diff --git a/modules/oauth/config-template/module_oauth.php b/modules/oauth/config-template/module_oauth.php
index 41b46d5bbca70239df914227abdbc29110e1f9d9..a99f2acf121553267045dedf33ee739d66f1521a 100644
--- a/modules/oauth/config-template/module_oauth.php
+++ b/modules/oauth/config-template/module_oauth.php
@@ -4,25 +4,21 @@
*
*/
-$config = array (
+$config = array(
+ /* Enable the getUserInfo endpoint. Do not enable unless you know what you do.
+ * It may give external parties access to userInfo unless properly secured.
+ */
+ 'getUserInfo.enable' => true,
- /* Enable the getUserInfo endpoint. Do not enable unless you know what you do.
- * It may give external parties access to userInfo unless properly secured.
- */
- 'getUserInfo.enable' => TRUE,
-
- 'requestTokenDuration' => 60*30, // 30 minutes
- 'accessTokenDuration' => 60*60*24, // 24 hours
- 'nonceCache' => 60*60*24*14, // 14 days
+ 'requestTokenDuration' => 60 * 30, // 30 minutes
+ 'accessTokenDuration' => 60 * 60 * 24, // 24 hours
+ 'nonceCache' => 60 * 60 * 24 * 14, // 14 days
+ // Tag to run storage cleanup script using the cron module...
+ 'cron_tag' => 'hourly',
- // Tag to run storage cleanup script using the cron module...
- 'cron_tag' => 'hourly',
-
- // auth is the idp to use for admin authentication,
- // useridattr is the attribute-name that contains the userid as returned from idp
- 'auth' => 'default-sp',
- 'useridattr', 'user',
-
+ // auth is the idp to use for admin authentication,
+ // useridattr is the attribute-name that contains the userid as returned from idp
+ 'auth' => 'default-sp',
+ 'useridattr', 'user',
);
-
diff --git a/modules/oauth/hooks/hook_cron.php b/modules/oauth/hooks/hook_cron.php
index 8a0c9daa417700aeb2372a0a33a908ec3f74691b..1a37cb41d6e4777583b75d23cad64f509ed2fc87 100644
--- a/modules/oauth/hooks/hook_cron.php
+++ b/modules/oauth/hooks/hook_cron.php
@@ -1,29 +1,33 @@
<?php
+
/**
* Hook to run a cron job.
*
* @param array &$croninfo Output
*/
-function oauth_hook_cron(&$croninfo) {
- assert(is_array($croninfo));
- assert(array_key_exists('summary', $croninfo));
- assert(array_key_exists('tag', $croninfo));
- $oauthconfig = \SimpleSAML\Configuration::getOptionalConfig('module_statistics.php');
-
- if (is_null($oauthconfig->getValue('cron_tag', 'hourly'))) return;
- if ($oauthconfig->getValue('cron_tag', NULL) !== $croninfo['tag']) return;
-
- try {
- $store = new \SimpleSAML\Module\core\Storage\SQLPermanentStorage('oauth');
- $cleaned = $store->removeExpired();
-
-# if ($cleaned > 0)
- $croninfo['summary'][] = 'OAuth clean up. Removed ' . $cleaned . ' expired entries from OAuth storage.';
-
- } catch (\Exception $e) {
- $message = 'OAuth clean up cron script failed: ' . $e->getMessage();
- \SimpleSAML\Logger::warning($message);
- $croninfo['summary'][] = $message;
- }
+function oauth_hook_cron(&$croninfo)
+{
+ assert(is_array($croninfo));
+ assert(array_key_exists('summary', $croninfo));
+ assert(array_key_exists('tag', $croninfo));
+
+ $oauthconfig = \SimpleSAML\Configuration::getOptionalConfig('module_statistics.php');
+
+ if (is_null($oauthconfig->getValue('cron_tag', 'hourly'))) {
+ return;
+ }
+ if ($oauthconfig->getValue('cron_tag', null) !== $croninfo['tag']) {
+ return;
+ }
+
+ try {
+ $store = new \SimpleSAML\Module\core\Storage\SQLPermanentStorage('oauth');
+ $cleaned = $store->removeExpired();
+ $croninfo['summary'][] = 'OAuth clean up. Removed '.$cleaned.' expired entries from OAuth storage.';
+ } catch (\Exception $e) {
+ $message = 'OAuth clean up cron script failed: '.$e->getMessage();
+ \SimpleSAML\Logger::warning($message);
+ $croninfo['summary'][] = $message;
+ }
}
diff --git a/modules/oauth/hooks/hook_frontpage.php b/modules/oauth/hooks/hook_frontpage.php
index 583ef5d6c06061ffb0caff4cf552cbb6b818118c..23ebb76d541025c90d8ea91b8c7c9fa18abbcbb9 100644
--- a/modules/oauth/hooks/hook_frontpage.php
+++ b/modules/oauth/hooks/hook_frontpage.php
@@ -4,14 +4,13 @@
*
* @param array &$links The links on the frontpage, split into sections.
