From a222395b6afcdbaa72a1d87d9fcbc440ba9ad49d Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Wed, 25 Jan 2012 23:04:21 +1030 Subject: [PATCH 01/21] Request #18431 Improvements in handling PUT requests --- HTTP/OAuth/Provider/Request.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/HTTP/OAuth/Provider/Request.php b/HTTP/OAuth/Provider/Request.php index 984d4bc..917be3b 100644 --- a/HTTP/OAuth/Provider/Request.php +++ b/HTTP/OAuth/Provider/Request.php @@ -60,10 +60,11 @@ class HTTP_OAuth_Provider_Request extends HTTP_OAuth_Message * * @return void */ - public function __construct() + public function __construct($rawBodyData = '') { $this->setHeaders(); $this->setParametersFromRequest(); + $this->rawBodyData = $rawBodyData; } /** @@ -166,7 +167,7 @@ public function setParametersFromRequest() } } - if ($this->getRequestMethod() == 'POST') { + if ($this->getRequestMethod() == 'POST' || $this->getRequestMethod() == 'PUT') { $this->debug('getting data from POST'); $contentType = substr($this->getHeader('Content-Type'), 0, 33); if ($contentType !== 'application/x-www-form-urlencoded') { @@ -329,7 +330,7 @@ public function getHeaders() */ protected function getPostData() { - return file_get_contents('php://input'); + return !empty($this->rawBodyData) ? $this->rawBodyData : file_get_contents('php://input'); } // @codeCoverageIgnoreEnd From e58502c8c53613d8413e5ca943c07d1a4ecf2635 Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Tue, 22 Oct 2013 13:32:48 -0300 Subject: [PATCH 02/21] Decode parameter names as well as values in provider. As per RFC 5849 section 3.4.1.3.2, parameter names are encoded to form the signature base string. If they are not decoded when the request is parsed, they are double encoded in the base string. --- HTTP/OAuth/Provider/Request.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/HTTP/OAuth/Provider/Request.php b/HTTP/OAuth/Provider/Request.php index 917be3b..2ed42d0 100644 --- a/HTTP/OAuth/Provider/Request.php +++ b/HTTP/OAuth/Provider/Request.php @@ -163,16 +163,20 @@ public function setParametersFromRequest() $value = trim($value); $value = str_replace('"', '', $value); - $params[$key] = $value; + $params[HTTP_OAuth::urldecode($key)] = HTTP_OAuth::urldecode($value); } } if ($this->getRequestMethod() == 'POST' || $this->getRequestMethod() == 'PUT') { - $this->debug('getting data from POST'); + if ($this->getRequestMethod() == 'POST') { + $this->debug('getting data from POST'); + } else { + $this->debug('getting data from PUT'); + } $contentType = substr($this->getHeader('Content-Type'), 0, 33); if ($contentType !== 'application/x-www-form-urlencoded') { throw new HTTP_OAuth_Provider_Exception_InvalidRequest('Invalid ' . - 'content type for POST request'); + 'content type for POST or PUT request'); } $params = array_merge( @@ -191,7 +195,7 @@ public function setParametersFromRequest() 'data found from request'); } - $this->setParameters(HTTP_OAuth::urldecode($params)); + $this->setParameters($params); } /** @@ -337,7 +341,9 @@ protected function getPostData() /** * Parses a query string * - * Does not urldecode the name or values like $_GET and $_POST + * Does not use built-in urldecoding of name or values like $_GET and + * $_POST. Instead, names and values are decoded using RFC 3986 as required + * by OAuth. * * @param string $string Query string * @@ -356,7 +362,7 @@ protected function parseQueryString($string) } list($key, $value) = explode('=', $part); - $data[$key] = self::urldecode($value); + $data[HTTP_Oauth::urldecode($key)] = HTTP_OAuth::urldecode($value); } return $data; From 21ecb5c4b5131d609a43fd501cfef334cfa6cc67 Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Thu, 31 Oct 2013 17:03:16 -0300 Subject: [PATCH 03/21] Clean up handling of PUT data. See https://pear.php.net/bugs/bug.php?id=18431 and https://pear.php.net/bugs/bug.php?id=20106. This handles the request body with a consistent API to the way request headers are handled. It should fix the bugs in both 18431 and 20106. --- HTTP/OAuth/Provider/Request.php | 63 ++++++++++++++++++++++++--------- 1 file changed, 47 insertions(+), 16 deletions(-) diff --git a/HTTP/OAuth/Provider/Request.php b/HTTP/OAuth/Provider/Request.php index 2ed42d0..b788948 100644 --- a/HTTP/OAuth/Provider/Request.php +++ b/HTTP/OAuth/Provider/Request.php @@ -55,16 +55,49 @@ class HTTP_OAuth_Provider_Request extends HTTP_OAuth_Message */ protected $method = ''; + /** + * Body data from the incoming request (POST/PUT) + * + * @var string Raw body data from the incoming request (POST/PUT) + */ + protected $body = ''; + /** * Construct * + * @param