Author: bhofmann
Date: Thu Jan 6 14:39:24 2011
New Revision: 1055896
URL: http://svn.apache.org/viewvc?rev=1055896&view=rev
Log:
Several fixes for PHP Shindig to work with new Security Token transport through
an Authorization header.
Modified:
shindig/trunk/php/src/common/SecurityToken.php
shindig/trunk/php/src/common/sample/BasicSecurityToken.php
shindig/trunk/php/src/gadgets/GadgetContext.php
shindig/trunk/php/src/gadgets/MakeRequest.php
shindig/trunk/php/src/gadgets/MakeRequestOptions.php
shindig/trunk/php/src/gadgets/MetadataHandler.php
shindig/trunk/php/src/gadgets/ProxyHandler.php
shindig/trunk/php/src/gadgets/rewrite/ContentRewriter.php
shindig/trunk/php/src/gadgets/templates/DataPipelining.php
shindig/trunk/php/src/gadgets/templates/TemplateParser.php
shindig/trunk/php/src/social/servlet/ApiServlet.php
shindig/trunk/php/test/common/BasicSecurityTokenTest.php
shindig/trunk/php/test/gadgets/GadgetContextTest.php
Modified: shindig/trunk/php/src/common/SecurityToken.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/common/SecurityToken.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/common/SecurityToken.php (original)
+++ shindig/trunk/php/src/common/SecurityToken.php Thu Jan 6 14:39:24 2011
@@ -32,6 +32,13 @@ abstract class SecurityToken {
static public $ANONYMOUS = '-1';
/**
+ * should return the actual raw token string from get, post or header
+ *
+ * @return string
+ */
+ abstract static public function getTokenStringFromRequest();
+
+ /**
* is this an anonymous token? Always check this before using the
owner/viewer/etc
*
* @return boolean if it's anonymous
Modified: shindig/trunk/php/src/common/sample/BasicSecurityToken.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/common/sample/BasicSecurityToken.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/common/sample/BasicSecurityToken.php (original)
+++ shindig/trunk/php/src/common/sample/BasicSecurityToken.php Thu Jan 6
14:39:24 2011
@@ -18,6 +18,7 @@
* under the License.
*/
+require_once 'external/OAuth/OAuth.php';
/**
* Primitive token implementation that uses stings as tokens.
@@ -41,6 +42,7 @@ class BasicSecurityToken extends Securit
private $CONTAINER_KEY = "c";
protected $authenticationMode;
+ static protected $rawToken;
/**
* {...@inheritdoc}
@@ -74,6 +76,41 @@ class BasicSecurityToken extends Securit
return new BasicSecurityToken(null, null, $owner, $viewer, $app, $domain,
$appUrl, $moduleId, $containerId);
}
+ /**
+ * gets security token string from get, post or auth header
+ * @return string
+ */
+ static public function getTokenStringFromRequest() {
+ if (self::$rawToken) {
+ return self::$rawToken;
+ }
+
+ $headers = OAuthUtil::get_headers();
+
+ self::$rawToken = isset($_GET['st']) ? $_GET['st'] :
+ (isset($_POST['st']) ? $_POST['st'] :
+ (isset($headers['Authorization']) ?