*/
-function oauth_hook_frontpage(&$links) {
- assert(is_array($links));
- assert(array_key_exists('links', $links));
-
- $links['federation']['oauthregistry'] = array(
- 'href' => SimpleSAML\Module::getModuleURL('oauth/registry.php'),
- 'text' => array('en' => 'OAuth Consumer Registry'),
- 'shorttext' => array('en' => 'OAuth Registry'),
- );
+function oauth_hook_frontpage(&$links)
+{
+ assert(is_array($links));
+ assert(array_key_exists('links', $links));
+ $links['federation']['oauthregistry'] = array(
+ 'href' => SimpleSAML\Module::getModuleURL('oauth/registry.php'),
+ 'text' => '{core:frontpage:link_oauth}',
+ );
}
diff --git a/modules/oauth/lib/Consumer.php b/modules/oauth/lib/Consumer.php
index 9846c0edad6a03a936ed515e4fdd399607b296bd..f655368ff6f4c368356856753c7b4162e4b5acd7 100644
--- a/modules/oauth/lib/Consumer.php
+++ b/modules/oauth/lib/Consumer.php
@@ -178,4 +178,3 @@ class Consumer
return json_decode($data, true);
}
}
-
diff --git a/modules/oauth/lib/OAuthStore.php b/modules/oauth/lib/OAuthStore.php
index db18ee589220dd8a18a9a08e19cb887455c82b45..4b7bd9a7c0906f362280b7a66254f3c582c319af 100644
--- a/modules/oauth/lib/OAuthStore.php
+++ b/modules/oauth/lib/OAuthStore.php
@@ -50,7 +50,7 @@ class OAuthStore extends \OAuthDataStore
// See whether to remember values from the original requestToken request:
$request_attributes = $this->store->get('requesttorequest', $requestTokenKey, '');
- // must be there ..