string $body optional. The HTTP request body. Use this if your + * framework automatically reads the php://input + * stream. + * * @return void */ - public function __construct($rawBodyData = '') + public function __construct($body = '') { $this->setHeaders(); + $this->setBody($body); $this->setParametersFromRequest(); - $this->rawBodyData = $rawBodyData; + } + + /** + * Sets the body data for this request + * + * This is useful if your framework automatically reads the php://input + * stream and your API uses PUT or POST data. + * + * @param string $body the HTTP request body. + * + * @return HTTP_OAuth_Provider_Request the current object, for fluent + * interface. + */ + public function setBody($body = '') + { + if (empty($body)) { + $this->body = file_get_contents('php://input'); + } else { + $this->body = (string)$body; + } + + return $this; } /** @@ -84,7 +117,7 @@ public function setHeaders(array $headers = array()) } else if (is_array($this->peclHttpHeaders())) { $this->debug('Using pecl_http to get request headers'); $this->headers = $this->peclHttpHeaders(); - } else { + } else { $this->debug('Using $_SERVER to get request headers'); foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) == 'HTTP_') { @@ -167,21 +200,19 @@ public function setParametersFromRequest() } } - if ($this->getRequestMethod() == 'POST' || $this->getRequestMethod() == 'PUT') { - if ($this->getRequestMethod() == 'POST') { - $this->debug('getting data from POST'); - } else { - $this->debug('getting data from PUT'); - } + if ($this->getRequestMethod() === 'POST' || $this->getRequestMethod() === 'PUT') { + $this->debug('getting x-www-form-urlencoded data from request body'); + $contentType = substr($this->getHeader('Content-Type'), 0, 33); if ($contentType !== 'application/x-www-form-urlencoded') { - throw new HTTP_OAuth_Provider_Exception_InvalidRequest('Invalid ' . - 'content type for POST or PUT request'); + throw new HTTP_OAuth_Provider_Exception_InvalidRequest( + 'Invalid content type for POST or PUT request' + ); } $params = array_merge( $params, - $this->parseQueryString($this->getPostData()) + $this->parseQueryString($this->getBody()) ); } @@ -328,13 +359,13 @@ public function getHeaders() // @codeCoverageIgnoreStart /** - * Gets POST data + * Gets request body * - * @return string Post data + * @return string request data */ - protected function getPostData() + protected function getBody() { - return !empty($this->rawBodyData) ? $this->rawBodyData : file_get_contents('php://input'); + return $this->body; } // @codeCoverageIgnoreEnd From 0438cadb5b2e3e5ebec87a54227eab486422f572 Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Thu, 31 Oct 2013 16:46:36 -0300 Subject: [PATCH 04/21] Update HTTP_OAuth to work with array query params. See https://pear.php.net/bugs/bug.php?id=20107 --- HTTP/OAuth.php | 15 +++++++++------ HTTP/OAuth/Message.php | 3 +-- HTTP/OAuth/Provider/Request.php | 19 +++++++++++++++++-- 3 files changed, 27 insertions(+), 10 deletions(-) diff --git a/HTTP/OAuth.php b/HTTP/OAuth.php index 2b48681..23b8612 100644 --- a/HTTP/OAuth.php +++ b/HTTP/OAuth.php @@ -142,15 +142,18 @@ static public function buildHttpQuery(array $params) return ''; } - $keys = self::urlencode(array_keys($params)); - $values = self::urlencode(array_values($params)); - $params = array_combine($keys, $values); - - uksort($params, 'strcmp'); + ksort($params, SORT_STRING); $pairs = array(); foreach ($params as $key => $value) { - $pairs[] = $key . '=' . $value; + if (is_array($value)) { + sort($value, SORT_STRING); + foreach ($value as $multiValue) { + $pairs[] = self::urlencode($key) . '=' . self::urlencode($multiValue); + } + } else { + $pairs[] = self::urlencode($key) . '=' . self::urlencode($value); + } } return implode('&', $pairs); diff --git a/HTTP/OAuth/Message.php b/HTTP/OAuth/Message.php index 4ea3a10..39ba7be 100644 --- a/HTTP/OAuth/Message.php +++ b/HTTP/OAuth/Message.php @@ -97,8 +97,7 @@ public function getOAuthParameters() public function getParameters() { $params = $this->parameters; - ksort($params); - + ksort($params, SORT_STRING); return $params; } diff --git a/HTTP/OAuth/Provider/Request.php b/HTTP/OAuth/Provider/Request.php index b788948..e40ee02 100644 --- a/HTTP/OAuth/Provider/Request.php +++ b/HTTP/OAuth/Provider/Request.php @@ -196,7 +196,7 @@ public function setParametersFromRequest() $value = trim($value); $value = str_replace('"', '', $value); - $params[HTTP_OAuth::urldecode($key)] = HTTP_OAuth::urldecode($value); + $params[HTTP_Oauth::urldecode($key)] = HTTP_OAuth::urldecode($value); } } @@ -393,7 +393,22 @@ protected function parseQueryString($string) } list($key, $value) = explode('=', $part); - $data[HTTP_Oauth::urldecode($key)] = HTTP_OAuth::urldecode($value); + + $key = HTTP_OAuth::urldecode($key); + $value = HTTP_OAuth::urldecode($value); + + if (isset($data[$key])) { + if (is_array($data[$key])) { + $data[$key][] = $value; + } else { + $data[$key] = array( + $data[$key], + $value + ); + } + } else { + $data[$key] = $value; + } } return $data; From d327ba6036ef7f741e0fd19ba48b0dcb814994b4 Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Fri, 1 Nov 2013 09:28:13 -0300 Subject: [PATCH 05/21] Fix class name capitalization. --- HTTP/OAuth/Provider/Request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HTTP/OAuth/Provider/Request.php b/HTTP/OAuth/Provider/Request.php index e40ee02..48f7e21 100644 --- a/HTTP/OAuth/Provider/Request.php +++ b/HTTP/OAuth/Provider/Request.php @@ -196,7 +196,7 @@ public function setParametersFromRequest() $value = trim($value); $value = str_replace('"', '', $value); - $params[HTTP_Oauth::urldecode($key)] = HTTP_OAuth::urldecode($value); + $params[HTTP_OAuth::urldecode($key)] = HTTP_OAuth::urldecode($value); } } From fd815ca526a55e519679bbcc252ddc02a4e17ce3 Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Fri, 1 Nov 2013 10:46:21 -0300 Subject: [PATCH 06/21] Make getBody() public. --- HTTP/OAuth/Provider/Request.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/HTTP/OAuth/Provider/Request.php b/HTTP/OAuth/Provider/Request.php index 48f7e21..68c243f 100644 --- a/HTTP/OAuth/Provider/Request.php +++ b/HTTP/OAuth/Provider/Request.php @@ -92,7 +92,9 @@ public function __construct($body = '') public function setBody($body = '') { if (empty($body)) { + // @codeCoverageIgnoreStart $this->body = file_get_contents('php://input'); + // @codeCoverageIgnoreEnd } else { $this->body = (string)$body; } @@ -357,17 +359,15 @@ public function getHeaders() return $this->headers; } - // @codeCoverageIgnoreStart /** * Gets request body * * @return string request data */ - protected function getBody() + public function getBody() { return $this->body; } - // @codeCoverageIgnoreEnd /** * Parses a query string From ccda182cd094dac305c0bf4b12e8c800ba68b74a Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Fri, 1 Nov 2013 10:46:56 -0300 Subject: [PATCH 07/21] Update tests to test set/getBody and array param parsing. --- tests/HTTP/OAuth/Provider/RequestTest.php | 35 +++++++++++++++++------ 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/tests/HTTP/OAuth/Provider/RequestTest.php b/tests/HTTP/OAuth/Provider/RequestTest.php index 9f11540..668b6e0 100644 --- a/tests/HTTP/OAuth/Provider/RequestTest.php +++ b/tests/HTTP/OAuth/Provider/RequestTest.php @@ -57,10 +57,11 @@ class HTTP_OAuth_Provider_RequestTest extends PHPUnit_Framework_TestCase 'foo' => 'bar bar', 'oauth_consumer_key' => 'key', 'oauth_signature_method' => 'HMAC-SHA1', - 'oauth_signature' => 'jMenbpx3MWa8qyxgQr4olVrXTBU=', + 'oauth_signature' => 'UOXlPAfN0jLuph8vZaseA5hi59Y=', 'oauth_timestamp' => '1251317781', 'oauth_nonce' => '2E0A8559-8660-45F9-832F-6AC466615C79', - 'oauth_version' => '1.0' + 'oauth_version' => '1.0', + 'arrayparam[]' => array('1', '2'), ); /** @@ -108,10 +109,18 @@ public function testSetHeaders() $this->assertArrayHasKey('foo', $request->getHeaders()); } + public function testSetBody() + { + $body = 'test1=foo&test2=bar'; + $request = $this->mockedRequest(); + $request->setBody($body); + $this->assertEquals($body, $request->getBody()); + } + public function testSetParametersFromRequest() { $header = 'Authorization: OAuth realm="", oauth_consumer_key="key", oauth_signature_method="HMAC-SHA1", oauth_signature="ZUgC96UBRxYOl1Pml32hNDsNNUc%3D", oauth_timestamp="1251304744", oauth_nonce="18B2129F-4A4E-4502-8EB5-801DE2BB0247", oauth_version="1.0"'; - $queryString = 'foo=bar%20bar&oauth_consumer_key=key&oauth_signature_method=HMAC-SHA1&oauth_signature=ZUgC96UBRxYOl1Pml32hNDsNNUc%3D&oauth_timestamp=1251304744&oauth_nonce=18B2129F-4A4E-4502-8EB5-801DE2BB0247&oauth_version=1.0¶mwithnovalue'; + $queryString = 'foo=bar%20bar&oauth_consumer_key=key&oauth_signature_method=HMAC-SHA1&oauth_signature=ZUgC96UBRxYOl1Pml32hNDsNNUc%3D&oauth_timestamp=1251304744&oauth_nonce=18B2129F-4A4E-4502-8EB5-801DE2BB0247&oauth_version=1.0¶mwithnovalue&arrayparam%5B%5D=1&arrayparam%5B%5D=2'; $expected = array( 'foo' => 'bar bar', 'oauth_consumer_key' => 'key', @@ -120,6 +129,7 @@ public function testSetParametersFromRequest() 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_timestamp' => '1251304744', 'oauth_version' => '1.0', + 