self::parseAuthorization($headers['Authorization']) : ''));
+
+
+ return self::$rawToken;
+ }
+
+ /**
+ *
+ * @param string $authHeader
+ * @return string
+ */
+ static private function parseAuthorization($authHeader) {
+ if (substr($authHeader, 0, 5) != 'OAuth') {
+ return '';
+ }
+ // Ignore OAuth 1.0a
+ if (strpos($authHeader, "oauth_signature_method")) {
+ return '';
+ }
+ return trim(substr($authHeader, 6));
+ }
+
public function __construct($token, $maxAge, $owner, $viewer, $app, $domain,
$appUrl, $moduleId, $containerId) {
$this->crypter = $this->getCrypter();
if (! empty($token)) {
Modified: shindig/trunk/php/src/gadgets/GadgetContext.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/gadgets/GadgetContext.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/gadgets/GadgetContext.php (original)
+++ shindig/trunk/php/src/gadgets/GadgetContext.php Thu Jan 6 14:39:24 2011
@@ -39,7 +39,6 @@ class GadgetContext {
protected $containerConfig = null;
protected $container = null;
protected $refreshInterval;
- protected $rawToken;
public function __construct($renderingContext) {
// Rendering context is set by the calling event handler (either GADGET or
CONTAINER)
@@ -262,35 +261,6 @@ class GadgetContext {
}
/**
- * returns raw encoded token
- *
- * @return string
- */
- public function getRawToken() {
- if ($this->rawToken) {
- return $this->rawToken;
- }
-
- $this->rawToken = isset($_GET['st']) ? $_GET['st'] :
- (isset($_POST['st']) ? $_POST['st'] :
-
$this->parseAuthorization($_SERVER['AUTHORIZATION']));
-
-
- return $this->rawToken;
- }
-
- private function parseAuthorization($authHeader) {
- if (substr($authHeader, 0, 5) != 'OAuth') {
- return '';
- }
- // Ignore OAuth 1.0a
- if (strpos($authHeader, "oauth_signature_method")) {
- return '';
- }
- return trim(substr($authHeader, 6));
- }
-
- /**
* Extracts the 'st' token from the GET or POST params and calls the
* signer to validate the token
*
@@ -302,7 +272,7 @@ class GadgetContext {
return null;
}
- $token = $this->getRawToken();
+ $token = BasicSecurityToken::getTokenStringFromRequest();
return $this->validateToken($token, $signer);
}
Modified: shindig/trunk/php/src/gadgets/MakeRequest.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/gadgets/MakeRequest.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/gadgets/MakeRequest.php (original)
+++ shindig/trunk/php/src/gadgets/MakeRequest.php Thu Jan 6 14:39:24 2011
@@ -29,7 +29,7 @@ require_once 'src/gadgets/MakeRequestOpt
* $params->setAuthz('SIGNED')
* ->setNoCache(true)
* ->setSignViewer(false)
- * ->setSecurityTokenString($_GET('st'));
+ *
->setSecurityTokenString(BasicSecurityToken::getTokenStringFromRequest());
* $result = $this->makeRequest->fetch($context, $params);
* $responseCode = $result->getHttpCode();
* $responseText = $result->getResponseContent();
Modified: shindig/trunk/php/src/gadgets/MakeRequestOptions.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/gadgets/MakeRequestOptions.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/gadgets/MakeRequestOptions.php (original)
+++ shindig/trunk/php/src/gadgets/MakeRequestOptions.php Thu Jan 6 14:39:24
2011
@@ -202,7 +202,7 @@ class MakeRequestOptions {
->setOAuthUseToken(MakeRequestOptions::getRequestParam('OAUTH_USE_TOKEN'))
->setOAuthReceivedCallback(MakeRequestOptions::getRequestParam('OAUTH_RECEIVED_CALLBACK'))
->setOAuthClientState(MakeRequestOptions::getRequestParam('oauthState'))
-
->setSecurityTokenString(MakeRequestOptions::getRequestParam('st'));
+
->setSecurityTokenString(BasicSecurityToken::getTokenStringFromRequest());
return $options;
}
Modified: shindig/trunk/php/src/gadgets/MetadataHandler.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/gadgets/MetadataHandler.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/gadgets/MetadataHandler.php (original)
+++ shindig/trunk/php/src/gadgets/MetadataHandler.php Thu Jan 6 14:39:24 2011
@@ -41,7 +41,7 @@ class MetadataHandler {
}
private function getSecurityToken() {
- $token = isset($_POST['st']) ? $_POST['st'] : (isset($_GET['st']) ?
