- if (empty($_GET['oauth_token'])) {
- drupal_set_message(t('Please include a valid OAuth token in your request.'), 'error');
- return drupal_access_denied();
- }
- elseif (empty($_GET['oauth_callback'])) {
- drupal_set_message(t('Please include a valid callback url in your request.'), 'error');
- return drupal_access_denied();
- }
-
- // Redirect to the right form, or present an error.
- global $user;
- if ($user->uid != 0) {
- if (!user_access('access services')) {
- drupal_set_message( t('You are not authorized to allow external services access to this system.'), 'error');
- return drupal_access_denied();
- }
- return drupal_get_form('_services_oauth_token_auth_form');
- }
- else {
- return drupal_get_form('user_login');
- }
-}
-
/**
- * Form for granting access to the consumer
+ * Return information about consumers related to a user.
*
- * Here user is asked to issue access/deny permission to
- * specific services as demanded by calling server
- *
- * @ingroup $form
+ * @param int $uid
+ * User ID to retrieve consumer info for.
+ * @return array
+ * An array of consumer info
*/
-function _services_oauth_token_auth_form() {
- $req = OAuthRequest::from_request();
-
- $form['oauth_parameters'] = array(
- '#type' => 'value',
- '#value' => serialize($req->get_parameters()),
- );
-
- $form['confirm'] = array(
- '#type' => 'submit',
- '#value' => t('Grant access'),
- );
- return $form;
+function services_oauth_user_consumers($uid) {
+ $result = db_query('SELECT * FROM {services_oauth_consumer} WHERE uid = %d', array(
+ ':uid' => $uid,
+ ));
+ $consumers = array();
+ while ($consumer = db_fetch_object($result)) {
+ $consumers[] = $consumer;
+ }
+ return $consumers;
}
/**
- * Asks users for granting proper access/deny permissions for different services
- * Authorizes an existing oauth request token and redirects to sender.
+ * Creates a consumer
*
- * @ingroup form
+ * @param int $uid
+ * The user that owns the consumer
+ * @param string $name
+ * The name of the consumer
+ * @param string $type
+ * The type of the consumer
+ * @return string
+ * The consumer key
*/
-function _oauth_token_auth_form_submit(&$form, &$form_state) {
- // Unserialize the stored oauth parameters
- $parameters = unserialize($form_state['values']['oauth_parameters']);
-
- // Save the list of all services that the user allowed the
- // consumer to do
- global $user;
+function services_oauth_create_consumer($uid, $name, $type) {
+ $token = new OAuthToken(user_password(32), user_password(32));
$values = array(
- 'authorized' => 1,
- 'uid' => $user->uid,
- 'token_key' => $parameters['oauth_token'],
- 'services' => json_encode(array('*')),
+ 'consumer_key' => $token->key,
+ 'consumer_secret' => $token->secret,
+ 'uid' => $uid,
+ 'name' => $name,
+ 'type' => $type,
);
- drupal_write_record('services_oauth_token', $values, 'token_key');
-
- // Return to the consumer site
- drupal_goto($form_state['values']['oauth_callback']);
-}
-
-/**
- * Generate a request token from the request.
- *
- * @param $version
- * The OAuth version used by the consumer: currently, its "1.0". Note
- * that even its number, it will be treated as string.
- * @param $timestamp
- * The time when the request was made (in timestamp).
- * @param $nonce
- * A randon 32-char long string that ensure that a request is
- * unique: even 2 requests from the same consumer must have different
- * nonce values.
- * @param $consumer_key
- * The consumer key, which is linked to a Drupal user.
- * @param $signature
- * Using the signature method, its the resulting HASH value of all
- * content. It uses the consumer keys and secrets, so its unique accross each
- * request and consumer.