'arrayparam[]' => array('1', '2'), ); $request = $this->mockedRequest(); @@ -128,13 +138,18 @@ public function testSetParametersFromRequest() $this->assertEquals($expected, $request->getParameters()); $this->assertEquals(array('Authorization' => $header), $request->getHeaders()); - $request = $this->mockedRequest(array('getRequestMethod')); + $request = $this->mockedRequest(array('getRequestMethod', 'getBody')); + $request->expects($this->any())->method('getRequestMethod') ->will($this->returnValue('POST')); - $request->expects($this->any())->method('getPostData') + + $request->expects($this->any())->method('getBody') ->will($this->returnValue($queryString)); + $request->setHeaders( - array('Content-Type' => 'application/x-www-form-urlencoded')); + array('Content-Type' => 'application/x-www-form-urlencoded') + ); + $request->setParametersFromRequest(); $this->assertEquals($expected, $request->getParameters()); @@ -245,8 +260,12 @@ public function testSetHeadersWithServer() protected function mockedRequest(array $methods = array()) { - $methods = array_unique(array_merge($methods, - array('getPostData', 'apacheRequestHeaders', 'peclHttpHeaders'))); + $methods = array_unique( + array_merge( + $methods, + array('apacheRequestHeaders', 'peclHttpHeaders') + ) + ); $_SERVER['HTTP_AUTHORIZATION'] = 'OAuth realm="", oauth_consumer_key="key", oauth_signature_method="HMAC-SHA1", oauth_signature="ZUgC96UBRxYOl1Pml32hNDsNNUc%3D", oauth_timestamp="1251304744", oauth_nonce="18B2129F-4A4E-4502-8EB5-801DE2BB0247", oauth_version="1.0"'; $request = $this->getMock('HTTP_OAuth_Provider_Request', $methods); From fe2448e3fe21369e7d54897d5eb3cd6b59b0bbca Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Fri, 1 Nov 2013 11:27:01 -0300 Subject: [PATCH 08/21] Use exception chaining if PHP 5.3 is available. See [PEAR Bug 18574](https://pear.php.net/bugs/18574). --- HTTP/OAuth/Consumer/Request.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/HTTP/OAuth/Consumer/Request.php b/HTTP/OAuth/Consumer/Request.php index c29f677..3d4fcc3 100644 --- a/HTTP/OAuth/Consumer/Request.php +++ b/HTTP/OAuth/Consumer/Request.php @@ -229,7 +229,12 @@ public function send() try { $response = $this->getHTTPRequest2()->send(); } catch (Exception $e) { - throw new HTTP_OAuth_Exception($e->getMessage(), $e->getCode()); + if (version_compare(PHP_VERSION, '5.3.0', 'ge')) { + // Use exception chaining if available. See PEAR Bug #18574. + throw new HTTP_OAuth_Exception($e->getMessage(), $e->getCode(), $e); + } else { + throw new HTTP_OAuth_Exception($e->getMessage(), $e->getCode()); + } } return new HTTP_OAuth_Consumer_Response($response); From 03beb9ba3b253967caf3d14f57eacf416c4a379a Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Fri, 1 Nov 2013 11:53:51 -0300 Subject: [PATCH 09/21] Handle HTTP request body params better. See [PEAR Bug 17806](https://pear.php.net/bugs/bug.php?id=17806) [RFC 5849 section 3.4.1.3.1](http://tools.ietf.org/html/rfc5849#section-3.4.1.3.1) says any request can have params in the request body provided the content-type is set correctly and the entity-body is single-part and formatted correctly. --- HTTP/OAuth/Consumer/Request.php | 10 +++++++--- HTTP/OAuth/Provider/Request.php | 22 +++++++++------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/HTTP/OAuth/Consumer/Request.php b/HTTP/OAuth/Consumer/Request.php index 3d4fcc3..afadae6 100644 --- a/HTTP/OAuth/Consumer/Request.php +++ b/HTTP/OAuth/Consumer/Request.php @@ -217,10 +217,11 @@ public function send() $headers = $request->getHeaders(); $contentType = isset($headers['content-type']) ? $headers['content-type'] : ''; - if ($this->getMethod() == 'POST' - && $contentType == 'application/x-www-form-urlencoded' - ) { + // RFC 5849 3.4.1.3.1 allows any HTTP method with the correct + // content-type and body content. Don't check method type here. + // See PEAR Bug 17806. + if ($contentType == 'application/x-www-form-urlencoded') { $body = $this->getHTTPRequest2()->getBody(); $body = str_replace('+', '%20', $body); $this->getHTTPRequest2()->setBody($body); @@ -285,6 +286,8 @@ protected function buildRequest() switch ($this->getMethod()) { case 'POST': + case 'PUT': + case 'DELETE': foreach ($this->getParameters() as $name => $value) { if (substr($name, 0, 6) == 'oauth_') { continue; @@ -294,6 +297,7 @@ protected function buildRequest() } break; case 'GET': + case 'HEAD': $url = $this->getUrl(); foreach ($this->getParameters() as $name => $value) { if (substr($name, 0, 6) == 'oauth_') { diff --git a/HTTP/OAuth/Provider/Request.php b/HTTP/OAuth/Provider/Request.php index 68c243f..16ed0c3 100644 --- a/HTTP/OAuth/Provider/Request.php +++ b/HTTP/OAuth/Provider/Request.php @@ -56,9 +56,9 @@ class HTTP_OAuth_Provider_Request extends HTTP_OAuth_Message protected $method = ''; /** - * Body data from the incoming request (POST/PUT) + * Body data from the incoming request * - * @var string Raw body data from the incoming request (POST/PUT) + * @var string raw body data from the incoming request */ protected $body = ''; @@ -82,7 +82,7 @@ public function __construct($body = '') * Sets the body data for this request * * This is useful if your framework automatically reads the php://input - * stream and your API uses PUT or POST data. + * stream and your API puts parameters in the request body. * * @param string $body the HTTP request body. * @@ -202,16 +202,12 @@ public function setParametersFromRequest() } } - if ($this->getRequestMethod() === 'POST' || $this->getRequestMethod() === 'PUT') { - $this->debug('getting x-www-form-urlencoded data from request body'); - - $contentType = substr($this->getHeader('Content-Type'), 0, 33); - if ($contentType !== 'application/x-www-form-urlencoded') { - throw new HTTP_OAuth_Provider_Exception_InvalidRequest( - 'Invalid content type for POST or PUT request' - ); - } - + // RFC 5849 3.4.1.3.1 allows any HTTP method with the correct + // content-type and body content. Don't check method type here. + // See PEAR Bug 17806. + $contentType = $this->getHeader('Content-Type'); + if (strncmp($contentType, 'application/x-www-form-urlencoded', 33) === 0) { + $this->debug('getting application/x-www-form-urlencoded data from request body'); $params = array_merge( $params, $this->parseQueryString($this->getBody()) From a2dc3a3636cf7ca59a202cead32b29f842276c7e Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Fri, 1 Nov 2013 12:00:10 -0300 Subject: [PATCH 10/21] Prepare for release of 0.3.0. --- generatePackage.php | 24 +++++++++++++++--- package.xml | 61 +++++++++++++++++++++++++++++++++++++++------ 2 files changed, 74 insertions(+), 11 deletions(-) diff --git a/generatePackage.php b/generatePackage.php index 9954f83..9634c81 100644 --- a/generatePackage.php +++ b/generatePackage.php @@ -32,15 +32,27 @@ $packagexml->setDescription('Allows the use of the consumer and provider angles of the OAuth 1.0a specification'); $packagexml->setChannel('pear.php.net'); -$packagexml->setAPIVersion('0.2.0'); -$packagexml->setReleaseVersion('0.2.3'); +$packagexml->setAPIVersion('0.3.0'); +$packagexml->setReleaseVersion('0.3.0'); $packagexml->setReleaseStability('alpha'); $packagexml->setAPIStability('alpha'); -$packagexml->setNotes('* Fixed GH issue #10. don\'t use reset() to get the first array value -* Disabled E_DEPRECTED error logging when creating packages +$packagexml->setNotes('API changes: + * added $body parameter to HTTP_OAuth_Provider::__construct() + * added HTTP_OAuth_Provider::setBody() + * renamed HTTP_OAuth_Provider::getPostData() to getBody() + * made HTTP_OAuth_Provider::getBody() public + +New features and bugs fixed: + * Fixed PEAR #17806. DELETE method is not supported. + * Fixed PEAR #18574. Avoid try-catch-rethrow. + * Fixed PEAR #18701. Only variables should be passed by reference. + * Fixed PEAR #18425. Array keys not decoded in HTTP_OAuth_Provider. + * Fixed PEAR #18431. Handle PUT requests better in HTTP_OAuth_Provider. + * Fixed PEAR #20106. rawBodyData always included in provider request. + * Fixed PEAR #20107. Handle multiple query params with same name as array. '); $packagexml->setPackageType('php'); $packagexml->addRelease(); @@ -55,6 +67,10 @@ 'shupp', 'Bill Shupp', 'shupp@php.net'); +$packagexml->addMaintainer('developer', + 'gauthierm', + 'Michael Gauthier', + 'mike@silverorange.com'); $packagexml->setLicense('New BSD License', 'http://www.opensource.org/licenses/bsd-license.php'); diff --git a/package.xml b/package.xml index 6d6f1ac..13d1688 100644 --- a/package.xml +++ b/package.xml @@ -1,5 +1,5 @@ - @@ -19,11 +19,17 @@ shupp@php.net yes - 2011-07-16 - + + Michael Gauthier + gauthierm + mike@silverorange.com + yes + + 2013-11-01 + - 0.2.3 - 0.2.0 + 0.3.0 + 0.3.0 alpha @@ -31,8 +37,20 @@ New BSD License -* Fixed GH issue #10. don't use reset() to get the first array value -* Disabled E_DEPRECTED error logging when creating packages +API changes: + * added $body parameter to HTTP_OAuth_Provider::__construct() + * added HTTP_OAuth_Provider::setBody() + * renamed HTTP_OAuth_Provider::getPostData() to getBody() + * made HTTP_OAuth_Provider::getBody() public + +New features and bugs fixed: + * Fixed PEAR #17806. DELETE method is not supported. + * Fixed PEAR #18574. Avoid