From b51a731d4b264a0217bc60eb26a575618e6bc597 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 26 May 2015 15:49:58 +0200
Subject: [PATCH] Remove broken sspmod_oauth_OuthSignatureMethodRSASHA1.

This class has been broken for several years, and we are not aware of
any users of it. Delete that class and any code instantiating that class.
---
 .../oauth/lib/OAuthSignatureMethodRSASHA1.php | 31 -------
 modules/oauth/www/accessToken.php             | 38 ---------
 modules/oauth/www/authorize.php               | 82 -------------------
 modules/oauth/www/requestToken.php            | 29 -------
 4 files changed, 180 deletions(-)
 delete mode 100644 modules/oauth/lib/OAuthSignatureMethodRSASHA1.php
 delete mode 100644 modules/oauth/www/accessToken.php
 delete mode 100644 modules/oauth/www/authorize.php
 delete mode 100644 modules/oauth/www/requestToken.php

diff --git a/modules/oauth/lib/OAuthSignatureMethodRSASHA1.php b/modules/oauth/lib/OAuthSignatureMethodRSASHA1.php
deleted file mode 100644
index a29d68ef1..000000000
--- a/modules/oauth/lib/OAuthSignatureMethodRSASHA1.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-
-require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
-
-
-class sspmod_oauth_OAuthSignatureMethodRSASHA1 extends OAuthSignatureMethod_RSA_SHA1 {
-	protected $_store;
-	
-	public function __construct() {
-		$this->_store = new sspmod_core_Storage_SQLPermanentStorage('oauth');
-	}
-	
-	/**
-	 * Returns the secret that was registered with a Consumer<br/>
-	 * In case of RSA_SHA1, the consumer secret is initialized with the certificate containing the public key
-	 * @param $request OAuthRequest instance of the request to be handled; must contain oauth_consumer_key parameter
-	 * @return string value containing the public key that was registered with the consumer identified by 
-	 * 			consumer_key from the request 
-	 */
-	protected function fetch_public_cert(&$request) {
-		$consumer_key = @$request->get_parameter('oauth_consumer_key');
-		
-		$oConsumer = $this->_OAuthStore->lookup_consumer($consumer_key);
-		
-		if (! $oConsumer) {
-			return NULL;
-		}
-		
-		return $oConsumer->secret;
-	}
-}
diff --git a/modules/oauth/www/accessToken.php b/modules/oauth/www/accessToken.php
deleted file mode 100644
index 82eed1756..000000000
--- a/modules/oauth/www/accessToken.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-
-require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
-
-
-try {
-
-	$store = new sspmod_oauth_OAuthStore();
-	$server = new sspmod_oauth_OAuthServer($store);
-
-	$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
-	$plaintext_method = new OAuthSignatureMethod_PLAINTEXT();
-	$rsa_method = new sspmod_oauth_OAuthSignatureMethodRSASHA1();
-
-	$server->add_signature_method($hmac_method);
-	$server->add_signature_method($plaintext_method);
-	$server->add_signature_method($rsa_method);
-
-	$req = OAuthRequest::from_request();
-
-
-	$requestToken = $req->get_parameter('oauth_token');
-	$verifier = $req->get_parameter("oauth_verifier"); if ($verifier === null) $verifier = '';
-
-	if (!$store->isAuthorized($requestToken, $verifier)) {
-		throw new Exception('Your request was not authorized. Request token [' . $requestToken . '] not found.');
-	}
-
-	$accessToken = $server->fetch_access_token($req);
-	$data = $store->moveAuthorizedData($requestToken, $verifier, $accessToken->key);
-
-	echo $accessToken;
-
-} catch (Exception $e) {
-	
-	header('Content-type: text/plain; utf-8', TRUE, 500);
-	header('OAuth-Error: ' . $e->getMessage());
-}
diff --git a/modules/oauth/www/authorize.php b/modules/oauth/www/authorize.php
deleted file mode 100644
index 0816dec15..000000000
--- a/modules/oauth/www/authorize.php
+++ /dev/null
@@ -1,82 +0,0 @@
-<?php
-
-require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