+ // must be there
if ($request_attributes['value']) {
// establish callback to use
if ($request_attributes['value']['callback']) {
diff --git a/modules/oauth/lib/Registry.php b/modules/oauth/lib/Registry.php
index 98ccf022e08a34475934ed304e58de29e589f4c2..aea40cc86af0493e27c0389ced974b84ae71332e 100644
--- a/modules/oauth/lib/Registry.php
+++ b/modules/oauth/lib/Registry.php
@@ -11,124 +11,125 @@ namespace SimpleSAML\Module\oauth;
class Registry
{
- protected function getStandardField($request, &$entry, $key) {
- if (array_key_exists('field_' . $key, $request)) {
- $entry[$key] = $request['field_' . $key];
- } else {
- if (isset($entry[$key])) unset($entry[$key]);
- }
- }
+ protected function getStandardField($request, &$entry, $key)
+ {
+ if (array_key_exists('field_'.$key, $request)) {
+ $entry[$key] = $request['field_'.$key];
+ } else if (isset($entry[$key])) {
+ unset($entry[$key]);
+ }
+ }
- public function formToMeta($request, $entry = array(), $override = NULL) {
- $this->getStandardField($request, $entry, 'name');
- $this->getStandardField($request, $entry, 'description');
- $this->getStandardField($request, $entry, 'key');
- $this->getStandardField($request, $entry, 'secret');
- $this->getStandardField($request, $entry, 'RSAcertificate');
- $this->getStandardField($request, $entry, 'callback_url');
+ public function formToMeta($request, $entry = array(), $override = null)
+ {
+ $this->getStandardField($request, $entry, 'name');
+ $this->getStandardField($request, $entry, 'description');
+ $this->getStandardField($request, $entry, 'key');
+ $this->getStandardField($request, $entry, 'secret');
+ $this->getStandardField($request, $entry, 'RSAcertificate');
+ $this->getStandardField($request, $entry, 'callback_url');
- if ($override) {
- foreach($override AS $key => $value) {
- $entry[$key] = $value;
- }
- }
-
- return $entry;
- }
+ if ($override) {
+ foreach ($override as $key => $value) {
+ $entry[$key] = $value;
+ }
+ }
+ return $entry;
+ }
- protected function requireStandardField($request, $key) {
- if (!array_key_exists('field_' . $key, $request))
- throw new \Exception('Required field [' . $key . '] was missing.');
- if (empty($request['field_' . $key]))
- throw new \Exception('Required field [' . $key . '] was empty.');
- }
+ protected function requireStandardField($request, $key)
+ {
+ if (!array_key_exists('field_'.$key, $request)) {
+ throw new \Exception('Required field ['.$key.'] was missing.');
+ }
+ if (empty($request['field_'.$key])) {
+ throw new \Exception('Required field ['.$key.'] was empty.');
+ }
+ }
- public function checkForm($request) {
- $this->requireStandardField($request, 'name');
- $this->requireStandardField($request, 'description');
- $this->requireStandardField($request, 'key');
- }
+ public function checkForm($request)
+ {
+ $this->requireStandardField($request, 'name');
+ $this->requireStandardField($request, 'description');
+ $this->requireStandardField($request, 'key');
+ }
+ protected function header($name)
+ {
+ return '<tr><td> </td><td class="header">'.$name.'</td></tr>';
+ }
- protected function header($name) {
- return '<tr ><td> </td><td class="header">' . $name . '</td></tr>';
-
- }
-
- protected function readonlyDateField($metadata, $key, $name) {
- $value = '<span style="color: #aaa">Not set</a>';
- if (array_key_exists($key, $metadata))
- $value = date('j. F Y, G:i', $metadata[$key]);
- return '<tr>
- <td class="name">' . $name . '</td>
- <td class="data">' . $value . '</td></tr>';
+ protected function readonlyDateField($metadata, $key, $name)
+ {
+ $value = '<span style="color: #aaa">Not set</a>';
+ if (array_key_exists($key, $metadata)) {
+ $value = date('j. F Y, G:i', $metadata[$key]);
+ }
+ return '<tr><td class="name">'.$name.'</td><td class="data">'.$value.'</td></tr>';
+ }
- }
-
- protected function readonlyField($metadata, $key, $name) {
- $value = '';