try-catch-rethrow. + * Fixed PEAR #18701. Only variables should be passed by reference. + * Fixed PEAR #18425. Array keys not decoded in HTTP_OAuth_Provider. + * Fixed PEAR #18431. Handle PUT requests better in HTTP_OAuth_Provider. + * Fixed PEAR #20106. rawBodyData always included in provider request. + * Fixed PEAR #20107. Handle multiple query params with same name as array. @@ -141,6 +159,7 @@ + @@ -544,5 +563,33 @@ Updated digg example * Disabled E_DEPRECTED error logging when creating packages + + + 0.3.0 + 0.3.0 + + + alpha + alpha + + 2013-11-01 + New BSD License + +API changes: + * added $body parameter to HTTP_OAuth_Provider::__construct() + * added HTTP_OAuth_Provider::setBody() + * renamed HTTP_OAuth_Provider::getPostData() to getBody() + * made HTTP_OAuth_Provider::getBody() public + +New features and bugs fixed: + * Fixed PEAR #17806. DELETE method is not supported. + * Fixed PEAR #18574. Avoid try-catch-rethrow. + * Fixed PEAR #18701. Only variables should be passed by reference. + * Fixed PEAR #18425. Array keys not decoded in HTTP_OAuth_Provider. + * Fixed PEAR #18431. Handle PUT requests better in HTTP_OAuth_Provider. + * Fixed PEAR #20106. rawBodyData always included in provider request. + * Fixed PEAR #20107. Handle multiple query params with same name as array. + + From f571f79acf7c811e40f033361baa4bc4294556de Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Tue, 5 Nov 2013 14:42:43 -0400 Subject: [PATCH 11/21] Add LICENSE file. --- LICENSE | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d91e43e --- /dev/null +++ b/LICENSE @@ -0,0 +1,24 @@ +Copyright (c) 2009 Jeff Hodsdon, 2009 Bill Shupp, 2013 silverorange Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. From e6d0ab312239163d265688434dbc40a3e43a1d94 Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Tue, 5 Nov 2013 14:47:09 -0400 Subject: [PATCH 12/21] Cleanup package.xml generator. * Add LICENSE and README as role=doc exceptions * Ignore *.tgz --- generatePackage.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/generatePackage.php b/generatePackage.php index 9634c81..e48723f 100644 --- a/generatePackage.php +++ b/generatePackage.php @@ -13,13 +13,17 @@ 'simpleoutput' => true, 'packagedirectory' => './', 'filelistgenerator' => 'file', + 'exceptions' => array( + 'LICENSE' => 'doc', + 'README' => 'doc', + ), 'ignore' => array( 'runTests.php', 'generatePackage.php', 'phpunit-bootstrap.php', 'phpunit.xml', - 'README', - 'coverage*' + 'coverage*', + '*.tgz', ), 'dir_roles' => array( 'tests' => 'test', @@ -53,6 +57,8 @@ * Fixed PEAR #18431. Handle PUT requests better in HTTP_OAuth_Provider. * Fixed PEAR #20106. rawBodyData always included in provider request. * Fixed PEAR #20107. Handle multiple query params with same name as array. + * Added LICENSE file. + * Include README in package file. '); $packagexml->setPackageType('php'); $packagexml->addRelease(); From f91388c163020fa217e902ba80d89e74515de95e Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Tue, 5 Nov 2013 14:51:15 -0400 Subject: [PATCH 13/21] Fix E_STRICT in MessageTest. Parameter passed to reset() must be a reference. --- tests/HTTP/OAuth/MessageTest.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/HTTP/OAuth/MessageTest.php b/tests/HTTP/OAuth/MessageTest.php index d602ddb..677ef7d 100644 --- a/tests/HTTP/OAuth/MessageTest.php +++ b/tests/HTTP/OAuth/MessageTest.php @@ -65,7 +65,8 @@ public function testGetParametersIsSorted() $params = array('z' => 'foo', 'a' => 'bar'); $m = new HTTP_OAuth_MessageMock; $m->setParameters($params); - $this->assertEquals('bar', reset($m->getParameters())); + $params = $m->getParameters(); + $this->assertEquals('bar', reset($params)); } public function testMagicGetter() From 5af91b3220934620979e404af87bfca6118756da Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Tue, 5 Nov 2013 14:54:35 -0400 Subject: [PATCH 14/21] Prepare release 0.3.1. --- generatePackage.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/generatePackage.php b/generatePackage.php index e48723f..fcf31f7 100644 --- a/generatePackage.php +++ b/generatePackage.php @@ -37,7 +37,7 @@ $packagexml->setChannel('pear.php.net'); $packagexml->setAPIVersion('0.3.0'); -$packagexml->setReleaseVersion('0.3.0'); +$packagexml->setReleaseVersion('0.3.1'); $packagexml->setReleaseStability('alpha'); @@ -59,6 +59,7 @@ * Fixed PEAR #20107. Handle multiple query params with same name as array. * Added LICENSE file. * Include README in package file. + * Fixed reset() call in MessageTest in unit tests. '); $packagexml->setPackageType('php'); $packagexml->addRelease(); From 12fab680cb91ea9719dbb81e80e834ef92e03f73 Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Tue, 14 Oct 2014 14:27:09 -0300 Subject: [PATCH 15/21] Fix parsing of Authorization header values. Strip the Oauth scheme before parsing parameters. Strip whitespace consistently from parameters. Add comments. --- HTTP/OAuth/Provider/Request.php | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/HTTP/OAuth/Provider/Request.php b/HTTP/OAuth/Provider/Request.php index 16ed0c3..b4b0e84 100644 --- a/HTTP/OAuth/Provider/Request.php +++ b/HTTP/OAuth/Provider/Request.php @@ -185,17 +185,24 @@ public function setParametersFromRequest() $auth = $this->getHeader('Authorization'); if ($auth !