You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by ch...@apache.org on 2008/11/04 21:13:48 UTC
svn commit: r711378 - in /incubator/shindig/trunk/php: config/container.php
src/gadgets/servlet/GadgetRenderingServlet.php
src/social/servlet/ApiServlet.php src/social/servlet/DataServiceServlet.php
Author: chabotc
Date: Tue Nov 4 12:13:47 2008
New Revision: 711378
URL: http://svn.apache.org/viewvc?rev=711378&view=rev
Log:
Part one of the REST OAuth support patch by Joseph Smarr, this supports both 2-legged and 3-legged oauth on the rest interface
Modified:
incubator/shindig/trunk/php/config/container.php
incubator/shindig/trunk/php/src/gadgets/servlet/GadgetRenderingServlet.php
incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php
incubator/shindig/trunk/php/src/social/servlet/DataServiceServlet.php
Modified: incubator/shindig/trunk/php/config/container.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/config/container.php?rev=711378&r1=711377&r2=711378&view=diff
==============================================================================
--- incubator/shindig/trunk/php/config/container.php (original)
+++ incubator/shindig/trunk/php/config/container.php Tue Nov 4 12:13:47 2008
@@ -33,7 +33,9 @@
* 'people_service' => 'MyPeopleService',
* 'activity_service' => 'MyActivitiesService',
* 'app_data_service' => 'MyAppDataService',
- * 'messages_service' => 'MyMessagesDataService'
+ * 'app_data_service' => 'MyAppDataService',
+ * 'oauth_lookup_service' => 'MyOAuthLookupService'
+ * 'xrds_location' => 'http://www.mycontainer.com/xrds'
* );
*
*/
@@ -52,6 +54,9 @@
'default_js_prefix' => '/gadgets/js/',
'default_iframe_prefix' => '/gadgets/ifr?',
+ // The X-XRDS-Location value for your implementing container, if any, see http://code.google.com/p/partuza/source/browse/trunk/Library/XRDS.php for an example
+ 'xrds_location' => '',
+
// The encryption keys for encrypting the security token, and the expiration of it. Make sure these match the keys used in your container/site
'token_cipher_key' => 'INSECURE_DEFAULT_KEY',
'token_hmac_key' => 'INSECURE_DEFAULT_KEY',
@@ -83,15 +88,18 @@
'remote_content' => 'BasicRemoteContent',
'security_token_signer' => 'BasicSecurityTokenDecoder',
'security_token' => 'BasicSecurityToken',
+ 'oauth_lookup_service' => 'BasicOAuthLookupService',
+
// Caching back-end to use. Shindig ships with CacheFile and CacheMemcache out of the box
'data_cache' => 'CacheFile',
- // Old-style wire format data handler, this is being depreciated
- 'handlers' => '',
- // New RESTful API data service classes to use
+
+ // RESTful API data service classes to use
+ // See http://code.google.com/p/partuza/source/browse/#svn/trunk/Shindig for a MySql powered example
'person_service' => 'JsonDbOpensocialService',
'activity_service' => 'JsonDbOpensocialService',
'app_data_service' => 'JsonDbOpensocialService',
'messages_service' => 'JsonDbOpensocialService',
+
// Also scan these directories when looking for <Class>.php files. You can include multiple paths by seperating them with a ,
'extension_class_paths' => '',
Modified: incubator/shindig/trunk/php/src/gadgets/servlet/GadgetRenderingServlet.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/servlet/GadgetRenderingServlet.php?rev=711378&r1=711377&r2=711378&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/servlet/GadgetRenderingServlet.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/servlet/GadgetRenderingServlet.php Tue Nov 4 12:13:47 2008
@@ -131,7 +131,8 @@
*/
private function outputHtmlGadget($gadget, $context, $view)
{
- $externJs = "";
+ $content = '';
+ $externJs = '';
$externFmt = "<script src=\"%s\"></script>";
$forcedLibs = $context->getForcedJsLibs();
// allow the &libs=.. param to override our forced js libs configuration value
@@ -154,15 +155,15 @@
header("P3P: " . Config::get('P3P'));
}
if (! $view->getQuirks()) {
- echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">\n";
+ $content .= "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">\n";
}
- echo "<html><head><style type=\"text/css\">" . Config::get('gadget_css') . "</style></head><body>\n";
+ $content .= "<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><style type=\"text/css\">" . Config::get('gadget_css') . "</style></head><body>\n";
// Forced libs first.