- */
-function _services_oauth_token_request($version=NULL, $timestamp=NULL, $nonce=NULL, $consumer_key=NULL, $signature_method=NULL, $signature=NULL) {
- $server = new DrupalOauthServer();
-
- $arguments = NULL;
- // Only populate the arguments array if we got explicit arguments
- if ($version !== NULL) {
- $arguments = array(
- 'oauth_token' => $token_key,
- 'oauth_consumer_key' => $consumer_key,
- 'oauth_version' => $version,
- 'oauth_timestamp' => $timestamp,
- 'oauth_nonce' => $nonce,
- 'oauth_signature_method' => $signature_method,
- 'oauth_signature' => $signature,
- );
- }
+ drupal_write_record('services_oauth_consumer', $values);
- try {
- $req = OAuthRequest::from_request(NULL, NULL, $arguments);
- $token = $server->fetch_request_token($req);
- return $token;
- }
- catch (OAuthException $e) {
- drupal_set_header('HTTP/1.0 401 Unauthorized: ' . $e->getMessage());
- drupal_set_header(sprintf('WWW-Authenticate: OAuth realm="%s"', url('', array('absolute'=>TRUE))));
- }
+ return $token->key;
}
/**
- * Access the OAuth services
+ * Gets the token with the specified key
*
- * @param $version
- * The OAuth version used by the consumer: currently, its "1.0". Note
- * that even its number, it will be treated as string.
- * @param $timestamp
- * Number. The time when the request was made (in timestamp).
- * @param $nonce
- * A random 32-char long string that ensure that a request is
- * unique: even 2 requests from the same consumer must have different
- * nonce values.
- * @param $consumer_key
- * The consumer key, which is linked to a Drupal user.
- * @param $token_key
- * The request token, which will be replaced by the
- * access token.
- * @param $signature
- * Using the signature method, its the resulting HASH value of all
- * content. It uses the consumer keys and secrets, so its unique accross each
- * request and consumer.
+ * @param string $key
+ * The key of the token to get
*/
-function _services_oauth_token_access($version=NULL, $timestamp=NULL, $nonce=NULL, $consumer_key=NULL, $token_key=NULL, $signature_method=NULL, $signature=NULL) {
- $server = new DrupalOauthServer();
-
- $arguments = NULL;
- // Only populate the arguments array if we got explicit arguments
- if ($version !== NULL) {
- $arguments = array(
- 'oauth_token' => $token_key,
- 'oauth_consumer_key' => $consumer_key,
- 'oauth_version' => $version,
- 'oauth_timestamp' => $timestamp,
- 'oauth_nonce' => $nonce,
- 'oauth_signature_method' => $signature_method,
- 'oauth_signature' => $signature,
- );
- }
-
- try {
- $req = OAuthRequest::from_request(NULL, NULL, $arguments);
- $token = $server->fetch_access_token($req);
- return $token;
- }
- catch (OAuthException $e) {
- drupal_set_header('HTTP/1.0 401 Unauthorized: ' . $e->getMessage());
- drupal_set_header(sprintf('WWW-Authenticate: OAuth realm="%s"', url('', array('absolute'=>TRUE))));
- }
-}
-
-/**
- * Return consumer object related to a user. If the consumer
- * does not exist, it will be created.
- *
- * @param $uid
- * Number. User ID to retrieve consumer object for.
- * @return
- * Object. OAuth service consumer.