- if (array_key_exists($key, $metadata))
- $value = $metadata[$key];
- return '<tr>
- <td class="name">' . $name . '</td>
- <td class="data">' . htmlspecialchars($value) . '</td></tr>';
+ protected function readonlyField($metadata, $key, $name)
+ {
+ $value = '';
+ if (array_key_exists($key, $metadata)) {
+ $value = $metadata[$key];
+ }
+ return '<tr><td class="name">'.$name.'</td><td class="data">'.htmlspecialchars($value).'</td></tr>';
+ }
- }
-
- protected function hiddenField($key, $value) {
- return '<input type="hidden" name="' . $key . '" value="' . htmlspecialchars($value) . '" />';
- }
-
- protected function flattenLanguageField(&$metadata, $key) {
- if (array_key_exists($key, $metadata)) {
- if (is_array($metadata[$key])) {
- if (isset($metadata[$key]['en'])) {
- $metadata[$key] = $metadata[$key]['en'];
- } else {
- unset($metadata[$key]);
- }
- }
- }
- }
-
- protected function standardField($metadata, $key, $name, $textarea = FALSE) {
- $value = '';
- if (array_key_exists($key, $metadata)) {
- $value = htmlspecialchars($metadata[$key]);
- }
-
- if ($textarea) {
- return '<tr><td class="name">' . $name . '</td><td class="data">
- <textarea name="field_' . $key . '" rows="5" cols="50">' . $value . '</textarea></td></tr>';
-
- } else {
- return '<tr><td class="name">' . $name . '</td><td class="data">
- <input type="text" size="60" name="field_' . $key . '" value="' . $value . '" /></td></tr>';
-
- }
- }
+ protected function hiddenField($key, $value)
+ {
+ return '<input type="hidden" name="'.$key.'" value="'.htmlspecialchars($value).'" />';
+ }
- public function metaToForm($metadata) {
- return '<form action="registry.edit.php" method="post">' .
- '<div id="tabdiv">' .
- '<ul>' .
- '<li><a href="#basic">Name and descrition</a></li>' .
- '</ul>' .
- '<div id="basic"><table class="formtable">' .
- $this->standardField($metadata, 'name', 'Name of client') .
- $this->standardField($metadata, 'description', 'Description of client', TRUE) .
- $this->readonlyField($metadata, 'owner', 'Owner') .
- $this->standardField($metadata, 'key', 'Consumer Key') .
- $this->readonlyField($metadata, 'secret', 'Consumer Secret<br/>(Used for HMAC_SHA1 signatures)') .
- $this->standardField($metadata, 'RSAcertificate', 'RSA certificate (PEM)<br/>(Used for RSA_SHA1 signatures)', TRUE) .
- $this->standardField($metadata, 'callback_url', 'Static/enforcing callback-url') .
- $this->hiddenField('field_secret', $metadata['secret']) .
+ protected function flattenLanguageField(&$metadata, $key)
+ {
+ if (array_key_exists($key, $metadata)) {
+ if (is_array($metadata[$key])) {
+ if (isset($metadata[$key]['en'])) {
+ $metadata[$key] = $metadata[$key]['en'];
+ } else {
+ unset($metadata[$key]);
+ }
+ }
+ }
+ }
- '</table></div>' .
- '</div>' .
- '<input type="submit" name="submit" value="Save" style="margin-top: 5px" />' .
- '</form>';
- }
-}
+ protected function standardField($metadata, $key, $name, $textarea = false)
+ {
+ $value = '';
+ if (array_key_exists($key, $metadata)) {
+ $value = htmlspecialchars($metadata[$key]);
+ }
+ if ($textarea) {
+ return '<tr><td class="name">'.$name.'</td><td class="data">
+ <textarea name="field_'.$key.'" rows="5" cols="50">'.$value.'</textarea></td></tr>';
+ } else {
+ return '<tr><td class="name">'.$name.'</td><td class="data">
+ <input type="text" size="60" name="field_'.$key.'" value="'.$value.'" /></td></tr>';
+ }
+ }
+ public function metaToForm($metadata)
+ {
+ return '<form action="registry.edit.php" method="post">'.
+ '<div id="tabdiv">'.
+ '<ul class="tabset_tabs">'.
+ '<li class="tab-link current" data-tab="basic"><a href="#basic">Name and description</a></li>'.
+ '</ul>'.
+ '<div id="basic" class="tabset_content current"><table class="formtable">'.
+ $this->standardField($metadata, 'name', 'Name of client').
+ $this->standardField($metadata, 'description', 'Description of client', true).
