kolab.org/www
Torsten Grote
grote at kolabsys.com
Wed Jul 3 15:39:41 CEST 2013
kolab.org/www/drupal-7.18/sites/all/modules/oauth/1365168-4.fastcgi-fix.patch | 15
kolab.org/www/drupal-7.18/sites/all/modules/oauth/1404030-2.patch | 24
kolab.org/www/drupal-7.18/sites/all/modules/oauth/CHANGELOG | 76
kolab.org/www/drupal-7.18/sites/all/modules/oauth/LICENSE.txt | 339 +++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/README | 8
kolab.org/www/drupal-7.18/sites/all/modules/oauth/css/admin.css | 22
kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthClient.inc | 397 ++++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthConsumer.inc | 228 ++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthDataStore.inc | 141 +
kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthRequest.inc | 56
kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthServer.inc | 27
kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthToken.inc | 244 ++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/OAuthSignatureMethod_HMAC.inc | 65
kolab.org/www/drupal-7.18/sites/all/modules/oauth/lib/LICENCE.txt | 1
kolab.org/www/drupal-7.18/sites/all/modules/oauth/lib/OAuth.php | 912 ++++++++++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth-fatal_error_class_OAuthException-1334528-11.patch | 25
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.admin.inc | 589 ++++++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.authorizations.inc | 288 +++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.consumers.inc | 270 ++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.inc | 100 +
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.info | 25
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.install | 381 ++++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.module | 592 ++++++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.pages.inc | 399 ++++
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common_providerui.info | 14
kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common_providerui.module | 161 +
26 files changed, 5399 insertions(+)
New commits:
commit 6ec0b29b012d62576fa566e303ab9334b31b6319
Author: Torsten Grote <grote at kolabsys.com>
Date: Wed Jul 3 15:39:33 2013 +0200
install oauth module for twitter
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/1365168-4.fastcgi-fix.patch b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/1365168-4.fastcgi-fix.patch
new file mode 100644
index 0000000..6178f2b
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/1365168-4.fastcgi-fix.patch
@@ -0,0 +1,15 @@
+diff --git a/lib/OAuth.php b/lib/OAuth.php
+index 2fa374a..ffe9c6d 100644
+--- a/lib/OAuth.php
++++ b/lib/OAuth.php
+@@ -829,6 +829,10 @@ class OAuthUtil {
+ $out[$key] = $value;
+ }
+ }
++ // The "Authorization" header may get turned into "Auth".
++ if ($out['Auth']) {
++ $out['Authorization'] = $out['Auth'];
++ }
+ }
+ return $out;
+ }
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/1404030-2.patch b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/1404030-2.patch
new file mode 100644
index 0000000..1d0f6b8
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/1404030-2.patch
@@ -0,0 +1,24 @@
+diff --git a/oauth_common.pages.inc b/oauth_common.pages.inc
+index ec07abc..e56a9c7 100644
+--- a/oauth_common.pages.inc
++++ b/oauth_common.pages.inc
+@@ -122,7 +122,9 @@ function oauth_common_form_authorize() {
+ // Pick the callback url apart and add the token parameter
+ $callback = parse_url($consumer->callback_url);
+ $query = array();
+- parse_str($callback['query'], $query);
++ if (!empty($callback['query'])) {
++ parse_str($callback['query'], $query);
++ }
+ $query['oauth_token'] = $token->key;
+ $callback['query'] = http_build_query($query, 'idx_', '&');
+
+@@ -371,7 +373,7 @@ function oauth_common_callback_access_token() {
+ // Set the expiry time based on context settings or get parameter
+ $expires = !empty($context->authorization_options['access_token_lifetime']) ?
+ REQUEST_TIME + $context->authorization_options['access_token_lifetime'] : 0;
+- if ($_GET['expires'] && intval($_GET['expires'])) {
++ if (!empty($_GET['expires']) && intval($_GET['expires'])) {
+ $hint = intval($_GET['expires']);
+ // Only accept more restrictive expiry times
+ if ($expires == 0 || $hint < $expires) {
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/CHANGELOG b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/CHANGELOG
new file mode 100644
index 0000000..d6787b3
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/CHANGELOG
@@ -0,0 +1,76 @@
+OAuth 7.x-3.1, 2013-2-3
+------------------------------
+#1529166 by barraponto: implement hook_requirements() to check that cURL library is available.
+#1535764 by bojanz: Signature selection in includes/DrupalOAuthServer.inc is broken.
+#1133778 by eojthebrave | JGonzalez: Added Permissions to remove Authorization tab from user profile page.
+#1809068 by kylebrowning, MrMaksimize: Fixed Cannot set custom callback for iOS application.
+
+OAuth 7.x-3.0, 2012-2-8
+------------------------------
+#1378078 by jobeirne: Make Authorizations editable.
+#1412226 by jobeirne, sun: allow for deletion of authentications.
+#54136 by sun: fix cancel button for authentication delete form.
+#1412258 by jobeirne: authentication_options fix
+
+OAuth 7.x-3.0-alpha2, 2011-10-25
+------------------------------
+#1155760 by deviantintegral, voxpelli: Catching more exceptions, eg. when the consumer key is incorrect
+#1199360 by Sepehr Lajevardi, voxpelli: Fixed E_NOTICE in OAuth request context loader
+#1199346 by Sepehr Lajevardi: Fixed E_NOTICE in oauth_common_form_consumer_submit()
+#1134444 by grendzy, voxpelli: Warn if Autoload 2.x isn't used
+#1141658 by grendzy, voxpelli: Clear Autoload cache on install
+#1201166 by voxpelli: Fixed error on deletion of accounts
+
+OAuth 7.x-3.0-alpha1, 2011-06-21
+------------------------------
+by voxpelli: Initial port to Drupal 7
+
+OAuth 6.x-3.0-beta4, 2011-04-06
+------------------------------
+by voxpelli: Better coding style
+#1002482 by voxpelli: Large database refactoring focused on basing relations on internal id numbers
+by voxpelli: Improved nonces, nonces can now be longer and too long nonces will throw errors
+by voxpelli: Removed consumer UI as it became complicated with new DB and there's no apparent need for it
+by voxpelli: Updated to use Autoload 6.x-2.0:s D7 backport for specifying included classes
+by voxpelli: Don't show key/secret on consumer adding
+#1017220 by voxpelli: Deactivated body_hash-checking when Inpustream isn't installed
+#1024812 by voxpelli: Fix for deleting consumer
+#857584 by voxpelli: Make SHA1 the default signature method in client
+
+OAuth 6.x-3.0-beta3, 2010-11-05
+------------------------------
+by voxpelli: Fixed user consumer listing
+by hugowetterberg: Fixed handling of empty and 'oob' callback urls.
+by SimmeLj, voxpelli: Added removal of old non-used nonces on cron
+#899506 by nicholasThompson, ezra-g: Fixed missing class in oauth_common_autoload_info()
+by voxpelli: Fixed bug assigning context to OAuthServer
+by voxpelli: Code cleanup
+by voxpelli: Made inputstream a suggestion instead of a dependency
+by voxpelli: Made ctools an optional recommendation instead of a dependency
+by voxpelli: Changed to use API-version in ctools exports
+
+OAuth 6.x-3.0-beta2, 2010-07-18
+------------------------------
+by voxpelli: Fixed non-used default access endpoint in client
+by voxpelli: Updated the OAuth library
+#749920 by twom, voxpelli: Fixed character limits for tokens, secrets and keys
+#849832 by Jose Reyero, voxpelli: Fixed use of signatureMethod() in client
+by voxpelli: Added possibility to provide default signature method
+by voxpelli: Fixed the saving of a token when a provider reuses it
+by voxpelli: Added support for authentication realms
+by voxpelli: Changed token requests to use POST method as default
+by voxpelli: Added the possibility of defining endpoints as full URL:s
+by voxpelli: Added OAuth 1.0a support in the client
+by voxpelli: Added possibility to provide a default authentication realm
+#849832 by Jose Reyero: Fixed proper visibility for DrupalOAuthClient properties/methods
+#835824 by Schnitzel, voxpelli: Changed OAuthSignatureMethod_HMAC_SHA1 to OAuthSignatureMethod_HMAC
+by voxpelli: Changed the class for the plaintext signature method in autoload
+by voxpelli: Refactored some DrupalOAuthClient functions for consistency and flexibility
+#846744 by alex_b, voxpelli: Fixed notice when deleting user
+#846734 by alex_b: Fixed undefined variable: provider_consumer
+#773264 by toemaz: Fixed absolute url as destination in _oauth_common_authorize()
+#743638 by toemaz, voxpelli: Fixed failed upgrade oauth_common_update_6100
+
+OAuth 6.x-3.0-beta1, 2010-05-20
+------------------------------
+by Hugo Wetterberg: First release under the project name "OAuth"
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/LICENSE.txt b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/LICENSE.txt
new file mode 100644
index 0000000..d159169
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/LICENSE.txt
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/README b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/README
new file mode 100644
index 0000000..82aa5c4
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/README
@@ -0,0 +1,8 @@
+OAuth implements the OAuth classes for use with Drupal and acts as a support
+module for other modules that wish to use OAuth.
+
+OAuth Client flow:
+
+The callback to be used is /oauth/authorized/% where % is the id of the consumer
+used by the client. We need the id of the consumer to be able to find the token
+correctly.
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/css/admin.css b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/css/admin.css
new file mode 100644
index 0000000..374342c
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/css/admin.css
@@ -0,0 +1,22 @@
+.oauth-common-left-panel {
+ float: left;
+ width: 50%;
+}
+
+.oauth-common-right-panel {
+ float: right;
+ width: 49.9%;
+}
+
+.oauth-common-auth-level {
+ border-bottom: 1px solid #999999;
+ margin-bottom: 1em;
+}
+
+.oauth-common-auth-level > div .form-item:first-child {
+ margin-top: 0;
+}
+
+.oauth-common-auth-level .clear {
+ clear: both;
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthClient.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthClient.inc
new file mode 100644
index 0000000..d0a6ee2
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthClient.inc
@@ -0,0 +1,397 @@
+<?php
+
+class DrupalOAuthClient {
+ public $version = OAUTH_COMMON_VERSION_1_RFC;
+
+ protected $consumer;
+ protected $requestToken;
+ protected $accessToken;
+ protected $signatureMethod;
+
+ /**
+ * Creates an instance of the DrupalOAuthClient.
+ *
+ * @param DrupalOAuthConsumer $consumer
+ * The consumer.
+ * @param OAuthToken $request_token
+ * Optional. A request token to use.
+ * @param OAuthSignatureMethod $signature_method
+ * Optional. The signature method to use.
+ * @param integer $version
+ * Optional. The version to use - either OAUTH_COMMON_VERSION_1_RFC or OAUTH_COMMON_VERSION_1.
+ */
+ public function __construct($consumer, $request_token = NULL, $signature_method = NULL, $version = NULL) {
+ $this->consumer = $consumer;
+ $this->requestToken = $request_token;
+ $this->signatureMethod = $signature_method;
+
+ if ($version) {
+ $this->version = $version;
+ }
+
+ // Set to the default signature method if no method was specified
+ if (!$this->signatureMethod) {
+ if (!empty($this->consumer->configuration['signature_method'])) {
+ $signature_method = substr(strtolower($this->consumer->configuration['signature_method']), 5);
+ }
+ else {
+ $signature_method = 'SHA1';
+ }
+ $this->signatureMethod = self::signatureMethod($signature_method);
+ }
+ }
+
+ /**
+ * Convenience function to get signing method implementations.
+ *
+ * @param string $method
+ * Optional. The hmac hashing algorithm to use. Defaults to 'sha512' which
+ * has superseded sha1 as the recommended alternative.
+ * @param bool $fallback_to_sha1
+ * Optional. Whether sha1 should be used as a fallback if the selected
+ * hashing algorithm is unavailable.
+ * @return OAuthSignatureMethod
+ * The signature method object.
+ */
+ public static function signatureMethod($method = 'SHA1', $fallback_to_sha1 = TRUE) {
+ $sign = NULL;
+
+ if (in_array(drupal_strtolower($method), hash_algos())) {
+ $sign = new OAuthSignatureMethod_HMAC($method);
+ }
+ else if ($fallback_to_sha1) {
+ $sign = new OAuthSignatureMethod_HMAC('SHA1');
+ }
+
+ return $sign;
+ }
+
+ /**
+ * Gets a request token from the provider.
+ *
+ * @param string $endpoint
+ * Optional. The endpoint path for the provider.
+ * - If you provide the full URL (e.g. "http://example.com/oauth/request_token"),
+ * then it will be used.
+ * - If you provide only the path (e.g. "oauth/request_token"), it will
+ * be converted into a full URL by prepending the provider_url.
+ * - If you provide nothing it will default to '/oauth/request_token'.
+ * @param array $options
+ * An associative array of additional optional options, with the following keys:
+ * - 'params'
+ * An associative array of parameters that should be included in the
+ * request.
+ * - 'realm'
+ * A string to be used as the http authentication realm in the request.
+ * - 'get' (default FALSE)
+ * Whether to use GET as the HTTP-method instead of POST.
+ * - 'callback'
+ * A full URL of where the user should be sent after the request token
+ * has been authorized.
+ * Only used by versions higher than OAUTH_COMMON_VERSION_1.
+ * @return DrupalOAuthToken
+ * The returned request token.
+ */
+ public function getRequestToken($endpoint = NULL, $options = array()) {
+ if ($this->requestToken) {
+ return clone $this->requestToken;
+ }
+
+ $options += array(
+ 'params' => array(),
+ 'realm' => NULL,
+ 'get' => FALSE,
+ 'callback' => NULL,
+ );
+
+ if (empty($endpoint)) {
+ if (!empty($this->consumer->configuration['request_endpoint'])) {
+ $endpoint = $this->consumer->configuration['request_endpoint'];
+ }
+ else {
+ $endpoint = '/oauth/request_token';
+ }
+ }
+ if ($this->version > OAUTH_COMMON_VERSION_1) {
+ $options['params']['oauth_callback'] = $options['callback'] ? $options['callback'] : 'oob';
+ }
+
+ $response = $this->get($endpoint, array(
+ 'params' => $options['params'],
+ 'realm' => $options['realm'],
+ 'get' => $options['get'],
+ ));
+
+ $params = array();
+ parse_str($response, $params);
+
+ if (empty($params['oauth_token']) || empty($params['oauth_token_secret'])) {
+ throw new Exception('No valid request token was returned');
+ }
+
+ if ($this->version > OAUTH_COMMON_VERSION_1 && empty($params['oauth_callback_confirmed'])) {
+ $this->version = OAUTH_COMMON_VERSION_1;
+ }
+
+ $this->requestToken = new DrupalOAuthToken($params['oauth_token'], $params['oauth_token_secret'], $this->consumer, array(
+ 'type' => OAUTH_COMMON_TOKEN_TYPE_REQUEST,
+ 'version' => $this->version,
+ ));
+
+ return clone $this->requestToken;
+ }
+
+ /**
+ * Constructs the url that the user should be sent to to authorize the
+ * request token.
+ *
+ * @param string $endpoint
+ * Optional. The endpoint path for the provider.
+ * - If you provide the full URL (e.g. "http://example.com/oauth/authorize"),
+ * then it will be used.
+ * - If you provide only the path (e.g. "oauth/authorize"), it will
+ * be converted into a full URL by prepending the provider_url.
+ * - If you provide nothing it will default to '/oauth/authorize'.
+ * @param array $options
+ * An associative array of additional optional options, with the following keys:
+ * - 'params'
+ * An associative array of parameters that should be included in the
+ * request.
+ * - 'callback'
+ * A full URL of where the user should be sent after the request token
+ * has been authorized.
+ * Only used by version OAUTH_COMMON_VERSION_1.
+ * @return string
+ * The url.
+ */
+ public function getAuthorizationUrl($endpoint = NULL, $options = array()) {
+ $options += array(
+ 'params' => array(),
+ 'callback' => NULL,
+ );
+
+ if (empty($endpoint)) {
+ if (!empty($this->consumer->configuration['authorization_endpoint'])) {
+ $endpoint = $this->consumer->configuration['authorization_endpoint'];
+ }
+ else {
+ $endpoint = '/oauth/authorize';
+ }
+ }
+ if ($this->version == OAUTH_COMMON_VERSION_1 && $options['callback']) {
+ $options['params']['oauth_callback'] = $options['callback'];
+ }
+ $options['params']['oauth_token'] = $this->requestToken->key;
+
+ $endpoint = $this->getAbsolutePath($endpoint);
+ $append_query = strpos($endpoint, '?') === FALSE ? '?' : '&';
+ return $endpoint . $append_query . http_build_query($options['params'], NULL, '&');
+ }
+
+ /**
+ * Fetches the access token using the request token.
+ *
+ * @param string $endpoint
+ * Optional. The endpoint path for the provider.
+ * - If you provide the full URL (e.g. "http://example.com/oauth/access_token"),
+ * then it will be used.
+ * - If you provide only the path (e.g. "oauth/access_token"), it will
+ * be converted into a full URL by prepending the provider_url.
+ * - If you provide nothing it will default to '/oauth/access_token'.
+ * @param array $options
+ * An associative array of additional optional options, with the following keys:
+ * - 'params'
+ * An associative array of parameters that should be included in the
+ * request.
+ * - 'realm'
+ * A string to be used as the http authentication realm in the request.
+ * - 'get' (default FALSE)
+ * Whether to use GET as the HTTP-method instead of POST.
