Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #1 from xushiwei/master

use QBox DigestAuth instead of Username/Password
  • Loading branch information...
commit 1fb9fb40f7e0c6083fdfb206c9512f85eec7f76c 2 parents 284b168 + 651dfb6
@rwifeng authored
View
30 qbox/config.dev.php
@@ -1,30 +0,0 @@
-<?php
-
-namespace QBox;
-
-//
-// OAuth2
-
-const CLIENT_ID = '<ClientId>';
-const CLIENT_SECRET = '<ClientSecret>';
-
-const REDIRECT_URI = '<RedirectURL>';
-const AUTHORIZATION_ENDPOINT = '<AuthURL>';
-const TOKEN_ENDPOINT = 'http://dev.qbox.us:9100/oauth2/token';
-
-//
-// QBox
-
-const PUT_TIMEOUT = 300000; // 300s = 5m
-
-const IO_HOST = 'http://dev.qbox.us:9200';
-const FS_HOST = 'http://dev.qbox.us:9300';
-const RS_HOST = 'http://dev.qbox.us:10100';
-
-//
-// Demo
-
-const DEMO_DOMAIN = 'dev.qbox.us:9200';
-
-// a more security path need
-define("QBOX_TOKEN_TMP_FILE", sys_get_temp_dir() . DIRECTORY_SEPARATOR . '.qbox_tokens');
View
2  qbox/config.local.php
@@ -26,5 +26,3 @@
const DEMO_DOMAIN = 'localhost:9876';
-// a more security path need
-define("QBOX_TOKEN_TMP_FILE", sys_get_temp_dir() . DIRECTORY_SEPARATOR . '.qbox_tokens');
View
17 qbox/config.pro.php
@@ -5,29 +5,24 @@
//
// OAuth2
-const CLIENT_ID = 'abcd0c7edcdf914228ed8aa7c6cee2f2bc6155e2';
-const CLIENT_SECRET = 'fc9ef8b171a74e197b17f85ba23799860ddf3b9c';
+const ACCESS_KEY = '<Please apply your access key>';
+const SECRET_KEY = '<Dont send your secret key to anyone>';
const REDIRECT_URI = '<RedirectURL>';
const AUTHORIZATION_ENDPOINT = '<AuthURL>';
-const TOKEN_ENDPOINT = 'http://m1.qbox.me:13001/oauth2/token';
+const TOKEN_ENDPOINT = 'https://acc.qbox.me/oauth2/token';
-const KEY = 'vlI2jmq_1qcmglMbXHxsCs21eVvkBDydTONPPLZA';
-const SECRET = 'd9c8ewMD6kxXGI7lT2TAtb05m-QE3wJyppwIyHt_';
//
// QBox
const PUT_TIMEOUT = 300000; // 300s = 5m
-const IO_HOST = 'http://m1.qbox.me:13004';
+const IO_HOST = 'http://iovip.qbox.me';
const FS_HOST = 'https://fs.qbox.me';
-const RS_HOST = 'http://m1.qbox.me:13003';
-//const RS_HOST = 'http://rs.qbox.me:10100';
+const RS_HOST = 'http://rs.qbox.me:10100';
//
// Demo
-const DEMO_DOMAIN = 'ionode-my1.qbox.me';
+const DEMO_DOMAIN = 'iovip.qbox.me/tblName';
-// a more security path need
-define("QBOX_TOKEN_TMP_FILE", sys_get_temp_dir() . DIRECTORY_SEPARATOR . '.qbox_tokens');
View
5 qbox/oauth.php
@@ -14,8 +14,9 @@
*/
function NewClient() {
- $client = new \OAuth2\Client(\QBox\CLIENT_ID, \QBox\CLIENT_SECRET);
- $client->setAccessTokenType($client::ACCESS_TOKEN_BEARER);
+ $client = new \OAuth2\Client("", "");
+ $client->setAccessTokenType($client::ACCESS_TOKEN_QBOX, \QBox\SECRET_KEY, null);
+ $client->setAccessToken(\QBox\ACCESS_KEY);
return $client;
}
View
96 qbox/oauth/Client.php
@@ -20,7 +20,7 @@
* This client is based on the OAuth2 specification draft v2.15
* http://tools.ietf.org/html/draft-ietf-oauth-v2-15
*
- * @author Pierrick Charron <pierrick@webstart.fr>, Anis BEREJEB <anis.berejeb@gmail.com>
+ * @author Pierrick Charron <pierrick@webstart.fr>, Anis BEREJEB <anis.berejeb@gmail.com>
* @version 1.0
*/
namespace OAuth2;
@@ -33,15 +33,15 @@ class Client
const AUTH_TYPE_URI = 0;
const AUTH_TYPE_AUTHORIZATION_BASIC = 1;
const AUTH_TYPE_FORM = 2;
-
+
/**
* Different Access token type
*/
- const ACCESS_TOKEN_URI = 0;
+ const ACCESS_TOKEN_URI = 0;
const ACCESS_TOKEN_BEARER = 1;
const ACCESS_TOKEN_OAUTH = 2;
const ACCESS_TOKEN_MAC = 3;
- const ACCESS_TOKEN_QBOX = 4;
+ const ACCESS_TOKEN_QBOX = 4;
/**
* Different Grant types
