Sign upLogin

lucidlogic/omnipay-pesapal

View on GitHub
Star
src/OAuth/OAuthServer.php

Summary

Maintainability
A
0 mins
Test Coverage
<?php

namespace Omnipay\Pesapal\OAuth;

class OAuthServer
{
    protected $timestamp_threshold = 300; // in seconds, five minutes
    protected $version = 1.0;             // hi blaine
    protected $signature_methods = [];

    protected $data_store;

    public function __construct($data_store)
    {
        $this->data_store = $data_store;
    }

    public function add_signature_method($signature_method)
    {
        $this->signature_methods[$signature_method->get_name()] =
            $signature_method;
    }

    // high level functions

    /**
     * process a request_token request
     * returns the request token on success.
     */
    public function fetch_request_token(&$request)
    {
        $this->get_version($request);

        $consumer = $this->get_consumer($request);

        // no token required for the initial token request
        $token = null;

        $this->check_signature($request, $consumer, $token);

        $new_token = $this->data_store->new_request_token($consumer);

        return $new_token;
    }

    /**
     * process an access_token request
     * returns the access token on success.
     */
    public function fetch_access_token(&$request)
    {
        $this->get_version($request);

        $consumer = $this->get_consumer($request);

        // requires authorized request token
        $token = $this->get_token($request, $consumer, 'request');

        $this->check_signature($request, $consumer, $token);

        $new_token = $this->data_store->new_access_token($token, $consumer);

        return $new_token;
    }

    /**
     * verify an api call, checks all the parameters.
     */
    public function verify_request(&$request)
    {
        $this->get_version($request);
        $consumer = $this->get_consumer($request);
        $token = $this->get_token($request, $consumer, 'access');
        $this->check_signature($request, $consumer, $token);

        return [$consumer, $token];
    }

    // Internals from here

    /**
     * version 1.
     */
    private function get_version(&$request)
    {
        $version = $request->get_parameter('oauth_version');
        if (!$version) {
            $version = 1.0;
        }
        if ($version && $version != $this->version) {
            throw new OAuthException("OAuth version '$version' not supported");
        }

        return $version;
    }

    /**
     * figure out the signature with some defaults.
     */
    private function get_signature_method(&$request)
    {
        $signature_method =
            @$request->get_parameter('oauth_signature_method');
        if (!$signature_method) {
            $signature_method = 'PLAINTEXT';
        }
        if (!in_array(
            $signature_method,
            array_keys($this->signature_methods))
        ) {
            throw new OAuthException(
                "Signature method '$signature_method' not supported ".
                'try one of the following: '.
                implode(', ', array_keys($this->signature_methods))
            );
        }

        return $this->signature_methods[$signature_method];
    }

    /**
     * try to find the consumer for the provided request's consumer key.
     */
    private function get_consumer(&$request)
    {
        $consumer_key = @$request->get_parameter('oauth_consumer_key');
        if (!$consumer_key) {
            throw new OAuthException('Invalid consumer key');
        }

        $consumer = $this->data_store->lookup_consumer($consumer_key);
        if (!$consumer) {
            throw new OAuthException('Invalid consumer');
        }

        return $consumer;
    }

    /**
     * try to find the token for the provided request's token key.
     */
    private function get_token(&$request, $consumer, $token_type = 'access')
    {
        $token_field = @$request->get_parameter('oauth_token');
        $token = $this->data_store->lookup_token(
            $consumer, $token_type, $token_field
        );
        if (!$token) {
            throw new OAuthException("Invalid $token_type token: $token_field");
        }

        return $token;
    }

    /**
     * all-in-one function to check the signature on a request
     * should guess the signature method appropriately.
     */
    private function check_signature(&$request, $consumer, $token)
    {
        // this should probably be in a different method
        $timestamp = @$request->get_parameter('oauth_timestamp');
        $nonce = @$request->get_parameter('oauth_nonce');

        $this->check_timestamp($timestamp);
        $this->check_nonce($consumer, $token, $nonce, $timestamp);

        $signature_method = $this->get_signature_method($request);

        $signature = $request->get_parameter('oauth_signature');
        $valid_sig = $signature_method->check_signature(
            $request,
            $consumer,
            $token,
            $signature
        );

        if (!$valid_sig) {
            throw new OAuthException('Invalid signature');
        }
    }

    /**
     * check that the timestamp is new enough.
     */
    private function check_timestamp($timestamp)
    {
        // verify that timestamp is recentish
        $now = time();
        if ($now - $timestamp > $this->timestamp_threshold) {
            throw new OAuthException(
                "Expired timestamp, yours $timestamp, ours $now"
            );
        }
    }

    /**
     * check that the nonce is not repeated.
     */
    private function check_nonce($consumer, $token, $nonce, $timestamp)
    {
        // verify that the nonce is uniqueish
        $found = $this->data_store->lookup_nonce(
            $consumer,
            $token,
            $nonce,
            $timestamp
        );
        if ($found) {
            throw new OAuthException("Nonce already used: $nonce");
        }
    }
}