+ * - 'verifier'
+ * A string containing a verifier for he user from the provider.
+ * Only used by versions higher than OAUTH_COMMON_VERSION_1.
+ * @return DrupalOAuthToken
+ * The access token.
+ */
+ public function getAccessToken($endpoint = NULL, $options = array()) {
+ if ($this->accessToken) {
+ return clone $this->accessToken;
+ }
+
+ $options += array(
+ 'params' => array(),
+ 'realm' => NULL,
+ 'get' => FALSE,
+ 'verifier' => NULL,
+ );
+
+ if (empty($endpoint)) {
+ if (!empty($this->consumer->configuration['access_endpoint'])) {
+ $endpoint = $this->consumer->configuration['access_endpoint'];
+ }
+ else {
+ $endpoint = '/oauth/access_token';
+ }
+ }
+ if ($this->version > OAUTH_COMMON_VERSION_1 && $options['verifier'] !== NULL) {
+ $options['params']['oauth_verifier'] = $options['verifier'];
+ }
+
+ $response = $this->get($endpoint, array(
+ 'token' => TRUE,
+ 'params' => $options['params'],
+ 'realm' => $options['realm'],
+ 'get' => $options['get'],
+ ));
+
+ $params = array();
+ parse_str($response, $params);
+
+ if (empty($params['oauth_token']) || empty($params['oauth_token_secret'])) {
+ throw new Exception('No valid access token was returned');
+ }
+
+ // Check if we've has recieved this token previously and if so use the old one
+ //TODO: Is this safe!? What if eg. multiple users are getting the same access token from the provider?
+ $this->accessToken = DrupalOAuthToken::loadByKey($params['oauth_token'], $this->consumer);
+ //TODO: Can a secret change even though the token doesn't? If so it needs to be changed.
+ if (!$this->accessToken) {
+ $this->accessToken = new DrupalOAuthToken($params['oauth_token'], $params['oauth_token_secret'], $this->consumer, array(
+ 'type' => OAUTH_COMMON_TOKEN_TYPE_ACCESS,
+ ));
+ }
+
+ return clone $this->accessToken;
+ }
+
+ /**
+ * Make an OAuth request.
+ *
+ * @param string $path
+ * The path being requested.
+ * - If you provide the full URL (e.g. "http://example.com/oauth/request_token"),
+ * then it will be used.
+ * - If you provide only the path (e.g. "oauth/request_token"), it will
+ * be converted into a full URL by prepending the provider_url.
+ * @param array $options
+ * An associative array of additional options, with the following keys:
+ * - 'token' (default FALSE)
+ * Whether a token should be used or not.
+ * - 'params'
+ * An associative array of parameters that should be included in the
+ * request.
+ * - 'realm'
+ * A string to be used as the http authentication realm in the request.
+ * - 'get' (default FALSE)
+ * Whether to use GET as the HTTP-method instead of POST.
+ * @return string
+ * a string containing the response body.
+ */
+ protected function get($path, $options = array()) {
+ $options += array(
+ 'token' => FALSE,
+ 'params' => array(),
+ 'realm' => NULL,
+ 'get' => FALSE,
+ );
+
+ if (empty($options['realm']) && !empty($this->consumer->configuration['authentication_realm'])) {
+ $options['realm'] = $this->consumer->configuration['authentication_realm'];
+ }
+
+ $token = $options['token'] ? $this->requestToken : NULL;
+ $path = $this->getAbsolutePath($path);
+
+ $req = OAuthRequest::from_consumer_and_token($this->consumer, $token,
+ $options['get'] ? 'GET' : 'POST', $path, $options['params']);
+ $req->sign_request($this->signatureMethod, $this->consumer, $token);
+
+ $url = $req->get_normalized_http_url();
+ $params = array();
+ foreach ($req->get_parameters() as $param_key => $param_value) {
+ if (substr($param_key, 0, 5) != 'oauth') {
+ $params[$param_key] = $param_value;
+ }
+ }
+ if (!empty($params)) {
+ $url .= '?' . http_build_query($params);
+ }
+
+ $headers = array(
+ 'Accept: application/x-www-form-urlencoded',
+ $req->to_header($options['realm']),
+ );
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url);
+ if (!$options['get']) {
+ curl_setopt($ch, CURLOPT_POST, 1);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, '');
+ }
+ $oauth_version = _oauth_common_version();
+ curl_setopt($ch, CURLOPT_USERAGENT, 'Drupal/' . VERSION . ' OAuth/' . $oauth_version);
+ curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+ curl_setopt($ch, CURLOPT_HEADER, 1);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+ $response = curl_exec($ch);
+ $error = curl_error($ch);
+ curl_close($ch);
+
+ if ($error) {
+ throw new Exception($error);
+ }
+
+ $result = $this->interpretResponse($response);
+ if ($result->responseCode != 200) {
+ throw new Exception('Failed to fetch data from url "' . $path . '" (HTTP response code ' . $result->responseCode . ' ' . $result->responseMessage . '): ' . $result->body, $result->responseCode);
+ }
+
+ return $result->body;
+ }
+
+ /**
+ * Makes sure a path is an absolute path
+ *
+ * Prepends provider url if the path isn't absolute.
+ *
+ * @param string $path
+ * The path to make absolute.
+ * @return string
+ * The absolute path.
+ */
+ protected function getAbsolutePath($path) {
+ $protocols = array(
+ 'http',
+ 'https'
+ );
+ $protocol = strpos($path, '://');
+ $protocol = $protocol ? substr($path, 0, $protocol) : '';
+ if (!in_array($protocol, $protocols)) {
+ $path = $this->consumer->configuration['provider_url'] . $path;
+ }
+ return $path;
+ }
+
+ protected function interpretResponse($res) {
+ list($headers, $body) = preg_split('/\r\n\r\n/', $res, 2);
+
+ $obj = (object) array(
+ 'headers' => $headers,
+ 'body' => $body,
+ );
+
+ $matches = array();
+ if (preg_match('/HTTP\/1.\d (\d{3}) (.*)/', $headers, $matches)) {
+ $obj->responseCode = trim($matches[1]);
+ $obj->responseMessage = trim($matches[2]);
+
+ // Handle HTTP/1.1 100 Continue
+ if ($obj->responseCode == 100) {
+ return $this->interpretResponse($body);
+ }
+ }
+
+ return $obj;
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthConsumer.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthConsumer.inc
new file mode 100644
index 0000000..d1041af
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthConsumer.inc
@@ -0,0 +1,228 @@
+<?php
+
+class DrupalOAuthConsumer extends OAuthConsumer {
+ public $csid = 0;
+
+ public $uid = 0;
+ public $name = '';
+ public $context = '';
+ public $created = 0;
+ public $changed = 0;
+ public $callback_url = 'oob';
+ public $configuration = array();
+
+ public $provider_consumer = FALSE;
+ public $in_database = FALSE;
+
+ function __construct($key, $secret, $params = array()) {
+ // Backwards compatibility with 6.x-3.0-beta3
+ if (is_string($params)) {
+ $callback_url = $params;
+ if (func_num_args() > 4) {
+ $params = func_get_arg(4);
+ }
+ else {
+ $params = array();
+ }
+ $params['callback_url'] = $callback_url;
+ }
+
+ foreach ($params as $param_key => $value) {
+ if (isset($this->$param_key)) {
+ $this->$param_key = $value;
+ }
+ }
+
+ if (!empty($this->created)) {
+ $this->provider_consumer = TRUE;
+ }
+
+ parent::__construct($key, $secret, $this->callback_url);
+ }
+
+ /**
+ * Writes the consumer to the database
+ *
+ * @return void
+ */
+ public function write() {
+ $update = !empty($this->csid);
+ $primary = $update ? array('csid') : array();
+
+ if ($this->provider_consumer) {
+ $this->changed = REQUEST_TIME;
+
+ $values = array(
+ 'consumer_key' => $this->key,
+ 'created' => $this->created,
+ 'changed' => $this->changed,
+ 'uid' => $this->uid,
+ 'name' => $this->name,
+ 'context' => $this->context,
+ 'callback_url' => $this->callback_url,
+ );
+
+ if ($update) {
+ $values['csid'] = $this->csid;
+ }
+ else {
+ $this->created = REQUEST_TIME;
+ $values['created'] = $this->created;
+ }
+
+ $ready = drupal_write_record('oauth_common_provider_consumer', $values, $primary);
+
+ if (!$ready) {
+ throw new OAuthException("Couldn't save consumer");
+ }
+ }
+
+ $values = array(
+ 'key_hash' => sha1($this->key),
+ 'consumer_key' => $this->key,
+ 'secret' => $this->secret,
+ 'configuration' => serialize(empty($this->configuration) ? array() : $this->configuration),
+ );
+
+ if ($update) {
+ $values['csid'] = $this->csid;
+ }
+
+ drupal_write_record('oauth_common_consumer', $values, $primary);
+
+ $this->csid = $values['csid'];
+ $this->in_database = TRUE;
+
+ if (!$update) {
+ $values = array(
+ 'csid' => $this->csid,
+ 'consumer_key' => $this->key,
+ );
+ drupal_write_record('oauth_common_provider_consumer', $values, array('consumer_key'));
+ }
+ }
+
+ /**
+ * Deletes the consumer from the database
+ *
+ * @return void
+ */
+ public function delete() {
+ self::deleteConsumer($this->csid);
+ }
+
+ /**
+ * Deletes the consumer with the id from the database.
+ *
+ * @param string $csid
+ * The consumer id.
+ * @return void
+ */
+ public static function deleteConsumer($csid) {
+ //TODO: Add compatibility layer?
+ $condition = db_and()->condition('csid', $csid);
+
+ db_delete('oauth_common_provider_token')
+ ->condition('tid', db_select('oauth_common_token', 't')->condition($condition)->fields('t', array('tid')), 'IN')
+ ->execute();
+
+ foreach (array('oauth_common_token', 'oauth_common_provider_consumer', 'oauth_common_consumer') as $table) {
+ db_delete($table)
+ ->condition($condition)
+ ->execute();
+ }
+ }
+
+ /**
+ * Deprecated - Gets the consumer with the specified key
+ *
+ * @param string $key
+ * The key of the consumer to get
+ * @param bool $provider_consumer
+ * Optional. Whether the consumer we're about to load is a provider or
+ * consumer consumer. Defaults to TRUE.
+ * @return DrupalOAuthConsumer
+ * The loaded consumer object or FALSE if load failed
+ */
+ public static function load($key, $provider_consumer = TRUE) {
+ return DrupalOAuthConsumer::loadProviderByKey($key, $provider_consumer);
+ }
+
+ /**
+ * Gets a provider consumer with the specified id
+ *
+ * @param int $id
+ * The id of the consumer to get
+ * @param boolean $load_provider_data
+ * Whether to load provider related data or not
+ * @return DrupalOAuthConsumer
+ * The loaded consumer object or FALSE if load failed
+ */
+ public static function loadById($csid, $load_provider_data = TRUE) {
+ $query = db_select('oauth_common_consumer', 'c');
+
+ $query
+ ->condition('c.csid', $csid)
+ ->fields('c', array('csid', 'consumer_key', 'secret', 'configuration'));
+
+ if ($load_provider_data) {
+ $query->leftJoin('oauth_common_provider_consumer', 'pc', 'pc.csid = c.csid');
+ $query->fields('pc', array('created', 'changed', 'uid', 'name', 'context', 'callback_url'));
+ }
+
+ return self::fromResult($query->execute());
+ }
+
+ /**
+ * Gets a provider consumer with the specified key
+ *
+ * @param string $key
+ * The key of the consumer to get
+ * @param boolean $provider
+ * Used internally for backwards compatibility with ::load()
+ * @return DrupalOAuthConsumer
+ * The loaded consumer object or FALSE if load failed
+ */
+ public static function loadProviderByKey($key, $provider = TRUE) {
+ $query = db_select('oauth_common_consumer', 'c');
+
+ $query
+ ->condition('c.key_hash', sha1($key))
+ ->fields('c', array('secret', 'configuration'));
+
+ if ($provider) {
+ $query->join('oauth_common_provider_consumer', 'pc', 'pc.csid = c.csid');
+ $query->fields('pc');
+ }
+ else {
+ // For backwards compatibility with deprecated DrupalOAuthConsumer::load() from 6.x-3.0-beta3
+ $query->leftJoin('oauth_common_provider_consumer', 'pc', 'pc.csid = c.csid');
+ $query
+ ->fields('c', array('csid', 'consumer_key'))
+ ->fields('pc', array('created', 'changed', 'uid', 'name', 'context', 'callback_url'))
+ ->isNull('pc.csid');
+ }
+
+ return self::fromResult($query->execute());
+ }
+
+ /**
+ * Constructs a consumer from a db-result resource
+ *
+ * @param resource $res
+ * A database result resource
+ * @return DrupalOAuthConsumer
+ * The constructed consumer object or NULL if no rows could be read or construction failed
+ */
+ public static function fromResult($res) {
+ //TODO: Ensure this works with old inputs?
+ if ($data = $res->fetchAssoc()) {
+ if (!empty($data['configuration'])) {
+ $data['configuration'] = unserialize($data['configuration']);
+ }
+ $data['in_database'] = TRUE;
+ return new DrupalOAuthConsumer($data['consumer_key'], $data['secret'], $data);
+ }
+ return NULL;
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthDataStore.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthDataStore.inc
new file mode 100644
index 0000000..3ea69cf
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthDataStore.inc
@@ -0,0 +1,141 @@
+<?php
+
+/**
+ * Database abstraction class
+ */
+class DrupalOAuthDataStore extends OAuthDataStore {
+ private $context;
+
+ public function __construct($context) {
+ $this->context = $context;
+ }
+
+ /**
+ * Check if consumer exists from a given consumer key.
+ *
+ * @param string $consumer_key
+ * The consumer key.
+ * @param bool $provider_consumer
+ * Whether the consumer should be a provider consumer
+ * @return OAuthConsumer
+ * The consumer
+ * @throws OAuthException
+ * An exception is thrown when the consumer cannot be found
+ */
+ public function lookup_consumer($consumer_key, $provider_consumer = TRUE) {
+ $consumer = DrupalOAuthConsumer::loadProviderByKey($consumer_key);
+ if (!$consumer) {
+ throw new OAuthException('Consumer not found');
+ }
+ return $consumer;
+ }
+
+ /**
+ * Check if the token exists.
+ *
+ * @param OAuthConsumer $consumer
+ * The consumer.
+ * @param string $token_type
+ * The type of the token: 'request' or 'access'.
+ * @param string $token
+ * The token key.
+ * @return DrupalOauthToken
+ * The matching token
+ * @throws OAuthException
+ * An exception is thrown when the token cannot be found or doesn't match
+ */
+ public function lookup_token($consumer, $token_type, $token) {
+ $type = ($token_type == 'request' ? OAUTH_COMMON_TOKEN_TYPE_REQUEST : OAUTH_COMMON_TOKEN_TYPE_ACCESS);
+ $token = DrupalOAuthToken::loadByKey($token, $consumer, $type);
+ if (!$token) {
+ throw new OAuthException('Token not found');
+ }
+ return $token;
+ }
+
+ /**
+ * Check if the nonce value exists. If not, generate one.
+ *
+ * @param OAuthConsumer $consumer
+ * The service consumer information with both key
+ * and secret values.
+ * @param OAuthToken $token
+ * The current token.
+ * @param string $nonce
+ * A new nonce value, in case a one doesn't current exit.
+ * @param int $timestamp
+ * The current time.
+ * @return string
+ * The existing nonce value or NULL in
+ * case it doesn't exist.
+ */
+ public function lookup_nonce($consumer, $token, $nonce, $timestamp) {
+ if (strlen($nonce) > 255) {
+ throw new OAuthException('Nonces may not be longer than 255 characters');
+ }
+
+ $stored_nonce = db_query(
+ "SELECT nonce FROM {oauth_common_nonce}
+ WHERE nonce = :nonce AND timestamp <= :timestamp and token_key = :token_key", array(
+ ':nonce' => $nonce,
+ ':timestamp' => $timestamp,
+ ':token_key' => $token ? $token->key : '',
+ ));
+
+ if (!$stored_nonce->rowCount()) {
+ $values = array(
+ 'nonce' => $nonce,
+ 'timestamp' => $timestamp,
+ 'token_key' => $token ? $token->key : '',
+ );
+ drupal_write_record('oauth_common_nonce', $values);
+ return NULL;
+ }
+
+ return $stored_nonce;
+ }
+
+ /**
+ * Generate a new request token.
+ *
+ * @param OAuthConsumer $consumer
+ * The consumer to generate a token for.
+ * @return DrupalOAuthToken
+ * The request token
+ */
+ function new_request_token($consumer, $callback = NULL) {
+ $token = new DrupalOAuthToken(user_password(32), user_password(32), $consumer, array(
+ 'type' => OAUTH_COMMON_TOKEN_TYPE_REQUEST,
+ 'uid' => 0,
+ 'expires' => REQUEST_TIME + variable_get('oauth_common_request_token_lifetime', 7200),
+ ));
+ $token->write();
+ return $token;
+ }
+
+ /**
+ * Generate a new access token and delete the old request token.
+ *
+ * @param DrupalOAuthToken $token_old
+ * The old request token.
+ * @param OAuthConsumer $consumer
+ * The service consumer information.
