use php-lib-remote-rs

5 files changed, 69 insertions, 19 deletions

diff --git a/user_oauth/3rdparty/SOURCE b/user_oauth/3rdparty/SOURCE
deleted file mode 100644
index 68bbb9044..000000000
--- a/user_oauth/3rdparty/SOURCE
+++ /dev/null
@@ -1,5 +0,0 @@
-Taken from:
-https://github.com/fkooman/php-oauth-example-rs/blob/master/lib/RemoteResourceServer.php
-
-Raw file from:
-https://raw.github.com/fkooman/php-oauth-example-rs/master/lib/RemoteResourceServer.php
diff --git a/user_oauth/3rdparty/fetch_3rdparty_libs.sh b/user_oauth/3rdparty/fetch_3rdparty_libs.sh
new file mode 100644
index 000000000..743755a4e
--- /dev/null
+++ b/user_oauth/3rdparty/fetch_3rdparty_libs.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+rm -rf php-lib-remote-rs/
+git clone https://github.com/fkooman/php-lib-remote-rs.git
+rm -rf php-lib-remote-rs/.git
diff --git a/user_oauth/3rdparty/php-lib-remote-rs/README.md b/user_oauth/3rdparty/php-lib-remote-rs/README.md
new file mode 100644
index 000000000..63e6b19ea
--- /dev/null
+++ b/user_oauth/3rdparty/php-lib-remote-rs/README.md
@@ -0,0 +1,43 @@
+# Introduction
+This is a library to implement an OAuth 2.0 resource server (RS). The library
+can be used by any service that wants to accept OAuth 2.0 bearer tokens.
+
+It is compatible with and was tested with 
+[php-oauth](https://github.com/fkooman/php-oauth) and Google.
+
+# API
+Using the library is straightforward:
+
+    <?php
+    require_once 'extlib/php-lib-remote-rs/lib/OAuth/RemoteResourceServer.php';
+
+    use \OAuth\RemoteResourceServer as RemoteResourceServer;
+
+    $config = array(
+        "tokenInfoEndpoint" => "http://localhost/php-oauth/tokeninfo.php",
+        "resourceServerRealm" => "My Demo Service",
+        "throwException" => FALSE
+    );
+
+    $rs = new RemoteResourceServer($config);
+    $rs->verifyRequest();
+
+Onlt the `tokenInfoEndpoint` configuration parameter is required, the others
+are optional:
+
+* `tokenInfoEndpoint` - specify the location at which to verify the OAuth token;
+* `resourceServerRealm` - specify the "realm" of the RS that is used when 
+  returning errors to the client using the `WWW-Authenticate` header;
+* `throwException` - throw a `RemoteResourceServerException` instead of handling 
+  the failure in the library by sending a response back to the client. This is 
+  useful if you want to integrate the library in your own framework, you can
+  use the information from the exception to craft your own response.
+
+After the `verifyRequest()` some methods are available to retrieve information
+about the resource owner and client.
+
+* `getResourceOwnerId()` (the unique resource owner identifier)
+* `getAttributes()` (additional attributes associated with the resource owner)
+* `getScope()` (the scope granted to the client accessing this resource)
+* `getEntitlement()` (the entitlement the resource owner has when accessing this 
+  resource)
diff --git a/user_oauth/3rdparty/RemoteResourceServer.php b/user_oauth/3rdparty/php-lib-remote-rs/lib/OAuth/RemoteResourceServer.php
index 41963eb93..e59158110 100644
--- a/user_oauth/3rdparty/RemoteResourceServer.php
+++ b/user_oauth/3rdparty/php-lib-remote-rs/lib/OAuth/RemoteResourceServer.php
@@ -1,5 +1,7 @@
 <?php
 
+namespace OAuth;
+
 class RemoteResourceServer
 {
     private $_config;
@@ -22,7 +24,7 @@ class RemoteResourceServer
     /**
      * Verify the Authorization Bearer token.
      *
-     * Note: this only works on Apache as the PHP function 
+     * Note: this only works on Apache as the PHP function
      * "apache_request_headers" is used. On other web servers, or when using
      * a framework, please use the verifyAuthorizationHeader function instead
      * where you can directly specify the contents of the Authorization header.
@@ -39,7 +41,7 @@ class RemoteResourceServer
     /**
      * Verify the Authorization Bearer token.
      *
-     * @param $authorizationHeader The actual content of the Authorization 
+     * @param $authorizationHeader The actual content of the Authorization
      * header, e.g.: "Bearer abcdef"
      */
     public function verifyAuthorizationHeader($authorizationHeader)
@@ -254,7 +256,7 @@ class RemoteResourceServer
 
