1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
<?php
namespace RESTAPI\Consumer;
use StudipAutoloader, DBManager, OAuthRequestVerifier, OAuthStore, OAuthServer, Exception;
use \RESTAPI\UserPermissions;
StudipAutoloader::addAutoloadPath($GLOBALS['STUDIP_BASE_PATH'] . DIRECTORY_SEPARATOR . 'vendor/oauth-php/library/');
/**
* OAuth consumer for the rest api
*
* @author Jan-Hendrik Willms <tleilax+studip@gmail.com>
* @license GPL 2 or later
* @since Stud.IP 3.0
* @deprecated Since Stud.IP 5.0. Will be removed in Stud.IP 6.0.
*/
class OAuth extends Base
{
/**
* Configures the model.
*
* @param array $config Configuration array
*/
protected static function configure($config = [])
{
$config['default_values']['consumer_type'] = 'oauth';
$config['registered_callbacks']['before_store'][] = 'before_store';
parent::configure($config);
}
/**
* Detects whether the request is authenticated via OAuth.
*
* @param mixed $request_type Type of request (optional; defaults to any)
* @return mixed Instance of self if authentication was detected, false
* otherwise
*/
public static function detect($request_type = null)
{
if (OAuthRequestVerifier::requestIsSigned() && $request_type !== 'request') {
$user_id = false;
$parameters = (in_array($_SERVER['REQUEST_METHOD'], ['GET', 'POST']))
? null
: $GLOBALS['_' . $_SERVER['REQUEST_METHOD']];
$req = new OAuthRequestVerifier(null, null, $parameters);
// Check oauth timestamp and deny access if timestamp is outdated
if ($req->getParam('oauth_timestamp') < strtotime('-6 hours')) {
return false;
}
$result = $req->verifyExtended('access');
// @todo
# self::$consumer_key = $result['consumer_key'];
$query = "SELECT user_id FROM api_oauth_user_mapping WHERE oauth_id = :oauth_id";
$statement = DBManager::get()->prepare($query);
$statement->bindValue(':oauth_id', $result['user_id']);
$statement->execute();
$user_id = $statement->fetchColumn();
if (!$user_id) {
return false;
}
$consumer = reset(self::findByAuth_Key($result['consumer_key']));
$consumer->setUser($user_id);
return $consumer;
} else {
try {
// Check if there is a valid request token in the current request
// Returns an array with the consumer key, consumer secret, token, token secret and token type.
$rs = self::getServer()->authorizeVerify();
$query = "SELECT consumer_id
FROM api_consumers
WHERE auth_key = :key";
$statement = DBManager::get()->prepare($query);
$statement->bindValue(':key', $rs['consumer_key']);
$statement->execute();
$id = $statement->fetchColumn();
if ($id) {
return new self($id);
}
} catch (Exception $e) {
}
}
return false;
}
/**
* Returns a singleton instance of the oauth server.
*
* @return OAuthServer The server object
*/
public static function getServer()
{
static $server = null;
if ($server === null) {
$server = new OAuthServer(null, null, null, 'SESSION', [], [
'allowed_uri_schemes' => []
]);
}
return $server;
}
/**
* "Before store" trigger. Creates a clone of the consumer in the
* tables for the vendor oauth library.
*/
protected function before_store()
{
static $mapping = [
'auth_key' => 'consumer_key',
'auth_secret' => 'consumer_secret',
'active' => 'enabled',
'contact' => 'requester_name',
'email' => 'requester_email',
'callback' => 'callback_uri',
'url' => 'application_uri',
'title' => 'application_title',
'description' => 'application_descr',
'notes' => 'application_notes',
'type' => 'application_type',
'commercial' => 'application_commercial',
];
$consumer = [];
foreach ($mapping as $from => $to) {
$consumer[$to] = $this->$from;
}
$query = "SELECT osr_id
FROM oauth_server_registry
WHERE osr_consumer_key = :key AND osr_consumer_secret = :secret";
$statement = DBManager::get()->prepare($query);
$statement->bindValue(':key', $this->auth_key);
$statement->bindValue(':secret', $this->auth_secret);
$statement->execute();
$consumer['id'] = $statement->fetchColumn();
$consumer_key = OAuthStore::instance('PDO')->updateConsumer($consumer, null, true);
if ($this->isNew()) {
$consumer = OAuthStore::instance('PDO')->getConsumer($consumer_key, null, true);
$this->auth_key = $consumer['consumer_key'];
$this->auth_secret = $consumer['consumer_secret'];
}
}
/**
* Grant oauth access for a user.
*
* @param mixed $user_id Specific user id or null to default to the
* injected user
* @throws Exception If no valid user is present
*/
public function grantAccess($user_id = null)
{
if ($user_id === null && $this->hasUser()) {
$user_id = $this->user->id;
}
if (!$user_id) {
throw new Exception('Can not grant access to unknown user');
}
UserPermissions::get($GLOBALS['user']->id)->set($this->id, true)->store();
return self::getServer()->authorizeFinish(true, self::getOAuthId($user_id));
}
/**
* Revoke oauth access from a user.
*
* @param mixed $user_id Specific user id or null to default to the
* injected user
* @throws Exception If no valid user is present
*/
public function revokeAccess($user_id = null)
{
if ($user_id === null && $this->hasUser()) {
$user_id = $this->user->id;
}
if (!$user_id) {
throw new Exception('Can not revoke access from unknown user');
}
$query = "DELETE oauth_server_token
FROM oauth_server_token
JOIN oauth_server_registry
WHERE ost_usa_id_ref = :id AND osr_consumer_key = :key AND osr_consumer_secret = :secret";
$statement = DBManager::get()->prepare($query);
$statement->bindValue(':id', self::getOAuthId($user_id));
$statement->bindValue(':key', $this->auth_key);
$statement->bindValue(':secret', $this->auth_secret);
$statement->execute();
UserPermissions::get($GLOBALS['user']->id)->set($this->id, false)->store();
return self::getServer()->authorizeFinish(false, self::getOAuthId($user_id));
}
/**
* Maps a user to an oauth id. This is neccessary due to the fact that
* the oauth lib works with different ids than Stud.IP.
*
* @param String $user_id Id of the user to get an oauth id for
* @return String The mapped oauth id
*/
public static function getOAuthId($user_id)
{
$query = "SELECT oauth_id FROM api_oauth_user_mapping WHERE user_id = :id";
$statement = DBManager::get()->prepare($query);
$statement->bindValue(':id', $user_id);
$statement->execute();
$oauth_id = $statement->fetchColumn();
if (!$oauth_id) {
$query = "INSERT INTO api_oauth_user_mapping (user_id, mkdate)
VALUES (:id, UNIX_TIMESTAMP())";
$statement = DBManager::get()->prepare($query);
$statement->bindValue(':id', $user_id);
$statement->execute();
$oauth_id = DBManager::get()->lastInsertId();
}
return $oauth_id;
}
}
|