$_GET['st'] : '');
+ $token = BasicSecurityToken::getTokenStringFromRequest();
if (empty($token)) {
if (Config::get('allow_anonymous_token')) {
// no security token, continue anonymously, remeber to check
Modified: shindig/trunk/php/src/gadgets/ProxyHandler.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/gadgets/ProxyHandler.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/gadgets/ProxyHandler.php (original)
+++ shindig/trunk/php/src/gadgets/ProxyHandler.php Thu Jan 6 14:39:24 2011
@@ -33,7 +33,7 @@ class ProxyHandler extends ProxyBase {
*/
public function fetch($url) {
// TODO: Check to see if we can just use
MakeRequestOptions::fromCurrentRequest
- $st = isset($_GET['st']) ? $_GET['st'] : (isset($_POST['st']) ?
$_POST['st'] : false);
+ $st = BasicSecurityToken::getTokenStringFromRequest();
$body = isset($_GET['postData']) ? $_GET['postData'] :
(isset($_POST['postData']) ? $_POST['postData'] : false);
$authz = isset($_GET['authz']) ? $_GET['authz'] : (isset($_POST['authz'])
? $_POST['authz'] : null);
$headers = isset($_GET['headers']) ? $_GET['headers'] :
(isset($_POST['headers']) ? $_POST['headers'] : null);
Modified: shindig/trunk/php/src/gadgets/rewrite/ContentRewriter.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/gadgets/rewrite/ContentRewriter.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/gadgets/rewrite/ContentRewriter.php (original)
+++ shindig/trunk/php/src/gadgets/rewrite/ContentRewriter.php Thu Jan 6
14:39:24 2011
@@ -67,7 +67,7 @@ class ContentRewriter extends DomRewrite
$url = Config::get('web_prefix') . '/gadgets/proxy?url=' . urlencode($url);
$url .= '&refresh=' . (isset($this->rewrite['expires']) &&
is_numeric($this->rewrite['expires']) ? $this->rewrite['expires'] : '3600');
$url .= '&gadget=' . urlencode($this->context->getUrl());
- $url .= '&st=' . urlencode($this->context->getRawToken());
+ $url .= '&st=' .
urlencode(BasicSecurityToken::getTokenStringFromRequest());
return $url;
}
Modified: shindig/trunk/php/src/gadgets/templates/DataPipelining.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/gadgets/templates/DataPipelining.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/gadgets/templates/DataPipelining.php (original)
+++ shindig/trunk/php/src/gadgets/templates/DataPipelining.php Thu Jan 6
14:39:24 2011
@@ -152,7 +152,7 @@ class DataPipelining {
$httpRequests = array();
$decodedResponse = array();
// Using the same gadget security token for all social & http requests so
everything happens in the right context
- if (!isset($_GET['st'])) {
+ if (! BasicSecurityToken::getTokenStringFromRequest()) {
throw new ExpressionException("No security token set, required for
data-pipeling");
}
$securityToken = $_GET['st'];
Modified: shindig/trunk/php/src/gadgets/templates/TemplateParser.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/gadgets/templates/TemplateParser.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/gadgets/templates/TemplateParser.php (original)
+++ shindig/trunk/php/src/gadgets/templates/TemplateParser.php Thu Jan 6
14:39:24 2011
@@ -464,7 +464,7 @@ class TemplateParser {
}
// attach security token in the flash var
- $st = 'st=' . $_GET['st'];
+ $st = 'st=' . BasicSecurityToken::getTokenStringFromRequest();
if (array_key_exists('flashvars', $swfConfig)) {
$swfConfig['flashvars'] = $swfConfig['flashvars'] . '&' . $st;
} else {
Modified: shindig/trunk/php/src/social/servlet/ApiServlet.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/src/social/servlet/ApiServlet.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/src/social/servlet/ApiServlet.php (original)
+++ shindig/trunk/php/src/social/servlet/ApiServlet.php Thu Jan 6 14:39:24 2011
@@ -105,7 +105,7 @@ abstract class ApiServlet extends HttpSe
// look for encrypted security token
- $token = isset($_POST['st']) ? $_POST['st'] : (isset($_GET['st']) ?
