package.xml0000664000175000017500000002224212517706711011310 0ustar janjan Horde_Oauth pear.horde.org Oauth Horde OAuth client/server An OAuth consumer (http://oauth.net) and OAuth infrastructure, and in the future will provide an OAuth server. Chuck Hagenbuch chuck chuck@horde.org yes 2015-04-28 2.0.3 1.0.0 stable stable BSD-2-Clause * [jan] Fix issues with certain locales like Turkish. 5.3.0 6.0.0alpha1 6.0.0alpha1 1.7.0 Horde_Exception pear.horde.org 2.0.0 3.0.0alpha1 3.0.0alpha1 Horde_Http pear.horde.org 2.0.0 3.0.0alpha1 3.0.0alpha1 Horde_Util pear.horde.org 2.0.0 3.0.0alpha1 3.0.0alpha1 hash openssl 0.1.0 0.1.0 beta beta 2011-01-06 BSD-2-Clause * Initial release 1.0.0alpha1 1.0.0 alpha alpha 2011-03-08 BSD-2-Clause * First alpha release for Horde 4. 1.0.0beta1 1.0.0 beta beta 2011-03-16 BSD-2-Clause * First beta release for Horde 4. 1.0.0RC1 1.0.0 beta beta 2011-03-22 BSD-2-Clause * First release candidate for Horde 4. 1.0.0RC2 1.0.0 beta beta 2011-03-29 BSD-2-Clause * Second release candidate for Horde 4. 1.0.0 1.0.0 stable stable 2011-04-06 BSD-2-Clause * First stable release for Horde 4. 1.0.1 1.0.0 stable stable 2012-04-10 BSD-2-Clause * [rla] Add license file. 1.0.2 1.0.0 stable stable 2012-06-28 BSD-2-Clause * [mjr] Fix building signature when using over ssl. 2.0.0alpha1 1.0.0 alpha stable 2012-07-05 BSD-2-Clause * First alpha release for Horde 5. * [mjr] Fix building signature when using over ssl. 2.0.0beta1 1.0.0 beta stable 2012-07-19 BSD-2-Clause * First beta release for Horde 5. 2.0.0 1.0.0 stable stable 2012-10-30 BSD-2-Clause * First stable release for Horde 5. 2.0.1 1.0.0 stable stable 2012-11-22 BSD-2-Clause * [jan] Re-packaged 2.0.0 release. 2.0.2 1.0.0 stable stable 2015-01-09 BSD-2-Clause * [jan] Add Composer definition. 2.0.3 1.0.0 stable stable 2015-04-28 BSD-2-Clause * [jan] Fix issues with certain locales like Turkish. Horde_Oauth-2.0.3/doc/Horde/Oauth/COPYING0000664000175000017500000000243012517706711015750 0ustar janjan Copyright 1999-2015 Horde LLC. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HORDE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Horde_Oauth-2.0.3/doc/Horde/Oauth/TODO.txt0000664000175000017500000000037612517706711016232 0ustar janjanhttp://www.hueniverse.com/hueniverse/2009/03/sunday-morning-homework.html http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-session-fixation-attack.html http://hasin.wordpress.com/2009/05/02/using-oauth-pecl-extension-to-talk-to-twitter/ Horde_Oauth-2.0.3/lib/Horde/Oauth/SignatureMethod/HmacSha1.php0000664000175000017500000000174212517706711022123 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth HMAC-SHA1 signature method * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_SignatureMethod_HmacSha1 extends Horde_Oauth_SignatureMethod { public function getName() { return 'HMAC-SHA1'; } public function sign($request, $consumer, $token) { $baseString = $request->getSignatureBaseString(); $key_parts = array( $consumer->secret, ($token) ? $token->secret : '' ); $key_parts = array_map(array('Horde_Oauth_Utils','urlencodeRfc3986'), $key_parts); $key = implode('&', $key_parts); return base64_encode(hash_hmac('sha1', $baseString, $key, true)); } } Horde_Oauth-2.0.3/lib/Horde/Oauth/SignatureMethod/Plaintext.php0000664000175000017500000000170212517706711022502 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth plaintext signature method * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_SignatureMethod_Plaintext extends Horde_Oauth_SignatureMethod { public function getName() { return 'PLAINTEXT'; } public function sign($request, $consumer, $token) { $signature = array( Horde_Oauth_Utils::urlencodeRfc3986($consumer->secret), ); if ($token) { $signature[] = Horde_Oauth_Utils::urlencodeRfc3986($token->secret); } else { $signature[] = ''; } return Horde_Oauth_Utils::urlencodeRfc3986(implode('&', $signature)); } } Horde_Oauth-2.0.3/lib/Horde/Oauth/SignatureMethod/RsaSha1.php0000664000175000017500000000264312517706711022001 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth RSA-SHA1 signature method * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_SignatureMethod_RsaSha1 extends Horde_Oauth_SignatureMethod { public function __construct($publicKey = null, $privateKey = null) { $this->_publicKey = $publicKey; $this->_privateKey = $privateKey; } public function getName() { return 'RSA-SHA1'; } public function sign($request, $consumer, $token) { $baseString = $request->getSignatureBaseString(); $pkeyid = openssl_pkey_get_private($this->_privateKey); $ok = openssl_sign($baseString, $signature, $pkeyid); openssl_free_key($pkeyid); return base64_encode($signature); } public function verify($signature, $request, $consumer, $token) { $decodedSignature = base64_decode($signature); $baseString = $request->getSignatureBaseString(); $pubkeyid = openssl_pkey_get_public($this->_publicKey); $result = openssl_verify($baseString, $decodedSignature, $pubkeyid); openssl_free_key($pubkeyid); return $result == 1; } } Horde_Oauth-2.0.3/lib/Horde/Oauth/Consumer.php0000664000175000017500000000765212517706711017235 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth consumer class * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Consumer { protected $_config; /** * Const'r for consumer. * * @param array $config Configuration values: * 
