setNoCache(true); $this->handlers[self::$PEOPLE_ROUTE] = new PersonHandler(); $this->handlers[self::$ACTIVITY_ROUTE] = new ActivityHandler(); $this->handlers[self::$APPDATA_ROUTE] = new AppDataHandler(); $this->handlers[self::$MESSAGE_ROUTE] = new MessagesHandler(); } public function getSecurityToken() { // see if we have an OAuth request $request = OAuthRequest::from_request(); $appUrl = $request->get_parameter('oauth_consumer_key'); $userId = $request->get_parameter('xoauth_requestor_id'); // from Consumer Request extension (2-legged OAuth) $signature = $request->get_parameter('oauth_signature'); if ($appUrl && $signature) { //if ($appUrl && $signature && $userId) { // look up the user and perms for this oauth request $oauthLookupService = Config::get('oauth_lookup_service'); $oauthLookupService = new $oauthLookupService(); $token = $oauthLookupService->getSecurityToken($request, $appUrl, $userId); if ($token) { return $token; } else { return null; // invalid oauth request, or 3rd party doesn't have access to this user } } // else, not a valid oauth request, so don't bother // look for encrypted security token $token = isset($_POST['st']) ? $_POST['st'] : (isset($_GET['st']) ? $_GET['st'] : ''); if (empty($token)) { if (Config::get('allow_anonymous_token')) { // no security token, continue anonymously, remeber to check // for private profiles etc in your code so their not publicly // accessable to anoymous users! Anonymous == owner = viewer = appId = modId = 0 // create token with 0 values, no gadget url, no domain and 0 duration //FIXME change this to a new AnonymousToken when reworking auth token $gadgetSigner = Config::get('security_token'); return new $gadgetSigner(null, 0, 0, 0, 0, '', '', 0); } else { return null; } } if (count(explode(':', $token)) != 6) { $token = urldecode(base64_decode($token)); } $gadgetSigner = Config::get('security_token_signer'); $gadgetSigner = new $gadgetSigner(); return $gadgetSigner->createToken($token); } protected abstract function sendError(ResponseItem $responseItem); protected function sendSecurityError() { $this->sendError(new ResponseItem(ResponseError::$UNAUTHORIZED, "The request did not have a proper security token nor oauth message and unauthenticated requests are not allowed")); } /** * Delivers a request item to the appropriate DataRequestHandler. */ protected function handleRequestItem(RequestItem $requestItem) { if (! isset($this->handlers[$requestItem->getService()])) { throw new SocialSpiException("The service " . $requestItem->getService() . " is not implemented", ResponseError::$NOT_IMPLEMENTED); } $handler = $this->handlers[$requestItem->getService()]; return $handler->handleItem($requestItem); } protected function getResponseItem($result) { if ($result instanceof ResponseItem) { return $result; } else { return new ResponseItem(null, null, $result); } } protected function responseItemFromException($e) { if ($e instanceof SocialSpiException) { return new ResponseItem($e->getCode(), $e->getMessage(), null); } return new ResponseItem(ResponseError::$INTERNAL_ERROR, $e->getMessage()); } }