v4/docs/OAuthRequest_8php_source.html

<?php


namespace ceLTIc\LTI\OAuth;


class OAuthRequest

{


    protected $parameters;


    protected $http_method;


    protected $http_url;


    // For debug purposes


    public $base_string;


    public static $version = '1.0';


    public static $POST_INPUT = 'php://input';


    function __construct($http_method, $http_url, $parameters = null)

    {

        $parameters = ($parameters) ? $parameters : array();

        $parameters = array_merge(OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);

        $this->parameters = $parameters;

        $this->http_method = $http_method;

        $this->http_url = $http_url;

    }


    public static function from_request($http_method = null, $http_url = null, $parameters = null)

    {

        if (!$http_url) {

            if ((isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')) ||

                (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] === 'on')) ||

                (isset($_SERVER['HTTP_X_URL_SCHEME']) && ($_SERVER['HTTP_X_URL_SCHEME'] === 'https'))) {

                $_SERVER['HTTPS'] = 'on';

                $_SERVER['SERVER_PORT'] = 443;

            } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {

                $_SERVER['HTTPS'] = 'off';

                $_SERVER['SERVER_PORT'] = 80;

            } elseif (!isset($_SERVER['HTTPS'])) {

                $_SERVER['HTTPS'] = 'off';

            }

            if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {

                $forwardedHosts = str_replace(' ', ',', trim($_SERVER['HTTP_X_FORWARDED_HOST']));  // Use first if multiple hosts listed

                $hosts = explode(',', $forwardedHosts);

                if (!empty($hosts[0])) {

                    $host = explode(':', $hosts[0], 2);

                    $_SERVER['SERVER_NAME'] = $host[0];

                    if (count($host) > 1) {

                        $_SERVER['SERVER_PORT'] = $host[1];

                    } elseif ($_SERVER['HTTPS'] === 'on') {

                        $_SERVER['SERVER_PORT'] = 443;

                    } else {

                        $_SERVER['SERVER_PORT'] = 80;

                    }

                }

            } elseif (!empty($_SERVER['HTTP_X_ORIGINAL_HOST'])) {

                $_SERVER['SERVER_NAME'] = $_SERVER['HTTP_X_ORIGINAL_HOST'];

            }

            $scheme = ($_SERVER['HTTPS'] === 'on') ? 'https' : 'http';

            $http_url = "{$scheme}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}{$_SERVER['REQUEST_URI']}";

        }

        $http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD'];


        // We weren't handed any parameters, so let's find the ones relevant to

        // this request.

        // If you run XML-RPC or similar you should use this to provide your own

        // parsed parameter-list

        if (!$parameters) {

            // Find request headers

            $request_headers = OAuthUtil::get_headers();


            // Parse the query-string to find GET parameters

            if (isset($_SERVER['QUERY_STRING'])) {

                $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);

            } else {

                $parameters = array();

            }


            if (($http_method === 'POST' && isset($request_headers['Content-Type']) && stristr($request_headers['Content-Type'],

                    'application/x-www-form-urlencoded')) || !empty($_POST)) {

                // It's a POST request of the proper content-type, so parse POST

                // parameters and add those overriding any duplicates from GET

                $post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));

                $parameters = array_merge_recursive($parameters, $post_data);

            }


            // We have a Authorization-header with OAuth data. Parse the header

            // and add those overriding any duplicates from GET or POST

            if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {

                $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);

                $parameters = array_merge_recursive($parameters, $header_parameters);

            }

        }


        return new OAuthRequest($http_method, $http_url, $parameters);

    }


    public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = null)

    {

        $parameters = ($parameters) ? $parameters : array();

        $defaults = array('oauth_version' => OAuthRequest::$version,

            'oauth_nonce' => OAuthRequest::generate_nonce(),

            'oauth_timestamp' => OAuthRequest::generate_timestamp(),

            'oauth_consumer_key' => $consumer->key);

        if ($token)

            $defaults['oauth_token'] = $token->key;


        $parameters = array_merge($defaults, $parameters);


        return new OAuthRequest($http_method, $http_url, $parameters);

    }


    public function set_parameter($name, $value, $allow_duplicates = true)

