gnu-social/lib/statusnetoauthstore.php
Zach Copley 6f0bd73e6c Squashed commit of the following:
Move OMB to a plugin

commit 75d21f00246bcc56d7f854936be1e28395e079a2
Merge: cea0199 d594d07
Author: Zach Copley <zach@status.net>
Date:   Fri Jul 15 11:16:54 2011 -0700

    Merge branch 'kill-omb2' of gitorious.org:~zcopley/statusnet/zcopleys-clone into kill-omb2

    * 'kill-omb2' of gitorious.org:~zcopley/statusnet/zcopleys-clone:
      Fix paths
      Oops, I left out the ability to authorize a token in ApiStatusNetOAuthDataStore
      Some odds and ends
      Remove omb stuff from queuemanager defaults
      Add check to make sure we're not untagging an OMB profile to OMB plugin
      Move some more subscription stuff and peopletag checks to OMB plugin
      Move some OMB-specific unsubscribe stuff to OMB plugin
      Finish removing libomb from core extlibs
      Fix more conflicts
      Fix queuing/queuehandling
      Move some stuff around; fix references
      Fix conflicts
      Move OMB-specific files to OMB plugin
      Move some stuff around; fix references
      Add OMB plugin README and rm references to OMB in mail StatusNet README
      Update paths
      Fix define
      Basic plugin finished
      Move OMB-specific files to OMB plugin
      Remove OMB stuff from router

commit cea019967f343042ebaea14b7bbb0d54289bcc1a
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 13 14:38:40 2011 -0700

    Fix paths

commit d412aa3c0ea0e21e65a72a16c7b9edd64ff373e1
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 12 18:17:06 2011 -0700

    Oops, I left out the ability to authorize a token in ApiStatusNetOAuthDataStore

commit b459c9f10ac283d6e774ef13f3293fc8a6948143
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 19:02:08 2011 -0700

    Some odds and ends

commit 895cfbfce58ffb3a05beebf48a90c549e00f1cce
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 19:01:23 2011 -0700

    Remove omb stuff from queuemanager defaults

commit b41b9e994f291ff83afb2460d9b37aee8ec1ec2b
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 18:46:44 2011 -0700

    Add check to make sure we're not untagging an OMB profile to OMB plugin

commit 94374d26ddd428dac8e4cd4541fd56db748c248b
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 18:34:20 2011 -0700

    Move some more subscription stuff and peopletag checks to OMB plugin

commit b91043b7820d5cd8b0ba4e9ee2a9d03c99248f11
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 16:37:25 2011 -0700

    Move some OMB-specific unsubscribe stuff to OMB plugin

commit d9430fe52975d9497b4a0d3d54da35b222e207ad
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 15:26:30 2011 -0700

    Finish removing libomb from core extlibs

commit bb6257eb85cc7ba392e91468c01503f51faeb989
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 13 12:47:32 2011 -0700

    Fix more conflicts

commit 3c760d0a4b4a083ae5fca2530d22aad5f4a9fdae
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 5 15:49:22 2011 -0700

    Fix queuing/queuehandling

commit ed635fa0c20e150673709c04ecc7f285d12e0ce2
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 5 15:29:35 2011 -0700

    Move some stuff around; fix references

commit cbc553a147941cad16e205a6b66ab4b32a5e3d3d
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 13 12:46:05 2011 -0700

    Fix conflicts

commit 5d77c81f75b57f5d5357d6b46d503650a4b3225d
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 19:10:38 2011 -0700

    Move OMB-specific files to OMB plugin

commit 2ed051dbce0ce9b44723b14922026849c39ed603
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 5 15:29:35 2011 -0700

    Move some stuff around; fix references

commit 8809b5e35b1aacb67d70ae3e55a43003b6f591b7
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 5 15:28:59 2011 -0700

    Add OMB plugin README and rm references to OMB in mail StatusNet README

commit 35ced4067c1915baca0b3e184f9533a91a951d2d
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 23:50:09 2011 -0700