@@ -59,7 +59,7 @@ class Client
const HTTP_METHOD_PUT = 'PUT';
const HTTP_METHOD_DELETE = 'DELETE';
const HTTP_METHOD_HEAD = 'HEAD';
-
+
/**
* HTTP Form content types
*/
@@ -68,21 +68,21 @@ class Client
/**
* Client ID
- *
+ *
* @var string
*/
protected $client_id = null;
/**
* Client Secret
- *
+ *
* @var string
*/
protected $client_secret = null;
/**
* Client Authentication method
- *
+ *
* @var int
*/
protected $client_auth = self::AUTH_TYPE_URI;
@@ -93,13 +93,6 @@ class Client
* @var string
*/
protected $access_token = null;
-
-
- /**
- * Access Token Key
- * @var string
- */
- protected $access_token_key;
/**
* Access Token Type
@@ -121,7 +114,7 @@ class Client
* @var string
*/
protected $access_token_algorithm = null;
-
+
/**
* Access Token Parameter name
*
@@ -130,8 +123,8 @@ class Client
protected $access_token_param_name = 'access_token';
/**
- * Construct
- *
+ * Construct
+ *
* @param string $client_id Client ID
* @param string $client_secret Client Secret
* @param int $client_auth (AUTH_TYPE_URI, AUTH_TYPE_AUTHORIZATION_BASIC, AUTH_TYPE_FORM)
@@ -141,12 +134,12 @@ public function __construct($client_id, $client_secret, $client_auth = self::AUT
if (!extension_loaded('curl')) {
throw new \Exception('The PHP exention curl must be installed to use this library.');
}
-
+
$this->client_id = $client_id;
$this->client_secret = $client_secret;
$this->client_auth = $client_auth;
}
-
+
/**
* getAuthenticationUrl
*
@@ -164,7 +157,7 @@ public function getAuthenticationUrl($auth_endpoint, $redirect_uri, array $extra
));
return $auth_endpoint . '?' . http_build_query($parameters, null, '&');
}
-
+
/**
* getAccessToken
*
@@ -223,7 +216,7 @@ public function setAccessToken($token)
/**
* Set the client authentication type
- *
+ *
* @param string $client_auth (AUTH_TYPE_URI, AUTH_TYPE_AUTHORIZATION_BASIC, AUTH_TYPE_FORM)
* @return void
*/
@@ -241,17 +234,16 @@ public function setClientAuthType($client_auth)
* @param string $algorithm Algorithm used to encrypt the signature
* @return void
*/
- public function setAccessTokenType($type, $secret = null, $algorithm = null,$key = null)
+ public function setAccessTokenType($type, $secret = null, $algorithm = null)
{
$this->access_token_type = $type;
$this->access_token_secret = $secret;
$this->access_token_algorithm = $algorithm;
- $this->access_token_key = $key;
}
/**
* Fetch a protected ressource
- *
+ *
* @param string $protected_ressource_url Protected resource URL
* @param array $parameters Array of parameters
* @param string $http_method HTTP Method to use (POST, PUT, GET, HEAD, DELETE)
@@ -261,10 +253,13 @@ public function setAccessTokenType($type, $secret = null, $algorithm = null,$key
*/
public function fetch($protected_resource_url, $parameters = '' /* array() */, $http_method = self::HTTP_METHOD_GET, $http_headers = null, $form_content_type = self::HTTP_FORM_CONTENT_TYPE_MULTIPART, $curl_extra_options = null)
{
- if ($this->access_token || $this->access_token_type == self::ACCESS_TOKEN_QBOX)
+ if ($this->access_token)
{
switch ($this->access_token_type)
{
+ case self::ACCESS_TOKEN_QBOX:
+ $http_headers['Authorization'] = 'QBox ' . $this->generateQBOXSignature($protected_resource_url,$parameters);
+ break;
case self::ACCESS_TOKEN_URI:
if (is_array($parameters)) {
$parameters[$this->access_token_param_name] = $this->access_token;
@@ -279,46 +274,41 @@ public function fetch($protected_resource_url, $parameters = '' /* array() */, $
case self::ACCESS_TOKEN_MAC:
$http_headers['Authorization'] = 'MAC ' . $this->generateMACSignature($protected_resource_url, $parameters, $http_method);
break;
- case self::ACCESS_TOKEN_QBOX:
- $http_headers['Authorization'] = 'QBox ' . $this->generateQBOXSignature($protected_resource_url,$parameters);
- break;
default:
throw new Exception('Unknown access token type.');
break;
- }
+ }
}
return $this->executeRequest(
$protected_resource_url, $parameters, $http_method, $http_headers, $form_content_type, $curl_extra_options);
- }
-
+ }
+
/**
* Generate the QBOX signature
- * @param string $url Called URL
+ * @param string $url Called URL
*/
private function generateQBOXSignature($url,$parameters){
$parsed_url = parse_url($url);
$path = $parsed_url['path'];
- $query = $parsed_url['query'];
$data = $path;
- if ($query != "") {
- $data .= "?" . $query;
+ if (isset($parsed_url['query'])) {
+ $data .= "?" . $parsed_url['query'];
}
$data .= "\n";
-
+
if($parameters){
if (is_array($parameters)){
$parameters = http_build_query($parameters);
}
- $data .= $parameters;
+ $data .= $parameters;
}
- $digest = \QBox\Encode(hash_hmac(sha1,$data, $this->access_token_secret,true));
- $digest = $this->access_token_key . ":" .$digest;
+ $digest = \QBox\Encode(hash_hmac('sha1', $data, $this->access_token_secret, true));
+ $digest = $this->access_token . ":" .$digest;
return $digest;
-
}
/**
- * Generate the MAC signature
+ * Generate the MAC signature
*
* @param string $url Called URL
* @param array $parameters Parameters
@@ -332,14 +322,14 @@ private function generateMACSignature($url, array $parameters, $http_method)
$query_parameters = array();
$body_hash = '';
$parsed_url = parse_url($url);
- if (!isset($parsed_url['port']))
+ if (!isset($parsed_url['port']))
{
$parsed_url['port'] = ($parsed_url['scheme'] == 'https') ? 443 : 80;
}
if (self::HTTP_METHOD_POST === $http_method || self::HTTP_METHOD_PUT === $http_method)
{
- if ($parameters)
+ if ($parameters)
{
$body_hash = base64_encode(hash($this->access_token_algorithm, $parameters));
}
@@ -353,12 +343,12 @@ private function generateMACSignature($url, array $parameters, $http_method)
sort($query_parameters);
}
- $signature = base64_encode(hash_hmac($this->access_token_algorithm,
+ $signature = base64_encode(hash_hmac($this->access_token_algorithm,
$this->access_token . "\n"
- . $timestamp . "\n"
- . $nonce . "\n"
+ . $timestamp . "\n"
+ . $nonce . "\n"
. $body_hash . "\n"
- . $http_method . "\n"
+ . $http_method . "\n"
. $parsed_url['host'] . "\n"
. $parsed_url['port'] . "\n"
. $parsed_url['path'] . "\n"
@@ -376,7 +366,7 @@ private function generateMACSignature($url, array $parameters, $http_method)
* @param string $http_method HTTP Method
* @param array $http_headers HTTP Headers
* @param int $form_content_type HTTP form content type to use
- * @return array
+ * @return array
*/
private function executeRequest($url, $parameters = '' /* array() */, $http_method = self::HTTP_METHOD_GET, $http_headers = null, $form_content_type = self::HTTP_FORM_CONTENT_TYPE_MULTIPART, $curl_extra_options = null)
{
@@ -397,7 +387,7 @@ private function executeRequest($url, $parameters = '' /* array() */, $http_meth
/* No break */
case self::HTTP_METHOD_PUT:
/**
- * Passing an array to CURLOPT_POSTFIELDS will encode the data as multipart/form-data,
+ * Passing an array to CURLOPT_POSTFIELDS will encode the data as multipart/form-data,
* while passing a URL-encoded string will encode the data as application/x-www-form-urlencoded.