     *    'key'               - Consumer key
     *    'secret'            - Consumer secret
     *    'requestTokenUrl'   - The request token URL
     *    'authorizeTokenUrl' - The authorize URL
     *    'accessTokenUrl'    = To obtain an access token
     *    'signatureMethod    - Horde_Oauth_SignatureMethod object
     *
* * @return Horde_Oauth_Consumer */ public function __construct($config) { // Check for required config if (!is_array($config) || empty($config['key']) || empty($config['secret']) || empty($config['requestTokenUrl']) || empty($config['authorizeTokenUrl']) || empty($config['signatureMethod'])) { throw new InvalidArgumentException('Missing a required parameter in Horde_Oauth_Consumer::__construct'); } $this->_config = $config; } public function __get($name) { return isset($this->_config[$name]) ? $this->_config[$name] : null; } /** * Obtain an unprivileged request token * * @param array $params Parameter array * * @return Horde_Oauth_Token The oauth request token */ public function getRequestToken($params = array()) { $params['oauth_consumer_key'] = $this->key; $params['oauth_callback'] = $this->callbackUrl; $request = new Horde_Oauth_Request($this->requestTokenUrl, $params); $request->sign($this->signatureMethod, $this); $client = new Horde_Http_Client; try { $response = $client->post( $this->requestTokenUrl, $request->buildHttpQuery() ); } catch (Horde_Http_Exception $e) { throw new Horde_Oauth_Exception($e->getMessage()); } return Horde_Oauth_Token::fromString($response->getBody()); } /** * Get the user authorization url used to request user authorization * * @param Horde_Oauth_Token $token the oauth request token * * @return string The user authorization url string */ public function getUserAuthorizationUrl($token) { return $this->authorizeTokenUrl . '?oauth_token=' . urlencode($token->key) . '&oauth_callback=' . urlencode($this->callbackUrl); } /** * Obtain an access token from a request token * * @param Horde_Oauth_Token $token Open auth token containing the oauth_token * returned from provider after authorization * and the token secret returned with the * original request token. * @param array $params Any additional parameters for this request * * @return unknown_type */ public function getAccessToken($token, $params = array()) { $params['oauth_consumer_key'] = $this->key; $params['oauth_token'] = $token->key; $request = new Horde_Oauth_Request($this->accessTokenUrl, $params); $request->sign($this->signatureMethod, $this, $token); $client = new Horde_Http_Client; try { $response = $client->post( $this->accessTokenUrl, $request->buildHttpQuery() ); } catch (Horde_Http_Exception $e) { throw new Horde_Oauth_Exception($e->getMessage()); } return Horde_Oauth_Token::fromString($response->getBody()); } } Horde_Oauth-2.0.3/lib/Horde/Oauth/Exception.php0000664000175000017500000000067712517706711017400 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth exception class * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Exception extends Horde_Exception_Wrapped { } Horde_Oauth-2.0.3/lib/Horde/Oauth/Request.php0000664000175000017500000001334012517706711017061 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth request class * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Request { const VERSION = '1.0'; protected $_params = array(); protected $_url; protected $_method; function __construct($url, $params = array(), $method = 'POST') { if (!isset($params['oauth_version'])) { $params['oauth_version'] = self::VERSION; } if (!isset($params['oauth_nonce'])) { $params['oauth_nonce'] = self::_generateNonce(); } if (!isset($params['oauth_timestamp'])) { $params['oauth_timestamp'] = time(); } $this->_params = $params; $this->_url = $url; $this->_method = $method; } /** * Sign this request in accordance with OAuth * * @param $signatureMethod * @param $consumer * @param $token * @return unknown_type */ public function sign($signatureMethod, $consumer, $token = null) { if (empty($this->_params['oauth_consumer_key'])) { $this->_params['oauth_consumer_key'] = $consumer->key; } if (empty($this->_params['oauth_token']) && !empty($token)) { $this->_params['oauth_token'] = $token->key; } $this->_params['oauth_signature_method'] = $signatureMethod->getName(); $this->_params['oauth_signature'] = $signatureMethod->sign($this, $consumer, $token); return $this->_getNormalizedUrl() . '?' . $this->buildHttpQuery(); } /** * Returns the