$_GET['st'] : '');
+ $token = BasicSecurityToken::getTokenStringFromRequest();
if (empty($token)) {
if (Config::get('allow_anonymous_token')) {
// no security token, continue anonymously, remeber to check
Modified: shindig/trunk/php/test/common/BasicSecurityTokenTest.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/test/common/BasicSecurityTokenTest.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/test/common/BasicSecurityTokenTest.php (original)
+++ shindig/trunk/php/test/common/BasicSecurityTokenTest.php Thu Jan 6
14:39:24 2011
@@ -50,6 +50,10 @@ class BasicSecurityTokenTest extends PHP
protected function tearDown() {
$this->BasicSecurityToken = null;
$this->anonymousToken = null;
+ TestBasicSecurityToken::resetRawToken();
+ unset($_SERVER['HTTP_AUTHORIZATION']);
+ unset($_POST['st']);
+ unset($_GET['st']);
parent::tearDown();
}
@@ -135,4 +139,38 @@ class BasicSecurityTokenTest extends PHP
public function testIsAnonymous() {
$this->assertFalse($this->BasicSecurityToken->isAnonymous());
}
+
+ public function testGetRawToken() {
+ $_GET['st'] = 'abc';
+
+ $this->assertEquals('abc',
BasicSecurityToken::getTokenStringFromRequest());
+ TestBasicSecurityToken::resetRawToken();
+
+ $_POST['st'] = 'def';
+ $_SERVER['HTTP_AUTHORIZATION'] = 'OAuth ghi';
+ $this->assertEquals('abc',
BasicSecurityToken::getTokenStringFromRequest());
+
+ unset($_GET['st']);
+
+ // test if runtime cache works
+ $this->assertEquals('abc',
BasicSecurityToken::getTokenStringFromRequest());
+ TestBasicSecurityToken::resetRawToken();
+ //should use post now
+ $this->assertEquals('def',
BasicSecurityToken::getTokenStringFromRequest());
+ TestBasicSecurityToken::resetRawToken();
+
+ unset($_POST['st']);
+
+ // get token from OAuth header
+ $this->assertEquals('ghi',
BasicSecurityToken::getTokenStringFromRequest());
+ }
+}
+
+class TestBasicSecurityToken extends BasicSecurityToken
+{
+ static public function resetRawToken()
+ {
+ parent::$rawToken = null;
+ }
+
}
Modified: shindig/trunk/php/test/gadgets/GadgetContextTest.php
URL:
http://svn.apache.org/viewvc/shindig/trunk/php/test/gadgets/GadgetContextTest.php?rev=1055896&r1=1055895&r2=1055896&view=diff
==============================================================================
--- shindig/trunk/php/test/gadgets/GadgetContextTest.php (original)
+++ shindig/trunk/php/test/gadgets/GadgetContextTest.php Thu Jan 6 14:39:24
2011
@@ -55,7 +55,7 @@ class GadgetContextTest extends PHPUnit_
$this->orgServer = $_SERVER;
$_GET = $this->testData;
- $this->GadgetContext = new
TestGadgetContext($this->gadgetRenderingContext);
+ $this->GadgetContext = new GadgetContext($this->gadgetRenderingContext);
}
@@ -182,37 +182,4 @@ class GadgetContextTest extends PHPUnit_
}
- public function testGetRawToken() {
- $_GET['st'] = 'abc';
-
- $this->assertEquals('abc', $this->GadgetContext->getRawToken());
- $this->GadgetContext->resetRawToken();
-
- $_POST['st'] = 'def';
- $_SERVER['AUTHORIZATION'] = 'OAuth ghi';
- $this->assertEquals('abc', $this->GadgetContext->getRawToken());
-
- unset($_GET['st']);
-
- // test if runtime cache works
- $this->assertEquals('abc', $this->GadgetContext->getRawToken());
- $this->GadgetContext->resetRawToken();
- //should use post now
- $this->assertEquals('def', $this->GadgetContext->getRawToken());
- $this->GadgetContext->resetRawToken();
-
- unset($_POST['st']);
-
- // get token from OAuth header
- $this->assertEquals('ghi', $this->GadgetContext->getRawToken());
- }
-
-}
-
-class TestGadgetContext extends GadgetContext
-{
- public function resetRawToken()
- {
- $this->rawToken = null;
- }
}
