LTI Tool Provider Library  3.0.2
PHP class library for building LTI Tool Providers
OAuthRequest.php
Go to the documentation of this file.
1 <?php
2 
3 namespace IMSGlobal\LTI\OAuth;
4 
12 class OAuthRequest {
13 
14  protected $parameters;
15  protected $http_method;
16  protected $http_url;
17  // for debug purposes
18  public $base_string;
19  public static $version = '1.0';
20  public static $POST_INPUT = 'php://input';
21 
22  function __construct($http_method, $http_url, $parameters = null) {
23 
24  $parameters = ($parameters) ? $parameters : array();
25  $parameters = array_merge( OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
26  $this->parameters = $parameters;
27  $this->http_method = $http_method;
28  $this->http_url = $http_url;
29 
30  }
31 
32 
36  public static function from_request($http_method = null, $http_url = null, $parameters = null) {
37 
38  $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
39  ? 'http'
40  : 'https';
41  $http_url = ($http_url) ? $http_url : $scheme .
42  '://' . $_SERVER['SERVER_NAME'] .
43  ':' .
44  $_SERVER['SERVER_PORT'] .
45  $_SERVER['REQUEST_URI'];
46  $http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD'];
47 
48  // We weren't handed any parameters, so let's find the ones relevant to
49  // this request.
50  // If you run XML-RPC or similar you should use this to provide your own
51  // parsed parameter-list
52  if (!$parameters) {
53  // Find request headers
54  $request_headers = OAuthUtil::get_headers();
55 
56  // Parse the query-string to find GET parameters
57  if (isset($_SERVER['QUERY_STRING'])) {
58  $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
59  } else {
60  $parameters = array();
61  }
62 
63  // It's a POST request of the proper content-type, so parse POST
64  // parameters and add those overriding any duplicates from GET
65  if ($http_method == "POST"
66  && isset($request_headers['Content-Type'])
67  && strstr($request_headers['Content-Type'], 'application/x-www-form-urlencoded')) {
68  $post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
69  $parameters = array_merge($parameters, $post_data);
70  }
71 
72  // We have a Authorization-header with OAuth data. Parse the header
73  // and add those overriding any duplicates from GET or POST
74  if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
75  $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
76  $parameters = array_merge($parameters, $header_parameters);
77  }
78 
79  }
80 
81  return new OAuthRequest($http_method, $http_url, $parameters);
82  }
83 
87  public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = null) {
88 
89  $parameters = ($parameters) ? $parameters : array();
90  $defaults = array('oauth_version' => OAuthRequest::$version,
91  'oauth_nonce' => OAuthRequest::generate_nonce(),
92  'oauth_timestamp' => OAuthRequest::generate_timestamp(),
93  'oauth_consumer_key' => $consumer->key);
94  if ($token)
95  $defaults['oauth_token'] = $token->key;
96 
97  $parameters = array_merge($defaults, $parameters);
98 
99  return new OAuthRequest($http_method, $http_url, $parameters);
100 
101  }
102 
103  public function set_parameter($name, $value, $allow_duplicates = true) {
104 
105  if ($allow_duplicates && isset($this->parameters[$name])) {
106  // We have already added parameter(s) with this name, so add to the list
107  if (is_scalar($this->parameters[$name])) {
108  // This is the first duplicate, so transform scalar (string)
109  // into an array so we can add the duplicates
110  $this->parameters[$name] = array($this->parameters[$name]);
111  }
112 
113  $this->parameters[$name][] = $value;
114  } else {
115  $this->parameters[$name] = $value;
116  }
117  }
118 
119  public function get_parameter($name) {
120  return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
121  }
122 
123  public function get_parameters() {
124  return $this->parameters;
125  }
126 
127  public function unset_parameter($name) {
128  unset($this->parameters[$name]);
129  }
130 
135  public function get_signable_parameters() {
136 
137  // Grab all parameters
138  $params = $this->parameters;
139 
140  // Remove oauth_signature if present
141  // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
142  if (isset($params['oauth_signature'])) {
143  unset($params['oauth_signature']);
144  }
145 
146  return OAuthUtil::build_http_query($params);
147 
148  }
149 
157  public function get_signature_base_string() {
158  $parts = array(
159  $this->get_normalized_http_method(),
160  $this->get_normalized_http_url(),
161  $this->get_signable_parameters()
162  );
163 
164  $parts = OAuthUtil::urlencode_rfc3986($parts);
165 
166  return implode('&', $parts);
167 
168  }
169 
173  public function get_normalized_http_method() {
174  return strtoupper($this->http_method);
175  }
176 
181  public function get_normalized_http_url() {
182 
183  $parts = parse_url($this->http_url);
184 
185  $scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
186  $port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
187  $host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
188  $path = (isset($parts['path'])) ? $parts['path'] : '';
189 
190  if (($scheme == 'https' && $port != '443')
191  || ($scheme == 'http' && $port != '80')) {
192  $host = "$host:$port";
193  }
194 
195  return "$scheme://$host$path";
196 
197  }
198 
202  public function to_url() {
203 
204  $post_data = $this->to_postdata();
205  $out = $this->get_normalized_http_url();
206  if ($post_data) {
207  $out .= '?'.$post_data;
208  }
209 
210  return $out;
211 
212  }
213 
217  public function to_postdata() {
218  return OAuthUtil::build_http_query($this->parameters);
219  }
220 
224  public function to_header($realm = null) {
225 
226  $first = true;
227  if($realm) {
228  $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
229  $first = false;
230  } else
231  $out = 'Authorization: OAuth';
232 
233  $total = array();
234  foreach ($this->parameters as $k => $v) {
235  if (substr($k, 0, 5) != "oauth") continue;
236  if (is_array($v)) {
237  throw new OAuthException('Arrays not supported in headers');
238  }
239  $out .= ($first) ? ' ' : ',';
240  $out .= OAuthUtil::urlencode_rfc3986($k) .
