Handle PUT data

.travis.yml

@@ -0,0 +1,6 @@
+language: php
+install:
+  - pear install -fa package.xml
+php:
+  - 5.4
+script: phpunit tests/

HTTP/OAuth.php

@@ -142,15 +142,18 @@ static public function buildHttpQuery(array $params)
             return '';
         }
 
-        $keys   = self::urlencode(array_keys($params));
-        $values = self::urlencode(array_values($params));
-        $params = array_combine($keys, $values);
-
-        uksort($params, 'strcmp');
+        ksort($params, SORT_STRING);
 
         $pairs = array();
         foreach ($params as $key => $value) {
-            $pairs[] =  $key . '=' . $value;
+            if (is_array($value)) {
+                sort($value, SORT_STRING);
+                foreach ($value as $multiValue) {
+                    $pairs[] = self::urlencode($key) . '=' . self::urlencode($multiValue);
+                }
+            } else {
+                $pairs[] = self::urlencode($key) . '=' . self::urlencode($value);
+            }
         }
 
         return implode('&', $pairs);

HTTP/OAuth/Consumer/Request.php

@@ -217,10 +217,11 @@ public function send()
         $headers     = $request->getHeaders();
         $contentType = isset($headers['content-type'])
                        ? $headers['content-type'] : '';
-        if ($this->getMethod() == 'POST'
-            && $contentType == 'application/x-www-form-urlencoded'
-        ) {
 
+        // RFC 5849 3.4.1.3.1 allows any HTTP method with the correct
+        // content-type and body content. Don't check method type here.
+        // See PEAR Bug 17806.
+        if ($contentType == 'application/x-www-form-urlencoded') {
             $body = $this->getHTTPRequest2()->getBody();
             $body = str_replace('+', '%20', $body);
             $this->getHTTPRequest2()->setBody($body);
@@ -229,7 +230,12 @@ public function send()
         try {
             $response = $this->getHTTPRequest2()->send();
         } catch (Exception $e) {
-            throw new HTTP_OAuth_Exception($e->getMessage(), $e->getCode());
+            if (version_compare(PHP_VERSION, '5.3.0', 'ge')) {
+                // Use exception chaining if available. See PEAR Bug #18574.
+                throw new HTTP_OAuth_Exception($e->getMessage(), $e->getCode(), $e);
+            } else {
+                throw new HTTP_OAuth_Exception($e->getMessage(), $e->getCode());
+            }
         }
 
         return new HTTP_OAuth_Consumer_Response($response);
@@ -280,6 +286,8 @@ protected function buildRequest()
 
         switch ($this->getMethod()) {
         case 'POST':
+        case 'PUT':
+        case 'DELETE':
             foreach ($this->getParameters() as $name => $value) {
                 if (substr($name, 0, 6) == 'oauth_') {
                     continue;
@@ -289,6 +297,7 @@ protected function buildRequest()
             }
             break;
         case 'GET':
+        case 'HEAD':
             $url = $this->getUrl();
             foreach ($this->getParameters() as $name => $value) {
                 if (substr($name, 0, 6) == 'oauth_') {

HTTP/OAuth/Message.php

@@ -97,8 +97,7 @@ public function getOAuthParameters()
     public function getParameters()
     {
         $params = $this->parameters;
-        ksort($params);
-
+        ksort($params, SORT_STRING);
         return $params;
     }
 

HTTP/OAuth/Provider/Request.php

@@ -55,17 +55,53 @@ class HTTP_OAuth_Provider_Request extends HTTP_OAuth_Message
      */
     protected $method = '';
 
+    /**
+     * Body data from the incoming request
+     *
+     * @var string raw body data from the incoming request
+     */
+    protected $body = '';
+
     /**
      * Construct
      *
+     * @param string $body optional. The HTTP request body. Use this if your
+     *                     framework automatically reads the php://input
+     *                     stream.
+     *
      * @return void
      */
-    public function __construct()
+    public function __construct($body = '')
     {
         $this->setHeaders();
+        $this->setBody($body);
         $this->setParametersFromRequest();
     }
 
+    /**
+     * Sets the body data for this request
+     *
+     * This is useful if your framework automatically reads the php://input
+     * stream and your API puts parameters in the request body.
+     *
+     * @param string $body the HTTP request body.
+     *
+     * @return HTTP_OAuth_Provider_Request the current object, for fluent
+     *                                     interface.
+     */
+    public function setBody($body = '')
+    {
+        if (empty($body)) {
+            // @codeCoverageIgnoreStart
+            $this->body = file_get_contents('php://input');
+            // @codeCoverageIgnoreEnd
+        } else {
+            $this->body = (string)$body;
+        }
+
+        return $this;
+    }
+
     /**
      * Set incoming request headers
      *
@@ -83,7 +119,7 @@ public function setHeaders(array $headers = array())
         } else if (is_array($this->peclHttpHeaders())) {
             $this->debug('Using pecl_http to get request headers');
             $this->headers = $this->peclHttpHeaders();
-        } else { 
+        } else {
             $this->debug('Using $_SERVER to get request headers');
             foreach ($_SERVER as $name => $value) {
                 if (substr($name, 0, 5) == 'HTTP_') {
@@ -149,34 +185,39 @@ public function setParametersFromRequest()
         $auth   = $this->getHeader('Authorization');
         if ($auth !== null) {
             $this->debug('Using OAuth data from header');
+
+            // strip leading OAuth authentication scheme
+            $auth = preg_replace('/^oauth /i', '', $auth);
+
+            // split auth parameters
             $parts = explode(',', $auth);
             foreach ($parts as $part) {
-                list($key, $value) = explode('=', trim($part));
-                if (strstr(strtolower($key), 'oauth ')
-                    || strstr(strtolower($key), 'uth re')
-                    || substr(strtolower($key), 0, 6) != 'oauth_'
-                ) {
+                list($key, $value) = explode('=', $part, 2);
+
+                // strip spaces from around comma and equals delimiters
+                $key = trim($key);
+                $value = trim($value);
+
+                // ignore auth parameters that are not prefixed with oauth_
+                if (substr(strtolower($key), 0, 6) != 'oauth_') {
                     continue;
                 }
 