- */
-function _services_oauth_consumer_get($uid) {
- $result = db_query('SELECT * FROM {services_oauth_consumer} WHERE uid = %d', $uid);
- if ($object = db_fetch_array($result)) {
- return new OAuthConsumer($object['consumer_key'], $object['consumer_secret']);
- }
- else {
- $sql = array(
- 'uid' => $uid,
- 'consumer_key' => user_password(32),
- 'consumer_secret' => user_password(32),
- );
- drupal_write_record('services_oauth_consumer', $sql);
- return new OAuthConsumer($sql['consumer_key'], $sql['consumer_secret']);
- }
+function services_oauth_get_token($key) {
+ return db_fetch_object(db_query("SELECT * FROM {services_oauth_token} WHERE token_key='%s'", array(
+ ':token_key' => $key,
+ )));
}
32 services_oauth.install
View
@@ -15,12 +15,6 @@ function services_oauth_schema() {
$schema['services_oauth_consumer'] = array(
'description' => t('Consumer keys for users that can consume services.'),
'fields' => array(
- 'uid' => array(
- 'description' => t('User ID from {user}.uid.'),
- 'type' => 'int',
- 'unsigned' => TRUE,
- 'not null' => TRUE
- ),
'consumer_key' => array(
'description' => t('Consumer key allow the user to contact the services API as an external application.'),
'type' => 'varchar',
@@ -33,10 +27,28 @@ function services_oauth_schema() {
'length' => 32,
'not null' => TRUE
),
+ 'uid' => array(
+ 'description' => t('The application owner.'),
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE
+ ),
+ 'name' => array(
+ 'description' => t('The application name.'),
+ 'type' => 'varchar',
+ 'length' => 128,
+ 'not null' => TRUE
+ ),
+ 'type' => array(
+ 'description' => t('The application type.'),
+ 'type' => 'varchar',
+ 'length' => 32,
+ 'not null' => TRUE,
+ ),
),
- 'primary key' => array('uid'),
- 'unique keys' => array(
- 'consumer_key' => array('consumer_key')
+ 'primary key' => array('consumer_key'),
+ 'index' => array(
+ 'user' => array('uid'),
),
);
$schema['services_oauth_token'] = array(
@@ -73,7 +85,7 @@ function services_oauth_schema() {
'not null' => TRUE
),
'services' => array(
- 'description' => t('An array of services that the user allowed the consumer to do.'),
+ 'description' => t('An array of services that the user allowed the consumer to access.'),
'type' => 'text',
),
'authorized' => array(
109 services_oauth.module
View
@@ -6,14 +6,16 @@
*/
function services_oauth_autoload_info() {
$lib = array('file' => 'lib/OAuth.php');
-
+
return array(
'DrupalOAuthServer' => array('file' => 'includes/DrupalOAuthServer.inc'),
'DrupalOAuthDataStore'=> array('file' => 'includes/DrupalOAuthDataStore.inc'),
+ 'DrupalOAuthRequest' => array('file' => 'includes/DrupalOAuthRequest.inc'),
'OAuthServer' => $lib,
'OAuthDataStore' => $lib,
'OAuthRequest' => $lib,
'OAuthConsumer' => $lib,
+ 'OAuthToken' => $lib,
);
}
@@ -28,32 +30,67 @@ function services_oauth_services_authentication() {
}
/**
+ * Implementation of hook_perm().
+ */
+function services_oauth_perm() {
+ return array('services oauth register consumers');
+}
+
+/**
* Implementation of hook_menu().
*/
function services_oauth_menu() {
$menu = array();
$menu['oauth/authorize'] = array(
- 'page callback' => '_services_oauth_authorize',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('_services_oauth_authorize'),
'access callback' => '_services_oauth_always_true',
- 'file' => 'includes/services_oauth.inc',
+ 'file' => 'services_oauth.pages.inc',
+ 'type' => MENU_CALLBACK,
);
$menu['oauth/request_token'] = array(
'page callback' => '_services_oauth_request_token',
'access callback' => '_services_oauth_always_true',
- 'file' => 'includes/services_oauth.inc',
+ 'file' => 'services_oauth.pages.inc',
+ 'type' => MENU_CALLBACK,
);
$menu['oauth/access_token'] = array(
'page callback' => '_services_oauth_access_token',
'access callback' => '_services_oauth_always_true',
- 'file' => 'includes/services_oauth.inc',
+ 'file' => 'services_oauth.pages.inc',
+ 'type' => MENU_CALLBACK,
+ );
+
+ $menu['user/%user/applications'] = array(
+ 'title' => 'Applications',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('_services_oauth_user_applications', 1),
+ 'access callback' => 'oauth_services_user_access',
+ 'access arguments' => array(1),
+ 'file' => 'services_oauth.pages.inc',
+ 'type' => MENU_LOCAL_TASK,
+ );
+
+ $menu['user/%user/applications/add'] = array(
+ 'title' => 'Add application',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('_services_oauth_user_applications_add', 1),
+ 'access callback' => 'user_access',
+ 'access arguments' => array('services oauth register consumers'),
+ 'file' => 'services_oauth.pages.inc',
+ 'type' => MENU_CALLBACK,
);
return $menu;
}
+function oauth_services_user_access($user) {
+ return user_edit_access($user) && (user_access('access services', $user) || user_access('services oauth register consumers', $user));
+}
+
function _services_oauth_always_true() {
return TRUE;
}
@@ -108,25 +145,65 @@ function services_oauth_xrds() {
}
/**
+ * Verifies the request
+ *
+ * @return array
+ * An array containing the validated
+ * @author Hugo Wetterberg
+ */
+function services_oauth_verify_request() {
+ $req = DrupalOAuthRequest::from_request();
+
+ // Verify
+ $consumer = $req->get_parameter('oauth_consumer_key');
+ if (!empty($consumer)) {
+ $server = new DrupalOAuthServer();
+ return $server->verify_request($req);
+ }
+ return array(NULL,NULL);
+}
+
+/**
+ * Sets the global user object to the user associated
+ * with the provided token.
