package.xml0000664000175000017500000002274513160157140011307 0ustar janjan Horde_Oauth pear.horde.org Oauth Horde OAuth client/server An OAuth consumer (http://oauth.net) and OAuth infrastructure, and in the future will provide an OAuth server. Chuck Hagenbuch chuck chuck@horde.org yes 2017-09-19 2.0.4 1.0.0 stable stable BSD-2-Clause * [jan] Mark PHP 7 as supported. 5.3.0 8.0.0alpha1 8.0.0alpha1 1.7.0 Horde_Exception pear.horde.org 2.0.0 3.0.0alpha1 3.0.0alpha1 Horde_Http pear.horde.org 2.0.0 3.0.0alpha1 3.0.0alpha1 Horde_Util pear.horde.org 2.0.0 3.0.0alpha1 3.0.0alpha1 hash openssl 0.1.0 0.1.0 beta beta 2011-01-06 BSD-2-Clause * Initial release 1.0.0alpha1 1.0.0 alpha alpha 2011-03-08 BSD-2-Clause * First alpha release for Horde 4. 1.0.0beta1 1.0.0 beta beta 2011-03-16 BSD-2-Clause * First beta release for Horde 4. 1.0.0RC1 1.0.0 beta beta 2011-03-22 BSD-2-Clause * First release candidate for Horde 4. 1.0.0RC2 1.0.0 beta beta 2011-03-29 BSD-2-Clause * Second release candidate for Horde 4. 1.0.0 1.0.0 stable stable 2011-04-06 BSD-2-Clause * First stable release for Horde 4. 1.0.1 1.0.0 stable stable 2012-04-10 BSD-2-Clause * [rla] Add license file. 1.0.2 1.0.0 stable stable 2012-06-28 BSD-2-Clause * [mjr] Fix building signature when using over ssl. 2.0.0alpha1 1.0.0 alpha stable 2012-07-05 BSD-2-Clause * First alpha release for Horde 5. * [mjr] Fix building signature when using over ssl. 2.0.0beta1 1.0.0 beta stable 2012-07-19 BSD-2-Clause * First beta release for Horde 5. 2.0.0 1.0.0 stable stable 2012-10-30 BSD-2-Clause * First stable release for Horde 5. 2.0.1 1.0.0 stable stable 2012-11-22 BSD-2-Clause * [jan] Re-packaged 2.0.0 release. 2.0.2 1.0.0 stable stable 2015-01-09 BSD-2-Clause * [jan] Add Composer definition. 2.0.3 1.0.0 stable stable 2015-04-28 BSD-2-Clause * [jan] Fix issues with certain locales like Turkish. 2.0.4 1.0.0 stable stable 2017-09-19 BSD-2-Clause * [jan] Mark PHP 7 as supported. Horde_Oauth-2.0.4/doc/Horde/Oauth/COPYING0000664000175000017500000000243013160157140015740 0ustar janjan Copyright 1999-2017 Horde LLC. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HORDE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Horde_Oauth-2.0.4/doc/Horde/Oauth/TODO.txt0000664000175000017500000000037613160157140016222 0ustar janjanhttp://www.hueniverse.com/hueniverse/2009/03/sunday-morning-homework.html http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-session-fixation-attack.html http://hasin.wordpress.com/2009/05/02/using-oauth-pecl-extension-to-talk-to-twitter/ Horde_Oauth-2.0.4/lib/Horde/Oauth/SignatureMethod/HmacSha1.php0000664000175000017500000000174213160157140022113 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth HMAC-SHA1 signature method * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_SignatureMethod_HmacSha1 extends Horde_Oauth_SignatureMethod { public function getName() { return 'HMAC-SHA1'; } public function sign($request, $consumer, $token) { $baseString = $request->getSignatureBaseString(); $key_parts = array( $consumer->secret, ($token) ? $token->secret : '' ); $key_parts = array_map(array('Horde_Oauth_Utils','urlencodeRfc3986'), $key_parts); $key = implode('&', $key_parts); return base64_encode(hash_hmac('sha1', $baseString, $key, true)); } } Horde_Oauth-2.0.4/lib/Horde/Oauth/SignatureMethod/Plaintext.php0000664000175000017500000000170213160157140022472 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth plaintext signature method * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_SignatureMethod_Plaintext extends Horde_Oauth_SignatureMethod { public function getName() { return 'PLAINTEXT'; } public function sign($request, $consumer, $token) { $signature = array( Horde_Oauth_Utils::urlencodeRfc3986($consumer->secret), ); if ($token) { $signature[] = Horde_Oauth_Utils::urlencodeRfc3986($token->secret); } else { $signature[] = ''; } return Horde_Oauth_Utils::urlencodeRfc3986(implode('&', $signature)); } } Horde_Oauth-2.0.4/lib/Horde/Oauth/SignatureMethod/RsaSha1.php0000664000175000017500000000264313160157140021771 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth RSA-SHA1 signature method * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_SignatureMethod_RsaSha1 extends Horde_Oauth_SignatureMethod { public function __construct($publicKey = null, $privateKey = null) { $this->_publicKey = $publicKey; $this->_privateKey = $privateKey; } public function getName() { return 'RSA-SHA1'; } public function sign($request, $consumer, $token) { $baseString = $request->getSignatureBaseString(); $pkeyid = openssl_pkey_get_private($this->_privateKey); $ok = openssl_sign($baseString, $signature, $pkeyid); openssl_free_key($pkeyid); return base64_encode($signature); } public function verify($signature, $request, $consumer, $token) { $decodedSignature = base64_decode($signature); $baseString = $request->getSignatureBaseString(); $pubkeyid = openssl_pkey_get_public($this->_publicKey); $result = openssl_verify($baseString, $decodedSignature, $pubkeyid); openssl_free_key($pubkeyid); return $result == 1; } } Horde_Oauth-2.0.4/lib/Horde/Oauth/Consumer.php0000664000175000017500000000765213160157140017225 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth consumer class * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Consumer { protected $_config; /** * Const'r for consumer. * * @param array $config Configuration values: * 
