1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
<?php
/**
* Zend Framework
*
* LICENSE
*
* This source file is subject to the new BSD license that is bundled
* with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://framework.zend.com/license/new-bsd
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@zend.com so we can send you a copy immediately.
*
* @category Zend
* @package Zend_Oauth
* @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
* @version $Id$
*/
/** Zend_Oauth_Http */
#require_once 'Zend/Oauth/Http.php';
/** Zend_Oauth_Token_Access */
#require_once 'Zend/Oauth/Token/Access.php';
/**
* @category Zend
* @package Zend_Oauth
* @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
class Zend_Oauth_Http_AccessToken extends Zend_Oauth_Http
{
/**
* Singleton instance if required of the HTTP client
*
* @var Zend_Http_Client
*/
protected $_httpClient = null;
/**
* Initiate a HTTP request to retrieve an Access Token.
*
* @return Zend_Oauth_Token_Access
*/
public function execute()
{
$params = $this->assembleParams();
$response = $this->startRequestCycle($params);
$return = new Zend_Oauth_Token_Access($response);
return $return;
}
/**
* Assemble all parameters for an OAuth Access Token request.
*
* @return array
*/
public function assembleParams()
{
$params = array(
'oauth_consumer_key' => $this->_consumer->getConsumerKey(),
'oauth_nonce' => $this->_httpUtility->generateNonce(),
'oauth_signature_method' => $this->_consumer->getSignatureMethod(),
'oauth_timestamp' => $this->_httpUtility->generateTimestamp(),
'oauth_token' => $this->_consumer->getLastRequestToken()->getToken(),
'oauth_version' => $this->_consumer->getVersion(),
);
if (!empty($this->_parameters)) {
$params = array_merge($params, $this->_parameters);
}
$params['oauth_signature'] = $this->_httpUtility->sign(
$params,
$this->_consumer->getSignatureMethod(),
$this->_consumer->getConsumerSecret(),
$this->_consumer->getLastRequestToken()->getTokenSecret(),
$this->_preferredRequestMethod,
$this->_consumer->getAccessTokenUrl()
);
return $params;
}
/**
* Generate and return a HTTP Client configured for the Header Request Scheme
* specified by OAuth, for use in requesting an Access Token.
*
* @param array $params
* @return Zend_Http_Client
*/
public function getRequestSchemeHeaderClient(array $params)
{
$params = $this->_cleanParamsOfIllegalCustomParameters($params);
$headerValue = $this->_toAuthorizationHeader($params);
$client = Zend_Oauth::getHttpClient();
$client->setUri($this->_consumer->getAccessTokenUrl());
$client->setHeaders('Authorization', $headerValue);
$client->setMethod($this->_preferredRequestMethod);
return $client;
}
/**
* Generate and return a HTTP Client configured for the POST Body Request
* Scheme specified by OAuth, for use in requesting an Access Token.
*
* @param array $params
* @return Zend_Http_Client
*/
public function getRequestSchemePostBodyClient(array $params)
{
$params = $this->_cleanParamsOfIllegalCustomParameters($params);
$client = Zend_Oauth::getHttpClient();
$client->setUri($this->_consumer->getAccessTokenUrl());
$client->setMethod($this->_preferredRequestMethod);
$client->setRawData(
$this->_httpUtility->toEncodedQueryString($params)
);
$client->setHeaders(
Zend_Http_Client::CONTENT_TYPE,
Zend_Http_Client::ENC_URLENCODED
);
return $client;
}
/**
* Generate and return a HTTP Client configured for the Query String Request
* Scheme specified by OAuth, for use in requesting an Access Token.
*
* @param array $params
* @param string $url
* @return Zend_Http_Client
*/
public function getRequestSchemeQueryStringClient(array $params, $url)
{
$params = $this->_cleanParamsOfIllegalCustomParameters($params);
return parent::getRequestSchemeQueryStringClient($params, $url);
}
/**
* Attempt a request based on the current configured OAuth Request Scheme and
* return the resulting HTTP Response.
*
* @param array $params
* @return Zend_Http_Response
*/
protected function _attemptRequest(array $params)
{
switch ($this->_preferredRequestScheme) {
case Zend_Oauth::REQUEST_SCHEME_HEADER:
$httpClient = $this->getRequestSchemeHeaderClient($params);
break;
case Zend_Oauth::REQUEST_SCHEME_POSTBODY:
$httpClient = $this->getRequestSchemePostBodyClient($params);
break;
case Zend_Oauth::REQUEST_SCHEME_QUERYSTRING:
$httpClient = $this->getRequestSchemeQueryStringClient($params,
$this->_consumer->getAccessTokenUrl());
break;
}
return $httpClient->request();
}
/**
* Access Token requests specifically may not contain non-OAuth parameters.
* So these should be striped out and excluded. Detection is easy since
* specified OAuth parameters start with "oauth_", Extension params start
* with "xouth_", and no other parameters should use these prefixes.
*
* xouth params are not currently allowable.
*
* @param array $params
* @return array
*/
protected function _cleanParamsOfIllegalCustomParameters(array $params)
{
foreach ($params as $key=>$value) {
if (!preg_match("/^oauth_/", $key)) {
unset($params[$key]);
}
}
return $params;
}
}