+ */
+ function new_access_token($token_old, $consumer, $verifier = NULL) {
+ module_load_include('inc', 'oauth_common');
+
+ if ($token_old && $token_old->authorized) {
+ $token_new = new DrupalOAuthToken(user_password(32), user_password(32), $consumer, array(
+ 'type' => OAUTH_COMMON_TOKEN_TYPE_ACCESS,
+ 'uid' => $token_old->uid,
+ 'services' => isset($token_old->services) ? $token_old->services : NULL,
+ 'authorized' => 1,
+ ));
+ $token_old->delete();
+ $token_new->write();
+ return $token_new;
+ }
+
+ throw new OAuthException('Invalid request token');
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthRequest.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthRequest.inc
new file mode 100644
index 0000000..dce9158
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthRequest.inc
@@ -0,0 +1,56 @@
+<?php
+
+class DrupalOAuthRequest extends OAuthRequest {
+ /**
+ * Creates a OAuthRequest object from the current request
+ *
+ * @param string $http_method
+ * @param string $http_url
+ * @param array $parameters
+ * @return OAuthRequest
+ * A OAuthRequest generated from the request
+ */
+ public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL) {
+ // Preparations that has to be made if we're going to detect parameters
+ if ($parameters == NULL) {
+ $qs = $_SERVER['QUERY_STRING'];
+ $q = $_GET['q'];
+
+ // Unset $_GET['q'] if it was created by a redirect
+ if (isset($_SERVER['REDIRECT_URL'])) {
+ $q = FALSE;
+ }
+ // Check that the q parameter hasn't been created or altered by drupal
+ elseif (isset($_GET['q'])) {
+ $get = array();
+ parse_str($_SERVER['QUERY_STRING'], $get);
+ // The q parameter was in the original request, make sure it hasn't been altered
+ if (isset($get['q'])) {
+ $q = $get['q'];
+ }
+ // The q parameter was set by drupal, unset it
+ else {
+ $q = FALSE;
+ }
+ }
+
+ $parsed = array();
+ parse_str($_SERVER['QUERY_STRING'], $parsed);
+ if ($q === FALSE) {
+ unset($parsed['q']);
+ }
+ else {
+ $parsed['q'] = $q;
+ }
+ $_SERVER['QUERY_STRING'] = http_build_query($parsed, '', '&');
+ }
+ $req = parent::from_request($http_method, $http_url, $parameters);
+
+ // Restore $_SERVER['QUERY_STRING'] if it was touched
+ if (isset($qs)) {
+ $_SERVER['QUERY_STRING'] = $qs;
+ }
+
+ return $req;
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthServer.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthServer.inc
new file mode 100644
index 0000000..b2273bc
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthServer.inc
@@ -0,0 +1,27 @@
+<?php
+
+class DrupalOAuthServer extends OAuthServer {
+ public function __construct($context) {
+ parent::__construct(new DrupalOAuthDataStore($context));
+
+ if (isset($context->authorization_options['signature_methods'])) {
+ $sig_methods = $context->authorization_options['signature_methods'];
+ }
+ else {
+ $sig_methods = array('HMAC-SHA1', 'HMAC-SHA256', 'HMAC-SHA384', 'HMAC-SHA512');
+ }
+
+ foreach ($sig_methods as $signature_method) {
+ if ($signature_method == 'PLAINTEXT') {
+ $this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
+ }
+ else {
+ // Check if the system supports the hashing algorithm
+ $algo = explode('-', $signature_method, 2);
+ if ($algo[0] == 'HMAC' && in_array(strtolower($algo[1]), hash_algos())) {
+ $this->add_signature_method(new OAuthSignatureMethod_HMAC($algo[1]));
+ }
+ }
+ }
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthToken.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthToken.inc
new file mode 100644
index 0000000..a9b0993
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/DrupalOAuthToken.inc
@@ -0,0 +1,244 @@
+<?php
+
+class DrupalOAuthToken extends OAuthToken {
+ public $tid = 0;
+ public $expires = 0;
+ public $type = OAUTH_COMMON_TOKEN_TYPE_REQUEST;
+ public $uid = 0;
+
+ public $created = 0;
+ public $changed = 0;
+ public $services = array();
+ public $authorized = 0;
+
+ public $in_database = FALSE;
+
+ public function __construct($key, $secret, $consumer, $params = array()) {
+ foreach ($params as $param_key => $value) {
+ if (isset($this->$param_key)) {
+ $this->$param_key = $value;
+ }
+ }
+
+ // Backwards compatibility with 6.x-3.0-beta3
+ if (empty($consumer) || is_array($consumer)) {
+ if (is_array($consumer)) {
+ $params = $consumer;
+ }
+ if (!empty($params['csid'])) {
+ $consumer = DrupalOAuthConsumer::loadById($params['csid'], isset($params['services']));
+ }
+ }
+
+ if (!is_object($consumer)) {
+ throw new OAuthException("Needs an associated consumer");
+ }
+ else {
+ $this->consumer = $consumer;
+ }
+
+ parent::__construct($key, $secret);
+ }
+
+ /**
+ * Writes the token to the database
+ *
+ * @return void
+ */
+ public function write() {
+ $update = !empty($this->tid);
+
+ $primary = $update ? array('tid') : array();
+
+ if ($this->consumer->provider_consumer) {
+ $this->changed = REQUEST_TIME;
+
+ $values = array(
+ 'token_key' => $this->key,
+ 'changed' => $this->changed,
+ 'services' => json_encode($this->services),
+ 'authorized' => $this->authorized,
+ );
+
+ if ($update) {
+ $values['tid'] = $this->tid;
+ }
+ else {
+ $this->created = REQUEST_TIME;
+ $values['created'] = $this->created;
+ }
+
+ $ready = drupal_write_record('oauth_common_provider_token', $values, $primary);
+
+ if (!$ready) {
+ throw new OAuthException("Couldn't save token");
+ }
+ }
+
+ $values = array(
+ 'csid' => $this->consumer->csid,
+ 'key_hash' => sha1($this->key),
+ 'token_key' => $this->key,
+ 'secret' => $this->secret,
+ 'expires' => $this->expires,
+ 'type' => $this->type,
+ 'uid' => $this->uid,
+ );
+
+ if ($update) {
+ $values['tid'] = $this->tid;
+ }
+
+ drupal_write_record('oauth_common_token', $values, $primary);
+
+ $this->tid = $values['tid'];
+ $this->in_database = TRUE;
+
+ if (!$update) {
+ $values = array(
+ 'tid' => $this->tid,
+ 'token_key' => $this->key,
+ );
+ drupal_write_record('oauth_common_provider_token', $values, array('token_key'));
+ }
+ }
+
+ /**
+ * Deletes the token from the database
+ *
+ * @return void
+ */
+ public function delete() {
+ self::deleteToken($this->key, $this->consumer);
+ }
+
+ /**
+ * Deletes the token with the key from the database
+ *
+ * @param string $key
+ * The key of the token to delete.
+ * @param object $consumer
+ * The consumer for which to fetch a token
+ * @return void
+ */
+ public static function deleteToken($key, $consumer) {
+ //TODO: Ensure backwards compatibility
+ $condition = db_and()->condition('key_hash', sha1($key))->condition('csid', $consumer->csid);
+
+ db_delete('oauth_common_provider_token')
+ ->condition('tid', db_select('oauth_common_token', 't')->condition($condition)->fields('t', array('tid')), 'IN')
+ ->execute();
+
+ db_delete('oauth_common_token')
+ ->condition($condition)
+ ->execute();
+ }
+
+ /**
+ * Deprecated - Gets the token with the specified key
+ *
+ * @param string $key
+ * The key of the token to get
+ * @param bool $provider_token
+ * Whether the token to load is a provider token.
+ * @return DrupalOAuthToken
+ * The loaded token object or FALSE if load failed
+ */
+ public static function load($key, $provider_token = TRUE) {
+ return DrupalOAuthToken::loadByKey($key, !$provider_token, FALSE);
+ }
+
+ /**
+ * Gets the token with the specified key
+ *
+ * @param string $key
+ * The key of the token to get
+ * @param boolean|object $consumer
+ * The consumer for which to fetch a token or FALSE to fetch a provider token
+ * @param int $type
+ * Used internally for backwards compatibility with ::load()
+ * @return DrupalOAuthToken
+ * The loaded token object or FALSE if load failed
+ */
+ public static function loadByKey($key, $consumer = FALSE, $type = OAUTH_COMMON_TOKEN_TYPE_ACCESS) {
+ $query = db_select('oauth_common_token', 't');
+
+ $query
+ ->condition('t.key_hash', sha1($key))
+ ->fields('t');
+
+ // Only add if defined - needed for backwards compatibility with deprecated DrupalOAuthToken::load() from 6.x-3.0-beta3
+ if ($type !== FALSE) {
+ $query->condition('t.type', $type);
+ }
+
+ if (!$consumer || is_object($consumer) && $consumer->provider_consumer) {
+ $query->join('oauth_common_provider_token', 'pt', 'pt.tid = t.tid');
+ $query->fields('pt', array('created', 'changed', 'services', 'authorized'));
+ }
+
+ // Only fetch non-provider tokens - needed for backwards compatibility with deprecated DrupalOAuthToken::load() from 6.x-3.0-beta3
+ if ($consumer === TRUE) {
+ $query->leftJoin('oauth_common_provider_token', 'pt', 'pt.tid = t.tid');
+ $query->isNull('pt.tid');
+ }
+ else if ($consumer) {
+ $query->condition('t.csid', $consumer->csid);
+ }
+
+ return self::fromResult($query->execute(), $consumer);
+ }
+
+ /**
+ * Gets the token with the specified id
+ *
+ * @param int $id
+ * The id of the token to get
+ * @param boolean $load_provider_data
+ * Whether to load provider related data or not
+ * @return DrupalOAuthToken
+ * The loaded token object or FALSE if load failed
+ */
+ public static function loadById($tid, $load_provider_data = TRUE) {
+ $query = db_select('oauth_common_token', 't');
+
+ $query
+ ->condition('t.tid', $tid)
+ ->fields('t');
+
+ if ($load_provider_data) {
+ $query->join('oauth_common_provider_token', 'pt', 'pt.tid = t.tid');
+ $query->fields('pt', array('created', 'changed', 'services', 'authorized'));
+ }
+
+ return self::fromResult($query->execute());
+ }
+
+ /**
+ * Constructs a token from a db-result resource
+ *
+ * @param resource $res
+ * A database result resource
+ * @return DrupalOAuthToken
+ * The constructed token object or NULL if no rows could be read or construction failed
+ */
+ public static function fromResult($res, $consumer = FALSE) {
+ //TODO: Ensure this works with old inputs?
+ if ($data = $res->fetchAssoc()) {
+ if (isset($data['services'])) {
+ $data['services'] = json_decode($data['services']);
+ }
+ $data['in_database'] = TRUE;
+
+ if (is_object($consumer) && $consumer->csid == $data['csid']) {
+ $token_consumer = $consumer;
+ }
+ else {
+ $token_consumer = DrupalOAuthConsumer::loadById($data['csid'], isset($data['services']));
+ }
+
+ return new DrupalOAuthToken($data['token_key'], $data['secret'], $token_consumer, $data);
+ }
+ return NULL;
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/OAuthSignatureMethod_HMAC.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/OAuthSignatureMethod_HMAC.inc
new file mode 100644
index 0000000..f347f34
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/includes/OAuthSignatureMethod_HMAC.inc
@@ -0,0 +1,65 @@
+<?php
+
+/**
+ * A generic signature method implementation that leverages hash_hmac() for
+ * increased flexibility.
+ */
+class OAuthSignatureMethod_HMAC extends OAuthSignatureMethod {
+ private $algo = NULL;
+
+ /**
+ * Create a HMAC oauth signature method object using the (or one of the)
+ * specified algorithm implementations.
+ *
+ * @param mixed $algo
+ * Pass the name of a algorithm supported by hash_hmac() or an array of
+ * names when you have several candidate algorithms that may be used. The
+ * first algorithm int the array that is supported on the system will be used.
+ * @throws Exception
+ * A exception is thrown when none of the provided algorithms are supported
+ * by the system.
+ */
+ public function __construct($algo) {
+ $algos = hash_algos();
+ // Create a single-element array from strings to simplify the logic of
+ // support checking and failure handling.
+ if (is_string($algo)) {
+ $algo = array($algo);
+ }
+
+ // Find a supported algorithm among the candidates
+ foreach ($algo as $a) {
+ if (in_array(strtolower($a), $algos)) {
+ $this->algo = strtolower($a);
+ continue;
+ }
+ }
+ // Throw a exception if no matching algorithm can be found
+ if (empty($this->algo)) {
+ throw new OAuthException(t('None of the suggested hash algorithms (@cand) were '
+ . 'supported by the server. Try one of the following: !algos.', array(
+ '@cand' => join($algo, ', '),
+ '!algos' => join($algos, ', '),
+ )));
+ }
+ }
+
+ public function get_name() {
+ return "HMAC-" . strtoupper($this->algo);
+ }
+
+ public function build_signature($request, $consumer, $token) {
+ $base_string = $request->get_signature_base_string();
+ $request->base_string = $base_string;
+
+ $key_parts = array(
+ $consumer->secret,
+ ($token) ? $token->secret : ""
+ );
+
+ $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
+ $key = implode('&', $key_parts);
+
+ return base64_encode(hash_hmac($this->algo, $base_string, $key, TRUE));
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/lib/LICENCE.txt b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/lib/LICENCE.txt
new file mode 100644
index 0000000..e186654
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/lib/LICENCE.txt
@@ -0,0 +1 @@
+The OAuth php library is originally licensed under the MIT license. And is to be found at google code: http://code.google.com/p/oauth/
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/lib/OAuth.php b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/lib/OAuth.php
new file mode 100644
index 0000000..762db3f
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/lib/OAuth.php
@@ -0,0 +1,912 @@
+<?php
+/**
+ * @file
+ * OAuth 1.0 server and client library.
+ */
+
+/**
+ * OAuth PECL extension includes an OAuth Exception class, so we need to wrap
+ * the definition of this class in order to avoid a PHP error.
+ */
+if (!class_exists('OAuthException')) {
+ /*
+ * Generic exception class
+ */
+ class OAuthException extends Exception {
+ // pass
+ }
+}
+
+class OAuthConsumer {
+ public $key;
+ public $secret;
+
+ function __construct($key, $secret, $callback_url=NULL) {
+ $this->key = $key;
+ $this->secret = $secret;
+ $this->callback_url = $callback_url;
+ }
+
+ function __toString() {
+ return "OAuthConsumer[key=$this->key,secret=$this->secret]";
+ }
+}
+
+class OAuthToken {
+ // access tokens and request tokens
+ public $key;
+ public $secret;
+
+ /**
+ * key = the token
+ * secret = the token secret
+ */
+ function __construct($key, $secret) {
+ $this->key = $key;
+ $this->secret = $secret;
+ }
+
+ /**
+ * generates the basic string serialization of a token that a server
+ * would respond to request_token and access_token calls with
+ */
+ function to_string() {
+ return "oauth_token=" .
+ OAuthUtil::urlencode_rfc3986($this->key) .
+ "&oauth_token_secret=" .
+ OAuthUtil::urlencode_rfc3986($this->secret);
+ }
+
+ function __toString() {
+ return $this->to_string();
+ }
+}
+
+/**
+ * A class for implementing a Signature Method
+ * See section 9 ("Signing Requests") in the spec
+ */
+abstract class OAuthSignatureMethod {
+ /**
+ * Needs to return the name of the Signature Method (ie HMAC-SHA1)
+ * @return string
+ */
+ abstract public function get_name();
+
+ /**
+ * Build up the signature
+ * NOTE: The output of this function MUST NOT be urlencoded.
+ * the encoding is handled in OAuthRequest when the final
+ * request is serialized
+ * @param OAuthRequest $request
+ * @param OAuthConsumer $consumer
+ * @param OAuthToken $token
+ * @return string
+ */
+ abstract public function build_signature($request, $consumer, $token);
+
+ /**
+ * Verifies that a given signature is correct
+ * @param OAuthRequest $request
+ * @param OAuthConsumer $consumer
+ * @param OAuthToken $token
+ * @param string $signature
+ * @return bool
+ */
+ public function check_signature($request, $consumer, $token, $signature) {
+ $built = $this->build_signature($request, $consumer, $token);
+
+ // Check for zero length, although unlikely here
+ if (strlen($built) == 0 || strlen($signature) == 0) {
+ return false;
+ }
+
+ if (strlen($built) != strlen($signature)) {
+ return false;
+ }
+
+ // Avoid a timing leak with a (hopefully) time insensitive compare
+ $result = 0;
+ for ($i = 0; $i < strlen($signature); $i++) {
+ $result |= ord($built{$i}) ^ ord($signature{$i});
+ }
+
+ return $result == 0;
+ }
+}
+
+/**
+ * The HMAC-SHA1 signature method uses the HMAC-SHA1 signature algorithm as defined in [RFC2104]
+ * where the Signature Base String is the text and the key is the concatenated values (each first
+ * encoded per Parameter Encoding) of the Consumer Secret and Token Secret, separated by an '&'
+ * character (ASCII code 38) even if empty.
+ * - Chapter 9.2 ("HMAC-SHA1")
+ */
+class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {
+ function get_name() {
+ return "HMAC-SHA1";
+ }
+
+ public function build_signature($request, $consumer, $token) {
+ $base_string = $request->get_signature_base_string();
+ $request->base_string = $base_string;
+
+ $key_parts = array(
+ $consumer->secret,
+ ($token) ? $token->secret : ""
+ );
+
+ $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
+ $key = implode('&', $key_parts);
+
+ return base64_encode(hash_hmac('sha1', $base_string, $key, true));
+ }
+}
+
+/**
+ * The PLAINTEXT method does not provide any security protection and SHOULD only be used
+ * over a secure channel such as HTTPS. It does not use the Signature Base String.