+ *
+ * @param OAuthToken $token
+ * @return void
+ */
+function services_oauth_set_user($token=NULL) {
+ // Load the appropriate user if we got a token
+ if ($token && !empty($token->key)) {
+ $uid = db_result(db_query("SELECT uid
+ FROM {services_oauth_token}
+ WHERE token_key='%s' AND consumer_key='%s'", array(
+ ':token_key' => $token->key,
+ ':consumer_key' => $consumer->key,
+ )));
+ if ($uid) {
+ global $user;
+ $user = user_load($uid);
+ }
+ }
+}
+
+/**
* Implementation of hook_user().
*/
function services_oauth_user($op, &$edit, &$account, $category = NULL) {
global $user;
- // If the user that has the permission to use services is seeing
- // his own profile, show his OAuth consumer key and secret.
- if ($op == 'view' && user_access('integrate external application', $account) &&
- ($account->uid == $user->uid or user_access('administer webservices'))) {
- module_load_include('admin.inc', 'services_oauth');
- _services_oauth_user($op, $edit, $account, $category);
- }
- elseif ($op == 'delete') {
+ if ($op == 'delete') {
// Delete all tokens related to a user
module_load_include('inc', 'services_oauth');
- $consumer = _services_oauth_consumer_get($account->uid);
+ $consumers = _services_oauth_user_consumer_info($account->uid);
db_query('DELETE FROM {services_oauth_consumer}
- WHERE uid = %d', $account->uid);
+ WHERE uid = %d', array(
+ ':uid' => $account->uid,
+ ));
db_query("DELETE FROM {services_oauth_token}
- WHERE uid = %d OR consumer_key = '%s'", $account->uid, $consumer->key);
+ WHERE uid = %d OR consumer_key = '%s'", array(
+ ':uid' => $account->uid,
+ ':consumer_key' => $consumer->consumer_key,
+ ));
}
}
255 services_oauth.pages.inc
View
@@ -0,0 +1,255 @@
+<?php
+// $Id$
+
+/**
+ * Form for granting access to the consumer
+ */
+function _services_oauth_authorize() {
+ module_load_include('inc', 'services_oauth');
+ $req = DrupalOAuthRequest::from_request();
+ $token = $req->get_parameter('oauth_token');
+ $callback = $req->get_parameter('oauth_callback');
+ $token = services_oauth_get_token($token);
+
+ // Check that we have a valid token
+ if (!$token) {
+ drupal_set_message(t('Please include a valid OAuth token in your request.'), 'error');
+ return;
+ }
+
+ // Redirect to the right form, or present an error.
+ global $user;
+ if ($user->uid) {
+ // There's some strange bug in the ?destination=... handling
+ // This is not exactly beautiful, but it gets the work done
+ // TODO: Find out why!