+ $this->readonlyField($metadata, 'owner', 'Owner').
+ $this->standardField($metadata, 'key', 'Consumer Key').
+ $this->readonlyField($metadata, 'secret', 'Consumer Secret<br />(Used for HMAC_SHA1 signatures)').
+ $this->standardField($metadata, 'RSAcertificate', 'RSA certificate (PEM)<br />(Used for RSA_SHA1 signatures)', true).
+ $this->standardField($metadata, 'callback_url', 'Static/enforcing callback-url').
+ '</table></div>'.
+ '</div>'.
+ $this->hiddenField('field_secret', $metadata['secret']).
+ '<input type="submit" name="submit" value="Save" style="margin-top: 5px" />'.
+ '</form>';
+ }
+}
diff --git a/modules/oauth/libextinc/OAuth.php b/modules/oauth/libextinc/OAuth.php
index c269b993d7684d03beff21c9058cfd86e3c73039..7ea0d8dfe4fcf0ba74082b707849564ebe885adf 100644
--- a/modules/oauth/libextinc/OAuth.php
+++ b/modules/oauth/libextinc/OAuth.php
@@ -61,10 +61,10 @@ class OAuthToken
*/
public function to_string()
{
- return "oauth_token=" .
- OAuthUtil::urlencode_rfc3986($this->key) .
- "&oauth_token_secret=" .
- OAuthUtil::urlencode_rfc3986($this->secret) .
+ return "oauth_token=".
+ OAuthUtil::urlencode_rfc3986($this->key).
+ "&oauth_token_secret=".
+ OAuthUtil::urlencode_rfc3986($this->secret).
"&oauth_callback_confirmed=true";
}
@@ -295,10 +295,10 @@ class OAuthRequest
$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
? 'http'
: 'https';
- $http_url = ($http_url) ? $http_url : $scheme .
- '://' . $_SERVER['SERVER_NAME'] .
- ':' .
- $_SERVER['SERVER_PORT'] .
+ $http_url = ($http_url) ? $http_url : $scheme.
+ '://'.$_SERVER['SERVER_NAME'].
+ ':'.
+ $_SERVER['SERVER_PORT'].
$_SERVER['REQUEST_URI'];
$http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD'];
@@ -345,13 +345,14 @@ class OAuthRequest
*/
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = null)
{
- $parameters = ($parameters) ? $parameters : array();
+ $parameters = ($parameters) ? $parameters : array();
$defaults = array("oauth_version" => OAuthRequest::$version,
- "oauth_nonce" => OAuthRequest::generate_nonce(),
- "oauth_timestamp" => OAuthRequest::generate_timestamp(),
- "oauth_consumer_key" => $consumer->key);
- if ($token)
+ "oauth_nonce" => OAuthRequest::generate_nonce(),
+ "oauth_timestamp" => OAuthRequest::generate_timestamp(),
+ "oauth_consumer_key" => $consumer->key);
+ if ($token) {
$defaults['oauth_token'] = $token->key;
+ }
$parameters = array_merge($defaults, $parameters);
@@ -483,7 +484,7 @@ class OAuthRequest
{
$first = true;
if ($realm) {
- $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
+ $out = 'Authorization: OAuth realm="'.OAuthUtil::urlencode_rfc3986($realm).'"';
$first = false;
} else {
$out = 'Authorization: OAuth';
@@ -497,9 +498,9 @@ class OAuthRequest
throw new OAuthException('Arrays not supported in headers');
}
$out .= ($first) ? ' ' : ',';
- $out .= OAuthUtil::urlencode_rfc3986($k) .
- '="' .
- OAuthUtil::urlencode_rfc3986($v) .
+ $out .= OAuthUtil::urlencode_rfc3986($k).
+ '="'.
+ OAuthUtil::urlencode_rfc3986($v).