-
-try {
-	
-
-
-	$oauthconfig = SimpleSAML_Configuration::getOptionalConfig('module_oauth.php');
-
-	if(!array_key_exists('oauth_token', $_REQUEST)) {
-		throw new Exception('Required URL parameter [oauth_token] is missing.');
-	}
-	$requestToken = $_REQUEST['oauth_token'];
-
-	$store = new sspmod_oauth_OAuthStore();
-	$server = new sspmod_oauth_OAuthServer($store);
-
-	$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
-	$plaintext_method = new OAuthSignatureMethod_PLAINTEXT();
-	$rsa_method = new sspmod_oauth_OAuthSignatureMethodRSASHA1();
-
-	$server->add_signature_method($hmac_method);
-	$server->add_signature_method($plaintext_method);
-	$server->add_signature_method($rsa_method);
-
-
-	$config = SimpleSAML_Configuration::getInstance();
-	$session = SimpleSAML_Session::getSessionFromRequest();
-
-	$as = $oauthconfig->getString('auth');
-	if (!$session->isValid($as)) {
-		SimpleSAML_Auth_Default::initLogin($as, \SimpleSAML\Utils\HTTP::getSelfURL());
-	}
-
-
-	if (!empty($_REQUEST['consent'])) {
-		$consumer = $store->lookup_consumer_by_requestToken($requestToken);
-	
-		$t = new SimpleSAML_XHTML_Template($config, 'oauth:consent.php');
-		$t->data['header'] = '{status:header_saml20_sp}';
-		$t->data['consumer'] = $consumer;	// array containint {name, description, key, secret, owner} keys
-		$t->data['urlAgree'] = \SimpleSAML\Utils\HTTP::addURLParameters(\SimpleSAML\Utils\HTTP::getSelfURL(), array("consent" => "yes"));
-		$t->data['logouturl'] = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery() . '?logout';
-	
-		$t->show();
-	
-		exit();	// and be done.
-	}
-
-	$attributes = $session->getAuthData($as, 'Attributes');
-
-	// Assume user consent at this point and proceed with authorizing the token
-	list($url, $verifier) = $store->authorize($requestToken, $attributes);
-
-
-	if ($url) {
-		// If authorize() returns a URL, take user there (oauth1.0a)
-		\SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
-	} 
-	else if (isset($_REQUEST['oauth_callback'])) {
-		// If callback was provided in the request (oauth1.0)
-		\SimpleSAML\Utils\HTTP::redirectUntrustedURL($_REQUEST['oauth_callback']);
-	
-	} else {
-		// No callback provided, display standard template
-
-		$t = new SimpleSAML_XHTML_Template($config, 'oauth:authorized.php');
-
-		$t->data['header'] = '{status:header_saml20_sp}';
-		$t->data['remaining'] = $session->getAuthData($as, "Expire") - time();
-		$t->data['attributes'] = $attributes;
-		$t->data['logouturl'] = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery() . '?logout';
-		$t->data['oauth_verifier'] = $verifier;
-		$t->show();
-	}
-
-} catch (Exception $e) {
-	
-	header('Content-type: text/plain; utf-8', TRUE, 500);
-	header('OAuth-Error: ' . $e->getMessage());
-}
diff --git a/modules/oauth/www/requestToken.php b/modules/oauth/www/requestToken.php
deleted file mode 100644
index 3e270701c..000000000
--- a/modules/oauth/www/requestToken.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
-
-
-try {
-	
-	$store = new sspmod_oauth_OAuthStore();
-	$server = new sspmod_oauth_OAuthServer($store);
-
-	$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
-	$plaintext_method = new OAuthSignatureMethod_PLAINTEXT();
-	$rsa_method = new sspmod_oauth_OAuthSignatureMethodRSASHA1();
-
-	$server->add_signature_method($hmac_method);
-	$server->add_signature_method($plaintext_method);
-	$server->add_signature_method($rsa_method);
-
-	$req = OAuthRequest::from_request();
-	$token = $server->fetch_request_token($req, null, $req->get_version());
-
-	// OAuth1.0-revA adds oauth_callback_confirmed to token
-	echo $token . "&oauth_callback_confirmed=true";
-	
-} catch (Exception $e) {
-	
-	header('Content-type: text/plain; utf-8', TRUE, 500);
-	header('OAuth-Error: ' . $e->getMessage());
-}
-- 
GitLab