Magento Extensions Rating 2024
Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
Oauth.php
Go to the documentation of this file.
1 <?php
7 namespace Magento\Framework\Oauth;
8 
9 use Magento\Framework\Encryption\Helper\Security;
10 use Magento\Framework\Phrase;
11 
12 class Oauth implements OauthInterface
13 {
17  protected $_oauthHelper;
18 
22  protected $_httpUtility;
23 
27  protected $_nonceGenerator;
28 
32  protected $_tokenProvider;
33 
40  public function __construct(
41  Helper\Oauth $oauthHelper,
42  NonceGeneratorInterface $nonceGenerator,
43  TokenProviderInterface $tokenProvider,
44  \Zend_Oauth_Http_Utility $httpUtility = null
45  ) {
46  $this->_oauthHelper = $oauthHelper;
47  $this->_nonceGenerator = $nonceGenerator;
48  $this->_tokenProvider = $tokenProvider;
49  // null default to prevent ObjectManagerFactory from injecting, see MAGETWO-30809
50  $this->_httpUtility = $httpUtility ?: new \Zend_Oauth_Http_Utility();
51  }
52 
58  public static function getSupportedSignatureMethods()
59  {
60  return [self::SIGNATURE_SHA1, self::SIGNATURE_SHA256];
61  }
62 
66  public function getRequestToken($params, $requestUrl, $httpMethod = 'POST')
67  {
68  $this->_validateProtocolParams($params);
69  $consumer = $this->_tokenProvider->getConsumerByKey($params['oauth_consumer_key']);
70  $this->_tokenProvider->validateConsumer($consumer);
71  $this->_validateSignature($params, $consumer->getSecret(), $httpMethod, $requestUrl);
72 
73  return $this->_tokenProvider->createRequestToken($consumer);
74  }
75 
79  public function getAccessToken($params, $requestUrl, $httpMethod = 'POST')
80  {
81  $required = [
82  'oauth_consumer_key',
83  'oauth_signature',
84  'oauth_signature_method',
85  'oauth_nonce',
86  'oauth_timestamp',
87  'oauth_token',
88  'oauth_verifier',
89  ];
90 
91  $this->_validateProtocolParams($params, $required);
92  $consumer = $this->_tokenProvider->getConsumerByKey($params['oauth_consumer_key']);
93  $tokenSecret = $this->_tokenProvider->validateRequestToken(
94  $params['oauth_token'],
95  $consumer,
96  $params['oauth_verifier']
97  );
98 
99  $this->_validateSignature($params, $consumer->getSecret(), $httpMethod, $requestUrl, $tokenSecret);
100 
101  return $this->_tokenProvider->getAccessToken($consumer);
102  }
103 
107  public function validateAccessTokenRequest($params, $requestUrl, $httpMethod = 'POST')
108  {
109  $required = [
110  'oauth_consumer_key',
111  'oauth_signature',
112  'oauth_signature_method',
113  'oauth_nonce',
114  'oauth_timestamp',
115  'oauth_token',
116  ];
117 
118  $this->_validateProtocolParams($params, $required);
119  $consumer = $this->_tokenProvider->getConsumerByKey($params['oauth_consumer_key']);
120  $tokenSecret = $this->_tokenProvider->validateAccessTokenRequest($params['oauth_token'], $consumer);
121 
122  $this->_validateSignature($params, $consumer->getSecret(), $httpMethod, $requestUrl, $tokenSecret);
123 
124  return $consumer->getId();
125  }
126 
130  public function validateAccessToken($accessToken)
131  {
132  return $this->_tokenProvider->validateAccessToken($accessToken);
133  }
134 
138  public function buildAuthorizationHeader(
139  $params,
140  $requestUrl,
141  $signatureMethod = self::SIGNATURE_SHA1,
142  $httpMethod = 'POST'
143  ) {
144  $required = ["oauth_consumer_key", "oauth_consumer_secret", "oauth_token", "oauth_token_secret"];
145  $this->_checkRequiredParams($params, $required);
146  $consumer = $this->_tokenProvider->getConsumerByKey($params['oauth_consumer_key']);
147  $headerParameters = [
148  'oauth_nonce' => $this->_nonceGenerator->generateNonce($consumer),
149  'oauth_timestamp' => $this->_nonceGenerator->generateTimestamp(),
150  'oauth_version' => '1.0',
151  ];
152  $headerParameters = array_merge($headerParameters, $params);
153  $headerParameters['oauth_signature'] = $this->_httpUtility->sign(
154  $params,
155  $signatureMethod,
156  $headerParameters['oauth_consumer_secret'],
157  $headerParameters['oauth_token_secret'],
158  $httpMethod,
159  $requestUrl
160  );
161  $authorizationHeader = $this->_httpUtility->toAuthorizationHeader($headerParameters);
162  // toAuthorizationHeader adds an optional realm="" which is not required for now.