    Update paths

commit 0ee5bafbce95fc9b8db98c1e828d33d26d08bc73
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 23:38:03 2011 -0700

    Fix define

commit e309dd22ffb9087d7fcf9180ede4f531dbd88c3c
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 23:30:43 2011 -0700

    Basic plugin finished

commit 00f1e930f27e080b04d1e82952f7886c84e01d97
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 19:10:38 2011 -0700

    Move OMB-specific files to OMB plugin

commit 39dcd031a79b49da0b4fe25f1594d2e406b5eb65
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 19:10:01 2011 -0700

    Remove OMB stuff from router

commit d594d071be1ec42518dd5465db61e01e7e8ec036
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 13 14:38:40 2011 -0700

    Fix paths

commit 48c1064b4b50e89cf51d2cab388f708f60601247
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 12 18:17:06 2011 -0700

    Oops, I left out the ability to authorize a token in ApiStatusNetOAuthDataStore

commit 1e1168978f38c31dbf0206b3493b2b6dcbe61589
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 19:02:08 2011 -0700

    Some odds and ends

commit ac43af2b497d8b9286c49a9469a1dff950e41650
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 19:01:23 2011 -0700

    Remove omb stuff from queuemanager defaults

commit 2471af2f8800515a3db544b3a186a18f3e8a43af
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 18:46:44 2011 -0700

    Add check to make sure we're not untagging an OMB profile to OMB plugin

commit df974646459ac6d5d97a40d008f1aab66f998226
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 18:34:20 2011 -0700

    Move some more subscription stuff and peopletag checks to OMB plugin

commit 8a1427b759e791c14a7a7a22128ba05f0b4b6d12
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 16:37:25 2011 -0700

    Move some OMB-specific unsubscribe stuff to OMB plugin

commit bd24220dbb5170af22ea0dea8a3062e6d1aeb6a2
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 6 15:26:30 2011 -0700

    Finish removing libomb from core extlibs

commit 4c3c6f1fabb0f2c92635ccc5e8f38db2293f5456
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 13 12:47:32 2011 -0700

    Fix more conflicts

commit db44deefd731a412685c5669c4c6fa69833de922
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 5 15:49:22 2011 -0700

    Fix queuing/queuehandling

commit ea2d84d2f3d518950d3aa1956ddc8f3a25ca55f3
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 5 15:29:35 2011 -0700

    Move some stuff around; fix references

commit 8ac3e010444b41bd9a78766f5e37e49dff023b45
Author: Zach Copley <zach@status.net>
Date:   Wed Jul 13 12:46:05 2011 -0700

    Fix conflicts

commit 0aad6e10e3637b3189a87b42c24c1d6de1b346bc
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 19:10:38 2011 -0700

    Move OMB-specific files to OMB plugin

commit d982d7076c5cb28c7b8e4b1dde8d07d7e58e278f
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 5 15:29:35 2011 -0700

    Move some stuff around; fix references

commit 4b9d39c93562ff4c45c37c940013e8b78197dec1
Author: Zach Copley <zach@status.net>
Date:   Tue Jul 5 15:28:59 2011 -0700

    Add OMB plugin README and rm references to OMB in mail StatusNet README

commit dab0fb6647a85e6835298496d7127a398b6b9293
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 23:50:09 2011 -0700

    Update paths

commit 2cb73dac8ad971f1545dcf6ba57746c777e232ef
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 23:38:03 2011 -0700

    Fix define

commit 6f226b18a059f175b1bdd3abcb8cb95eedc22ee7
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 23:30:43 2011 -0700

    Basic plugin finished

commit 7be304beaa0f39755c3978e0b852fde768950da4
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 19:10:38 2011 -0700

    Move OMB-specific files to OMB plugin

commit 5b30da01cfa2802d6e7a4a4a4f39b8043c54f472
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 30 19:10:01 2011 -0700