    {

        if ($allow_duplicates && isset($this->parameters[$name])) {

            // We have already added parameter(s) with this name, so add to the list

            if (is_scalar($this->parameters[$name])) {

                // This is the first duplicate, so transform scalar (string)

                // into an array so we can add the duplicates

                $this->parameters[$name] = array($this->parameters[$name]);

            }


            $this->parameters[$name][] = $value;

        } else {

            $this->parameters[$name] = $value;

        }

    }


    public function get_parameter($name)

    {

        return isset($this->parameters[$name]) ? $this->parameters[$name] : null;

    }


    public function get_parameters()

    {

        return $this->parameters;

    }


    public function unset_parameter($name)

    {

        unset($this->parameters[$name]);

    }


    public function get_signable_parameters()

    {

        // Grab all parameters

        $params = $this->parameters;


        // Remove oauth_signature if present

        // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")

        if (isset($params['oauth_signature'])) {

            unset($params['oauth_signature']);

        }


        return OAuthUtil::build_http_query($params);

    }


    public function get_signature_base_string()

    {

        $parts = array(

            $this->get_normalized_http_method(),

            $this->get_normalized_http_url(),

            $this->get_signable_parameters()

        );


        $parts = OAuthUtil::urlencode_rfc3986($parts);


        return implode('&', $parts);

    }


    public function get_normalized_http_method()

    {

        return strtoupper($this->http_method);

    }


    public function get_normalized_http_url()

    {

        $parts = parse_url($this->http_url);


        $scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';

        $port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');

        $host = (isset($parts['host'])) ? strtolower($parts['host']) : '';

        $path = (isset($parts['path'])) ? $parts['path'] : '';


        if (($scheme == 'https' && $port != '443') || ($scheme == 'http' && $port != '80')) {

            $host = "$host:$port";

        }


        return "$scheme://$host$path";

    }


    public function to_url()

    {

        $post_data = $this->to_postdata();

        $out = $this->get_normalized_http_url();

        if ($post_data) {

            $out .= '?' . $post_data;

        }


        return $out;

    }


    public function to_postdata()

    {

        return OAuthUtil::build_http_query($this->parameters);

    }


    public function to_header($realm = null)

    {

        $first = true;

        if ($realm) {

            $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';

            $first = false;

        } else

            $out = 'Authorization: OAuth';


        $total = array();

        foreach ($this->parameters as $k => $v) {

            if (substr($k, 0, 5) != "oauth")

                continue;

            if (is_array($v)) {

                throw new OAuthException('Arrays not supported in headers');

            }

            $out .= ($first) ? ' ' : ',';

            $out .= OAuthUtil::urlencode_rfc3986($k) .

                '="' .

                OAuthUtil::urlencode_rfc3986($v) .

                '"';

            $first = false;

        }


        return $out;

    }


    public function __toString()

    {

        return $this->to_url();

    }


    public function sign_request($signature_method, $consumer, $token)

    {

        $this->set_parameter(

            "oauth_signature_method", $signature_method->get_name(), false

        );

        $signature = $this->build_signature($signature_method, $consumer, $token);

        $this->set_parameter("oauth_signature", $signature, false);

    }


    public function build_signature($signature_method, $consumer, $token)

    {

        $signature = $signature_method->build_signature($this, $consumer, $token);

        return $signature;

    }


    private static function generate_timestamp()

    {

        return time();

    }


    private static function generate_nonce()

    {

        $mt = microtime();

        $rand = mt_rand();


        return md5($mt . $rand); // md5s look nicer than numbers

    }


}

ceLTIc\LTI\OAuth\OAuthException
Class to represent an OAuth Exception.
Definition OAuthException.php:13

ceLTIc\LTI\OAuth\OAuthRequest
Class to represent an OAuth request.
Definition OAuthRequest.php:13

ceLTIc\LTI\OAuth\OAuthRequest\build_signature
build_signature($signature_method, $consumer, $token)
Build the signature.
Definition OAuthRequest.php:403

ceLTIc\LTI\OAuth\OAuthRequest\unset_parameter
unset_parameter($name)
Delete a parameter.
Definition OAuthRequest.php:230

ceLTIc\LTI\OAuth\OAuthRequest\__construct
__construct($http_method, $http_url, $parameters=null)
Class constructor.
Definition OAuthRequest.php:66