241  '="' .
242  OAuthUtil::urlencode_rfc3986($v) .
243  '"';
244  $first = false;
245  }
246 
247  return $out;
248 
249  }
250 
251  public function __toString() {
252  return $this->to_url();
253  }
254 
255 
256  public function sign_request($signature_method, $consumer, $token) {
257 
258  $this->set_parameter(
259  "oauth_signature_method",
260  $signature_method->get_name(),
261  false
262  );
263  $signature = $this->build_signature($signature_method, $consumer, $token);
264  $this->set_parameter("oauth_signature", $signature, false);
265 
266  }
267 
268  public function build_signature($signature_method, $consumer, $token) {
269  $signature = $signature_method->build_signature($this, $consumer, $token);
270  return $signature;
271  }
272 
276  private static function generate_timestamp() {
277  return time();
278  }
279 
283  private static function generate_nonce() {
284  $mt = microtime();
285  $rand = mt_rand();
286 
287  return md5($mt . $rand); // md5s look nicer than numbers
288  }
289 
290 }
IMSGlobal\LTI\OAuth\OAuthRequest\to_url
to_url()
builds a url usable for a GET request
Definition: OAuthRequest.php:202
IMSGlobal\LTI\OAuth\OAuthRequest\get_normalized_http_url
get_normalized_http_url()
parses the url and rebuilds it to be scheme://host/path
Definition: OAuthRequest.php:181
IMSGlobal\LTI\OAuth\OAuthRequest\build_signature
build_signature($signature_method, $consumer, $token)
Definition: OAuthRequest.php:268
IMSGlobal\LTI\OAuth\OAuthRequest\sign_request
sign_request($signature_method, $consumer, $token)
Definition: OAuthRequest.php:256
IMSGlobal\LTI\OAuth\OAuthRequest\to_postdata
to_postdata()
builds the data one would send in a POST request
Definition: OAuthRequest.php:217
IMSGlobal\LTI\OAuth\OAuthException
Class to represent an OAuth Exception.
Definition: OAuthException.php:12
IMSGlobal\LTI\OAuth\OAuthRequest\from_consumer_and_token
static from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=null)
pretty much a helper function to set up the request
Definition: OAuthRequest.php:87
IMSGlobal\LTI\OAuth\OAuthRequest\get_normalized_http_method
get_normalized_http_method()
just uppercases the http method
Definition: OAuthRequest.php:173
IMSGlobal\LTI\OAuth\OAuthRequest\set_parameter
set_parameter($name, $value, $allow_duplicates=true)
Definition: OAuthRequest.php:103
IMSGlobal\LTI\OAuth\OAuthRequest\to_header
to_header($realm=null)
builds the Authorization: header
Definition: OAuthRequest.php:224
IMSGlobal\LTI\OAuth\OAuthUtil\urlencode_rfc3986
static urlencode_rfc3986($input)
Definition: OAuthUtil.php:14
IMSGlobal\LTI\OAuth\OAuthRequest\get_signature_base_string
get_signature_base_string()
Returns the base string of this request.
Definition: OAuthRequest.php:157
IMSGlobal\LTI\OAuth\OAuthRequest\from_request
static from_request($http_method=null, $http_url=null, $parameters=null)
attempt to build up a request from what was passed to the server
Definition: OAuthRequest.php:36
IMSGlobal\LTI\OAuth\OAuthRequest\get_signable_parameters
get_signable_parameters()
The request parameters, sorted and concatenated into a normalized string.
Definition: OAuthRequest.php:135
IMSGlobal\LTI\OAuth\OAuthUtil\split_header
static split_header($header, $only_allow_oauth_parameters=true)
Definition: OAuthUtil.php:37
IMSGlobal\LTI\OAuth\OAuthUtil\build_http_query
static build_http_query($params)
Definition: OAuthUtil.php:127
IMSGlobal\LTI\OAuth\OAuthRequest
Class to represent an OAuth Request.
Definition: OAuthRequest.php:12
IMSGlobal\LTI\OAuth\OAuthRequest\__construct
__construct($http_method, $http_url, $parameters=null)
Definition: OAuthRequest.php:22
IMSGlobal\LTI\OAuth\OAuthUtil\parse_parameters
static parse_parameters($input)
Definition: OAuthUtil.php:95