* http://php.net/manual/en/function.curl-setopt.php
*/
@@ -405,7 +395,7 @@ private function executeRequest($url, $parameters = '' /* array() */, $http_meth
if (self::HTTP_FORM_CONTENT_TYPE_APPLICATION === $form_content_type) {
if (is_array($parameters))
$parameters = http_build_query($parameters);
- }
+ }
$curl_options[CURLOPT_POSTFIELDS] = $parameters;
}
break;
@@ -422,7 +412,7 @@ private function executeRequest($url, $parameters = '' /* array() */, $http_meth
$curl_options[CURLOPT_URL] = $url;
- if (is_array($http_headers))
+ if (is_array($http_headers))
{
$header = array();
foreach($http_headers as $key => $parsed_urlvalue) {
@@ -463,7 +453,7 @@ public function setAccessTokenParamName($name)
/**
* Converts the class name to camel case
- *
+ *
* @param mixed $grant_type the grant type
* @return string
*/
View
31 qbox/rs_demo.php
@@ -6,35 +6,6 @@
$client = QBox\OAuth2\NewClient();
-/*
-list($code, $result) = QBox\OAuth2\ExchangeByPasswordPermanently($client, 'test@qbox.net', 'test', QBOX_TOKEN_TMP_FILE);
-if ($code != 200) {
- $msg = QBox\ErrorMessage($code, $result);
- echo "Login failed: $code - $msg\n";
- exit(-1);
-}*/
-
-$client->setAccessTokenType($client::ACCESS_TOKEN_QBOX,\QBox\SECRET,null,\QBox\KEY);
-//$client->setClientAuthType($client::ACCESS_TOKEN_QBOX);
-
-//QBox\OAuth2\CallWithParams($client,"http://localhost:1234/test/",array('a'=>"1","b"=>"2"));
-//die;
-/*
-list($code, $result) = QBox\OAuth2\ExchangeByPassword($client, 'test@qbox.net', 'test');
-if ($code != 200) {
- $msg = QBox\ErrorMessage($code, $result);
- echo "Login failed: $code - $msg\n";
- exit(-1);
-}
-
-list($code, $result) = QBox\OAuth2\ExchangeByRefreshToken($client, $result['refresh_token']);
-if ($code != 200) {
- $msg = QBox\ErrorMessage($code, $result);
- echo "LoginByRefreshToken failed: $code - $msg\n";
- exit(-1);
-}
-*/
-
$tblName = 'tblName';
$rs = QBox\RS\NewService($client, $tblName);
@@ -81,7 +52,7 @@
list($result, $code, $error) = QBox\RS\PutFile($result['url'], $tblName, $key2, '', __FILE__, 'CustomData', array('key' => $key2));
}
-list($code, $error) = $rs->Publish(QBox\DEMO_DOMAIN . '/' . $tblName);
+list($code, $error) = $rs->Publish(QBox\DEMO_DOMAIN);
echo "===> Publish result:\n";
if ($code == 200) {
echo "Publish ok!\n";
Please sign in to comment.
Something went wrong with that request. Please try again.