'"';
$first = false;
}
@@ -545,14 +546,14 @@ class OAuthRequest
$mt = microtime();
$rand = mt_rand();
- return md5($mt . $rand); // md5s look nicer than numbers
+ return md5($mt.$rand); // md5s look nicer than numbers
}
}
class OAuthServer
{
protected $timestamp_threshold = 300; // in seconds, five minutes
- protected $version = '1.0'; // hi blaine
+ protected $version = '1.0'; // hi blaine
protected $signature_methods = array();
protected $data_store;
@@ -581,7 +582,7 @@ class OAuthServer
$consumer = $this->get_consumer($request);
// no token required for the initial token request
- $token = NULL;
+ $token = null;
$this->check_signature($request, $consumer, $token);
@@ -651,7 +652,7 @@ class OAuthServer
{
$signature_method = $request instanceof OAuthRequest
? $request->get_parameter("oauth_signature_method")
- : NULL;
+ : null;
if (!$signature_method) {
// According to chapter 7 ("Accessing Protected Ressources") the signature-method
@@ -662,8 +663,8 @@ class OAuthServer
if (!in_array($signature_method,
array_keys($this->signature_methods))) {
throw new OAuthException(
- "Signature method '$signature_method' not supported " .
- "try one of the following: " .
+ "Signature method '$signature_method' not supported ".
+ "try one of the following: ".
implode(", ", array_keys($this->signature_methods))
);
}
@@ -677,7 +678,7 @@ class OAuthServer
{
$consumer_key = $request instanceof OAuthRequest
? $request->get_parameter("oauth_consumer_key")
- : NULL;
+ : null;
if (!$consumer_key) {
throw new OAuthException("Invalid consumer key");
@@ -694,7 +695,7 @@ class OAuthServer
/**
* try to find the token for the provided request's token key
*/
- private function get_token($request, $consumer, $token_type="access")
+ private function get_token($request, $consumer, $token_type = "access")
{
$token_field = $request instanceof OAuthRequest
? $request->get_parameter('oauth_token')
@@ -705,10 +706,9 @@ class OAuthServer
$consumer, $token_type, $token_field
);
if (!$token) {
- throw new OAuthException("Invalid $token_type token: $token_field");
+ throw new OAuthException('Invalid '.$token_type.' token: '.$token_field);
}
- }
- else {
+ } else {
$token = new OAuthToken('', '');
}
return $token;
@@ -978,10 +978,10 @@ class OAuthUtil
// June 12th, 2010 - changed to sort because of issue 164 by hidetaka
sort($value, SORT_STRING);
foreach ($value as $duplicate_value) {
- $pairs[] = $parameter . '=' . $duplicate_value;
+ $pairs[] = $parameter.'='.$duplicate_value;
}
} else {
- $pairs[] = $parameter . '=' . $value;
+ $pairs[] = $parameter.'='.$value;
}
}
// For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
diff --git a/modules/oauth/www/getUserInfo.php b/modules/oauth/www/getUserInfo.php
index 001e3b33ff37686f561479eb601590a4a7488a01..e68808add1ecd8158d2be9726a3f8046b1bd2e55 100644
--- a/modules/oauth/www/getUserInfo.php
+++ b/modules/oauth/www/getUserInfo.php
@@ -4,8 +4,8 @@ require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
$oauthconfig = \SimpleSAML\Configuration::getConfig('module_oauth.php');
-if (!$oauthconfig->getBoolean('getUserInfo.enable', FALSE)) {
- throw new \Exception('Get user info endpoint is disabled. This endpoint can be enabled in the module_oauth.php configuration file.');
+if (!$oauthconfig->getBoolean('getUserInfo.enable', false)) {
+ throw new \Exception('Get user info endpoint is disabled. This endpoint can be enabled in the module_oauth.php configuration file.');
