jeffhodsdon / http_oauth Goto Github PK

Good day,

I am writing this mail coz I wanted to implement HTTP OAuth to the api that I am currently working on. However, i am having trouble on how to create the server/provider. Just wondering if you could give a guidelines or even sample code on how to implement the server/provider class.

Any information that you could would be greatly appreicated.

I am looking forward for your reply.

in OAuth/Provider/Request.php there are three calls to $this->message->getHeader(). That method isn't defined in class HTTP_OAuth_Provider_Request or class HTTP_OAuth_Message. This in turn causes HTTP_OAuth_Provider_Request::setParametersFromRequest() to fail. Is this method missing?

From http://opensource.org/licenses/bsd-license.php

• Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Fedora Packaging Guidelines requires (to respect the License term) that each RPM includes the LICENSE file, when provided by upstream, and to request for it when missing.

So I do.

http://fedoraproject.org/wiki/Packaging/LicensingGuidelines#License_Text

In HTTP/OAuth/Provider/Response.php there should probably be two more constants and $statusMap array elements for STATUS_INVALID_VERIFIER and STATUS_INVALID_TIMESTAMP. But these aren't (yet) defined in the OAuth spec. See http://groups.google.com/group/oauth/browse_thread/thread/44a14b4983eaf2af

1) HTTP_OAuth_MessageTest::testGetParametersIsSorted
Only variables should be passed by reference

/dev/shm/extras/BUILD/php-pear-HTTP-OAuth-0.3.0/HTTP_OAuth-0.3.0/tests/HTTP/OAuth/MessageTest.php:68

Trivial fix.

diff -up HTTP_OAuth-0.3.0/tests/HTTP/OAuth/MessageTest.php.old HTTP_OAuth-0.3.0/tests/HTTP/OAuth/MessageTest.php
--- HTTP_OAuth-0.3.0/tests/HTTP/OAuth/MessageTest.php.old   2013-11-02 07:11:48.511779978 +0100
+++ HTTP_OAuth-0.3.0/tests/HTTP/OAuth/MessageTest.php   2013-11-02 07:11:21.471684361 +0100
@@ -65,7 +65,8 @@ class HTTP_OAuth_MessageTest extends PHP
         $params = array('z' => 'foo', 'a' => 'bar');
         $m = new HTTP_OAuth_MessageMock;
         $m->setParameters($params);
-        $this->assertEquals('bar', reset($m->getParameters()));
+        $param = $m->getParameters();
+        $this->assertEquals('bar', reset($param));
     }

     public function testMagicGetter()

d37339b didn’t fix a fuck – it’s about the param, not the return value. Do this one instead:

--- a/extlib/HTTP/OAuth/Signature/Common.php
+++ b/extlib/HTTP/OAuth/Signature/Common.php
@@ -54,10 +54,9 @@ abstract class HTTP_OAuth_Signature_Common extends HTTP_OAuth
         if (array_key_exists('oauth_signature', $params)) {
             unset($params['oauth_signature']);
         }
-        
-        $croppedUrl = reset(explode('?', $url));
-        
-        $parts = array($method, $croppedUrl,
+
+        $splittedUrl = explode('?', $url);
+        $parts = array($method, $splittedUrl[0],
             HTTP_OAuth::buildHTTPQuery($params));
         $base  = implode('&', HTTP_OAuth::urlencode($parts));
         $this->debug('Signing with base string: ' . $base);

In docs and code samples you might want to explain that it's up to the user to implement the Service Provider side of timestamp and nonce checking.

The method OAuth/Message.php::setParameters() will overwrite any class properties with the same name as an HTTP GET/POST parameter. Suggest (a) add a test for
if (isset($this->$name))
and (b) assigning default values to all class properties that shouldn't be allowed to be replaced by HTTP parameters.

A number of modules require_once 'HTTP/OAuth.php' however in the current .tar.gz distribution the file is one level lower in the tree: HTTP/OAuth/OAuth.php. Is this an error or just my misunderstanding? Nevermind. My error!

On this page: http://pear.php.net/pepr/pepr-proposal-show.php?id=607 the sample code includes a call to $consumer->getAuthorizationUrl(). I believe this should be $consumer->getAuthorizeUrl()

IN package.xml

Please remove this line

HTTP/OAuth/Consumer/Request.php (lines 86..89) refers to constants in class 'HttpRequest'. I haven't been able to locate that class definition.

Two instances of $consumer['token_secret) in the Pear-proposal pseudo-script showing typical usage. Note the missing closing single quote and square bracket.