1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
<?php
namespace MediaWiki\Extensions\OAuth\Backend;
use MediaWiki\Extensions\OAuth\Lib\OAuthRequest;
use MediaWiki\Extensions\OAuth\Lib\OAuthUtil;
use MediaWiki\Logger\LoggerFactory;
/**
* @file
* @ingroup OAuth
*
* @license GPL-2.0-or-later
* @author Chris Steipp
*/
class MWOAuthRequest extends OAuthRequest {
private $sourceIP;
public function __construct( $httpMethod, $httpUrl, $parameters, $sourcIP = false ) {
$this->sourceIP = $sourcIP;
parent::__construct( $httpMethod, $httpUrl, $parameters );
}
public function getConsumerKey() {
$key = '';
if ( isset( $this->parameters['oauth_consumer_key'] ) ) {
$key = $this->parameters['oauth_consumer_key'];
}
return $key;
}
/**
* Track the source IP of the request, so we can enforce the IP whitelist
* @return string $ip the ip of the source
*/
public function getSourceIP() {
return $this->sourceIP;
}
public static function fromRequest( \WebRequest $request ) {
$httpMethod = strtoupper( $request->getMethod() );
$httpUrl = $request->getFullRequestURL();
$logger = LoggerFactory::getInstance( 'OAuth' );
// Find request headers
$requestHeaders = Utils::getHeaders();
// Parse the query-string to find GET parameters
$parameters = $request->getQueryValuesOnly();
// It's a POST request of the proper content-type, so parse POST
// parameters and add those overriding any duplicates from GET
if ( $request->wasPosted()
&& isset( $requestHeaders['Content-Type'] )
&& strpos(
$requestHeaders['Content-Type'],
'application/x-www-form-urlencoded'
) === 0
) {
$postData = OAuthUtil::parse_parameters( $request->getRawPostString() );
$parameters = array_merge( $parameters, $postData );
}
// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if ( isset( $requestHeaders['Authorization'] )
&& substr( $requestHeaders['Authorization'], 0, 6 ) == 'OAuth '
) {
$headerParameters = OAuthUtil::split_header(
$requestHeaders['Authorization']
);
$parameters = array_merge( $parameters, $headerParameters );
}
return new self( $httpMethod, $httpUrl, $parameters, $request->getIP() );
}
}
|