163  // http://tools.ietf.org/html/rfc2617#section-1.2
164  return str_replace('realm="",', '', $authorizationHeader);
165  }
166 
178  protected function _validateSignature($params, $consumerSecret, $httpMethod, $requestUrl, $tokenSecret = null)
179  {
180  if (!in_array($params['oauth_signature_method'], self::getSupportedSignatureMethods())) {
181  throw new OauthInputException(
182  new Phrase(
183  'Signature method %1 is not supported',
184  [$params['oauth_signature_method']]
185  )
186  );
187  }
188 
189  $allowedSignParams = $params;
190  unset($allowedSignParams['oauth_signature']);
191 
192  $calculatedSign = $this->_httpUtility->sign(
193  $allowedSignParams,
194  $params['oauth_signature_method'],
195  $consumerSecret,
196  $tokenSecret,
197  $httpMethod,
198  $requestUrl
199  );
200 
201  if (!Security::compareStrings($calculatedSign, $params['oauth_signature'])) {
202  throw new Exception(new Phrase('The signatire is invalid. Verify and try again.'));
203  }
204  }
205 
213  protected function _validateVersionParam($version)
214  {
215  // validate version if specified
216  if ('1.0' != $version) {
217  throw new OauthInputException(new Phrase('The "%1" Oauth version isn\'t supported.', [$version]));
218  }
219  }
220 
229  protected function _validateProtocolParams($protocolParams, $requiredParams = [])
230  {
231  // validate version if specified.
232  if (isset($protocolParams['oauth_version'])) {
233  $this->_validateVersionParam($protocolParams['oauth_version']);
234  }
235 
236  // Required parameters validation. Default to minimum required params if not provided.
237  if (empty($requiredParams)) {
238  $requiredParams = [
239  "oauth_consumer_key",
240  "oauth_signature",
241  "oauth_signature_method",
242  "oauth_nonce",
243  "oauth_timestamp",
244  ];
245  }
246  $this->_checkRequiredParams($protocolParams, $requiredParams);
247 
248  if (isset(
249  $protocolParams['oauth_token']
250  ) && !$this->_tokenProvider->validateOauthToken(
251  $protocolParams['oauth_token']
252  )
253  ) {
254  throw new OauthInputException(new Phrase('The token length is invalid. Check the length and try again.'));
255  }
256 
257  // Validate signature method.
258  if (!in_array($protocolParams['oauth_signature_method'], self::getSupportedSignatureMethods())) {
259  throw new OauthInputException(
260  new Phrase(
261  'Signature method %1 is not supported',
262  [$protocolParams['oauth_signature_method']]
263  )
264  );
265  }
266 
267  $consumer = $this->_tokenProvider->getConsumerByKey($protocolParams['oauth_consumer_key']);
268  $this->_nonceGenerator->validateNonce(
269  $consumer,
270  $protocolParams['oauth_nonce'],
271  $protocolParams['oauth_timestamp']
272  );
273  }
274 
283  protected function _checkRequiredParams($protocolParams, $requiredParams)
284  {
285  $exception = new OauthInputException();
286  foreach ($requiredParams as $param) {
287  if (!isset($protocolParams[$param])) {
288  $exception->addError(
289  new Phrase('"%fieldName" is required. Enter and try again.', ['fieldName' => $param])
290  );
291  }
292  }
293  if ($exception->wasErrorAdded()) {
294  throw $exception;
295  }
296  }
297 }
Magento\Framework\Oauth\Oauth\buildAuthorizationHeader
buildAuthorizationHeader( $params, $requestUrl, $signatureMethod=self::SIGNATURE_SHA1, $httpMethod='POST')
Definition: Oauth.php:138
$version
$version
Definition: pre_composer_update_2.3.php:161
Magento\Framework\Oauth\Oauth\getAccessToken
getAccessToken($params, $requestUrl, $httpMethod='POST')
Definition: Oauth.php:79
Magento\Framework\Oauth\Oauth\validateAccessTokenRequest
validateAccessTokenRequest($params, $requestUrl, $httpMethod='POST')
Definition: Oauth.php:107
Magento\Framework\Oauth\Oauth\getSupportedSignatureMethods
static getSupportedSignatureMethods()
Definition: Oauth.php:58
Magento\Framework\Oauth\Oauth\_checkRequiredParams
_checkRequiredParams($protocolParams, $requiredParams)
Definition: Oauth.php:283
Magento\Framework\Oauth\Oauth\validateAccessToken
validateAccessToken($accessToken)
Definition: Oauth.php:130
Magento\Framework\Oauth\Oauth\__construct
__construct(Helper\Oauth $oauthHelper, NonceGeneratorInterface $nonceGenerator, TokenProviderInterface $tokenProvider, \Zend_Oauth_Http_Utility $httpUtility=null)
Definition: Oauth.php:40
Magento\Framework\Oauth\Oauth\_validateVersionParam
_validateVersionParam($version)
Definition: Oauth.php:213
Magento\Framework\Encryption\Helper\Security\compareStrings
static compareStrings($expected, $actual)
Definition: Security.php:26
Zend_Oauth_Http_Utility
Definition: Utility.php:34
$params
$params[\Magento\Store\Model\StoreManager::PARAM_RUN_CODE]
Definition: website.php:18
Magento\Framework\Oauth\Oauth\_validateSignature
_validateSignature($params, $consumerSecret, $httpMethod, $requestUrl, $tokenSecret=null)
Definition: Oauth.php:178
Magento\Framework\Oauth\Oauth\_validateProtocolParams
_validateProtocolParams($protocolParams, $requiredParams=[])
Definition: Oauth.php:229
Magento\Framework\Oauth\Oauth\getRequestToken
getRequestToken($params, $requestUrl, $httpMethod='POST')
Definition: Oauth.php:66
$required
$required
Definition: wrapper.phtml:8