-                $value = trim($value);
                 $value = str_replace('"', '', $value);
 
-                $params[$key] = $value;
+                $params[HTTP_OAuth::urldecode($key)] = HTTP_OAuth::urldecode($value);
             }
         }
 
-        if ($this->getRequestMethod() == 'POST') {
-            $this->debug('getting data from POST');
-            $contentType = substr($this->getHeader('Content-Type'), 0, 33);
-            if ($contentType !== 'application/x-www-form-urlencoded') {
-                throw new HTTP_OAuth_Provider_Exception_InvalidRequest('Invalid ' .
-                    'content type for POST request');
-            }
-
+        // RFC 5849 3.4.1.3.1 allows any HTTP method with the correct
+        // content-type and body content. Don't check method type here.
+        // See PEAR Bug 17806.
+        $contentType = $this->getHeader('Content-Type');
+        if (strncmp($contentType, 'application/x-www-form-urlencoded', 33) === 0) {
+            $this->debug('getting application/x-www-form-urlencoded data from request body');
             $params = array_merge(
                 $params,
-                $this->parseQueryString($this->getPostData())
+                $this->parseQueryString($this->getBody())
             );
         }
 
@@ -190,7 +231,7 @@ public function setParametersFromRequest()
                 'data found from request');
         }
 
-        $this->setParameters(HTTP_OAuth::urldecode($params));
+        $this->setParameters($params);
     }
 
     /**
@@ -321,22 +362,22 @@ public function getHeaders()
         return $this->headers;
     }
 
-    // @codeCoverageIgnoreStart
     /**
-     * Gets POST data
+     * Gets request body
      *
-     * @return string Post data
+     * @return string request data
      */
-    protected function getPostData()
+    public function getBody()
     {
-        return file_get_contents('php://input');
+        return $this->body;
     }
-    // @codeCoverageIgnoreEnd
 
     /**
      * Parses a query string
      *
-     * Does not urldecode the name or values like $_GET and $_POST
+     * Does not use built-in urldecoding of name or values like $_GET and
+     * $_POST. Instead, names and values are decoded using RFC 3986 as required
+     * by OAuth.
      *
      * @param string $string Query string
      *
@@ -355,7 +396,22 @@ protected function parseQueryString($string)
             }
 
             list($key, $value) = explode('=', $part);
-            $data[$key] = self::urldecode($value);
+
+            $key   = HTTP_OAuth::urldecode($key);
+            $value = HTTP_OAuth::urldecode($value);
+
+            if (isset($data[$key])) {
+                if (is_array($data[$key])) {
+                    $data[$key][] = $value;
+                } else {
+                    $data[$key] = array(
+                        $data[$key],
+                        $value
+                    );
+                }
+            } else {
+                $data[$key] = $value;
+            }
         }
 
         return $data;

LICENSE

@@ -0,0 +1,24 @@
+Copyright (c) 2009 Jeff Hodsdon, 2009 Bill Shupp, 2013 silverorange Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+    this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README → README.md

@@ -1,15 +1,18 @@
+# HTTP_OAuth - Implementation of the OAuth specification
+
 HTTP_OAuth is a PEAR package implementing the OAuth 1.0a protocol.
 Consumer, Provier (request and response) classes are provided.
 See the Consumer examples below:
 
 
-HTTP_OAuth_Consumer
+## HTTP_OAuth_Consumer
 
 Main consumer class that assists consumers in establishing OAuth
 creditials and making OAuth requests.
 
-Example:
+### Example:
 
+```php
 $consumer = new HTTP_OAuth_Consumer('key', 'secret');
 $consumer->getRequestToken('http://example.com/oauth/request_token', $callback);
 
@@ -31,3 +34,4 @@ $_SESSION['token_secret'] = $consumer->getTokenSecret();
 
 // $response is an instance of HTTP_OAuth_Consumer_Response
 $response = $consumer->sendRequest('http://example.com/oauth/protected_resource');
+```

composer.json

@@ -0,0 +1,42 @@
+{
+	"name": "pear/http_oauth",
+	"description": "Implementation of the OAuth 1.0a specification.",
+	"type": "library",
+	"keywords": [ "http", "oauth" ],
+	"homepage": "https://github.com/pear/HTTP_OAuth",
+	"license": "BSD-2-Clause",
+	"authors": [
+		{
+			"name": "Michael Gauthier",
+			"email": "[email protected]"
+		},
+		{
+			"name": "Jeff Hodsdon",
+			"email": "[email protected]"
+		},
+		{
+			"name": "Bill Shupp",
+			"email": "[email protected]"
+		}
+	],
+	"require": {
+		"php": ">=5.1.2",
+		"ext-date": "*",
+		"ext-hash": "*",
+		"ext-spl": "*",
+		"pear/pear-core-minimal": "^1.9.0",
+		"pear/http_request2": "^2.0.0"
+	},
+	"suggest": {
+		"pear/log": "Allows logging requests for debugging",
+		"pear/cache_lite": "Caching of requests."
+	},
+	"autoload": {
+		"psr-0": {
+			"HTTP_OAuth": ""
+		}
+	},
+	"include-path": [
+		"./"
+	]
+}