}
$store = new \SimpleSAML\Module\oauth\OAuthStore();
@@ -23,4 +23,3 @@ list($consumer, $token) = $server->verify_request($req);
$data = $store->getAuthorizedData($token->key);
echo json_encode($data);
-
diff --git a/modules/oauth/www/registry.edit.php b/modules/oauth/www/registry.edit.php
index a1f1a46091f540d185ae47df2e5b2fb703a60d3b..45d21cf685fa63385a223df147a1f435f268e402 100644
--- a/modules/oauth/www/registry.edit.php
+++ b/modules/oauth/www/registry.edit.php
@@ -11,56 +11,59 @@ $authsource = "admin"; // force admin to authenticate as registry maintainer
$useridattr = $oauthconfig->getValue('useridattr', 'user');
if ($session->isValid($authsource)) {
- $attributes = $session->getAuthData($authsource, 'Attributes');
- // Check if userid exists
- if (!isset($attributes[$useridattr]))
- throw new \Exception('User ID is missing');
- $userid = $attributes[$useridattr][0];
+ $attributes = $session->getAuthData($authsource, 'Attributes');
+ // Check if userid exists
+ if (!isset($attributes[$useridattr])) {
+ throw new \Exception('User ID is missing');
+ }
+ $userid = $attributes[$useridattr][0];
} else {
- $as = \SimpleSAML\Auth\Source::getById($authsource);
- $as->initLogin(\SimpleSAML\Utils\HTTP::getSelfURL());
+ $as = \SimpleSAML\Auth\Source::getById($authsource);
+ $as->initLogin(\SimpleSAML\Utils\HTTP::getSelfURL());
}
-function requireOwnership($entry, $userid) {
- if (!isset($entry['owner']))
- throw new \Exception('OAuth Consumer has no owner. Which means no one is granted access, not even you.');
- if ($entry['owner'] !== $userid)
- throw new \Exception('OAuth Consumer has an owner that is not equal to your userid, hence you are not granted access.');
+function requireOwnership($entry, $userid)
+{
+ if (!isset($entry['owner'])) {
+ throw new \Exception('OAuth Consumer has no owner. Which means no one is granted access, not even you.');
+ }
+ if ($entry['owner'] !== $userid) {
+ throw new \Exception('OAuth Consumer has an owner that is not equal to your userid, hence you are not granted access.');
+ }
}
if (array_key_exists('editkey', $_REQUEST)) {
- $entryc = $store->get('consumers', $_REQUEST['editkey'], '');
- $entry = $entryc['value'];
- requireOwnership($entry, $userid);
-
+ $entryc = $store->get('consumers', $_REQUEST['editkey'], '');
+ $entry = $entryc['value'];
+ requireOwnership($entry, $userid);
} else {
- $entry = array(
- 'owner' => $userid,
- 'key' => \SimpleSAML\Utils\Random::generateID(),
- 'secret' => \SimpleSAML\Utils\Random::generateID(),
- );
+ $entry = array(
+ 'owner' => $userid,
+ 'key' => \SimpleSAML\Utils\Random::generateID(),
+ 'secret' => \SimpleSAML\Utils\Random::generateID(),
+ );
}
$editor = new \SimpleSAML\Module\oauth\Registry();
if (isset($_POST['submit'])) {
- $editor->checkForm($_POST);
+ $editor->checkForm($_POST);
- $entry = $editor->formToMeta($_POST, array(), array('owner' => $userid));
+ $entry = $editor->formToMeta($_POST, array(), array('owner' => $userid));
- requireOwnership($entry, $userid);
+ requireOwnership($entry, $userid);
- $store->set('consumers', $entry['key'], '', $entry);
-
- $template = new \SimpleSAML\XHTML\Template($config, 'oauth:registry.saved.php');
- $template->data['entry'] = $entry;
- $template->show();
- exit;
+ $store->set('consumers', $entry['key'], '', $entry);
+
+ $template = new \SimpleSAML\XHTML\Template($config, 'oauth:registry.saved.php');
+ $template->data['entry'] = $entry;
