Author: chabotc
Date: Tue Jun 17 05:20:17 2008
New Revision: 668631
URL: http://svn.apache.org/viewvc?rev=668631&view=rev
Log:
SecurityToken should be base 64 encoded, else the REST javascript mangles it,
it seems. Updated socialrest and socialdata to both base64 decode.. so make
sure your base64 encoding your token
Modified:
incubator/shindig/trunk/php/src/gadgets/GadgetContext.php
incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
incubator/shindig/trunk/php/src/socialdata/http/GadgetDataServlet.php
incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php
Modified: incubator/shindig/trunk/php/src/gadgets/GadgetContext.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/GadgetContext.php?rev=668631&r1=668630&r2=668631&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/GadgetContext.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/GadgetContext.php Tue Jun 17
05:20:17 2008
@@ -380,6 +380,9 @@
if (! isset($token) || $token == '') {
$token = isset($_POST['st']) ? $_POST['st'] : '';
}
+ if (count(explode(':', $token)) != 6) {
+ $token = urldecode(base64_decode($token));
+ }
return $signer->createToken($token);
}
Modified:
incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php?rev=668631&r1=668630&r2=668631&view=diff
==============================================================================
---
incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
(original)
+++
incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
Tue Jun 17 05:20:17 2008
@@ -65,8 +65,7 @@
*/
public function unwrap($in, $maxAgeSec)
{
- //TODO remove this once we have a better way to generate a fake
token
- // in the example files
+ //TODO remove this once we have a better way to generate a fake
token in the example files
if (Config::get('allow_plaintext_token') && count(explode(':',
$in)) == 6) {
$data = explode(":", $in);
$out = array();
@@ -77,7 +76,6 @@
$out['u'] = $data[4];
$out['m'] = $data[5];
} else {
- //TODO Exception handling like JAVA
$bin = base64_decode($in);
$cipherText = substr($bin, 0, strlen($bin) -
Crypto::$HMAC_SHA1_LEN);
$hmac = substr($bin, strlen($cipherText));
@@ -97,14 +95,6 @@
{
$map = array();
$items = split("[&=]", $plain);
- /*
- //TODO: See if this can work or isn't necessary.
- if ((count($items) / 2) != 7) {
- // A valid token should decrypt to 14 items, aka 7
pairs.
- // If not, this wasn't valid & untampered data and we
abort
- throw new BlobExpiredException("Invalid security
token");
- }
- */
for ($i = 0; $i < count($items); ) {
$key = urldecode($items[$i ++]);
$value = urldecode($items[$i ++]);
Modified: incubator/shindig/trunk/php/src/socialdata/http/GadgetDataServlet.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/socialdata/http/GadgetDataServlet.php?rev=668631&r1=668630&r2=668631&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/socialdata/http/GadgetDataServlet.php
(original)
+++ incubator/shindig/trunk/php/src/socialdata/http/GadgetDataServlet.php Tue
Jun 17 05:20:17 2008
@@ -70,6 +70,9 @@
try {
$requestParam = isset($_POST['request']) ?
$_POST['request'] : '';
$token = isset($_POST['st']) ? $_POST['st'] : '';
+ if (count(explode(':', $token)) != 6) {
+ $token = urldecode(base64_decode($token));
+ }
// detect if magic quotes are on, and if so strip them
from the request
if (get_magic_quotes_gpc()) {
$requestParam = stripslashes($requestParam);
Modified: incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php?rev=668631&r1=668630&r2=668631&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php (original)
+++ incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php Tue Jun 17
05:20:17 2008
@@ -35,6 +35,10 @@
require 'src/socialdata/opensocial/model/Person.php';
require 'src/socialdata/opensocial/model/Phone.php';
require 'src/socialdata/opensocial/model/Url.php';
+require 'src/socialrest/GroupId.php';
+require 'src/socialrest/UserId.php';
+require 'src/socialrest/ResponseItem.php';
+require 'src/socialrest/RestfulCollection.php';
/*
* See:
@@ -46,6 +50,8 @@
* Error status is returned by HTTP error code, with the error message in the
html's body
*/
+//NOTE TO SELF: delete should respond with a 204 No Content to indicate
success?
+
/*
* Internal error code representations, these get translated into http codes
in the outputError() function
*/
@@ -62,6 +68,8 @@
public function doPost($method = 'POST')
{
+ $this->setNoCache(true);
+ $this->noHeaders = true;
try {
// use security token, for now this is required
// (later oauth should also be a way to specify this
info)
@@ -156,6 +164,9 @@
if (empty($token)) {
throw new RestException("Missing security token");
}
+ if (count(explode(':', $token)) != 6) {
+ $token = urldecode(base64_decode($token));
+ }
$gadgetSigner = Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
return $gadgetSigner->createToken($token);