     *    'key'               - Consumer key
     *    'secret'            - Consumer secret
     *    'requestTokenUrl'   - The request token URL
     *    'authorizeTokenUrl' - The authorize URL
     *    'accessTokenUrl'    = To obtain an access token
     *    'signatureMethod    - Horde_Oauth_SignatureMethod object
     *
* * @return Horde_Oauth_Consumer */ public function __construct($config) { // Check for required config if (!is_array($config) || empty($config['key']) || empty($config['secret']) || empty($config['requestTokenUrl']) || empty($config['authorizeTokenUrl']) || empty($config['signatureMethod'])) { throw new InvalidArgumentException('Missing a required parameter in Horde_Oauth_Consumer::__construct'); } $this->_config = $config; } public function __get($name) { return isset($this->_config[$name]) ? $this->_config[$name] : null; } /** * Obtain an unprivileged request token * * @param array $params Parameter array * * @return Horde_Oauth_Token The oauth request token */ public function getRequestToken($params = array()) { $params['oauth_consumer_key'] = $this->key; $params['oauth_callback'] = $this->callbackUrl; $request = new Horde_Oauth_Request($this->requestTokenUrl, $params); $request->sign($this->signatureMethod, $this); $client = new Horde_Http_Client; try { $response = $client->post( $this->requestTokenUrl, $request->buildHttpQuery() ); } catch (Horde_Http_Exception $e) { throw new Horde_Oauth_Exception($e->getMessage()); } return Horde_Oauth_Token::fromString($response->getBody()); } /** * Get the user authorization url used to request user authorization * * @param Horde_Oauth_Token $token the oauth request token * * @return string The user authorization url string */ public function getUserAuthorizationUrl($token) { return $this->authorizeTokenUrl . '?oauth_token=' . urlencode($token->key) . '&oauth_callback=' . urlencode($this->callbackUrl); } /** * Obtain an access token from a request token * * @param Horde_Oauth_Token $token Open auth token containing the oauth_token * returned from provider after authorization * and the token secret returned with the * original request token. * @param array $params Any additional parameters for this request * * @return unknown_type */ public function getAccessToken($token, $params = array()) { $params['oauth_consumer_key'] = $this->key; $params['oauth_token'] = $token->key; $request = new Horde_Oauth_Request($this->accessTokenUrl, $params); $request->sign($this->signatureMethod, $this, $token); $client = new Horde_Http_Client; try { $response = $client->post( $this->accessTokenUrl, $request->buildHttpQuery() ); } catch (Horde_Http_Exception $e) { throw new Horde_Oauth_Exception($e->getMessage()); } return Horde_Oauth_Token::fromString($response->getBody()); } } Horde_Oauth-2.0.4/lib/Horde/Oauth/Exception.php0000664000175000017500000000067713160157140017370 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth exception class * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Exception extends Horde_Exception_Wrapped { } Horde_Oauth-2.0.4/lib/Horde/Oauth/Request.php0000664000175000017500000001334013160157140017051 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth request class * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Request { const VERSION = '1.0'; protected $_params = array(); protected $_url; protected $_method; function __construct($url, $params = array(), $method = 'POST') { if (!isset($params['oauth_version'])) { $params['oauth_version'] = self::VERSION; } if (!isset($params['oauth_nonce'])) { $params['oauth_nonce'] = self::_generateNonce(); } if (!isset($params['oauth_timestamp'])) { $params['oauth_timestamp'] = time(); } $this->_params = $params; $this->_url = $url; $this->_method = $method; } /** * Sign this request in accordance with OAuth * * @param $signatureMethod * @param $consumer * @param $token * @return unknown_type */ public function sign($signatureMethod, $consumer, $token = null) { if (empty($this->_params['oauth_consumer_key'])) { $this->_params['oauth_consumer_key'] = $consumer->key; } if (empty($this->_params['oauth_token']) && !empty($token)) { $this->_params['oauth_token'] = $token->key; } $this->_params['oauth_signature_method'] = $signatureMethod->getName(); $this->_params['oauth_signature'] = $signatureMethod->sign($this, $consumer, $token); return $this->_getNormalizedUrl() . '?' . $this->buildHttpQuery(); } /** * Returns the signable string of this request * * The base string