    Remove OMB stuff from router
2011-07-15 12:13:57 -07:00

507 lines
16 KiB
PHP

<?php
/*
* StatusNet - the distributed open-source microblogging tool
* Copyright (C) 2008-2011, StatusNet, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
require_once 'OAuth.php';
/**
* @fixme class doc
*/
class ApiStatusNetOAuthDataStore extends OAuthDataStore
{
function lookup_consumer($consumerKey)
{
$con = Consumer::staticGet('consumer_key', $consumerKey);
if (!$con) {
// Create an anon consumer and anon application if one
// doesn't exist already
if ($consumerKey == 'anonymous') {
common_debug("API OAuth - creating anonymous consumer");
$con = new Consumer();
$con->consumer_key = $consumerKey;
$con->consumer_secret = $consumerKey;
$con->created = common_sql_now();
$result = $con->insert();
if (!$result) {
// TRANS: Server error displayed when trying to create an anynymous OAuth consumer.
$this->serverError(_('Could not create anonymous consumer.'));
}
$app = Oauth_application::getByConsumerKey('anonymous');
if (!$app) {
common_debug("API OAuth - creating anonymous application");
$app = new OAuth_application();
$app->owner = 1; // XXX: What to do here?
$app->consumer_key = $con->consumer_key;
$app->name = 'anonymous';
$app->icon = 'default-avatar-stream.png'; // XXX: Fix this!
$app->description = "An anonymous application";
// XXX: allow the user to set the access type when
// authorizing? Currently we default to r+w for anonymous
// OAuth client applications
$app->access_type = 3; // read + write
$app->type = 2; // desktop
$app->created = common_sql_now();
$id = $app->insert();
if (!$id) {
// TRANS: Server error displayed when trying to create an anynymous OAuth application.
$this->serverError(_("Could not create anonymous OAuth application."));
}
}
} else {
return null;
}
}
return new OAuthConsumer(
$con->consumer_key,
$con->consumer_secret
);
}
function getAppByRequestToken($token_key)
{
// Look up the full req token
$req_token = $this->lookup_token(
null,
'request',
$token_key
);
if (empty($req_token)) {
common_debug("Couldn't get request token from oauth datastore");
return null;
}
// Look up the full Token
$token = new Token();
$token->tok = $req_token->key;
$result = $token->find(true);
if (empty($result)) {
common_debug('Couldn\'t find req token in the token table.');
return null;
}
// Look up the app
$app = new Oauth_application();
$app->consumer_key = $token->consumer_key;
$result = $app->find(true);
if (!empty($result)) {
return $app;
} else {
common_debug("Couldn't find the app!");
return null;
}
}
function new_access_token($token, $consumer, $verifier)
{
common_debug(
sprintf(
"New access token from request token %s, consumer %s and verifier %s ",
$token,
$consumer,
$verifier
),
__FILE__
);
$rt = new Token();
$rt->consumer_key = $consumer->key;
$rt->tok = $token->key;
$rt->type = 0; // request
$app = Oauth_application::getByConsumerKey($consumer->key);
assert(!empty($app));
if ($rt->find(true) && $rt->state == 1 && $rt->verifier == $verifier) { // authorized
common_debug('Request token found.', __FILE__);
// find the app and profile associated with this token
$tokenAssoc = Oauth_token_association::staticGet('token', $rt->tok);
if (!$tokenAssoc) {
throw new Exception(
// TRANS: Exception thrown when no token association could be found.
_('Could not find a profile and application associated with the request token.')
);
}
// Check to see if we have previously issued an access token for
// this application and profile; if so we can just return the
// existing access token. That seems to be the best practice. It
// makes it so users only have to authorize the app once per
// machine.
$appUser = new Oauth_application_user();
$appUser->application_id = $app->id;
$appUser->profile_id = $tokenAssoc->profile_id;