+ * - Chapter 9.4 ("PLAINTEXT")
+ */
+class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod {
+ public function get_name() {
+ return "PLAINTEXT";
+ }
+
+ /**
+ * oauth_signature is set to the concatenated encoded values of the Consumer Secret and
+ * Token Secret, separated by a '&' character (ASCII code 38), even if either secret is
+ * empty. The result MUST be encoded again.
+ * - Chapter 9.4.1 ("Generating Signatures")
+ *
+ * Please note that the second encoding MUST NOT happen in the SignatureMethod, as
+ * OAuthRequest handles this!
+ */
+ public function build_signature($request, $consumer, $token) {
+ $key_parts = array(
+ $consumer->secret,
+ ($token) ? $token->secret : ""
+ );
+
+ $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
+ $key = implode('&', $key_parts);
+ $request->base_string = $key;
+
+ return $key;
+ }
+}
+
+/**
+ * The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in
+ * [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for
+ * EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a
+ * verified way to the Service Provider, in a manner which is beyond the scope of this
+ * specification.
+ * - Chapter 9.3 ("RSA-SHA1")
+ */
+abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
+ public function get_name() {
+ return "RSA-SHA1";
+ }
+
+ // Up to the SP to implement this lookup of keys. Possible ideas are:
+ // (1) do a lookup in a table of trusted certs keyed off of consumer
+ // (2) fetch via http using a url provided by the requester
+ // (3) some sort of specific discovery code based on request
+ //
+ // Either way should return a string representation of the certificate
+ protected abstract function fetch_public_cert(&$request);
+
+ // Up to the SP to implement this lookup of keys. Possible ideas are:
+ // (1) do a lookup in a table of trusted certs keyed off of consumer
+ //
+ // Either way should return a string representation of the certificate
+ protected abstract function fetch_private_cert(&$request);
+
+ public function build_signature($request, $consumer, $token) {
+ $base_string = $request->get_signature_base_string();
+ $request->base_string = $base_string;
+
+ // Fetch the private key cert based on the request
+ $cert = $this->fetch_private_cert($request);
+
+ // Pull the private key ID from the certificate
+ $privatekeyid = openssl_get_privatekey($cert);
+
+ // Sign using the key
+ $ok = openssl_sign($base_string, $signature, $privatekeyid);
+
+ // Release the key resource
+ openssl_free_key($privatekeyid);
+
+ return base64_encode($signature);
+ }
+
+ public function check_signature($request, $consumer, $token, $signature) {
+ $decoded_sig = base64_decode($signature);
+
+ $base_string = $request->get_signature_base_string();
+
+ // Fetch the public key cert based on the request
+ $cert = $this->fetch_public_cert($request);
+
+ // Pull the public key ID from the certificate
+ $publickeyid = openssl_get_publickey($cert);
+
+ // Check the computed signature against the one passed in the query
+ $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
+
+ // Release the key resource
+ openssl_free_key($publickeyid);
+
+ return $ok == 1;
+ }
+}
+
+class OAuthRequest {
+ protected $parameters;
+ protected $http_method;
+ protected $http_url;
+ // for debug purposes
+ public $base_string;
+ public static $version = '1.0';
+ public static $POST_INPUT = 'php://input';
+
+ function __construct($http_method, $http_url, $parameters=NULL) {
+ $parameters = ($parameters) ? $parameters : array();
+ $parameters = array_merge( OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
+ $this->parameters = $parameters;
+ $this->http_method = $http_method;
+ $this->http_url = $http_url;
+ }
+
+
+ /**
+ * attempt to build up a request from what was passed to the server
+ */
+ public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) {
+ $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
+ ? 'http'
+ : 'https';
+ $http_url = ($http_url) ? $http_url : $scheme .
+ '://' . $_SERVER['SERVER_NAME'] .
+ ':' .
+ $_SERVER['SERVER_PORT'] .
+ $_SERVER['REQUEST_URI'];
+ $http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD'];
+
+ // We weren't handed any parameters, so let's find the ones relevant to
+ // this request.
+ // If you run XML-RPC or similar you should use this to provide your own
+ // parsed parameter-list
+ if (!$parameters) {
+ // Find request headers
+ $request_headers = OAuthUtil::get_headers();
+
+ // Parse the query-string to find GET parameters
+ $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
+
+ // It's a POST request of the proper content-type, so parse POST
+ // parameters and add those overriding any duplicates from GET
+ if ($http_method == "POST"
+ && isset($request_headers['Content-Type'])
+ && strstr($request_headers['Content-Type'],
+ 'application/x-www-form-urlencoded')
+ ) {
+ $post_data = OAuthUtil::parse_parameters(
+ file_get_contents(self::$POST_INPUT)
+ );
+ $parameters = array_merge($parameters, $post_data);
+ }
+
+ // We have a Authorization-header with OAuth data. Parse the header
+ // and add those overriding any duplicates from GET or POST
+ if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
+ $header_parameters = OAuthUtil::split_header(
+ $request_headers['Authorization']
+ );
+ $parameters = array_merge($parameters, $header_parameters);
+ }
+
+ }
+
+ return new OAuthRequest($http_method, $http_url, $parameters);
+ }
+
+ /**
+ * pretty much a helper function to set up the request
+ */
+ public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {
+ $parameters = ($parameters) ? $parameters : array();
+ $defaults = array("oauth_version" => OAuthRequest::$version,
+ "oauth_nonce" => OAuthRequest::generate_nonce(),
+ "oauth_timestamp" => OAuthRequest::generate_timestamp(),
+ "oauth_consumer_key" => $consumer->key);
+ if ($token)
+ $defaults['oauth_token'] = $token->key;
+
+ $parameters = array_merge($defaults, $parameters);
+
+ return new OAuthRequest($http_method, $http_url, $parameters);
+ }
+
+ public function set_parameter($name, $value, $allow_duplicates = true) {
+ if ($allow_duplicates && isset($this->parameters[$name])) {
+ // We have already added parameter(s) with this name, so add to the list
+ if (is_scalar($this->parameters[$name])) {
+ // This is the first duplicate, so transform scalar (string)
+ // into an array so we can add the duplicates
+ $this->parameters[$name] = array($this->parameters[$name]);
+ }
+
+ $this->parameters[$name][] = $value;
+ } else {
+ $this->parameters[$name] = $value;
+ }
+ }
+
+ public function get_parameter($name) {
+ return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
+ }
+
+ public function get_parameters() {
+ return $this->parameters;
+ }
+
+ public function unset_parameter($name) {
+ unset($this->parameters[$name]);
+ }
+
+ /**
+ * The request parameters, sorted and concatenated into a normalized string.
+ * @return string
+ */
+ public function get_signable_parameters() {
+ // Grab all parameters
+ $params = $this->parameters;
+
+ // Remove oauth_signature if present
+ // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
+ if (isset($params['oauth_signature'])) {
+ unset($params['oauth_signature']);
+ }
+
+ return OAuthUtil::build_http_query($params);
+ }
+
+ /**
+ * Returns the base string of this request
+ *
+ * The base string defined as the method, the url
+ * and the parameters (normalized), each urlencoded
+ * and the concated with &.
+ */
+ public function get_signature_base_string() {
+ $parts = array(
+ $this->get_normalized_http_method(),
+ $this->get_normalized_http_url(),
+ $this->get_signable_parameters()
+ );
+
+ $parts = OAuthUtil::urlencode_rfc3986($parts);
+
+ return implode('&', $parts);
+ }
+
+ /**
+ * just uppercases the http method
+ */
+ public function get_normalized_http_method() {
+ return strtoupper($this->http_method);
+ }
+
+ /**
+ * parses the url and rebuilds it to be
+ * scheme://host/path
+ */
+ public function get_normalized_http_url() {
+ $parts = parse_url($this->http_url);
+
+ $scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
+ $port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
+ $host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
+ $path = (isset($parts['path'])) ? $parts['path'] : '';
+
+ if (($scheme == 'https' && $port != '443')
+ || ($scheme == 'http' && $port != '80')) {
+ $host = "$host:$port";
+ }
+ return "$scheme://$host$path";
+ }
+
+ /**
+ * builds a url usable for a GET request
+ */
+ public function to_url() {
+ $post_data = $this->to_postdata();
+ $out = $this->get_normalized_http_url();
+ if ($post_data) {
+ $out .= '?'.$post_data;
+ }
+ return $out;
+ }
+
+ /**
+ * builds the data one would send in a POST request
+ */
+ public function to_postdata() {
+ return OAuthUtil::build_http_query($this->parameters);
+ }
+
+ /**
+ * builds the Authorization: header
+ */
+ public function to_header($realm=null) {
+ $first = true;
+ if($realm) {
+ $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
+ $first = false;
+ } else
+ $out = 'Authorization: OAuth';
+
+ $total = array();
+ foreach ($this->parameters as $k => $v) {
+ if (substr($k, 0, 5) != "oauth") continue;
+ if (is_array($v)) {
+ throw new OAuthException('Arrays not supported in headers');
+ }
+ $out .= ($first) ? ' ' : ',';
+ $out .= OAuthUtil::urlencode_rfc3986($k) .
+ '="' .
+ OAuthUtil::urlencode_rfc3986($v) .
+ '"';
+ $first = false;
+ }
+ return $out;
+ }
+
+ public function __toString() {
+ return $this->to_url();
+ }
+
+
+ public function sign_request($signature_method, $consumer, $token) {
+ $this->set_parameter(
+ "oauth_signature_method",
+ $signature_method->get_name(),
+ false
+ );
+ $signature = $this->build_signature($signature_method, $consumer, $token);
+ $this->set_parameter("oauth_signature", $signature, false);
+ }
+
+ public function build_signature($signature_method, $consumer, $token) {
+ $signature = $signature_method->build_signature($this, $consumer, $token);
+ return $signature;
+ }
+
+ /**
+ * util function: current timestamp
+ */
+ private static function generate_timestamp() {
+ return time();
+ }
+
+ /**
+ * util function: current nonce
+ */
+ private static function generate_nonce() {
+ $mt = microtime();
+ $rand = mt_rand();
+
+ return md5($mt . $rand); // md5s look nicer than numbers
+ }
+}
+
+class OAuthServer {
+ protected $timestamp_threshold = 300; // in seconds, five minutes
+ protected $version = '1.0'; // hi blaine
+ protected $signature_methods = array();
+
+ protected $data_store;
+
+ function __construct($data_store) {
+ $this->data_store = $data_store;
+ }
+
+ public function add_signature_method($signature_method) {
+ $this->signature_methods[$signature_method->get_name()] =
+ $signature_method;
+ }
+
+ // high level functions
+
+ /**
+ * process a request_token request
+ * returns the request token on success
+ */
+ public function fetch_request_token(&$request) {
+ $this->get_version($request);
+
+ $consumer = $this->get_consumer($request);
+
+ // no token required for the initial token request
+ $token = NULL;
+
+ $this->check_signature($request, $consumer, $token);
+
+ // Rev A change
+ $callback = $request->get_parameter('oauth_callback');
+ $new_token = $this->data_store->new_request_token($consumer, $callback);
+
+ return $new_token;
+ }
+
+ /**
+ * process an access_token request
+ * returns the access token on success
+ */
+ public function fetch_access_token(&$request) {
+ $this->get_version($request);
+
+ $consumer = $this->get_consumer($request);
+
+ // requires authorized request token
+ $token = $this->get_token($request, $consumer, "request");
+
+ $this->check_signature($request, $consumer, $token);
+
+ // Rev A change
+ $verifier = $request->get_parameter('oauth_verifier');
+ $new_token = $this->data_store->new_access_token($token, $consumer, $verifier);
+
+ return $new_token;
+ }
+
+ /**
+ * verify an api call, checks all the parameters
+ */
+ public function verify_request(&$request) {
+ $this->get_version($request);
+ $consumer = $this->get_consumer($request);
+ $token = $this->get_token($request, $consumer, "access");
+ $this->check_signature($request, $consumer, $token);
+ return array($consumer, $token);
+ }
+
+ // Internals from here
+ /**
+ * version 1
+ */
+ private function get_version(&$request) {
+ $version = $request->get_parameter("oauth_version");
+ if (!$version) {
+ // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
+ // Chapter 7.0 ("Accessing Protected Ressources")
+ $version = '1.0';
+ }
+ if ($version !== $this->version) {
+ throw new OAuthException("OAuth version '$version' not supported");
+ }
+ return $version;
+ }
+
+ /**
+ * figure out the signature with some defaults
+ */
+ private function get_signature_method($request) {
+ $signature_method = $request instanceof OAuthRequest
+ ? $request->get_parameter("oauth_signature_method")
+ : NULL;
+
+ if (!$signature_method) {
+ // According to chapter 7 ("Accessing Protected Ressources") the signature-method
+ // parameter is required, and we can't just fallback to PLAINTEXT
+ throw new OAuthException('No signature method parameter. This parameter is required');
+ }
+
+ if (!in_array($signature_method,
+ array_keys($this->signature_methods))) {
+ throw new OAuthException(
+ "Signature method '$signature_method' not supported " .
+ "try one of the following: " .
+ implode(", ", array_keys($this->signature_methods))
+ );
+ }
+ return $this->signature_methods[$signature_method];
+ }
+
+ /**
+ * try to find the consumer for the provided request's consumer key
+ */
+ private function get_consumer($request) {
+ $consumer_key = $request instanceof OAuthRequest
+ ? $request->get_parameter("oauth_consumer_key")
+ : NULL;
+
+ if (!$consumer_key) {
+ throw new OAuthException("Invalid consumer key");
+ }
+
+ $consumer = $this->data_store->lookup_consumer($consumer_key);
+ if (!$consumer) {
+ throw new OAuthException("Invalid consumer");
+ }
+
+ return $consumer;
+ }
+
+ /**
+ * try to find the token for the provided request's token key
+ */
+ private function get_token($request, $consumer, $token_type="access") {
+ $token_field = $request instanceof OAuthRequest
+ ? $request->get_parameter('oauth_token')
+ : NULL;
+
+ if (!empty($token_field)) {
+ $token = $this->data_store->lookup_token(
+ $consumer, $token_type, $token_field
+ );
+ if (!$token) {
+ throw new OAuthException("Invalid $token_type token: $token_field");
+ }
+ }
+ else {
+ $token = new OAuthToken('', '');
+ }
+ return $token;
+ }
+
+ /**
+ * all-in-one function to check the signature on a request
+ * should guess the signature method appropriately
+ */
+ private function check_signature($request, $consumer, $token) {
+ // this should probably be in a different method
+ $timestamp = $request instanceof OAuthRequest
+ ? $request->get_parameter('oauth_timestamp')
+ : NULL;
+ $nonce = $request instanceof OAuthRequest
+ ? $request->get_parameter('oauth_nonce')
+ : NULL;
+
+ $this->check_timestamp($timestamp);
+ $this->check_nonce($consumer, $token, $nonce, $timestamp);
+
+ $signature_method = $this->get_signature_method($request);
+
+ $signature = $request->get_parameter('oauth_signature');
+ $valid_sig = $signature_method->check_signature(
+ $request,
+ $consumer,
+ $token,
+ $signature
+ );
+
+ if (!$valid_sig) {
+ throw new OAuthException("Invalid signature");
+ }
+ }
+
+ /**
+ * check that the timestamp is new enough
+ */
+ private function check_timestamp($timestamp) {
+ if( ! $timestamp )
+ throw new OAuthException(
+ 'Missing timestamp parameter. The parameter is required'
+ );
+
+ // verify that timestamp is recentish
+ $now = time();
+ if (abs($now - $timestamp) > $this->timestamp_threshold) {
+ throw new OAuthException(
+ "Expired timestamp, yours $timestamp, ours $now"
+ );
+ }
+ }
+
+ /**
+ * check that the nonce is not repeated
+ */
+ private function check_nonce($consumer, $token, $nonce, $timestamp) {
+ if( ! $nonce )
+ throw new OAuthException(
+ 'Missing nonce parameter. The parameter is required'
+ );
+
+ // verify that the nonce is uniqueish
+ $found = $this->data_store->lookup_nonce(
+ $consumer,
+ $token,
+ $nonce,
+ $timestamp
+ );
+ if ($found) {
+ throw new OAuthException("Nonce already used: $nonce");
+ }
+ }
+
+}
+
+class OAuthDataStore {
+ function lookup_consumer($consumer_key) {
+ // implement me
+ }
+
+ function lookup_token($consumer, $token_type, $token) {
+ // implement me
+ }
+
+ function lookup_nonce($consumer, $token, $nonce, $timestamp) {
+ // implement me
+ }
+
+ function new_request_token($consumer, $callback = null) {
+ // return a new token attached to this consumer
+ }
+
+ function new_access_token($token, $consumer, $verifier = null) {
+ // return a new access token attached to this consumer
+ // for the user associated with this token if the request token
+ // is authorized
+ // should also invalidate the request token
+ }
+
+}
+
+class OAuthUtil {
+ public static function urlencode_rfc3986($input) {
+ if (is_array($input)) {
+ return array_map(array('OAuthUtil', 'urlencode_rfc3986'), $input);
+ } else if (is_scalar($input)) {
+ return str_replace(
+ '+',
+ ' ',
+ str_replace('%7E', '~', rawurlencode($input))
+ );
+ } else {
+ return '';
+ }
+}
+
+
+ // This decode function isn't taking into consideration the above
+ // modifications to the encoding process. However, this method doesn't
+ // seem to be used anywhere so leaving it as is.