is defined as the method, the url and the parameters * (normalized), each urlencoded and concatenated with &. */ public function getSignatureBaseString() { $parts = array( $this->_getNormalizedHttpMethod(), $this->_getNormalizedUrl(), $this->_getSignableParameters() ); return implode('&', array_map(array('Horde_Oauth_Utils', 'urlencodeRfc3986'), $parts)); } /** * Get a query string suitable for use in a URL or as POST data. */ public function buildHttpQuery() { $parts = array(); foreach ($this->_params as $k => $v) { $parts[] = Horde_Oauth_Utils::urlencodeRfc3986($k) . '=' . Horde_Oauth_Utils::urlencodeRfc3986($v); } return implode('&', $parts); } /** */ public function buildAuthorizationHeader($realm = '') { $header = ''; foreach ($this->_params as $k => $v) { if (strpos($k, 'oauth_') !== false) { $header .= Horde_Oauth_Utils::urlencodeRfc3986($k) . '="' . Horde_Oauth_Utils::urlencodeRfc3986($v) . '",'; } } $header = substr($header, 0, -1); if (!empty($realm)) { $header .= ',realm="' . Horde_Oauth_Utils::urlencodeRfc3986($realm) . '"'; } return 'OAuth ' . $header; } /** * Generate a nonce. */ protected static function _generateNonce() { $mt = microtime(); $rand = mt_rand(); return hash('md5', microtime() . mt_rand()); } /** * Returns the normalized parameters of the request * * This will be all parameters except oauth_signature, sorted first by key, * and if there are duplicate keys, then by value. * * The returned string will be all the key=value pairs concatenated by &. * * @return string */ protected function _getSignableParameters() { // Grab all parameters $params = $this->_params; // Remove oauth_signature if present if (isset($params['oauth_signature'])) { unset($params['oauth_signature']); } // Urlencode both keys and values $keys = array_map(array('Horde_Oauth_Utils', 'urlencodeRfc3986'), array_keys($params)); $values = array_map(array('Horde_Oauth_Utils', 'urlencodeRfc3986'), array_values($params)); $params = array_combine($keys, $values); // Sort by keys (natsort) uksort($params, 'strnatcmp'); // Generate key=value pairs $pairs = array(); foreach ($params as $key => $value) { if (is_array($value)) { // If the value is an array, it's because there are multiple values // with the same key. Sort them, then add all the pairs. natsort($value); foreach ($value as $v2) { $pairs[] = $key . '=' . $v2; } } else { $pairs[] = $key . '=' . $value; } } // Return the pairs, concatenated with & return implode('&', $pairs); } /** * Uppercases the HTTP method */ protected function _getNormalizedHttpMethod() { return Horde_String::upper($this->_method); } /** * Parse the url and rebuilds it to be scheme://host/path */ protected function _getNormalizedUrl() { $parts = parse_url($this->_url); $scheme = $parts['scheme']; $port = !empty($parts['port']) ? $parts['port'] : $scheme == 'https' ? '443' : '80'; $host = $parts['host']; $path = !empty($parts['path']) ? $parts['path'] : ''; if (($scheme == 'https' && $port != '443') || ($scheme == 'http' && $port != '80')) { $host = "$host:$port"; } return "$scheme://$host$path"; } } Horde_Oauth-2.0.4/lib/Horde/Oauth/SignatureMethod.php0000664000175000017500000000130413160157140020520 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth abstract signature method base class * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ abstract class Horde_Oauth_SignatureMethod { abstract public function getName(); abstract public function sign($request, $consumer, $token); public function verify($signature, $request, $consumer, $token) { return $signature == $this->sign($request, $consumer, $token); } } Horde_Oauth-2.0.4/lib/Horde/Oauth/Token.php0000664000175000017500000000226313160157140016503 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth access tokens and request tokens * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Token { public $key; public $secret; /** * key = the token * secret = the token secret */ function __construct($key, $secret) { $this->key = $key; $this->secret = $secret; } /** * Generate the basic string serialization of a token that a server would * respond to request_token and access_token calls with. */ public function __toString() { return 'oauth_token='.Horde_Oauth_Utils::urlencodeRfc3986($this->key). '&oauth_token_secret='.Horde_Oauth_Utils::urlencodeRfc3986($this->secret); } public static function fromString($string) { parse_str($string, $parts); return new self($parts['oauth_token'], $parts['oauth_token_secret']); } } Horde_Oauth-2.0.4/lib/Horde/Oauth/Utils.php0000664000175000017500000000114613160157140016522 0ustar janjan * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ /** * OAuth utilities * * @author Chuck Hagenbuch * @license http://www.horde.org/licenses/bsd BSD * @category Horde * @package Oauth */ class Horde_Oauth_Utils { public static function urlencodeRfc3986($string) { return str_replace(array('%7E', '+'), array('~', '%2B'), rawurlencode($string)); } }