== null) { $this->debug('Using OAuth data from header'); + + // strip leading OAuth authentication scheme + $auth = preg_replace('/^oauth /i', '', $auth); + + // split auth parameters $parts = explode(',', $auth); foreach ($parts as $part) { - list($key, $value) = explode('=', trim($part)); - if (strstr(strtolower($key), 'oauth ') - || strstr(strtolower($key), 'uth re') - || substr(strtolower($key), 0, 6) != 'oauth_' - ) { + list($key, $value) = explode('=', $part, 2); + + // strip spaces from around comma and equals delimiters + $key = trim($key); + $value = trim($value); + + // ignore auth parameters that are not prefixed with oauth_ + if (substr(strtolower($key), 0, 6) != 'oauth_') { continue; } - $value = trim($value); $value = str_replace('"', '', $value); $params[HTTP_OAuth::urldecode($key)] = HTTP_OAuth::urldecode($value); From 774b9384d2370e6fa3eaaca19dcf473c7970086f Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Thu, 23 Oct 2014 12:37:54 +1030 Subject: [PATCH 16/21] Travis, modern PHPUnit --- .travis.yml | 6 ++++++ tests/HTTP/OAuth/Consumer/Exception/InvalidResponseTest.php | 1 - tests/HTTP/OAuth/Consumer/RequestTest.php | 1 - tests/HTTP/OAuth/Consumer/ResponseTest.php | 1 - tests/HTTP/OAuth/ConsumerTest.php | 1 - tests/HTTP/OAuth/MessageTest.php | 1 - tests/HTTP/OAuth/Provider/RequestTest.php | 1 - tests/HTTP/OAuth/Provider/ResponseTest.php | 1 - tests/HTTP/OAuth/Signature/CommonTest.php | 1 - tests/HTTP/OAuth/Signature/HMAC/SHA1Test.php | 1 - tests/HTTP/OAuth/Signature/PLAINTEXTTest.php | 1 - tests/HTTP/OAuth/Signature/RSA/SHA1Test.php | 1 - tests/HTTP/OAuth/SignatureTest.php | 1 - tests/HTTP/OAuth/Store/Consumer/CacheLiteTest.php | 1 - tests/HTTP/OAuthTest.php | 1 - 15 files changed, 6 insertions(+), 14 deletions(-) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..e60562c --- /dev/null +++ b/.travis.yml @@ -0,0 +1,6 @@ +language: php +install: + - pear install package.xml +php: + - 5.4 +script: phpunit tests/ \ No newline at end of file diff --git a/tests/HTTP/OAuth/Consumer/Exception/InvalidResponseTest.php b/tests/HTTP/OAuth/Consumer/Exception/InvalidResponseTest.php index 7dad71a..5f7c49b 100644 --- a/tests/HTTP/OAuth/Consumer/Exception/InvalidResponseTest.php +++ b/tests/HTTP/OAuth/Consumer/Exception/InvalidResponseTest.php @@ -21,7 +21,6 @@ * @link http://github.com/jeffhodsdon/HTTP_OAuth_Provider */ -require_once 'PHPUnit/Framework/TestCase.php'; require_once 'HTTP/OAuth/Consumer/Exception/InvalidResponse.php'; class HTTP_OAuth_Consumer_Exception_InvalidResponseTest diff --git a/tests/HTTP/OAuth/Consumer/RequestTest.php b/tests/HTTP/OAuth/Consumer/RequestTest.php index 050a194..876b4d6 100644 --- a/tests/HTTP/OAuth/Consumer/RequestTest.php +++ b/tests/HTTP/OAuth/Consumer/RequestTest.php @@ -21,7 +21,6 @@ * @link http://github.com/jeffhodsdon/HTTP_OAuth_Provider */ -require_once 'PHPUnit/Framework/TestCase.php'; require_once 'HTTP/OAuth/Consumer/Request.php'; require_once 'HTTP/Request2.php'; require_once 'HTTP/Request2/Adapter/Mock.php'; diff --git a/tests/HTTP/OAuth/Consumer/ResponseTest.php b/tests/HTTP/OAuth/Consumer/ResponseTest.php index 7611aef..d35c42b 100644 --- a/tests/HTTP/OAuth/Consumer/ResponseTest.php +++ b/tests/HTTP/OAuth/Consumer/ResponseTest.php @@ -21,7 +21,6 @@ * @link http://github.com/jeffhodsdon/HTTP_OAuth_Provider */ -require_once 'PHPUnit/Framework/TestCase.php'; require_once 'HTTP/OAuth/Consumer/Response.php'; class HTTP_OAuth_Consumer_ResponseTest extends PHPUnit_Framework_TestCase diff --git a/tests/HTTP/OAuth/ConsumerTest.php b/tests/HTTP/OAuth/ConsumerTest.php index 852b689..1f4cb60 100644 --- a/tests/HTTP/OAuth/ConsumerTest.php +++ b/tests/HTTP/OAuth/ConsumerTest.php @@ -21,7 +21,6 @@ * @link http://github.com/jeffhodsdon/HTTP_OAuth_Provider */ -require_once 'PHPUnit/Framework/TestCase.php'; require_once 'HTTP/OAuth/Consumer.php'; require_once 'HTTP/OAuth/Consumer/Request.php'; diff --git