+ public static function urldecode_rfc3986($string) {
+ return urldecode($string);
+ }
+
+ // Utility function for turning the Authorization: header into
+ // parameters, has to do some unescaping
+ // Can filter out any non-oauth parameters if needed (default behaviour)
+ // May 28th, 2010 - method updated to tjerk.meesters for a speed improvement.
+ // see http://code.google.com/p/oauth/issues/detail?id=163
+ public static function split_header($header, $only_allow_oauth_parameters = true) {
+ $params = array();
+ if (preg_match_all('/('.($only_allow_oauth_parameters ? 'oauth_' : '').'[a-z_-]*)=(:?"([^"]*)"|([^,]*))/', $header, $matches)) {
+ foreach ($matches[1] as $i => $h) {
+ $params[$h] = OAuthUtil::urldecode_rfc3986(empty($matches[3][$i]) ? $matches[4][$i] : $matches[3][$i]);
+ }
+ if (isset($params['realm'])) {
+ unset($params['realm']);
+ }
+ }
+ return $params;
+ }
+
+ // helper to try to sort out headers for people who aren't running apache
+ public static function get_headers() {
+ if (function_exists('apache_request_headers')) {
+ // we need this to get the actual Authorization: header
+ // because apache tends to tell us it doesn't exist
+ $headers = apache_request_headers();
+
+ // sanitize the output of apache_request_headers because
+ // we always want the keys to be Cased-Like-This and arh()
+ // returns the headers in the same case as they are in the
+ // request
+ $out = array();
+ foreach ($headers AS $key => $value) {
+ $key = str_replace(
+ " ",
+ "-",
+ ucwords(strtolower(str_replace("-", " ", $key)))
+ );
+ $out[$key] = $value;
+ }
+ } else {
+ // otherwise we don't have apache and are just going to have to hope
+ // that $_SERVER actually contains what we need
+ $out = array();
+ if( isset($_SERVER['CONTENT_TYPE']) )
+ $out['Content-Type'] = $_SERVER['CONTENT_TYPE'];
+ if( isset($_ENV['CONTENT_TYPE']) )
+ $out['Content-Type'] = $_ENV['CONTENT_TYPE'];
+
+ foreach ($_SERVER as $key => $value) {
+ if (substr($key, 0, 5) == "HTTP_") {
+ // this is chaos, basically it is just there to capitalize the first
+ // letter of every word that is not an initial HTTP and strip HTTP
+ // code from przemek
+ $key = str_replace(
+ " ",
+ "-",
+ ucwords(strtolower(str_replace("_", " ", substr($key, 5))))
+ );
+ $out[$key] = $value;
+ }
+ }
+ // The "Authorization" header may get turned into "Auth".
+ if ($out['Auth']) {
+ $out['Authorization'] = $out['Auth'];
+ }
+ }
+ return $out;
+ }
+
+ // This function takes a input like a=b&a=c&d=e and returns the parsed
+ // parameters like this
+ // array('a' => array('b','c'), 'd' => 'e')
+ public static function parse_parameters( $input ) {
+ if (!isset($input) || !$input) return array();
+
+ $pairs = explode('&', $input);
+
+ $parsed_parameters = array();
+ foreach ($pairs as $pair) {
+ $split = explode('=', $pair, 2);
+ $parameter = OAuthUtil::urldecode_rfc3986($split[0]);
+ $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : '';
+
+ if (isset($parsed_parameters[$parameter])) {
+ // We have already recieved parameter(s) with this name, so add to the list
+ // of parameters with this name
+
+ if (is_scalar($parsed_parameters[$parameter])) {
+ // This is the first duplicate, so transform scalar (string) into an array
+ // so we can add the duplicates
+ $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]);
+ }
+
+ $parsed_parameters[$parameter][] = $value;
+ } else {
+ $parsed_parameters[$parameter] = $value;
+ }
+ }
+ return $parsed_parameters;
+ }
+
+ public static function build_http_query($params) {
+ if (!$params) return '';
+
+ // Urlencode both keys and values
+ $keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
+ $values = OAuthUtil::urlencode_rfc3986(array_values($params));
+ $params = array_combine($keys, $values);
+
+ // Parameters are sorted by name, using lexicographical byte value ordering.
+ // Ref: Spec: 9.1.1 (1)
+ uksort($params, 'strcmp');
+
+ $pairs = array();
+ foreach ($params as $parameter => $value) {
+ if (is_array($value)) {
+ // If two or more parameters share the same name, they are sorted by their value
+ // Ref: Spec: 9.1.1 (1)
+ // June 12th, 2010 - changed to sort because of issue 164 by hidetaka
+ sort($value, SORT_STRING);
+ foreach ($value as $duplicate_value) {
+ $pairs[] = $parameter . '=' . $duplicate_value;
+ }
+ } else {
+ $pairs[] = $parameter . '=' . $value;
+ }
+ }
+ // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
+ // Each name-value pair is separated by an '&' character (ASCII code 38)
+ return implode('&', $pairs);
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth-fatal_error_class_OAuthException-1334528-11.patch b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth-fatal_error_class_OAuthException-1334528-11.patch
new file mode 100644
index 0000000..ab555ce
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth-fatal_error_class_OAuthException-1334528-11.patch
@@ -0,0 +1,25 @@
+Index: /lib/OAuth.php
+IDEA additional info:
+Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
+<+>UTF-8
+===================================================================
+--- /lib/OAuth.php (date 1328724051000)
++++ /lib/OAuth.php (revision )
+@@ -1,10 +1,13 @@
+ <?php
+ // vim: foldmethod=marker
+
+-/* Generic exception class
++if (!class_exists('OAuthException')) {
++ /*
++ * Generic exception class
+- */
+-class OAuthException extends Exception {
+- // pass
++ */
++ class OAuthException extends Exception {
++ // pass
++ }
+ }
+
+ class OAuthConsumer {
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.admin.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.admin.inc
new file mode 100644
index 0000000..4906bf6
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.admin.inc
@@ -0,0 +1,589 @@
+<?php
+/**
+ * @file
+ * Administration pages for OAuth module.
+ */
+
+function _oauth_common_admin() {
+ $form = array();
+
+ $form['oauth_common_enable_provider'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Enable the oauth provider'),
+ '#default_value' => variable_get('oauth_common_enable_provider', TRUE),
+ '#description' => t('This option controls whether this site should act as a OAuth provider or not'),
+ );
+
+ $form['oauth_common_request_token_lifetime'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Request token lifetime (in seconds)'),
+ '#default_value' => variable_get('oauth_common_request_token_lifetime', 7200),
+ );
+
+ $form['oauth_common_login_path'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Login page'),
+ '#description' => t('Specify an alternative login page. This is useful when, for example, you want to show a mobile-enhanced login page.'),
+ '#default_value' => variable_get('oauth_common_login_path', OAUTH_COMMON_LOGIN_PATH),
+ );
+
+ $form['#validate'][] = '_oauth_common_admin_settings_validate';
+
+ return system_settings_form($form);
+}
+
+function _oauth_common_admin_settings_validate($form, $form_state) {
+ $values = $form_state['values'];
+
+ $lifetime = intval($values['oauth_common_request_token_lifetime'], 10);
+ if (!$lifetime) {
+ form_set_error('oauth_common_request_token_lifetime', t('The request token lifetime must be a non-zero integer value.'));
+ }
+}
+
+/**
+ * Output a list of contexts.
+ */
+function oauth_common_list_context($js = NULL) {
+ $header = array(
+ array('data' => t('Title'), 'class' => array('oauth-common-contexts-title')),
+ array('data' => t('Storage'), 'class' => array('oauth-common-contexts-storage')),
+ array('data' => t('Operations'), 'class' => array('oauth-common-contexts-operations')),
+ );
+
+ $contexts = oauth_common_context_load_all();
+ $rows = array();
+
+ if (!$contexts) {
+ $contexts = array();
+ }
+
+ foreach ($contexts as $context) {
+ $operations = array();
+
+ if (empty($context->disabled)) {
+ $operations[] = array(
+ 'title' => t('Edit'),
+ 'href' => 'admin/config/services/oauth/' . $context->name . '/edit',
+ );
+ $operations[] = array(
+ 'title' => t('Export'),
+ 'href' => 'admin/config/services/oauth/' . $context->name . '/export',
+ );
+ }
+
+ if ($context->export_type == (EXPORT_IN_CODE | EXPORT_IN_DATABASE)) {
+ $operations[] = array(
+ 'title' => t('Revert'),
+ 'href' => 'admin/config/services/oauth/' . $context->name . '/delete',
+ );
+ }
+ elseif ($context->export_type != EXPORT_IN_CODE) {
+ $operations[] = array(
+ 'title' => t('Delete'),
+ 'href' => 'admin/config/services/oauth/' . $context->name . '/delete',
+ );
+ }
+ elseif (empty($context->disabled)) {
+ $operations[] = array(
+ 'title' => t('Disable'),
+ 'href' => 'admin/config/services/oauth/' . $context->name . '/disable',
+ 'query' => drupal_get_destination(),
+ );
+ }
+ else {
+ $operations[] = array(
+ 'title' => t('Enable'),
+ 'href' => 'admin/config/services/oauth/' . $context->name . '/enable',
+ 'query' => drupal_get_destination(),
+ );
+ }
+
+ $rows[$context->name] = array(
+ 'data' => array(
+ 'title' => array(
+ 'data' => check_plain($context->title),
+ 'class' => array('oauth-common-contexts-title'),
+ ),
+ 'storage' => array(
+ 'data' => ($context->export_type == EXPORT_IN_CODE) ? t('In code') : t('In database'),
+ 'class' => array('oauth-common-contexts-storage'),
+ ),
+ 'operations' => array(
+ 'data' => theme('links', array('links' => $operations)),
+ 'class' => array('oauth-common-contexts-operations'),
+ ),
+ ),
+ 'class' => array('oauth-common-contexts-' . $context->name)
+ );
+
+ if (!empty($context->disabled)) {
+ $rows[$context->name]['class'][] = 'oauth-common-contexts-disabled';
+ }
+ }
+
+ $table = theme('table', array(
+ 'header' => $header,
+ 'rows' => $rows,
+ 'attributes' => array('id' => 'oauth-common-list-contexts')
+ ));
+
+ return $table;
+}
+
+/**
+ * Handle the add context page.
+ */
+function oauth_common_add_context() {
+ $context = oauth_common_context_new();
+ drupal_set_title(t('Add context'));
+ if (!$context) {
+ drupal_set_message(t("Can't create contexts, check that you've installed !ctools.", array(
+ '!ctools' => l('Chaos tool suite', 'http://drupal.org/project/ctools'),
+ )), 'error');
+ $result = '';
+ }
+ else {
+ $result = oauth_common_edit_context($context);
+ }
+ return $result;
+}
+
+/**
+ * Edit a context.
+ *
+ * Called from both the add and edit points to provide for common flow.
+ */
+function oauth_common_edit_context($context) {
+ if (!is_object($context)) {
+ $context = oauth_common_context_load($context);
+ }
+ if ($context && !empty($context->title)) {
+ drupal_set_title($context->title);
+ }
+ return drupal_get_form('oauth_common_edit_form_context', $context);
+}
+
+/**
+ * Form to edit the settings of a context.
+ */
+function oauth_common_edit_form_context($form, &$form_state, $context) {
+ $form['#attached']['css'] = array(
+ drupal_get_path('module', 'oauth_common') . '/css/admin.css'
+ );
+
+ $form['cid'] = array(
+ '#type' => 'value',
+ '#value' => isset($context->cid) ? $context->cid : '',
+ );
+
+ $form['context_object'] = array(
+ '#type' => 'value',
+ '#value' => $context,
+ );
+
+ $form['title'] = array(
+ '#type' => 'textfield',
+ '#size' => 24,
+ '#maxlength' => 100,
+ '#default_value' => $context->title,
+ '#title' => t('Context title'),
+ '#required' => TRUE,
+ );
+
+ $form['name'] = array(
+ '#type' => 'machine_name',
+ '#size' => 24,
+ '#maxlength' => 32,
+ '#default_value' => $context->name,
+ '#title' => t('Context name'),
+ '#description' => t('A unique name used to identify this preset internally. It ' .
+ 'must be only alpha characters and underscores. No spaces, ' .
+ 'numbers or uppercase characters.'),
+ '#machine_name' => array(
+ 'source' => array('title'),
+ 'exists' => 'oauth_common_edit_form_context_exists',
+ ),
+ '#required' => TRUE,
+ );
+
+ $sign_methods = array(
+ 'PLAINTEXT' => t('Plaintext'),
+ );
+ foreach (hash_algos() as $algo) {
+ $sign_methods['HMAC-' . strtoupper($algo)] = 'HMAC-' . strtoupper($algo);
+ }
+
+ $form['signature_methods'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Signature methods'),
+ '#collapsible' => TRUE,
+ '#collapsed' => TRUE,
+ '#tree' => TRUE,
+ 'selected' => array(
+ '#type' => 'checkboxes',
+ '#title' => t('Supported signature methods'),
+ '#options' => $sign_methods,
+ '#default_value' => !empty($context->authorization_options['signature_methods']) ?
+ $context->authorization_options['signature_methods'] :
+ array('HMAC-SHA1', 'HMAC-SHA256', 'HMAC-SHA384', 'HMAC-SHA512'),
+ )
+ );
+
+ $form['authorization_options'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Authorization options'),
+ '#tree' => TRUE,
+ '#collapsible' => TRUE,
+ '#collapsed' => TRUE,
+ );
+
+ $form['authorization_options']['page_title'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Page title'),
+ '#description' => t('The title of the authorization page.'),
+ '#size' => 40,
+ '#maxlength' => 255,
+ '#default_value' => empty($context->authorization_options['page_title']) ? '' : $context->authorization_options['page_title'],
+ );
+
+ $form['authorization_options']['message'] = array(
+ '#type' => 'textarea',
+ '#title' => t('Message'),
+ '#description' => t('The message shown to the user when authorizing.'),
+ '#default_value' => empty($context->authorization_options['message']) ? '' : $context->authorization_options['message'],
+ );
+
+ $form['authorization_options']['warning'] = array(
+ '#type' => 'textarea',
+ '#title' => t('Warning'),
+ '#description' => t('The warning shown to the user when authorizing.'),
+ '#default_value' => empty($context->authorization_options['warning']) ? '' : $context->authorization_options['warning'],
+ );
+
+ $form['authorization_options']['deny_access_title'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Deny access title'),
+ '#description' => t('The title of deny access link.'),
+ '#size' => 40,
+ '#maxlength' => 255,
+ '#default_value' => empty($context->authorization_options['deny_access_title']) ? '' : $context->authorization_options['deny_access_title'],
+ );
+
+ $form['authorization_options']['grant_access_title'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Grant access title'),
+ '#description' => t('The title of grant access button.'),
+ '#size' => 40,
+ '#maxlength' => 255,
+ '#default_value' => empty($context->authorization_options['grant_access_title']) ? '' : $context->authorization_options['grant_access_title'],
+ );
+
+ $form['authorization_options']['access_token_lifetime'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Access token lifetime'),
+ '#description' => t('The time, in seconds, for which an access token should be valid, use 0 to never expire access tokens.'),
+ '#size' => 10,
+ '#maxlength' => 255,
+ '#default_value' => empty($context->authorization_options['access_token_lifetime']) ? 0 : $context->authorization_options['access_token_lifetime'],
+ );
+
+ $form['authorization_options']['disable_auth_level_selection'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Disable authorization level selection'),
+ '#description' => t('If this is checked the user won\'t be able to choose the authorization level, and the default authorization level(s) will be used.'),
+ '#default_value' => !empty($context->authorization_options['disable_auth_level_selection']),
+ );
+
+ $form['authorization_levels'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Authorization levels'),
+ '#tree' => TRUE,
+ '#prefix' => '<div id="auth-level-wrapper">',
+ '#suffix' => '</div>',
+ 'add_authorization_level' => array(
+ '#type' => 'submit',
+ '#value' => t('Add authorization level'),
+ '#weight' => 10,
+ '#submit' => array('oauth_common_edit_form_auth_level_ajax_add'),
+ '#limit_validation_errors' => array(),
+ '#ajax' => array(
+ 'callback' => 'oauth_common_edit_form_auth_level_ajax_callback',
+ 'wrapper' => 'auth-level-wrapper',
+ )
+ ),
+ );
+
+ foreach ($context->authorization_levels as $name => $level) {
+ $title = !empty($name) ? check_plain($name) : t('New level');
+ if ($title == '*') {
+ $title = t('Full access');
+ }
+ $l = oauth_common_edit_form_auth_level($context, $title, $name, $level);
+ $form['authorization_levels'][] = $l;
+ }
+
+ if (!isset($form_state['authorization_level_new'])) {
+ $form_state['authorization_level_new'] = 0;
+ }
+ for ($i = 0; $i < $form_state['authorization_level_new']; $i++) {
+ $form['authorization_levels'][] = oauth_common_edit_form_auth_level($context, t('Authorization level'));
+ }
+
+ $form['actions'] = array('#type' => 'actions');
+ $form['actions']['submit'] = array(
+ '#type' => 'submit',
+ '#value' => t('Save'),
+ );
+
+ return $form;
+}
+
+/**
+ * Helper function for constructing an auth level fieldset.