if (! empty($forcedLibs)) {
$libs = explode(':', $forcedLibs);
echo sprintf($externFmt, Config::get('default_js_prefix') . $this->getJsUrl($libs, $gadget) . "&container=" . $context->getContainer()) . "\n";
}
- echo "<script>\n";
+ $content .= "<script>\n";
if (! empty($forcedLibs)) {
// if some of the feature libraries are externalized (through a browser cachable <script src="/gadgets/js/opensocial-0.7:settitle.js">
@@ -180,20 +181,20 @@
$externJs .= sprintf($externFmt, $library->getContent()) . "\n";
// else check if there are no forcedLibs, or if it wasn't included in their dep chain
} elseif (empty($forcedLibs) || ! in_array($library->getFeatureName(), $forcedLibsArray)) {
- echo $library->getContent();
+ $content .= $library->getContent();
}
// otherwise it was already included by config.forceJsLibs.
}
- echo $this->appendJsConfig($context, $gadget, ! empty($forcedLibs)) . $this->appendMessages($gadget) . $this->appendPreloads($gadget, $context) . "</script>";
+ $content .= $this->appendJsConfig($context, $gadget, ! empty($forcedLibs)) . $this->appendMessages($gadget) . $this->appendPreloads($gadget, $context) . "</script>";
if (strlen($externJs) > 0) {
- echo $externJs;
+ $content .= $externJs;
}
$gadgetExceptions = array();
$rewriter = new ContentRewriter();
if ($rewriter->rewriteGadgetView($gadget, $view)) {
- $content = $gadget->getSubstitutions()->substitute($view->getRewrittenContent());
+ $content .= $gadget->getSubstitutions()->substitute($view->getRewrittenContent());
} else {
- $content = $gadget->getSubstitutions()->substitute($view->getContent());
+ $content .= $gadget->getSubstitutions()->substitute($view->getContent());
}
if (empty($content)) {
// Unknown view
@@ -202,8 +203,9 @@
if (count($gadgetExceptions)) {
throw new GadgetException(print_r($gadgetExceptions, true));
}
- echo $content . "\n<script>gadgets.util.runOnLoadHandlers();</script></body>\n</html>";
- }
+ $content .= "\n<script>gadgets.util.runOnLoadHandlers();</script></body>\n</html>";
+ echo $content;
+ }
/**
* Output's a URL content type gadget, it adds libs=<list:of:js:libraries>.js and user preferences
Modified: incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php?rev=711378&r1=711377&r2=711378&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php (original)
+++ incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php Tue Nov 4 12:13:47 2008
@@ -21,6 +21,7 @@
require 'src/common/SecurityTokenDecoder.php';
require 'src/common/SecurityToken.php';
require 'src/common/BlobCrypter.php';
+require 'src/common/OAuthLookupService.php';
require 'src/social/model/Activity.php';
require 'src/social/model/Address.php';
require 'src/social/model/ApiCollection.php';
@@ -55,6 +56,7 @@
require 'src/social/converters/InputAtomConverter.php';
require 'src/social/converters/InputJsonConverter.php';
require 'src/social/converters/InputXmlConverter.php';
+require 'src/social/oauth/OAuth.php';
/**
* Common base class for API servlets.
@@ -79,6 +81,26 @@
public function getSecurityToken()
{
+ // see if we have an OAuth request
+ $request = OAuthRequest::from_request();
+ $appUrl = $request->get_parameter('oauth_consumer_key');
+ $userId = $request->get_parameter('xoauth_requestor_id'); // from Consumer Request extension (2-legged OAuth)
+ $signature = $request->get_parameter('oauth_signature');
+
+ // TODO: also allow userId to be specified via oauth token and/or in URL?