signable string of this request * * The base string is defined as the method, the url and the parameters * (normalized), each urlencoded and concatenated with &. */ public function getSignatureBaseString() { $parts = array( $this->_getNormalizedHttpMethod(), $this->_getNormalizedUrl(), $this->_getSignableParameters() ); return implode('&', array_map(array('Horde_Oauth_Utils', 'urlencodeRfc3986'), $parts)); } /** * Get a query string suitable for use in a URL or as POST data. */ public function buildHttpQuery() { $parts = array(); foreach ($this->_params as $k => $v) { $parts[] = Horde_Oauth_Utils::urlencodeRfc3986($k) . '=' . Horde_Oauth_Utils::urlencodeRfc3986($v); } return implode('&', $parts); } /** */ public function buildAuthorizationHeader($realm = '') { $header = ''; foreach ($this->_params as $k => $v) { if (strpos($k, 'oauth_') !== false) { $header .= Horde_Oauth_Utils::urlencodeRfc3986($k) . '="' . Horde_Oauth_Utils::urlencodeRfc3986($v) . '",'; } } $header = substr($header, 0, -1); if (!empty($realm)) { $header .= ',realm="' . Horde_Oauth_Utils::urlencodeRfc3986($realm) . '"'; } return 'OAuth ' . $header; } /** * Generate a nonce. */ protected static function _generateNonce() { $mt = microtime(); $rand = mt_rand(); return hash('md5', microtime() . mt_rand()); } /** * Returns the normalized parameters of the request * * This will be all parameters except oauth_signature, sorted first by key, * and if there are duplicate keys, then by value. * * The returned string will be all the key=value pairs concatenated by &. * * @return string */ protected function _getSignableParameters() { // Grab all parameters $params = $this->_params; // Remove oauth_signature if present if (isset($params['oauth_signature'])) { unset($params['oauth_signature']); } // Urlencode both keys and values $keys = array_map(array('Horde_Oauth_Utils', 'urlencodeRfc3986'), array_keys($params)); $values = array_map(array('Horde_Oauth_Utils', 'urlencodeRfc3986'), array_values($params)); $params = array_combine($keys, $values); // Sort by keys (natsort) uksort($params, 'strnatcmp'); // Generate key=value pairs $pairs = array(); foreach ($params as $key => $value) { if (is_array($value)) { // If the value is an array, it's because there are multiple values // with the same key. Sort them, then add all the pairs. natsort($value); foreach ($value as $v2) { $pairs[] = $key . '=' . $v2; } } else { $pairs[] = $key . '=' . $value; } } // Return the pairs, concatenated with & return implode('&', $pairs); } /** * Uppercases the HTTP method */ protected function _getNormalizedHttpMethod() { return Horde_String::upper($this->_method); } /** * Parse the url and rebuilds it to be scheme://host/path */ protected function _getNormalizedUrl() { $parts = parse_url($this->_url); $scheme = $parts['scheme']; $port = !empty($parts['port']) ? $parts['port'] : $scheme == 'https' ? '443' : '80'; $host = $parts['host']; $path = !empty($parts['path']) ? $parts['path'] : ''; if (($scheme == 'https' && $port != '443') || ($scheme == 'http' && $port != '80')) { $host = "$host:$port"; } return "$scheme://$host$path"; } } Horde_Oauth-2.0.3/lib/Horde/Oauth/SignatureMethod.php0000664000175000017500000000130412517706711020530 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth abstract signature method base class * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ abstract class Horde_Oauth_SignatureMethod { abstract public function getName(); abstract public function sign($request, $consumer, $token); public function verify($signature, $request, $consumer, $token) { return $signature == $this->sign($request, $consumer, $token); } } Horde_Oauth-2.0.3/lib/Horde/Oauth/Token.php0000664000175000017500000000226312517706711016513 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth access tokens and request tokens * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Token { public $key; public $secret; /** * key = the token * secret = the token secret */ function __construct($key, $secret) { $this->key = $key; $this->secret = $secret; } /** * Generate the basic string serialization of a token that a server would * respond to request_token and access_token calls with. */ public function __toString() { return 'oauth_token='.Horde_Oauth_Utils::urlencodeRfc3986($this->key). '&oauth_token_secret='.Horde_Oauth_Utils::urlencodeRfc3986($this->secret); } public static function fromString($string) { parse_str($string, $parts); return new self($parts['oauth_token'], $parts['oauth_token_secret']); } } Horde_Oauth-2.0.3/lib/Horde/Oauth/Utils.php0000664000175000017500000000114612517706711016532 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth utilities * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Utils { public static function urlencodeRfc3986($string) { return str_replace(array('%7E', '+'), array('~', '%2B'), rawurlencode($string)); } }