+ *
+ * @param object $context
+ * @param int $idx
+ * @param string $title
+ * @param string $name
+ * @param array $level
+ * @return array.
+ */
+function oauth_common_edit_form_auth_level($context, $title, $name = '', $level = array()) {
+ $level = $level + array(
+ 'title' => '',
+ 'description' => '',
+ );
+
+ $element = array(
+ "name" => array(
+ '#type' => 'textfield',
+ '#title' => t('Name'),
+ '#description' => t('The name of the authorization level.'),
+ '#size' => 40,
+ '#maxlength' => 32,
+ '#default_value' => $name,
+ ),
+ "title" => array(
+ '#type' => 'textfield',
+ '#title' => t('Title'),
+ '#description' => t('The title of the authorization level.'),
+ '#size' => 40,
+ '#maxlength' => 100,
+ '#default_value' => $level['title'],
+ ),
+ "default" => array(
+ '#type' => 'checkbox',
+ '#title' => t('Selected by default'),
+ '#description' => t('Whether the authentication level should be checked by default.'),
+ '#default_value' => is_array($context->authorization_options['default_authorization_levels']) && in_array($name, $context->authorization_options['default_authorization_levels']),
+ ),
+ "delete" => array(
+ '#type' => 'checkbox',
+ '#title' => t('Delete'),
+ '#description' => t('Check this to delete the authorization level.'),
+ '#default_value' => FALSE,
+ ),
+ "description" => array(
+ '#type' => 'textarea',
+ '#title' => t('Description'),
+ '#description' => t('The description of the authorization level.'),
+ '#default_value' => $level['description'],
+ ),
+ );
+ return $element;
+}
+
+/**
+ * Submit handler for adding auth levels
+ *
+ * @return void
+ */
+function oauth_common_edit_form_auth_level_ajax_add($form, &$form_state) {
+ $form_state['authorization_level_new']++;
+ $form_state['rebuild'] = TRUE;
+}
+
+/**
+ * AJAX callback for dealing with auth levels
+ *
+ * @return void
+ */
+function oauth_common_edit_form_auth_level_ajax_callback($form, $form_state) {
+ return $form['authorization_levels'];
+}
+
+/**
+ * Check whether a given context exists.
+ *
+ * @param $name the name parameter for the context.
+ * @return boolean
+ */
+function oauth_common_edit_form_context_exists($name) {
+ $exists = FALSE;
+
+ if (!empty($name)) {
+ $result = db_query('SELECT cid FROM {oauth_common_context} WHERE name = :name', array(
+ ':name' => $name
+ ))->fetchField();
+ $exists = $result ? TRUE : FALSE;
+ }
+
+ return $exists;
+}
+
+/**
+ * Validate submission of the preset edit form.
+ */
+function oauth_common_edit_form_context_validate(&$form, &$form_state) {
+ $values = $form_state['values'];
+
+ // Check that the authorization level names are unique within the context
+ $levels = array();
+ $default_exists = FALSE;
+ foreach ($values['authorization_levels'] as $key => $level) {
+ if (is_numeric($key) && !empty($level['name']) && !$level['delete']) {
+ if (!empty($levels[$level['name']])) {
+ form_error($form['authorization_levels'][$key]['name'], t('Authorization level name must be unique.'));
+ }
+ else if (preg_match("/[^A-Za-z0-9_\*]/", $level['name'])) {
+ form_error($form['authorization_levels'][$key]['name'],
+ t('Authorization level name must be alphanumeric or underscores only.'));
+ }
+ if (empty($level['title'])) {
+ form_error($form['authorization_levels'][$key]['title'], t('Authorization levels must have a title.'));
+ }
+ $default_exists = $default_exists || $level['default'];
+ $levels[$level['name']] = TRUE;
+ }
+ }
+
+ // Check that we actually got a number as access token lifetime
+ if (!is_numeric($values['authorization_options']['access_token_lifetime'])) {
+ form_error($form['authorization_options']['access_token_lifetime'], t('The access token lifetime must be numeric.'));
+ }
+
+ // Check that at least one default authorization level is checked when
+ // authorization level selection is disabled.
+ if (!$default_exists && $values['authorization_options']['disable_auth_level_selection']) {
+ form_error($form['authorization_options']['disable_auth_level_selection'],
+ t('You must select at least one default authorirization level if level selection is disabled.'));
+ }
+}
+
+/**
+ * Process submission of the mini panel edit form.
+ */
+function oauth_common_edit_form_context_submit($form, &$form_state) {
+ $context = $form_state['values']['context_object'];
+ $values = $form_state['values'];
+
+ $context->name = $values['name'];
+ $context->title = $values['title'];
+
+ $auth_options = array(
+ 'access_token_lifetime' => 0,
+ );
+
+ foreach ($values['authorization_options'] as $key => $value) {
+ $auth_options[$key] = empty($value) ? null : $value;
+ }
+ $context->authorization_options = $auth_options;
+
+ // Collect the names of the selected signature methods.
+ $sig_options = array();
+ foreach ($values['signature_methods']['selected'] as $name => $selected) {
+ if ($selected) {
+ $sig_options[] = $name;
+ }
+ }
+ $context->authorization_options['signature_methods'] = $sig_options;
+
+ // Set the auth levels and default levels for the context
+ $levels = array();
+ $default_levels = array();
+ foreach ($values['authorization_levels'] as $key => $level) {
+ if (is_numeric($key) && !empty($level['name']) && !$level['delete']) {
+ $name = $level['name'];
+ if ($level['default']) {
+ $default_levels[] = $name;
+ }
+ $levels[$name] = $level;
+ }
+ }
+ $context->authorization_levels = $levels;
+ $context->authorization_options['default_authorization_levels'] = $default_levels;
+
+ oauth_common_context_save($context);
+
+ if (empty($context->cid)) {
+ drupal_set_message(t('Your new context %title has been saved.', array('%title' => $context->title)));
+ $form_state['values']['cid'] = $context->cid;
+ }
+ else {
+ drupal_set_message(t('Your changes have been saved.'));
+ }
+
+ $form_state['redirect'] = 'admin/config/services/oauth';
+}
+
+/**
+ * Provide a form to confirm deletion of a context.
+ */
+function oauth_common_delete_confirm_context($form, &$form_state, $context) {
+ if (!is_object($context)) {
+ $context = oauth_common_context_load($context);
+ }
+ if ($context->export_type == (EXPORT_IN_CODE | EXPORT_IN_DATABASE)) {
+ $title = t('Are you sure you want to revert the context "@title"?', array('@title' => $context->title));
+ $submit = t('Revert');
+ }
+ elseif ($context->export_type != EXPORT_IN_CODE) {
+ $title = t('Are you sure you want to delete the context "@title"?', array('@title' => $context->title));
+ $submit = t('Delete');
+ }
+ else {
+ drupal_not_found();
+ die;
+ }
+ $form['context'] = array('#type' => 'value', '#value' => $context->name);
+ $form['cid'] = array('#type' => 'value', '#value' => $context->cid);
+ return confirm_form($form,
+ $title,
+ !empty($_GET['destination']) ? $_GET['destination'] : 'admin/config/services/oauth',
+ t('This action cannot be undone.'),
+ $submit, t('Cancel')
+ );
+}
+
+/**
+ * Handle the submit button to delete a context.
+ */
+function oauth_common_delete_confirm_context_submit($form, &$form_state) {
+ $context = oauth_common_context_load($form_state['values']['context']);
+ if ($context->cid == $form_state['values']['cid']) {
+ oauth_common_context_delete($context);
+ $form_state['redirect'] = 'admin/config/services/oauth';
+ }
+}
+
+/**
+ * Page callback to export a context to PHP code.
+ */
+function oauth_common_export_context($form, &$form_state, $context) {
+ if (!is_object($context)) {
+ $context = oauth_common_context_load($context);
+ }
+ drupal_set_title($context->title);
+ $code = oauth_common_context_export($context);
+
+ $lines = substr_count($code, "\n") + 4;
+ $form['code'] = array(
+ '#type' => 'textarea',
+ '#title' => $context->title,
+ '#default_value' => $code,
+ '#rows' => $lines,
+ );
+
+ return $form;
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.authorizations.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.authorizations.inc
new file mode 100644
index 0000000..af5ab1d
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.authorizations.inc
@@ -0,0 +1,288 @@
+<?php
+/**
+ * @file
+ * Functions related to a user's authorization section
+ */
+
+function oauth_common_page_user_authorizations($account) {
+ $header = array(
+ array('data' => t('Application'), 'class' => array("oauth-common-authorization-application")),
+ array('data' => t('Key'), 'class' => array("oauth-common-authorization-key")),
+ array('data' => t('Created'), 'class' => array("oauth-common-authorization-created")),
+ array('data' => t('Expires'), 'class' => array("oauth-common-authorization-expires")),
+ array('data' => t('Operations'), 'class' => array("oauth-common-authorization-operations")),
+ );
+
+ $access_tokens = oauth_common_get_user_provider_tokens($account->uid);
+ $rows = array();
+
+ foreach ($access_tokens as $token) {
+ $consumer = $token->consumer;
+
+ $data = array(
+ 'application' => array(
+ 'data' => check_plain($consumer->name),
+ 'class' => array("oauth-common-authorization-application"),
+ ),
+ 'key' => array(
+ 'data' => substr($token->key, 0, 6) . '...',
+ 'class' => array("oauth-common-authorization-key"),
+ ),
+ 'created' => array(
+ 'data' => format_date($token->created),
+ 'class' => array("oauth-common-authorization-created"),
+ ),
+ );
+ $operations = array();
+
+ $operations[] = array(
+ 'title' => t('Edit'),
+ 'href' => sprintf('user/%d/oauth/authorizations/%s', $account->uid, $token->tid),
+ 'query' => array('destination' => $_GET['q']),
+ );
+
+ $operations[] = array(
+ 'title' => t('Delete'),
+ 'href' => sprintf('user/%d/oauth/authorizations/%s', $account->uid, $token->tid) . '/delete',
+ 'query' => array('destination' => $_GET['q']),
+ );
+
+ $data['expires'] = array(
+ 'data' => $token->expires ? format_date($token->expires) : t('Never'),
+ 'class' => array("oauth-common-authorization-expires"),
+ );
+
+ $rows[] = array(
+ 'data' => $data + array(
+ 'operations' => array(
+ 'data' => theme('links', array('links' => $operations)),
+ 'class' => array("oauth-common-authorization-operations"),
+ ),
+ ),
+ );
+ }
+
+ $table = theme('table', array(
+ 'header' => $header,
+ 'rows' => $rows,
+ 'attributes' => array('id' => 'oauth-common-list-authorization')
+ ));
+
+ return $table;
+}
+
+function oauth_common_authorization_add($consumer) {
+ $token = new DrupalOAuthToken(user_password(32), user_password(32), $consumer, array(
+ 'uid' => $account->uid,
+ ));
+ return drupal_get_form('oauth_common_form_authorization', $token);
+}
+
+/**
+ * Provide a form to edit and add authorizations.
+ *
+ * Despite what appears above, this function is actually invoked by
+ * `drupal_retrieve_form` (by way of `drupal_build_form`, by way of
+ * `drupal_get_form`), so the second argument isn't the token, but a reference
+ * to the form state. Luckily, PHP made that incredibly non-obvious by
+ * neglecting to notify me that this function was being called with one too few
+ * arguments. Go team.
+ */
+function oauth_common_form_authorization($form_id, &$form_state, $token) {
+ $form = array();
+
+ $consumer = $token->consumer;
+ $context = oauth_common_context_load($consumer->context);
+
+ drupal_set_title(t('Authorization for @app', array('@app' => $consumer->name)), PASS_THROUGH);
+
+ $form['token_object'] = array(
+ '#type' => 'value',
+ '#value' => $token,
+ );
+
+ $form['authorized'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Authorized'),
+ '#default_value' => $token->authorized,
+ );
+
+ $form['created'] = array(
+ '#type' => 'item',
+ '#title' => t('Created'),
+ '#markup' => format_date($token->created),
+ );
+
+ $form['changed'] = array(
+ '#type' => 'item',
+ '#title' => t('Changed'),
+ '#markup' => format_date($token->changed),
+ );
+
+ $form['key'] = array(
+ '#type' => 'item',
+ '#title' => t('Key'),
+ '#markup' => $token->key,
+ );
+
+ if ($token->in_database) {
+ $form['secret'] = array(
+ '#type' => 'item',
+ '#prefix' => '<div id="token-secret-wrapper">',
+ '#title' => t('Secret'),
+ '#markup' => substr($token->secret, 0, 6) . '...',
+ );
+
+ $form['show_secret'] = array(
+ '#type' => 'button',
+ '#value' => t('Show secret'),
+ '#ajax' => array(
+ 'callback' => 'oauth_common_form_authorization_secret_ajax_callback',
+ 'wrapper' => 'token-secret-wrapper',
+ ),
+ '#suffix' => '</div>',
+ );
+ }
+ else {
+ $form['secret'] = array(
+ '#type' => 'item',
+ '#title' => t('Secret'),
+ '#markup' => $token->secret
+ );
+ }
+
+ $form['allowed'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Permissions'),
+ );
+
+ global $user;
+ oauth_common_permissions_form($user, $form['allowed'], $consumer, $context, $token->services);
+
+ $form['actions'] = array('#type' => 'actions');
+ $form['actions']['submit'] = array(
+ '#type' => 'submit',
+ '#value' => t('Save'),
+ );
+
+ return $form;
+}
+
+/**
+ * AJAX callback for showing secrets
+ *
+ * @return void
+ */
+function oauth_common_form_authorization_secret_ajax_callback($form, $form_state) {
+ $form['secret']['#markup'] = $form_state['values']['token_object']->secret;
+ $form['secret']['#prefix'] = '';
+ return $form['secret'];
+}
+
+function oauth_common_permissions_form($account, &$form, $consumer, $context, $default_services = array('*')) {
+ $tvars = array(
+ '@appname' => $consumer->name,
+ '@user' => $account->name,
+ '@sitename' => variable_get('site_name', ''),
+ );
+
+ if ($context) {
+ foreach ($context->authorization_levels as $name => $level) {
+ $auth_opt = array(
+ '#type' => 'checkbox',
+ '#title' => t($level['title'], $tvars),
+ '#description' => t($level['description'], $tvars),
+ '#default_value' => in_array($name, $default_services),
+ );
+ $form['authorization']['levels'][$name] = $auth_opt;
+ }
+ }
+}
+
+function oauth_common_form_authorization_submit($form, &$form_state) {
+ $values = $form_state['values'];
+ $token = $values['token_object'];
+ $consumer = $token->consumer;
+
+ // Collect the authorization levels
+ if (isset($values['levels'])) {
+ $token->services = array_keys(array_filter($values['levels']));
+ }
+
+ $token->authorized = $values['authorized'];
+ $token->write(TRUE);
+
+ drupal_set_message(t('The @consumer token @token was updated.', array(
+ '@consumer' => $consumer->name,
+ '@token' => $token->key)));
+
+ drupal_goto(sprintf('user/%d/applications', $token->uid));
+}
+
+/**
+ * Provide a form for deleting an authorization.
+ *
+ * We've got the same symptom here that we do with
+ * `oauth_common_form_authorization`, i.e., this is actually called by
+ * `drupal_retrieve_form`.
+ */
+function oauth_common_form_authorization_delete($form_id, &$form_state, $user, $token) {
+ $consumer = $token->consumer;
+
+ $cancel_url = 'user/%d/oauth/authorizations';
+
+ if (!empty($_GET['destination'])) {
+ $cancel_url = $_GET['destination'];
+ }
+
+ drupal_set_title(t('Deleting authorization for "@consumer"', array(
+ '@consumer' => $consumer->name,
+ )), PASS_THROUGH);
+
+ $form = array(
+ 'token_object' => array(
+ '#type' => 'value',
+ '#value' => $token,
+ ),
+ );
+
+ $form['user'] = array(
+ '#type' => 'value',
+ '#value' => $user->uid,
+ );
+
+ $form['key'] = array(
+ '#type' => 'value',
+ '#value' => $token->key,
+ );
+
+ $form['description'] = array(
+ '#type' => 'item',
+ '#markup' => t('Are you sure that you want to delete the authorization for "@consumer"?', array(
+ '@consumer' => $consumer->name,
+ )),
+ );
+
+ $form['actions'] = array('#type' => 'actions');
+
+ $form['actions']['cancel'] = array(
+ '#markup' => l(t('Cancel'), sprintf($cancel_url, $user->uid, $token->key)),
+ );
+
+ $form['actions']['submit'] = array(
+ '#type' => 'submit',
+ '#value' => t('Delete'),
+ );
+
+ return $form;
+}
+
+function oauth_common_form_authorization_delete_submit($form, &$form_state) {
+ $values = $form_state['values'];
+ $token = $values['token_object'];
+ $consumer = $token->consumer;
+ $token->delete();
+ drupal_set_message(t('The @consumer token @token was deleted.', array(
+ '@consumer' => $consumer->name,
+ '@token' => $token->key)));
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.consumers.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.consumers.inc
new file mode 100644
index 0000000..723aea2
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.consumers.inc
@@ -0,0 +1,270 @@
+<?php
+/**
+ * @file
+ */
+
+/**
+ * Menu system callback for listing a user's consumers.
