Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 23 |
|
0.00% |
0 / 4 |
CRAP | |
0.00% |
0 / 1 |
MWOAuthRequest | |
0.00% |
0 / 23 |
|
0.00% |
0 / 4 |
90 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
getConsumerKey | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getSourceIP | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
fromRequest | |
0.00% |
0 / 19 |
|
0.00% |
0 / 1 |
42 |
1 | <?php |
2 | |
3 | namespace MediaWiki\Extension\OAuth\Backend; |
4 | |
5 | use MediaWiki\Extension\OAuth\Lib\OAuthRequest; |
6 | use MediaWiki\Extension\OAuth\Lib\OAuthUtil; |
7 | use MediaWiki\Request\WebRequest; |
8 | |
9 | /** |
10 | * @file |
11 | * @ingroup OAuth |
12 | * |
13 | * @license GPL-2.0-or-later |
14 | * @author Chris Steipp |
15 | */ |
16 | |
17 | class MWOAuthRequest extends OAuthRequest { |
18 | /** @var string|false */ |
19 | private $sourceIP; |
20 | |
21 | public function __construct( $httpMethod, $httpUrl, $parameters, $sourcIP = false ) { |
22 | $this->sourceIP = $sourcIP; |
23 | parent::__construct( $httpMethod, $httpUrl, $parameters ); |
24 | } |
25 | |
26 | public function getConsumerKey() { |
27 | return $this->parameters['oauth_consumer_key'] ?? ''; |
28 | } |
29 | |
30 | /** |
31 | * Track the source IP of the request, so we can enforce the allowed IP list |
32 | * @return string |
33 | */ |
34 | public function getSourceIP() { |
35 | return $this->sourceIP; |
36 | } |
37 | |
38 | public static function fromRequest( WebRequest $request ) { |
39 | $httpMethod = strtoupper( $request->getMethod() ); |
40 | $httpUrl = $request->getFullRequestURL(); |
41 | |
42 | // Find request headers |
43 | $requestHeaders = Utils::getHeaders(); |
44 | |
45 | // Parse the query-string to find GET parameters |
46 | $parameters = $request->getQueryValuesOnly(); |
47 | |
48 | // It's a POST request of the proper content-type, so parse POST |
49 | // parameters and add those overriding any duplicates from GET |
50 | if ( $request->wasPosted() |
51 | && isset( $requestHeaders['Content-Type'] ) |
52 | && strpos( |
53 | $requestHeaders['Content-Type'], |
54 | 'application/x-www-form-urlencoded' |
55 | ) === 0 |
56 | ) { |
57 | $postData = OAuthUtil::parse_parameters( $request->getRawPostString() ); |
58 | $parameters = array_merge( $parameters, $postData ); |
59 | } |
60 | |
61 | // We have a Authorization-header with OAuth data. Parse the header |
62 | // and add those overriding any duplicates from GET or POST |
63 | if ( isset( $requestHeaders['Authorization'] ) |
64 | && substr( $requestHeaders['Authorization'], 0, 6 ) == 'OAuth ' |
65 | ) { |
66 | $headerParameters = OAuthUtil::split_header( |
67 | $requestHeaders['Authorization'] |
68 | ); |
69 | $parameters = array_merge( $parameters, $headerParameters ); |
70 | } |
71 | |
72 | return new self( $httpMethod, $httpUrl, $parameters, $request->getIP() ); |
73 | } |
74 | } |