+ if(drupal_substr($_SERVER['REQUEST_URI'], 0, 2)=='//') {
+ header('Location: ' . drupal_substr($_SERVER['REQUEST_URI'], 1), TRUE, 302);
+ }
+
+ if (!user_access('access services')) {
+ drupal_set_message(t('You are not authorized to allow external services access to this system.'), 'error');
+ return drupal_access_denied();
+ }
+
+ $form = array();
+ $form['oauth_parameters'] = array(
+ '#type' => 'value',
+ '#value' => serialize($req->get_parameters()),
+ );
+ $form['confirm'] = array(
+ '#type' => 'submit',
+ '#value' => t('Grant access'),
+ );
+ return $form;
+ }
+ else {
+ drupal_goto('user/login', array(
+ 'destination' => url('oauth/authorize', array(
+ 'query' => array(
+ 'oauth_token' => $token->token_key,
+ 'oauth_callback' => $callback,
+ ),
+ 'absolute' => TRUE,
+ )),
+ ));
+ }
+}
+
+/**
+ * Asks users for granting proper access/deny permissions for different services
+ * Authorizes an existing oauth request token and redirects to sender.
+ *
+ * @ingroup form
+ */
+function _services_oauth_authorize_submit(&$form, &$form_state) {
+ // Unserialize the stored oauth parameters
+ $parameters = unserialize($form_state['values']['oauth_parameters']);
+
+ // Save the list of all services that the user allowed the
+ // consumer to do
+ global $user;
+ $values = array(
+ 'authorized' => 1,
+ 'uid' => $user->uid,
+ 'token_key' => $parameters['oauth_token'],
+ 'services' => json_encode(array('*')),
+ );
+ drupal_write_record('services_oauth_token', $values, 'token_key');
+
+ // Pick the callback url apart and add the token parameter
+ $callback = parse_url($parameters['oauth_callback']);
+ $query = array();
+ parse_str($callback['query'], $query);
+ $query['oauth_token'] = $parameters['oauth_token'];
+ $callback['query'] = http_build_query($query);
+
+ // Return to the consumer site
+ header('Location: ' . _services_oauth_glue_url($callback), TRUE, 302);
+ exit;
+}
+
+function _services_oauth_glue_url($parsed) {
+ $uri = isset($parsed['scheme']) ? $parsed['scheme'] . '://' : '';
+ $uri .= isset($parsed['user']) ? $parsed['user'] . (isset($parsed['pass']) ? ':'.$parsed['pass'] : '').'@' : '';
+ $uri .= isset($parsed['host']) ? $parsed['host'] : '';
+ $uri .= isset($parsed['port']) ? ':' . $parsed['port'] : '';
+
+ if (isset($parsed['path'])) {
+ $uri .= (substr($parsed['path'], 0, 1) == '/') ?
+ $parsed['path'] :
+ ((!empty($uri) ? '/' : '' ) . $parsed['path']);
+ }
+
+ $uri .= isset($parsed['query']) ? '?' . $parsed['query'] : '';
+
+ return $uri;
+}
+
+/**
+ * Generate a request token from the request.
+ */
+function _services_oauth_request_token() {
+ try {
+ $server = new DrupalOAuthServer();
+ $req = DrupalOAuthRequest::from_request();
+ print $server->fetch_request_token($req);
+ }
+ catch (OAuthException $e) {
+ drupal_set_header('HTTP/1.0 401 Unauthorized: ' . $e->getMessage());
+ drupal_set_header(sprintf('WWW-Authenticate: OAuth realm="%s"', url('', array('absolute'=>TRUE))));
+ }
+}
+
+/**
+ * Access the OAuth services
+ */
+function _services_oauth_access_token() {
+ try {
+ $server = new DrupalOAuthServer();
+ $req = DrupalOAuthRequest::from_request();
+ print $server->fetch_access_token($req);
+ }
+ catch (OAuthException $e) {
+ drupal_set_header('HTTP/1.0 401 Unauthorized: ' . $e->getMessage());
+ drupal_set_header(sprintf('WWW-Authenticate: OAuth realm="%s"', url('', array('absolute'=>TRUE))));
+ }
+}
+
+function _services_oauth_user_applications($form_state, $account) {
+ drupal_set_title(check_plain($account->name));
+ module_load_include('inc', 'services_oauth');
+
+ $form = array(
