src/Network/FKOAuthDataStore.php

   1 <?php
   2
   3 /**
   4  * @file src/Network/FKOAuthDataStore.php
   5  * OAuth server
   6  * Based on oauth2-php <http://code.google.com/p/oauth2-php/>
   7  *
   8  */
   9
  10 namespace Friendica\Network;
  11
  12 use Friendica\Core\Config;
  13 use Friendica\Core\Logger;
  14 use Friendica\Database\DBA;
  15 use Friendica\DI;
  16 use Friendica\Util\Strings;
  17 use OAuthConsumer;
  18 use OAuthDataStore;
  19 use OAuthToken;
  20
  21 define('REQUEST_TOKEN_DURATION', 300);
  22 define('ACCESS_TOKEN_DURATION', 31536000);
  23
  24 /**
  25  * OAuthDataStore class
  26  */
  27 class FKOAuthDataStore extends OAuthDataStore
  28 {
  29         /**
  30          * @return string
  31          * @throws \Exception
  32          */
  33         private static function genToken()
  34         {
  35                 return Strings::getRandomHex(32);
  36         }
  37
  38         /**
  39          * @param string $consumer_key key
  40          * @return OAuthConsumer|null
  41          * @throws \Exception
  42          */
  43         public function lookup_consumer($consumer_key)
  44         {
  45                 Logger::log(__function__ . ":" . $consumer_key);
  46
  47                 $s = DBA::select('clients', ['client_id', 'pw', 'redirect_uri'], ['client_id' => $consumer_key]);
  48                 $r = DBA::toArray($s);
  49
  50                 if (DBA::isResult($r)) {
  51                         return new OAuthConsumer($r[0]['client_id'], $r[0]['pw'], $r[0]['redirect_uri']);
  52                 }
  53
  54                 return null;
  55         }
  56
  57         /**
  58          * @param OAuthConsumer $consumer
  59          * @param string        $token_type
  60          * @param string        $token_id
  61          * @return OAuthToken|null
  62          * @throws \Exception
  63          */
  64         public function lookup_token(OAuthConsumer $consumer, $token_type, $token_id)
  65         {
  66                 Logger::log(__function__ . ":" . $consumer . ", " . $token_type . ", " . $token_id);
  67
  68                 $s = DBA::select('tokens', ['id', 'secret', 'scope', 'expires', 'uid'], ['client_id' => $consumer->key, 'scope' => $token_type, 'id' => $token_id]);
  69                 $r = DBA::toArray($s);
  70
  71                 if (DBA::isResult($r)) {
  72                         $ot = new OAuthToken($r[0]['id'], $r[0]['secret']);
  73                         $ot->scope = $r[0]['scope'];
  74                         $ot->expires = $r[0]['expires'];
  75                         $ot->uid = $r[0]['uid'];
  76                         return $ot;
  77                 }
  78
  79                 return null;
  80         }
  81
  82         /**
  83          * @param OAuthConsumer $consumer
  84          * @param OAuthToken    $token
  85          * @param string        $nonce
  86          * @param int           $timestamp
  87          * @return mixed
  88          * @throws \Exception
  89          */
  90         public function lookup_nonce(OAuthConsumer $consumer, OAuthToken $token, $nonce, int $timestamp)
  91         {
  92                 $token = DBA::selectFirst('tokens', ['id', 'secret'], ['client_id' => $consumer->key, 'id' => $nonce, 'expires' => $timestamp]);
  93                 if (DBA::isResult($token)) {
  94                         return new OAuthToken($token['id'], $token['secret']);
  95                 }
  96
  97                 return null;
  98         }
  99
 100         /**
 101          * @param OAuthConsumer $consumer
 102          * @param string        $callback
 103          * @return OAuthToken|null
 104          * @throws \Exception
 105          */
 106         public function new_request_token(OAuthConsumer $consumer, $callback = null)
 107         {
 108                 Logger::log(__function__ . ":" . $consumer . ", " . $callback);
 109                 $key = self::genToken();
 110                 $sec = self::genToken();
 111
 112                 if ($consumer->key) {
 113                         $k = $consumer->key;
 114                 } else {
 115                         $k = $consumer;
 116                 }
 117
 118                 $r = DBA::insert(
 119                         'tokens',
 120                         [
 121                                 'id' => $key,
 122                                 'secret' => $sec,
 123                                 'client_id' => $k,
 124                                 'scope' => 'request',
 125                                 'expires' => time() + REQUEST_TOKEN_DURATION
 126                         ]
 127                 );
 128
 129                 if (!$r) {
 130                         return null;
 131                 }
 132
 133                 return new OAuthToken($key, $sec);
 134         }
 135
 136         /**
 137          * @param OAuthToken    $token    token
 138          * @param OAuthConsumer $consumer consumer
 139          * @param string        $verifier optional, defult null
 140          * @return OAuthToken
 141          * @throws \Exception
 142          */
 143         public function new_access_token(OAuthToken $token, OAuthConsumer $consumer, $verifier = null)
 144         {
 145                 Logger::log(__function__ . ":" . $token . ", " . $consumer . ", " . $verifier);
 146
 147                 // return a new access token attached to this consumer
 148                 // for the user associated with this token if the request token
 149                 // is authorized
 150                 // should also invalidate the request token
 151
 152                 $ret = null;
 153
 154                 // get user for this verifier
 155                 $uverifier = DI::config()->get("oauth", $verifier);
 156                 Logger::log(__function__ . ":" . $verifier . "," . $uverifier);
 157
 158                 if (is_null($verifier) || ($uverifier !== false)) {
 159                         $key = self::genToken();
 160                         $sec = self::genToken();
 161                         $r = DBA::insert(
 162                                 'tokens',
 163                                 [
 164                                         'id' => $key,
 165                                         'secret' => $sec,
 166                                         'client_id' => $consumer->key,
 167                                         'scope' => 'access',
 168                                         'expires' => time() + ACCESS_TOKEN_DURATION,
 169                                         'uid' => $uverifier
 170                                 ]
 171                         );
 172
 173                         if ($r) {
 174                                 $ret = new OAuthToken($key, $sec);
 175                         }
 176                 }
 177
 178                 DBA::delete('tokens', ['id' => $token->key]);
 179
 180                 if (!is_null($ret) && !is_null($uverifier)) {
 181                         DI::config()->delete("oauth", $verifier);
 182                 }
 183
 184                 return $ret;
 185         }
 186 }