src/Network/FKOAuthDataStore.php

   1 <?php
   2
   3 /**
   4  * @file src/Network/FKOAuthDataStore.php
   5  * OAuth server
   6  * Based on oauth2-php <http://code.google.com/p/oauth2-php/>
   7  *
   8  */
   9
  10 namespace Friendica\Network;
  11
  12 use Friendica\Core\Config;
  13 use Friendica\Core\Logger;
  14 use Friendica\Database\DBA;
  15 use Friendica\Util\Strings;
  16 use OAuthConsumer;
  17 use OAuthDataStore;
  18 use OAuthToken;
  19
  20 define('REQUEST_TOKEN_DURATION', 300);
  21 define('ACCESS_TOKEN_DURATION', 31536000);
  22
  23 /**
  24  * @brief OAuthDataStore class
  25  */
  26 class FKOAuthDataStore extends OAuthDataStore
  27 {
  28         /**
  29          * @return string
  30          * @throws \Exception
  31          */
  32         private static function genToken()
  33         {
  34                 return Strings::getRandomHex(32);
  35         }
  36
  37         /**
  38          * @param string $consumer_key key
  39          * @return OAuthConsumer|null
  40          * @throws \Exception
  41          */
  42         public function lookup_consumer($consumer_key)
  43         {
  44                 Logger::log(__function__ . ":" . $consumer_key);
  45
  46                 $s = DBA::select('clients', ['client_id', 'pw', 'redirect_uri'], ['client_id' => $consumer_key]);
  47                 $r = DBA::toArray($s);
  48
  49                 if (DBA::isResult($r)) {
  50                         return new OAuthConsumer($r[0]['client_id'], $r[0]['pw'], $r[0]['redirect_uri']);
  51                 }
  52
  53                 return null;
  54         }
  55
  56         /**
  57          * @param OAuthConsumer $consumer
  58          * @param string        $token_type
  59          * @param string        $token_id
  60          * @return OAuthToken|null
  61          * @throws \Exception
  62          */
  63         public function lookup_token(OAuthConsumer $consumer, $token_type, $token_id)
  64         {
  65                 Logger::log(__function__ . ":" . $consumer . ", " . $token_type . ", " . $token_id);
  66
  67                 $s = DBA::select('tokens', ['id', 'secret', 'scope', 'expires', 'uid'], ['client_id' => $consumer->key, 'scope' => $token_type, 'id' => $token_id]);
  68                 $r = DBA::toArray($s);
  69
  70                 if (DBA::isResult($r)) {
  71                         $ot = new OAuthToken($r[0]['id'], $r[0]['secret']);
  72                         $ot->scope = $r[0]['scope'];
  73                         $ot->expires = $r[0]['expires'];
  74                         $ot->uid = $r[0]['uid'];
  75                         return $ot;
  76                 }
  77
  78                 return null;
  79         }
  80
  81         /**
  82          * @param OAuthConsumer $consumer
  83          * @param OAuthToken    $token
  84          * @param string        $nonce
  85          * @param int           $timestamp
  86          * @return mixed
  87          * @throws \Exception
  88          */
  89         public function lookup_nonce(OAuthConsumer $consumer, OAuthToken $token, $nonce, int $timestamp)
  90         {
  91                 $token = DBA::selectFirst('tokens', ['id', 'secret'], ['client_id' => $consumer->key, 'id' => $nonce, 'expires' => $timestamp]);
  92                 if (DBA::isResult($token)) {
  93                         return new OAuthToken($token['id'], $token['secret']);
  94                 }
  95
  96                 return null;
  97         }
  98
  99         /**
 100          * @param OAuthConsumer $consumer
 101          * @param string        $callback
 102          * @return OAuthToken|null
 103          * @throws \Exception
 104          */
 105         public function new_request_token(OAuthConsumer $consumer, $callback = null)
 106         {
 107                 Logger::log(__function__ . ":" . $consumer . ", " . $callback);
 108                 $key = self::genToken();
 109                 $sec = self::genToken();
 110
 111                 if ($consumer->key) {
 112                         $k = $consumer->key;
 113                 } else {
 114                         $k = $consumer;
 115                 }
 116
 117                 $r = DBA::insert(
 118                         'tokens',
 119                         [
 120                                 'id' => $key,
 121                                 'secret' => $sec,
 122                                 'client_id' => $k,
 123                                 'scope' => 'request',
 124                                 'expires' => time() + REQUEST_TOKEN_DURATION
 125                         ]
 126                 );
 127
 128                 if (!$r) {
 129                         return null;
 130                 }
 131
 132                 return new OAuthToken($key, $sec);
 133         }
 134
 135         /**
 136          * @param OAuthToken    $token    token
 137          * @param OAuthConsumer $consumer consumer
 138          * @param string        $verifier optional, defult null
 139          * @return OAuthToken
 140          * @throws \Exception
 141          */
 142         public function new_access_token(OAuthToken $token, OAuthConsumer $consumer, $verifier = null)
 143         {
 144                 Logger::log(__function__ . ":" . $token . ", " . $consumer . ", " . $verifier);
 145
 146                 // return a new access token attached to this consumer
 147                 // for the user associated with this token if the request token
 148                 // is authorized
 149                 // should also invalidate the request token
 150
 151                 $ret = null;
 152
 153                 // get user for this verifier
 154                 $uverifier = Config::get("oauth", $verifier);
 155                 Logger::log(__function__ . ":" . $verifier . "," . $uverifier);
 156
 157                 if (is_null($verifier) || ($uverifier !== false)) {
 158                         $key = self::genToken();
 159                         $sec = self::genToken();
 160                         $r = DBA::insert(
 161                                 'tokens',
 162                                 [
 163                                         'id' => $key,
 164                                         'secret' => $sec,
 165                                         'client_id' => $consumer->key,
 166                                         'scope' => 'access',
 167                                         'expires' => time() + ACCESS_TOKEN_DURATION,
 168                                         'uid' => $uverifier
 169                                 ]
 170                         );
 171
 172                         if ($r) {
 173                                 $ret = new OAuthToken($key, $sec);
 174                         }
 175                 }
 176
 177                 DBA::delete('tokens', ['id' => $token->key]);
 178
 179                 if (!is_null($ret) && !is_null($uverifier)) {
 180                         Config::delete("oauth", $verifier);
 181                 }
 182
 183                 return $ret;
 184         }
 185 }