+ 'uid' => array(
+ '#type' => 'value',
+ '#value' => $account->uid,
+ ),
+ );
+ $ci = services_oauth_user_consumers($account->uid);
+
+ if (!empty($ci) || user_access('services oauth register consumers', $account)) {
+ $apps = array(
+ '#type' => 'fieldset',
+ '#title' => t('Applications'),
+ );
+
+ if (!empty($ci)) {
+ foreach ($ci as $consumer) {
+ $apps[$consumer->consumer_key] = array(
+ '#prefix' => '<div class="consumer-application"><h3>' . $consumer->name . '</h3>',
+ '#suffix' => '</div>',
+ 'type' => array(
+ '#type' => 'item',
+ '#title' => t('Type'),
+ '#value' => $consumer->type,
+ ),
+ 'consumer_key' => array(
+ '#type' => 'item',
+ '#title' => t('Consumer key'),
+ '#value' => $consumer->consumer_key,
+ ),
+ 'secret' => array(
+ '#type' => 'fieldset',
+ '#collapsible' => TRUE,
+ '#collapsed' => TRUE,
+ '#title' => t('Consumer secret'),
+ 'consumer_secret' => array(
+ '#type' => 'item',
+ '#value' => $consumer->consumer_secret,
+ ),
+ ),
+ );
+ }
+
+ if (user_access('services oauth register consumers') || user_access('services oauth register consumers', $account)) {
+ $apps['create_consumer'] = array(
+ '#type' => 'submit',
+ '#value' => 'Add application',
+ );
+ }
+
+ $form['applications'] = $apps;
+ }
+ }
+
+ if (user_access('access services', $account)) {
+ $auth = array(
+ '#type' => 'fieldset',
+ '#title' => t('Authorizations'),
+ );
+ $form['authorizations'] = $auth;
+ }
+
+ return $form;
+}
+
+function _services_oauth_user_applications_submit($form, $form_state) {
+ // Send the user to the application creation form
+ if ($form_state['clicked_button']['#id']=='edit-create-consumer') {
+ drupal_goto(sprintf('user/%d/applications/add', $form_state['values']['uid']));
+ }
+}
+
+function _services_oauth_user_applications_add($form_state, $account) {
+ $form = array();
+
+ $form = array(
+ 'uid' => array(
+ '#type' => 'value',
+ '#value' => $account->uid,
+ ),
+ );
+
+ $form['name'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Application name'),
+ '#required' => TRUE,
+ );
+
+ $form['type'] = array(
+ '#type' => 'select',
+ '#title' => t('Application type'),
+ '#options' => array(
+ 'community' => t('Community'),
+ 'commercial' => t('Commercial'),
+ 'development' => t('Development'),
+ ),
+ );
+
+ $form['submit'] = array(
+ '#type' => 'submit',
+ '#value' => t('Create'),
+ );
+
+ return $form;
+}
+
+function _services_oauth_user_applications_add_submit($form, $form_state) {
+ module_load_include('inc', 'services_oauth');
+
+ $v = $form_state['values'];
+ $key = services_oauth_create_consumer($v['uid'], $v['name'], $v['type']);
+ drupal_set_message(t('Added the application !name', array('!name' => $v['name'])));
+ drupal_goto(sprintf('user/%d/applications', $v['uid']));
+}
22 services_oauth.services-authentication.inc
View
@@ -1,3 +1,25 @@
<?php
// $Id$
+function services_oauth_services_authenticate_call($method, $args, $data) {
+ if (!isset($method['#key']) || !$method['#key']) {
+ return FALSE;
+ }
+
+ try {
+ list($consumer, $token) = services_oauth_verify_request();
+ services_oauth_set_user($token);
+ }
+ catch (OAuthException $e) {
+ drupal_set_header('HTTP/1.0 401 Unauthorized: ' . $e->getMessage());
+ drupal_set_header(sprintf('WWW-Authenticate: OAuth realm="%s"', url('', array('absolute'=>TRUE))));
+ return $e->getMessage();
+ }
+}
+
+function services_oauth_services_security_settings() {
+ return array();
+}
+
+function services_oauth_services_security_settings_submit() {
+}
Please sign in to comment.
Something went wrong with that request. Please try again.