+ *
+ * @param object $account
+ */
+function oauth_common_page_user_consumers($account) {
+ module_load_include('inc', 'oauth_common');
+
+ $ci = oauth_common_user_consumers($account->uid);
+ $header = array(
+ array('data' => t('Name'), 'class' => array('oauth-common-consumer-name')),
+ array('data' => t('Key'), 'class' => array('oauth-common-consumer-key')),
+ array('data' => t('Created'), 'class' => array('oauth-common-consumer-created')),
+ array('data' => t('Operations'), 'class' => array('oauth-common-consumer-operations')),
+ );
+ $rows = array();
+
+ foreach ($ci as $consumer) {
+ $data = array(
+ 'name' => array(
+ 'data' => $consumer->name,
+ 'class' => array('oauth-common-consumer-name'),
+ ),
+ 'key' => array(
+ 'data' => substr($consumer->key, 0, 6) . '...',
+ 'class' => array('oauth-common-consumer-key'),
+ ),
+ 'created' => array(
+ 'data' => format_date($consumer->created),
+ 'class' => array('oauth-common-consumer-created'),
+ ),
+ );
+ $operations = array();
+
+ if (oauth_common_can_edit_consumer($consumer)) {
+ $operations[] = array(
+ 'title' => t('Edit'),
+ 'href' => sprintf('user/%d/oauth/consumer/%s', $account->uid, $consumer->csid),
+ );
+ $operations[] = array(
+ 'title' => t('Delete'),
+ 'href' => sprintf('user/%d/oauth/consumer/%s', $account->uid, $consumer->csid) . '/delete',
+ );
+ }
+
+ $rows[] = array(
+ 'data' => $data + array(
+ 'operations' => array(
+ 'data' => theme('links', array('links' => $operations)),
+ 'class' => array('oauth-common-consumer-operations'),
+ ),
+ ),
+ 'class' => array('oauth-common-consumer'),
+ );
+ }
+
+ $table = theme('table', array(
+ 'header' => $header,
+ 'rows' => $rows,
+ 'attributes' => array('id' => 'oauth-common-list-consumers')
+ ));
+
+ return $table;
+}
+
+/**
+ * Menu system callback for the add consumer page.
+ */
+function oauth_common_add_consumer($account) {
+ $consumer = new DrupalOAuthConsumer(user_password(32), user_password(32), array(
+ 'callback_url' => '',
+ 'uid' => $account->uid,
+ 'provider_consumer' => TRUE,
+ ));
+ return drupal_get_form('oauth_common_form_consumer', $consumer);
+}
+
+/**
+ * Menu system callback for the edit consumer page.
+ */
+function oauth_common_edit_consumer($consumer) {
+ return drupal_get_form('oauth_common_form_consumer', $consumer);
+}
+
+/**
+ * The consumer form that is shared by the add and edit page.
+ */
+function oauth_common_form_consumer($form, &$form_state, $consumer) {
+ $form = array();
+
+ $form['consumer_object'] = array(
+ '#type' => 'value',
+ '#value' => $consumer,
+ );
+
+ $form['name'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Consumer name'),
+ '#required' => TRUE,
+ '#default_value' => $consumer->name,
+ );
+
+ $form['callback_url'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Callback url'),
+ '#required' => FALSE,
+ '#default_value' => $consumer->callback_url,
+ '#description' => t('You must include a schema for this to work correctly, ie. http:// or iphoneappname://'),
+ );
+
+ if ($consumer->in_database) {
+ $contexts = oauth_common_context_list();
+ $form['context'] = array(
+ '#type' => 'item',
+ '#title' => t('Application context'),
+ '#markup' => isset($contexts[$consumer->context]) ? $contexts[$consumer->context] : $consumer->context,
+ );
+ }
+ else {
+ $allowed_contexts = array();
+ foreach (oauth_common_context_list() as $context => $title) {
+ if (user_access(sprintf('oauth register consumers in %s', $context))) {
+ $allowed_contexts[$context] = $title;
+ }
+ }
+
+ $form['context'] = array(
+ '#type' => 'select',
+ '#title' => t('Application context'),
+ '#options' => $allowed_contexts,
+ '#default_value' => $consumer->context,
+ );
+ }
+
+ if ($consumer->in_database) {
+ $form['key'] = array(
+ '#type' => 'item',
+ '#title' => t('Key'),
+ '#markup' => $consumer->key,
+ );
+
+ $form['secret'] = array(
+ '#type' => 'item',
+ '#prefix' => '<div id="consumer-secret-wrapper">',
+ '#title' => t('Secret'),
+ '#markup' => substr($consumer->secret, 0, 6) . '...',
+ );
+
+ $form['show_secret'] = array(
+ '#type' => 'button',
+ '#value' => t('Show secret'),
+ '#ajax' => array(
+ 'callback' => 'oauth_common_form_consumer_secret_ajax_callback',
+ 'wrapper' => 'consumer-secret-wrapper',
+ ),
+ '#suffix' => '</div>',
+ );
+ }
+
+ $form['actions'] = array('#type' => 'actions');
+ $form['actions']['submit'] = array(
+ '#type' => 'submit',
+ '#value' => t('Save'),
+ );
+
+ return $form;
+}
+
+/**
+ * AJAX callback for showing secrets
+ *
+ * @return void
+ */
+function oauth_common_form_consumer_secret_ajax_callback($form, $form_state) {
+ $form['secret']['#markup'] = $form_state['values']['consumer_object']->secret;
+ $form['secret']['#prefix'] = '';
+ return $form['secret'];
+}
+
+/**
+ * Validate handler for oauth_common_form_consumer
+ */
+function oauth_common_form_consumer_validate($form, &$form_state) {
+ $callback = $form_state['values']['callback_url'];
+ if (!parse_url($callback) || strstr($callback, '://') === FALSE) {
+ form_set_error('callback_url', t('You must set a valid URL as a callback - http/https://some-path or custom://some-path'));
+ }
+}
+
+/**
+ * Submit handler for oauth_common_form_consumer.
+ */
+function oauth_common_form_consumer_submit($form, &$form_state) {
+ $values = $form_state['values'];
+ $consumer = $values['consumer_object'];
+
+ // Translate empty callback url to oob (out of band).
+ if (empty($values['callback_url'])) {
+ $values['callback_url'] = 'oob';
+ }
+
+ if(substr($values['callback_url'], strlen($values['callback_url']) - 2) != '//') {
+ // Remove trailing slash
+ $values['callback_url'] = rtrim($values['callback_url'], '/');
+ }
+
+ // Transfer editable attributes to the consumer.
+ $names = array('name', 'callback_url', 'context');
+ foreach ($names as $name) {
+ if (isset($values[$name])) {
+ $consumer->$name = $values[$name];
+ }
+ }
+
+ // Update or create the consumer.
+ $update = $consumer->in_database;
+ $consumer->write();
+
+ if ($update) {
+ drupal_set_message(t('Updated the consumer @name', array('@name' => $values['name'])));
+ }
+ else {
+ drupal_set_message(t('Added the consumer @name', array('@name' => $values['name'])));
+ }
+
+ drupal_goto(sprintf('user/%d/oauth/consumers', $consumer->uid));
+}
+
+/**
+ * Consumer deletion form.
+ */
+function oauth_common_form_consumer_delete($form, &$form_state, $consumer) {
+ $form = array(
+ 'consumer_object' => array(
+ '#type' => 'value',
+ '#value' => $consumer,
+ ),
+ 'confirm' => array(
+ '#type' => 'item',
+ '#markup' => t('Are you sure you want to delete application <strong>@a</strong>?', array('@a' => $consumer->name)),
+ ),
+ 'actions' => array(
+ '#type' => 'actions',
+ 'delete' => array(
+ '#type' => 'submit',
+ '#title' => t('Delete'),
+ '#default_value' => t('Delete'),
+ )
+ ),
+ );
+
+ return $form;
+}
+
+/**
+ * Submit handler for oauth_common_form_consumer_delete.
+ */
+function oauth_common_form_consumer_delete_submit($form, &$form_state) {
+ $consumer = $form_state['values']['consumer_object'];
+
+ $consumer->delete();
+ drupal_set_message(t('Deleted the consumer @name', array('@name' => $consumer->name)));
+
+ drupal_goto(sprintf('user/%d/oauth/consumers', $consumer->uid));
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.inc
new file mode 100644
index 0000000..98d0924
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.inc
@@ -0,0 +1,100 @@
+<?php
+/**
+ * @file
+ */
+
+/**
+ * Return information about consumers related to a user.
+ *
+ * @param int $uid
+ * User ID to retrieve consumer info for.
+ * @return array
+ * An array of consumer info
+ */
+function oauth_common_user_consumers($uid) {
+ $result = db_query('SELECT c.secret, c.configuration, pc.*
+ FROM {oauth_common_consumer} c
+ INNER JOIN {oauth_common_provider_consumer} pc ON pc.csid = c.csid
+ WHERE pc.uid = :uid', array(':uid' => $uid));
+
+ $consumers = array();
+ while ($consumer = DrupalOAuthConsumer::fromResult($result)) {
+ $consumers[] = $consumer;
+ }
+
+ return $consumers;
+}
+
+/**
+ * Return information about access tokens related to a user.
+ *
+ * @param int $uid
+ * User ID to retrieve consumer info for.
+ * @return array
+ * An array of consumer info
+ */
+function oauth_common_user_access_tokens($uid) {
+ $result = db_query("SELECT * FROM {oauth_common_token} WHERE uid = :uid AND type = :type", array(
+ ':uid' => $uid,
+ ':type' => OAUTH_COMMON_TOKEN_TYPE_ACCESS,
+ ));
+ $tokens = array();
+ while ($token = DrupalOAuthToken::fromResult($result)) {
+ $tokens[] = $token;
+ }
+ return $tokens;
+}
+
+/**
+ * Verifies the request
+ *
+ * @return array
+ * An array containing three elements. The first is TRUE if the request was
+ * signed, otherwise FALSE. Then comes the validated consumer and token objects.
+ */
+function oauth_common_verify_request() {
+ $req = DrupalOAuthRequest::from_request();
+ // Verify
+ $consumer_key = $req->get_parameter('oauth_consumer_key');
+ if (!empty($consumer_key)) {
+ $consumer = DrupalOAuthConsumer::loadProviderByKey($consumer_key);
+ if ($consumer) {
+ $context = oauth_common_context_load($consumer->context);
+
+ if (!$context) {
+ throw new Exception('No OAuth context found');
+ }
+
+ _oauth_common_verify_body_hash($req);
+
+ // Only verify request if we got a signature
+ $signature = $req->get_parameter('oauth_signature');
+ if (!empty($signature)) {
+ $server = new DrupalOAuthServer($context);
+ return array_merge(array(TRUE), $server->verify_request($req));
+ }
+ else {
+ $token_key = $req->get_parameter('oauth_token');
+ if (empty($token_key) || !($token = DrupalOAuthToken::loadbyKey($token_key, $consumer))) {
+ $token = NULL;
+ }
+ return array(FALSE, $consumer, $token);
+ }
+ }
+ }
+ return array(FALSE, NULL, NULL);
+}
+
+function _oauth_common_verify_body_hash($req) {
+ $body_hash = $req->get_parameter('oauth_body_hash');
+ if ($body_hash && module_exists('inputstream')) {
+ $hres = hash_init('sha1');
+ $stream = fopen('drupal://input', 'r');
+ hash_update_stream($hres, $stream);
+ fclose($stream);
+ $sha1 = hash_final($hres, TRUE);
+ if ($sha1 !== base64_decode($body_hash)) {
+ throw new OAuthException("Invalid body hash");
+ }
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.info b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.info
new file mode 100644
index 0000000..be16227
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.info
@@ -0,0 +1,25 @@
+name = OAuth
+description = Provides OAuth functionality
+configure = admin/config/services/oauth
+package = "OAuth"
+
+recommends[] = ctools
+suggests[] = inputstream
+
+core = 7.x
+
+files[] = lib/OAuth.php
+files[] = includes/DrupalOAuthServer.inc
+files[] = includes/DrupalOAuthDataStore.inc
+files[] = includes/DrupalOAuthRequest.inc
+files[] = includes/DrupalOAuthToken.inc
+files[] = includes/DrupalOAuthConsumer.inc
+files[] = includes/DrupalOAuthClient.inc
+files[] = includes/OAuthSignatureMethod_HMAC.inc
+
+; Information added by drupal.org packaging script on 2013-02-04
+version = "7.x-3.1"
+core = "7.x"
+project = "oauth"
+datestamp = "1359936562"
+
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.install b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.install
new file mode 100644
index 0000000..0871e31
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.install
@@ -0,0 +1,381 @@
+<?php
+/**
+ * @file
+ * Installation and schema related functions for the OAuth module
+ */
+
+/**
+ * Implements hook_requirements().
+ */
+function oauth_common_requirements($phase) {
+ $requirements = array();
+ $t = get_t();
+ $curl_available = function_exists('curl_init');
+
+ $requirements['oauth_common_curl'] = array(
+ 'title' => $t('OAuth'),
+ 'value' => $curl_available ? $t('cURL library Enabled') : $t('cURL library not found'),
+ );
+
+ if (!$curl_available) {
+ $requirements['oauth_common_curl'] += array(
+ 'severity' => REQUIREMENT_ERROR,
+ 'description' => $t("DrupalOAuthClient requires the PHP <a href='!curl_url'>cURL</a> library.",
+ array('!curl_url' => 'http://php.net/manual/en/curl.setup.php')),
+ );
+ }
+
+ return $requirements;
+}
+
+/**
+ * Implements hook_schema().