+ $template->show();
+ exit;
}
$form = $editor->metaToForm($entry);
$template = new \SimpleSAML\XHTML\Template($config, 'oauth:registry.edit.tpl.php');
$template->data['form'] = $form;
+$template->data['jquery'] = array('core' => false, 'ui' => true, 'css' => true);
$template->show();
-
diff --git a/modules/oauth/www/registry.php b/modules/oauth/www/registry.php
index a229c3782d741a6d60c1b9d8f9cdae2bc9d13637..4fbdcd1ed4f75a928eaff29edbd5ae4f5dcee245 100644
--- a/modules/oauth/www/registry.php
+++ b/modules/oauth/www/registry.php
@@ -7,48 +7,51 @@ $oauthconfig = \SimpleSAML\Configuration::getOptionalConfig('module_oauth.php');
$store = new \SimpleSAML\Module\core\Storage\SQLPermanentStorage('oauth');
-$authsource = "admin"; // force admin to authenticate as registry maintainer
+$authsource = "admin"; // force admin to authenticate as registry maintainer
$useridattr = $oauthconfig->getValue('useridattr', 'user');
if ($session->isValid($authsource)) {
- $attributes = $session->getAuthData($authsource, 'Attributes');
- // Check if userid exists
- if (!isset($attributes[$useridattr]))
- throw new \Exception('User ID is missing');
- $userid = $attributes[$useridattr][0];
+ $attributes = $session->getAuthData($authsource, 'Attributes');
+ // Check if userid exists
+ if (!isset($attributes[$useridattr])) {
+ throw new \Exception('User ID is missing');
+ }
+ $userid = $attributes[$useridattr][0];
} else {
- $as = \SimpleSAML\Auth\Source::getById($authsource);
- $as->initLogin(\SimpleSAML\Utils\HTTP::getSelfURL());
+ $as = \SimpleSAML\Auth\Source::getById($authsource);
+ $as->initLogin(\SimpleSAML\Utils\HTTP::getSelfURL());
}
-function requireOwnership($entry, $userid) {
- if (!isset($entry['owner']))
- throw new \Exception('OAuth Consumer has no owner. Which means no one is granted access, not even you.');
- if ($entry['owner'] !== $userid)
- throw new \Exception('OAuth Consumer has an owner that is not equal to your userid, hence you are not granted access.');
+function requireOwnership($entry, $userid)
+{
+ if (!isset($entry['owner'])) {
+ throw new \Exception('OAuth Consumer has no owner. Which means no one is granted access, not even you.');
+ }
+ if ($entry['owner'] !== $userid) {
+ throw new \Exception('OAuth Consumer has an owner that is not equal to your userid, hence you are not granted access.');
+ }
}
-
if (isset($_REQUEST['delete'])) {
- $entryc = $store->get('consumers', $_REQUEST['delete'], '');
- $entry = $entryc['value'];
+ $entryc = $store->get('consumers', $_REQUEST['delete'], '');
+ $entry = $entryc['value'];
- requireOwnership($entry, $userid);
- $store->remove('consumers', $entry['key'], '');
+ requireOwnership($entry, $userid);
+ $store->remove('consumers', $entry['key'], '');
}
-
$list = $store->getList('consumers');
$slist = array('mine' => array(), 'others' => array());
-if (is_array($list))
-foreach($list AS $listitem) {
- if (array_key_exists('owner', $listitem['value'])) {
- if ($listitem['value']['owner'] === $userid) {
- $slist['mine'][] = $listitem; continue;
- }
- }
- $slist['others'][] = $listitem;
+if (is_array($list)) {
+ foreach ($list as $listitem) {
+ if (array_key_exists('owner', $listitem['value'])) {
+ if ($listitem['value']['owner'] === $userid) {
+ $slist['mine'][] = $listitem; continue;
+ }
+ }
+ }
+ $slist['others'][] = $listitem;
}
$template = new \SimpleSAML\XHTML\Template($config, 'oauth:registry.list.php');