 }
 
-class RemoteResourceServerException extends Exception
+class RemoteResourceServerException extends \Exception
 {
     private $_description;
     private $_responseCode;
diff --git a/user_oauth/oauth.php b/user_oauth/oauth.php
index 5544a059d..4cfb1c742 100644
--- a/user_oauth/oauth.php
+++ b/user_oauth/oauth.php
@@ -1,25 +1,31 @@
 <?php
 
-require_once '3rdparty/RemoteResourceServer.php';
+require_once '3rdparty/php-lib-remote-rs/lib/OAuth/RemoteResourceServer.php';
 
-class OC_Connector_Sabre_OAuth implements Sabre_DAV_Auth_IBackend {
+use \OAuth\RemoteResourceServer as RemoteResourceServer;
+use \OAuth\RemoteResourceServerException as RemoteResourceServerException;
 
+class OC_Connector_Sabre_OAuth implements Sabre_DAV_Auth_IBackend
+{
     private $currentUser;
     private $tokenInfoEndpoint;
     private $useResourceOwnerId;
     private $userIdAttributeName;
 
-    public function __construct($tokenInfoEndpoint, $useResourceOwnerId = TRUE, $userIdAttributeName = "uid") {
+    public function __construct($tokenInfoEndpoint, $useResourceOwnerId = TRUE, $userIdAttributeName = "uid")
+    {
         $this->tokenInfoEndpoint = $tokenInfoEndpoint;
         $this->useResourceOwnerId = $useResourceOwnerId;
         $this->userIdAttributeName = $userIdAttributeName;
     }
 
-    public function getCurrentUser() {
+    public function getCurrentUser()
+    {
         return $this->currentUser;
     }
 
-    public function authenticate(Sabre_DAV_Server $server, $realm) {
+    public function authenticate(Sabre_DAV_Server $server, $realm)
+    {
         $config = array(
             "tokenInfoEndpoint" => $this->tokenInfoEndpoint,
             "throwException" => TRUE,
@@ -34,12 +40,12 @@ class OC_Connector_Sabre_OAuth implements Sabre_DAV_Auth_IBackend {
             $authorizationHeader = $server->httpRequest->getRawServerValue('REDIRECT_HTTP_AUTHORIZATION');
         }
 
-        try { 
+        try {
             $resourceServer = new RemoteResourceServer($config);
 
             $resourceServer->verifyAuthorizationHeader($authorizationHeader);
 
-            if($this->useResourceOwnerId) {
+            if ($this->useResourceOwnerId) {
                 // when using the user_id
                 $this->currentUser = $resourceServer->getResourceOwnerId();
             } else {
@@ -49,15 +55,16 @@ class OC_Connector_Sabre_OAuth implements Sabre_DAV_Auth_IBackend {
             }
 
             OC_Util::setupFS($this->currentUser);
+
             return true;
 
-        } catch(RemoteResourceServerException $e) {
+        } catch (RemoteResourceServerException $e) {
             $server->httpResponse->setHeader('WWW-Authenticate', $e->getAuthenticateHeader());
 
-            // FIXME: do we need to set the status here explicitly, or does the 
+            // FIXME: do we need to set the status here explicitly, or does the
             // Exception below take care of this?
             $server->httpResponse->sendStatus($e->getResponseCode());
-            if("403" === $e->getResponseCode()) { 
+            if ("403" === $e->getResponseCode()) {
                 throw new Sabre_DAV_Exception_Forbidden($e->getDescription());
             } else {
                 throw new Sabre_DAV_Exception_NotAuthenticated($e->getDescription());
@@ -66,4 +73,3 @@ class OC_Connector_Sabre_OAuth implements Sabre_DAV_Auth_IBackend {
     }
 
 }
-