a/tests/HTTP/OAuth/MessageTest.php b/tests/HTTP/OAuth/MessageTest.php index 677ef7d..771583c 100644 --- a/tests/HTTP/OAuth/MessageTest.php +++ b/tests/HTTP/OAuth/MessageTest.php @@ -21,7 +21,6 @@ * @link http://github.com/jeffhodsdon/HTTP_OAuth_Provider */ -require_once 'PHPUnit/Framework/TestCase.php'; require_once 'tests/HTTP/OAuth/MessageMock.php'; class HTTP_OAuth_MessageTest extends PHPUnit_Framework_TestCase diff --git a/tests/HTTP/OAuth/Provider/RequestTest.php b/tests/HTTP/OAuth/Provider/RequestTest.php index 668b6e0..1245c97 100644 --- a/tests/HTTP/OAuth/Provider/RequestTest.php +++ b/tests/HTTP/OAuth/Provider/RequestTest.php @@ -19,7 +19,6 @@ * @link http://github.com/jeffhodsdon/HTTP_OAuth_Provider */ -require_once 'PHPUnit/Framework/TestCase.php'; require_once 'HTTP/OAuth.php'; require_once 'HTTP/OAuth/Provider/Request.php'; diff --git a/tests/HTTP/OAuth/Provider/ResponseTest.php b/tests/HTTP/OAuth/Provider/ResponseTest.php index 267f392..0d5471f 100644 --- a/tests/HTTP/OAuth/Provider/ResponseTest.php +++ b/tests/HTTP/OAuth/Provider/ResponseTest.php @@ -1,6 +1,5 @@ Date: Thu, 23 Oct 2014 12:44:32 +1030 Subject: [PATCH 17/21] Install everything --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e60562c..90af7ec 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ language: php install: - - pear install package.xml + - pear install -fa package.xml php: - 5.4 script: phpunit tests/ \ No newline at end of file From 93c836620dc88f8dd67594fdea3890cc84060ca9 Mon Sep 17 00:00:00 2001 From: Michael Gauthier Date: Wed, 6 Jan 2016 00:52:05 -0400 Subject: [PATCH 18/21] Add composer support. --- composer.json | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 composer.json diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..9ffc9b7 --- /dev/null +++ b/composer.json @@ -0,0 +1,42 @@ +{ + "name": "pear/http_oauth", + "description": "Implementation of the OAuth 1.0a specification.", + "type": "library", + "keywords": [ "http", "oauth" ], + "homepage": "https://github.com/pear/HTTP_OAuth", + "license": "BSD-2-Clause", + "authors": [ + { + "name": "Michael Gauthier", + "email": "mike@silverorange.com" + }, + { + "name": "Jeff Hodsdon", + "email": "jeffhodsdon@gmail.com" + }, + { + "name": "Bill Shupp", + "email": "shupp@php.net" + } + ], + "require": { + "php": ">=5.1.2", + "ext-date": "*", + "ext-hash": "*", + "ext-spl": "*", + "pear/pear-core-minimal": "^1.9.0", + "pear/http_request2": "^2.0.0" + }, + "suggest": { + "pear/log": "Allows logging requests for debugging", + "pear/cache_lite": "Caching of requests." + }, + "autoload": { + "psr-0": { + "HTTP_OAuth": "" + } + }, + "include-path": [ + "./" + ] +} From 8e7beea04c4fb0eb5e11d5cacab8a9e11f7eecb4 Mon Sep 17 00:00:00 2001 From: Makoto Chiba Date: Tue, 6 Mar 2018 01:04:19 +0900 Subject: [PATCH 19/21] Fix README design --- README | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README b/README index fa79d48..1f5e8aa 100644 --- a/README +++ b/README @@ -1,14 +1,16 @@ +# HTTP_OAuth - Implementation of the OAuth specification + HTTP_OAuth is a PEAR package implementing the OAuth 1.0a protocol. Consumer, Provier (request and response) classes are provided. See the Consumer examples below: -HTTP_OAuth_Consumer +## HTTP_OAuth_Consumer Main consumer class that assists consumers in establishing OAuth creditials and making OAuth requests. -Example: +### Example: $consumer = new HTTP_OAuth_Consumer('key', 'secret'); $consumer->getRequestToken('http://example.com/oauth/request_token', $callback); From cd2809a1bcf0a736910e6e8f8da8e41fed9b697a Mon Sep 17 00:00:00 2001 From: Makoto Chiba Date: Tue, 6 Mar 2018 01:06:24 +0900 Subject: [PATCH 20/21] Fixed the file name to enable Markdown --- README => README.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename README => README.md (100%) diff --git a/README b/README.md similarity index 100% rename from README rename to README.md From dc31db8e06ca8c7ffff96efd4516f8047c46f3e2 Mon Sep 17 00:00:00 2001 From: Makoto Chiba Date: Tue, 6 Mar 2018 01:08:01 +0900 Subject: [PATCH 21/21] Wrap by code block --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 1f5e8aa..41b39ca 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ creditials and making OAuth requests. ### Example: +```php $consumer = new HTTP_OAuth_Consumer('key', 'secret'); $consumer->getRequestToken('http://example.com/oauth/request_token', $callback); @@ -33,3 +34,4 @@ $_SESSION['token_secret'] = $consumer->getTokenSecret(); // $response is an instance of HTTP_OAuth_Consumer_Response $response = $consumer->sendRequest('http://example.com/oauth/protected_resource'); +```