+ if ($appUrl && $signature) {
+ //if ($appUrl && $signature && $userId) {
+ // look up the user and perms for this oauth request
+ $oauthLookupService = Config::get('oauth_lookup_service');
+ $oauthLookupService = new $oauthLookupService();
+ if ($oauthLookupService->thirdPartyHasAccessToUser($request, $appUrl, $userId)) {
+ return $oauthLookupService->getSecurityToken($appUrl, $userId);
+ } else {
+ return null; // invalid oauth request
+ }
+ } // else, not a valid oauth request, so don't bother
+
+ // look for encrypted security token
$token = isset($_POST['st']) ? $_POST['st'] : (isset($_GET['st']) ? $_GET['st'] : '');
if (empty($token)) {
// no security token, continue anonymously, remeber to check
Modified: incubator/shindig/trunk/php/src/social/servlet/DataServiceServlet.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social/servlet/DataServiceServlet.php?rev=711378&r1=711377&r2=711378&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/social/servlet/DataServiceServlet.php (original)
+++ incubator/shindig/trunk/php/src/social/servlet/DataServiceServlet.php Tue Nov 4 12:13:47 2008
@@ -45,6 +45,10 @@
public function doPost()
{
+ $xrdsLocation = Config::get('xrds_location');
+ if ($xrdsLocation) {
+ header("X-XRDS-Location: $xrdsLocation", false);
+ }
try {
$token = $this->getSecurityToken();
if ($token == null) {
@@ -57,7 +61,7 @@
} catch (Exception $e) {
$code = '500 Internal Server Error';
header("HTTP/1.0 $code", true);
- echo "<h1>$code - Internal Server Error</h1>\n". $e->getMessage();
+ echo "<h1>$code - Internal Server Error</h1>\n" . $e->getMessage();
if (Config::get('debug')) {
echo "\n\n<br>\nDebug backtrace:\n<br>\n<pre>\n";
echo $e->getTraceAsString();
@@ -68,6 +72,7 @@
public function sendError(ResponseItem $responseItem)
{
+ $unauthorized = false;
$errorMessage = $responseItem->getErrorMessage();
switch ($responseItem->getError()) {
case ResponseError::$BAD_REQUEST:
@@ -75,6 +80,7 @@
break;
case ResponseError::$UNAUTHORIZED:
$code = '401 Unauthorized';
+ $unauthorized = true;
break;
case ResponseError::$FORBIDDEN:
$code = '403 Forbidden';
@@ -91,6 +97,8 @@
break;
}
header("HTTP/1.0 $code", true);
+ if ($unauthorized)
+ header("WWW-Authenticate: OAuth realm", true);
echo "$code - $errorMessage";
die();
}
@@ -101,8 +109,7 @@
private function handleSingleRequest(SecurityToken $token, $inputConverter, $outputConverter)
{
$servletRequest = array(
- 'url' => substr($_SERVER["REQUEST_URI"], strlen(Config::get('web_prefix') . '/social/rest'))
- );
+ 'url' => substr($_SERVER["REQUEST_URI"], strlen(Config::get('web_prefix') . '/social/rest')));
if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) {
$servletRequest['postData'] = $GLOBALS['HTTP_RAW_POST_DATA'];
if (get_magic_quotes_gpc()) {
@@ -149,8 +156,10 @@
}
break;
}
+ // just to satisfy the code scanner, code is actually unreachable
+ return null;
}
-
+
/**
* Returns the input converter to use
*
@@ -197,6 +206,8 @@
// if that isn't set either, we assume json
return strtolower(trim(! empty($_POST[self::$FORMAT_PARAM]) ? $_POST[self::$FORMAT_PARAM] : (! empty($_GET[self::$FORMAT_PARAM]) ? $_GET[self::$FORMAT_PARAM] : 'json')));
}
+ // just to satisfy the code scanner, code is actually unreachable
+ return null;
}
/**