$result = $appUser->find(true);
if (!empty($result)) {
common_log(LOG_INFO,
sprintf(
"Existing access token found for application %s, profile %s.",
$app->id,
$tokenAssoc->profile_id
)
);
$at = null;
// Special case: we used to store request tokens in the
// Oauth_application_user record, and the access_type would
// always be 0 (no access) as a failsafe until an access
// token was issued and replaced the request token. There could
// be a few old Oauth_application_user records storing request
// tokens still around, and we don't want to accidentally
// return a useless request token instead of a new access
// token. So if we find one, we generate a new access token
// and update the existing Oauth_application_user record before
// returning the new access token. This should be rare.
if ($appUser->access_type == 0) {
$at = $this->generateNewAccessToken($consumer, $rt, $verifier);
$this->updateAppUser($appUser, $app, $at);
} else {
$at = new Token();
// fetch the full access token
$at->consumer_key = $consumer->key;
$at->tok = $appUser->token;
$result = $at->find(true);
if (!$result) {
throw new Exception(
// TRANS: Exception thrown when no access token can be issued.
_('Could not issue access token.')
);
}
}
// Yay, we can re-issue the access token
return new OAuthToken($at->tok, $at->secret);
} else {
common_log(LOG_INFO,
sprintf(
"Creating new access token for application %s, profile %s.",
$app->id,
$tokenAssoc->profile_id
)
);
$at = $this->generateNewAccessToken($consumer, $rt, $verifier);
$this->newAppUser($tokenAssoc, $app, $at);
// Okay, good
return new OAuthToken($at->tok, $at->secret);
}
} else {
// the token was not authorized or not verfied
common_log(
LOG_INFO,
sprintf(
"API OAuth - Attempt to exchange unauthorized or unverified request token %s for an access token.",
$rt->tok
)
);
return null;
}
}
/*
* Generate a new access token and save it to the database
*
* @param Consumer $consumer the OAuth consumer
* @param Token $rt the authorized request token
* @param string $verifier the OAuth 1.0a verifier
*
* @access private
*
* @return Token $at the new access token
*/
private function generateNewAccessToken($consumer, $rt, $verifier)
{
$at = new Token();
$at->consumer_key = $consumer->key;
$at->tok = common_good_rand(16);
$at->secret = common_good_rand(16);
$at->type = 1; // access
$at->verifier = $verifier;
$at->verified_callback = $rt->verified_callback; // 1.0a
$at->created = common_sql_now();
if (!$at->insert()) {
$e = $at->_lastError;
common_debug('access token "' . $at->tok . '" not inserted: "' . $e->message . '"', __FILE__);
return null;
} else {
common_debug('access token "' . $at->tok . '" inserted', __FILE__);
// burn the old one
$orig_rt = clone($rt);
$rt->state = 2; // used
if (!$rt->update($orig_rt)) {
return null;
}
common_debug('request token "' . $rt->tok . '" updated', __FILE__);
}
return $at;
}
/*
* Add a new app user (Oauth_application_user) record
*
* @param Oauth_token_association $tokenAssoc token-to-app association
* @param Oauth_application $app the OAuth client app
* @param Token $at the access token
*
* @access private
*
* @return void
*/
private function newAppUser($tokenAssoc, $app, $at)
{
$appUser = new Oauth_application_user();
$appUser->profile_id = $tokenAssoc->profile_id;
$appUser->application_id = $app->id;
$appUser->access_type = $app->access_type;
$appUser->token = $at->tok;
$appUser->created = common_sql_now();
$result = $appUser->insert();
if (!$result) {
common_log_db_error($appUser, 'INSERT', __FILE__);
throw new Exception(
// TRANS: Exception thrown when a database error occurs.
_('Database error inserting OAuth application user.')
);
}
}
/*
* Update an existing app user (Oauth_application_user) record
*
* @param Oauth_application_user $appUser existing app user rec