ceLTIc\LTI\OAuth\OAuthRequest\get_signature_base_string
get_signature_base_string()
Returns the base string of this request.
Definition OAuthRequest.php:263

ceLTIc\LTI\OAuth\OAuthRequest\to_url
to_url()
Builds a url usable for a GET request.
Definition OAuthRequest.php:312

ceLTIc\LTI\OAuth\OAuthRequest\$version
static $version
Version.
Definition OAuthRequest.php:50

ceLTIc\LTI\OAuth\OAuthRequest\$http_method
$http_method
HTTP method.
Definition OAuthRequest.php:27

ceLTIc\LTI\OAuth\OAuthRequest\get_signable_parameters
get_signable_parameters()
The request parameters, sorted and concatenated into a normalized string.
Definition OAuthRequest.php:240

ceLTIc\LTI\OAuth\OAuthRequest\$http_url
$http_url
HTTP URL.
Definition OAuthRequest.php:34

ceLTIc\LTI\OAuth\OAuthRequest\get_normalized_http_method
get_normalized_http_method()
Just uppercases the http method.
Definition OAuthRequest.php:281

ceLTIc\LTI\OAuth\OAuthRequest\to_postdata
to_postdata()
Builds the data one would send in a POST request.
Definition OAuthRequest.php:328

ceLTIc\LTI\OAuth\OAuthRequest\from_consumer_and_token
static from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=null)
Pretty much a helper function to set up the request.
Definition OAuthRequest.php:165

ceLTIc\LTI\OAuth\OAuthRequest\$parameters
$parameters
Request parameters.
Definition OAuthRequest.php:20

ceLTIc\LTI\OAuth\OAuthRequest\__toString
__toString()
Convert object to a string.
Definition OAuthRequest.php:373

ceLTIc\LTI\OAuth\OAuthRequest\get_parameters
get_parameters()
Get request parameters.
Definition OAuthRequest.php:220

ceLTIc\LTI\OAuth\OAuthRequest\from_request
static from_request($http_method=null, $http_url=null, $parameters=null)
Attempt to build up a request from what was passed to the server.
Definition OAuthRequest.php:84

ceLTIc\LTI\OAuth\OAuthRequest\sign_request
sign_request($signature_method, $consumer, $token)
Sign the request.
Definition OAuthRequest.php:385

ceLTIc\LTI\OAuth\OAuthRequest\$base_string
$base_string
Base string.
Definition OAuthRequest.php:43

ceLTIc\LTI\OAuth\OAuthRequest\get_normalized_http_url
get_normalized_http_url()
Parses the url and rebuilds it to be scheme://host/path.
Definition OAuthRequest.php:291

ceLTIc\LTI\OAuth\OAuthRequest\to_header
to_header($realm=null)
Builds the Authorization: header.
Definition OAuthRequest.php:341

ceLTIc\LTI\OAuth\OAuthRequest\set_parameter
set_parameter($name, $value, $allow_duplicates=true)
Set a parameter.
Definition OAuthRequest.php:187

ceLTIc\LTI\OAuth\OAuthRequest\get_parameter
get_parameter($name)
Get a parameter.
Definition OAuthRequest.php:210

ceLTIc\LTI\OAuth\OAuthRequest\$POST_INPUT
static $POST_INPUT
Access to POST data.
Definition OAuthRequest.php:57

ceLTIc\LTI\OAuth\OAuthUtil\build_http_query
static build_http_query($params)
Build HTTP query string.
Definition OAuthUtil.php:171

ceLTIc\LTI\OAuth\OAuthUtil\split_header
static split_header($header, $only_allow_oauth_parameters=true)
Utility function for turning the Authorization: header into parameters, has to do some unescaping.
Definition OAuthUtil.php:62

ceLTIc\LTI\OAuth\OAuthUtil\urlencode_rfc3986
static urlencode_rfc3986($input)
URL encode.
Definition OAuthUtil.php:22

ceLTIc\LTI\OAuth\OAuthUtil\parse_parameters
static parse_parameters($input)
Parse parameters.
Definition OAuthUtil.php:132

ceLTIc\LTI\OAuth\OAuthUtil\get_headers
static get_headers()
Helper to try to sort out headers for people who aren't running apache.
Definition OAuthUtil.php:83