* @param Oauth_application $app the OAuth client app
* @param Token $at the access token
*
* @access private
*
* @return void
*/
private function updateAppUser($appUser, $app, $at)
{
$original = clone($appUser);
$appUser->access_type = $app->access_type;
$appUser->token = $at->tok;
$result = $appUser->update($original);
if (!$result) {
common_log_db_error($appUser, 'UPDATE', __FILE__);
throw new Exception(
// TRANS: Exception thrown when a database error occurs.
_('Database error updating OAuth application user.')
);
}
}
/**
* Revoke specified access token
*
* Revokes the token specified by $token_key.
* Throws exceptions in case of error.
*
* @param string $token_key the token to be revoked
* @param int $type type of token (0 = req, 1 = access)
*
* @access public
*
* @return void
*/
public function revoke_token($token_key, $type = 0) {
$rt = new Token();
$rt->tok = $token_key;
$rt->type = $type;
$rt->state = 0;
if (!$rt->find(true)) {
// TRANS: Exception thrown when an attempt is made to revoke an unknown token.
throw new Exception(_('Tried to revoke unknown token.'));
}
if (!$rt->delete()) {
// TRANS: Exception thrown when an attempt is made to remove a revoked token.
throw new Exception(_('Failed to delete revoked token.'));
}
}
/*
* Create a new request token. Overrided to support OAuth 1.0a callback
*
* @param OAuthConsumer $consumer the OAuth Consumer for this token
* @param string $callback the verified OAuth callback URL
*
* @return OAuthToken $token a new unauthorized OAuth request token
*/
function new_request_token($consumer, $callback)
{
$t = new Token();
$t->consumer_key = $consumer->key;
$t->tok = common_good_rand(16);
$t->secret = common_good_rand(16);
$t->type = 0; // request
$t->state = 0; // unauthorized
$t->verified_callback = $callback;
if ($callback === 'oob') {
// six digit pin
$t->verifier = mt_rand(0, 9999999);
} else {
$t->verifier = common_good_rand(8);
}
$t->created = DB_DataObject_Cast::dateTime();
if (!$t->insert()) {
return null;
} else {
return new OAuthToken($t->tok, $t->secret);
}
}
/**
* Authorize specified OAuth token
*
* Authorizes the authorization token specified by $token_key.
* Throws exceptions in case of error.
*
* @param string $token_key The token to be authorized
*
* @access public
**/
public function authorize_token($token_key) {
$rt = new Token();
$rt->tok = $token_key;
$rt->type = 0;
$rt->state = 0;
if (!$rt->find(true)) {
throw new Exception('Tried to authorize unknown token');
}
$orig_rt = clone($rt);
$rt->state = 1; # Authorized but not used
if (!$rt->update($orig_rt)) {
throw new Exception('Failed to authorize token');
}
}
/**
*
* http://oauth.net/core/1.0/#nonce
* "The Consumer SHALL then generate a Nonce value that is unique for
* all requests with that timestamp."
* XXX: It's not clear why the token is here
*
* @param type $consumer
* @param type $token
* @param type $nonce
* @param type $timestamp
* @return type
*/
function lookup_nonce($consumer, $token, $nonce, $timestamp)
{
$n = new Nonce();
$n->consumer_key = $consumer->key;
$n->ts = common_sql_date($timestamp);
$n->nonce = $nonce;
if ($n->find(true)) {
return true;
} else {
$n->created = DB_DataObject_Cast::dateTime();
$n->insert();
return false;
}
}
/**
*
* @param type $consumer
* @param type $token_type
* @param type $token_key
* @return OAuthToken
*/
function lookup_token($consumer, $token_type, $token_key)
{
$t = new Token();
if (!is_null($consumer)) {
$t->consumer_key = $consumer->key;
}
$t->tok = $token_key;
$t->type = ($token_type == 'access') ? 1 : 0;
if ($t->find(true)) {
return new OAuthToken($t->tok, $t->secret);
} else {
return null;
}
}
/**
*
* @param type $token_key
* @return Token
*/
function getTokenByKey($token_key)
{
$t = new Token();
$t->tok = $token_key;
if ($t->find(true)) {
return $t;
} else {
return null;
}
}
}