+ */
+function oauth_common_schema() {
+ $schema = array();
+
+ $schema['oauth_common_context'] = array(
+ 'description' => 'Stores contexts for OAuth common',
+ 'export' => array(
+ 'identifier' => 'context',
+ 'export callback' => 'oauth_common_context_export',
+ 'list callback' => 'oauth_common_context_list',
+ 'key' => 'name',
+ 'api' => array(
+ 'owner' => 'oauth_common',
+ 'api' => 'oauth',
+ 'minimum_version' => 1,
+ 'current_version' => 1,
+ ),
+ ),
+ 'fields' => array(
+ 'cid' => array(
+ 'type' => 'serial',
+ 'description' => 'Primary ID field for the table. Not used for anything except internal lookups.',
+ 'not null' => TRUE,
+ 'no export' => TRUE,
+ ),
+ 'name' => array(
+ 'description' => 'The computer-readable name of the context.',
+ 'type' => 'varchar',
+ 'length' => 32,
+ 'not null' => TRUE,
+ ),
+ 'title' => array(
+ 'description' => 'The localizable title of the authorization context.',
+ 'type' => 'varchar',
+ 'length' => 100,
+ 'not null' => TRUE,
+ ),
+ 'authorization_options' => array(
+ 'description' => 'Authorization options.',
+ 'type' => 'text',
+ 'size' => 'big',
+ 'not null' => TRUE,
+ 'serialize' => TRUE,
+ 'object default' => array(),
+ ),
+ 'authorization_levels' => array(
+ 'description' => 'Authorization levels for the context.',
+ 'type' => 'text',
+ 'size' => 'big',
+ 'not null' => TRUE,
+ 'serialize' => TRUE,
+ 'object default' => array(),
+ ),
+ ),
+ 'primary key' => array('cid'),
+ 'unique keys' => array(
+ 'context' => array('name'),
+ ),
+ );
+
+ $schema['oauth_common_consumer'] = _oauth_common_consumer_schema();
+ $schema['oauth_common_provider_consumer'] = _oauth_common_provider_consumer_schema();
+ $schema['oauth_common_token'] = _oauth_common_token_schema();
+ $schema['oauth_common_provider_token'] = _oauth_common_provider_token_schema();
+
+ $schema['oauth_common_nonce'] = array(
+ 'description' => 'Stores timestamp against nonce for repeat attacks.',
+ 'fields' => array(
+ 'nonce' => array(
+ 'description' => 'The random string used on each request.',
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'not null' => TRUE
+ ),
+ 'timestamp' => array(
+ 'description' => 'The timestamp of the request.',
+ 'type' => 'int',
+ 'not null' => TRUE
+ ),
+ 'token_key' => array(
+ 'description' => 'Token key.',
+ // This is our own internal key - it's 0 or 32 characters long
+ 'type' => 'varchar',
+ 'length' => 32,
+ 'not null' => TRUE,
+ ),
+ ),
+ 'primary key' => array('nonce'),
+ 'indexes' => array(
+ 'timekey' => array('timestamp', 'token_key'),
+ ),
+ );
+
+ return $schema;
+}
+
+/**
+ * Contains the consumer schema - used by oauth_common_schema() as well as latest related update function
+ */
+function _oauth_common_consumer_schema() {
+ return array(
+ 'description' => 'Keys and secrets for OAuth consumers, both those provided by this site and other sites.',
+ 'fields' => array(
+ 'csid' => array(
+ 'type' => 'serial',
+ 'description' => 'Primary ID field for the table. Not used for anything except internal lookups.',
+ 'not null' => TRUE,
+ ),
+ 'key_hash' => array(
+ 'description' => 'SHA1-hash of consumer_key.',
+ 'type' => 'char',
+ 'length' => 40,
+ 'not null' => TRUE,
+ ),
+ // Key is a reserved word in MySQL so lets avoid that
+ 'consumer_key' => array(
+ 'description' => 'Consumer key.',
+ 'type' => 'text',
+ 'not null' => TRUE,
+ ),
+ 'secret' => array(
+ 'description' => 'Consumer secret.',
+ 'type' => 'text',
+ 'not null' => TRUE,
+ ),
+ 'configuration' => array(
+ 'description' => 'Consumer configuration',
+ 'type' => 'text',
+ 'serialized' => TRUE,
+ 'size' => 'big',
+ 'not null' => TRUE,
+ 'object default' => array(),
+ ),
+ ),
+ 'primary key' => array('csid'),
+ 'indexes' => array(
+ 'key_hash' => array('key_hash'),
+ ),
+ );
+}
+
+/**
+ * Contains the provider consumer schema - used by oauth_common_schema() as well as latest related update function
+ */
+function _oauth_common_provider_consumer_schema() {
+ return array(
+ 'description' => 'Additional data for OAuth consumers provided by this site.',
+ 'fields' => array(
+ 'csid' => array(
+ 'description' => 'The {oauth_common_consumer}.csid this data is related to.',
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'default' => 0
+ ),
+ 'consumer_key' => array(
+ 'description' => 'Consumer key.',
+ // This is our own internal key - it's always 32 characters long
+ 'type' => 'char',
+ 'length' => 32,
+ 'not null' => TRUE,
+ ),
+ 'created' => array(
+ 'type' => 'int',
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'description' => 'The time that the consumer was created, as a Unix timestamp.',
+ ),
+ 'changed' => array(
+ 'type' => 'int',
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'description' => 'The last time the consumer was edited, as a Unix timestamp.',
+ ),
+ 'uid' => array(
+ 'description' => 'The application owner.',
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ ),
+ 'name' => array(
+ 'description' => 'The application name.',
+ 'type' => 'varchar',
+ 'length' => 128,
+ 'not null' => TRUE,
+ ),
+ 'context' => array(
+ 'description' => 'The application context.',
+ 'type' => 'varchar',
+ 'length' => 32,
+ 'not null' => TRUE,
+ 'default' => '',
+ ),
+ 'callback_url' => array(
+ 'description' => 'Callback url.',
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'not null' => TRUE,
+ ),
+ ),
+ 'primary key' => array('consumer_key'),
+ 'unique keys' => array(
+ 'csid' => array('csid'),
+ ),
+ 'indexes' => array(
+ 'uid' => array('uid'),
+ ),
+ 'foreign keys' => array(
+ 'oauth_common_consumer' => array(
+ 'table' => 'oauth_common_consumer',
+ 'columns' => array('csid' => 'csid')
+ ),
+ 'users' => array(
+ 'table' => 'users',
+ 'columns' => array('uid' => 'uid'),
+ ),
+ ),
+ );
+}
+
+/**
+ * Contains the token schema - used by oauth_common_schema() as well as latest related update function
+ */
+function _oauth_common_token_schema() {
+ return array(
+ 'description' => 'Tokens stored on behalf of providers or consumers for request and services accesses.',
+ 'fields' => array(
+ 'tid' => array(
+ 'type' => 'serial',
+ 'description' => 'Primary ID field for the table. Not used for anything except internal lookups.',
+ 'not null' => TRUE,
+ ),
+ 'csid' => array(
+ 'description' => 'The {oauth_common_consumer}.csid this token is related to.',
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'default' => 0
+ ),
+ 'key_hash' => array(
+ 'description' => 'SHA1-hash of token_key.',
+ 'type' => 'char',
+ 'length' => 40,
+ 'not null' => TRUE,
+ ),
+ // Key is a reserved word in MySQL so lets avoid that
+ 'token_key' => array(
+ 'description' => 'Token key.',
+ 'type' => 'text',
+ 'not null' => TRUE,
+ ),
+ 'secret' => array(
+ 'description' => 'Token secret.',
+ 'type' => 'text',
+ 'not null' => TRUE,
+ ),
+ 'expires' => array(
+ 'type' => 'int',
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'description' => 'The expiry time for the token, as a Unix timestamp.',
+ ),
+ 'type' => array(
+ 'description' => 'Token type: request or access.',
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 1, //OAUTH_COMMON_TOKEN_TYPE_ACCESS
+ ),
+ 'uid' => array(
+ 'description' => 'User ID from {user}.uid.',
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'default' => 0,
+ ),
+ ),
+ 'primary key' => array('tid'),
+ 'indexes' => array(
+ 'key_hash' => array('key_hash'),
+ ),
+ 'foreign keys' => array(
+ 'oauth_common_consumer' => array(
+ 'table' => 'oauth_common_consumer',
+ 'columns' => array('csid' => 'csid')
+ ),
+ 'users' => array(
+ 'table' => 'users',
+ 'columns' => array('uid' => 'uid'),
+ ),
+ ),
+ );
+}
+
+/**
+ * Contains the provider token schema - used by oauth_common_schema() as well as latest related update function
+ */
+function _oauth_common_provider_token_schema() {
+ return array(
+ 'description' => 'Additional data for OAuth tokens provided by this site.',
+ 'fields' => array(
+ 'tid' => array(
+ 'description' => 'The {oauth_common_token}.tid this data is related to.',
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'default' => 0
+ ),
+ 'token_key' => array(
+ 'description' => 'Token key.',
+ // This is our own internal key - it's always 32 characters long
+ 'type' => 'char',
+ 'length' => 32,
+ 'not null' => TRUE,
+ ),
+ 'created' => array(
+ 'type' => 'int',
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'description' => 'The time that the token was created, as a Unix timestamp.',
+ ),
+ 'changed' => array(
+ 'type' => 'int',
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'description' => 'The last time the token was edited, as a Unix timestamp.',
+ ),
+ 'services' => array(
+ 'description' => 'An array of services that the user allowed the consumer to access.',
+ 'type' => 'text',
+ ),
+ 'authorized' => array(
+ 'description' => 'In case its a request token, it checks if the user already authorized the consumer to get an access token.',
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ),
+ ),
+ 'primary key' => array('token_key'),
+ 'unique keys' => array(
+ 'tid' => array('tid'),
+ ),
+ 'foreign keys' => array(
+ 'oauth_common_token' => array(
+ 'table' => 'oauth_common_token',
+ 'columns' => array('tid' => 'tid')
+ ),
+ ),
+ );
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.module b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.module
new file mode 100644
index 0000000..2445926
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.module
@@ -0,0 +1,592 @@
+<?php
+/**
+ * file
+ * OAuth module
+ */
+define('OAUTH_COMMON_CODE_BRANCH', '7.x-3.x');
+define('OAUTH_COMMON_TOKEN_TYPE_REQUEST', 0);
+define('OAUTH_COMMON_TOKEN_TYPE_ACCESS', 1);
+define('OAUTH_COMMON_VERSION_1', 1); // The original 1.0 spec
+define('OAUTH_COMMON_VERSION_1_RFC', 2); // The RFC 5849 1.0 spec
+define('OAUTH_COMMON_LOGIN_PATH', 'user/login');
+//TODO: Don't act as a provider by default.
+//TODO: Check for other functions with breaking changes
+//TODO: Add watchdog messages about deprecated methods?
+//TODO: Move provider ui related pages to provider ui
+
+/**
+ * Implements hook_permission().
+ */
+function oauth_common_permission() {
+ $permissions = array(
+ 'access own authorizations' => array(
+ 'title' => t('Access own OAuth authorizations'),
+ 'restrict access' => TRUE,
+ ),
+ 'access own consumers' => array(
+ 'title' => t('Access own OAuth consumers'),
+ 'restrict access' => TRUE,
+ ),
+ 'oauth authorize any consumers' => array(
+ 'title' => t('Authorize any OAuth consumers'),
+ 'restrict access' => TRUE,
+ ),
+ 'oauth register any consumers' => array(
+ 'title' => t('Register any OAuth consumers'),
+ 'restrict access' => TRUE,
+ ),
+ 'administer oauth' => array(
+ 'title' => t('Administer OAuth'),
+ 'restrict access' => TRUE,
+ ),
+ 'administer consumers' => array(
+ 'title' => t('Administer OAuth consumers'),
+ 'restrict access' => TRUE,
+ ),
+ );
+
+ // Add seperate permissions for creating and
+ // authorizing consumers in each context.
+ foreach (oauth_common_context_list() as $name => $title) {
+ $permissions[sprintf('oauth register consumers in %s', $name)] = array(
+ 'title' => t('Register OAuth consumers in %context', array('%context' => $title)),
+ );
+ $permissions[sprintf('oauth authorize consumers in %s', $name)] = array(
+ 'title' => t('Authorize OAuth consumers in %context', array('%context' => $title)),
+ );
+ }
+
+ return $permissions;
+}
+
+/**
+ * Implements hook_menu().
+ */
+function oauth_common_menu() {
+ $menu = array();
+
+ $admin_base = array(
+ 'access arguments' => array('administer oauth'),
+ 'file' => 'oauth_common.admin.inc',
+ );
+
+ $menu['admin/config/services/oauth'] = array(
+ 'title' => 'OAuth',
+ 'description' => 'Settings for OAuth',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('_oauth_common_admin'),
+ 'type' => MENU_NORMAL_ITEM,
+ ) + $admin_base;
+
+ $menu['admin/config/services/oauth/settings'] = array(
+ 'title' => 'Settings',
+ 'description' => 'Settings for OAuth',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('_oauth_common_admin'),
+ 'type' => MENU_DEFAULT_LOCAL_TASK,
+ 'weight' => 0,
+ ) + $admin_base;
+
+ // OAuth doesn't need different endpoints for the different context as all
+ // actions are done with a specific consumer, which in itself is associated
+ // with a context.
+
+ $provider_base = array(
+ 'access callback' => 'oauth_commmon_is_provider',
+ 'file' => 'oauth_common.pages.inc',
+ 'type' => MENU_CALLBACK,
+ );
+
+ // The endpoint that consumers use to get a request token.
+ $menu['oauth/request_token'] = array(
+ 'page callback' => 'oauth_common_callback_request_token',
+ ) + $provider_base;
+
+ // The page a user gets sent to to authorize a request token.
+ $menu['oauth/authorize'] = array(
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('oauth_common_form_authorize'),
+ ) + $provider_base;
+
+ // The endpoint that consumers use to get a access token.
+ $menu['oauth/access_token'] = array(
+ 'page callback' => 'oauth_common_callback_access_token',
+ ) + $provider_base;
+
+ // This page is used both in consumer and provider mode. For consumers it is
+ // the callback url and triggers hook_oauth_common_authorized(). For
+ // providers it is the page where users end up if no callback url exists.
+ $menu['oauth/authorized'] = array(
+ 'title' => 'Authorization finished',
+ 'page callback' => 'oauth_common_page_authorized',
+ 'access arguments' => array('access content'),
+ 'file' => 'oauth_common.pages.inc',
+ 'type' => MENU_CALLBACK,
+ );
+
+ // TODO: Different structures makes sense depending on whether oauth_common is
+ // acting as a provider or as a consumer.
+
+ $menu['oauth/test/valid-consumer'] = array(
+ 'file' => 'oauth_common.pages.inc',
+ 'page callback' => '_oauth_common_validate_request_callback',
+ 'page arguments' => array('consumer'),
+ 'access callback' => 'oauth_commmon_is_provider',
+ 'type' => MENU_CALLBACK,
+ );
+
+ $menu['oauth/test/valid-access-token'] = array(
+ 'file' => 'oauth_common.pages.inc',
+ 'page callback' => '_oauth_common_validate_request_callback',
+ 'page arguments' => array('access token'),
+ 'access callback' => 'oauth_commmon_is_provider',
+ 'type' => MENU_CALLBACK,
+ );
+
+ return $menu;
+}
+
+/**
+ * Menu system wildcard loader for provider consumers.
+ *
+ * @param string $key
+ */
+function oauth_common_consumer_load($csid) {
+ $consumer = DrupalOAuthConsumer::loadById($csid, TRUE);
+ if (!$consumer) {
+ $consumer = FALSE;
+ }
+ return $consumer;
+}
+
+/**
+ * Menu system wildcard loader for provider tokens.
+ *
+ * @param string $key
+ */
+function oauth_common_provider_token_load($tid) {
+ $token = DrupalOAuthToken::loadByID($tid);
+ if (!$token) {
+ $token = FALSE;
+ }
+ return $token;
+}
+
+/**
+ * Implements hook_cron().
+ */
+function oauth_common_cron() {
+ $token_condition = db_and()->condition('expires', 0, '<>')->condition('expires', REQUEST_TIME, '<=');
+
+ db_delete('oauth_common_provider_token')
+ ->condition('tid', db_select('oauth_common_token', 't')->condition($token_condition)->fields('t', array('tid')), 'IN')
+ ->execute();
+
+ db_delete('oauth_common_token')
+ ->condition($token_condition)
+ ->execute();
+
+ // Should 300 be overriden in DrupalOAuthServer and made configurable?
+ db_delete('oauth_common_nonce')
+ ->condition('timestamp', REQUEST_TIME - 300, '<')
+ ->execute();
+}
+
+/**
+ * Implements hook_oauth_default_contexts().
+ */
+function oauth_common_default_oauth_common_context() {
+ $contexts = array();
+
+ $context = new stdClass;
+ $context->disabled = FALSE; /* Edit this to true to make a default context disabled initially */
+ $context->name = 'default';
+ $context->title = 'Default context';
+ $context->authorization_options = array();
+ $context->authorization_levels = array(
+ '*' => array(
+ 'title' => 'Full access',
+ 'description' => 'This will give @appname the same permissions that you normally have and will ' .
+ 'allow it to access the full range of services that @sitename provides.',
+ ),
+ 'read' => array(
+ 'title' => 'Read access',
+ 'description' => 'This will allow @appname to fetch content that you have access to on @sitename.',
+ ),
+ 'update' => array(
+ 'title' => 'Update access',
+ 'description' => 'This will allow @appname to update content that you have permissions to edit.',
+ ),
+ 'create' => array(
+ 'title' => 'Create access',
+ 'description' => 'This will allow @appname to create new content on @sitename.',
+ ),
+ 'delete' => array(
+ 'title' => 'Delete access',
+ 'description' => 'This will allow @appname to delete content from @sitename.',
+ ),
+ );
+ $contexts[$context->name] = $context;
+
+ return $contexts;
+}
+
+/**
+ * Implements hook_user_delete().
+ */
+function oauth_common_user_delete($account) {
+ // Delete all tokens and consumers related to a user
+ module_load_include('inc', 'oauth_common');
+
+ $consumer_condition = db_select('oauth_common_provider_consumer', 'c')->condition('uid', $account->uid)->fields('c', array('csid'));
+ $token_condition = db_or()->condition('uid', $account->uid)->condition('csid', $consumer_condition, 'IN');
+
+ db_delete('oauth_common_provider_token')
+ ->condition('tid', db_select('oauth_common_token', 't')->condition($token_condition)->fields('t', array('tid')), 'IN')
+ ->execute();
+
+ db_delete('oauth_common_token')
+ ->condition($token_condition)
+ ->execute();
+
+ db_delete('oauth_common_consumer')
+ ->condition('csid', $consumer_condition, 'IN')
+ ->execute();
+
+ db_delete('oauth_common_provider_consumer')
+ ->condition('uid', $account->uid)
+ ->execute();
+}
+
+/**
+ * Implements hook_xrds().
+ */
+function services_oauth_xrds() {
+ $xrds = array();
+ $xrds['oauth'] = array(
+ 'services' => array(
+ array(
+ 'data' => array(
+ 'Type' => array('http://oauth.net/discovery/1.0'),
+ 'URI' => array('#main'),
+ ),
+ ),
+ array(
+ 'data' => array(
+ 'Type' => array(
+ 'http://oauth.net/core/1.0/endpoint/request',
+ 'http://oauth.net/core/1.0/parameters/auth-header',
+ 'http://oauth.net/core/1.0/parameters/uri-query',
+ 'http://oauth.net/core/1.0/signature/HMAC-SHA1',
+ ),
+ 'URI' => array(url('oauth/request_token', array('absolute' => TRUE))),
+ ),
+ ),
+ array(
+ 'data' => array(
+ 'Type' => array(
+ 'http://oauth.net/core/1.0/endpoint/authorize',
+ 'http://oauth.net/core/1.0/parameters/uri-query',
+ ),
+ 'URI' => array(url('oauth/authorize', array('absolute' => TRUE))),
+ ),
+ ),
+ array(
+ 'data' => array(
+ 'Type' => array(
+ 'http://oauth.net/core/1.0/endpoint/access',
+ 'http://oauth.net/core/1.0/parameters/auth-header',
+ 'http://oauth.net/core/1.0/parameters/uri-query',
+ 'http://oauth.net/core/1.0/signature/HMAC-SHA1',
+ ),
+ 'URI' => array(url('oauth/access_token', array('absolute' => TRUE))),
+ ),
+ ),
+ ),
+ );
+ return $xrds;
+}
+
+/**
+ * Access callback function used by several menu items.
+ *
+ * @param stdClass $user
+ * A user object.
+ * @param string $permission
+ * The permission that is needed in addition to edit access on the $user.
+ */
+function _oauth_common_user_access($user, $permission = NULL) {
+ return user_edit_access($user) && (empty($permission) || user_access($permission));
+}
+
+/**
+ * Checks if the user has permission to edit the consumer. Edit access is
+ * granted if the user has the 'administer consumers' permission or may
+ * edit the account connected to the consumer.
+ *
+ * @param DrupalOAuthConsumer $consumer
+ * @return bool
+ */
+function oauth_common_can_edit_consumer($consumer) {
+ $may_edit = user_access('administer consumers');
+
+ // If the user doesn't have consumer admin privileges, check for account
+ // edit access.
+ if (!$may_edit && $consumer->uid) {
+ $user = user_load($consumer->uid);
+ $may_edit = user_edit_access($user);
+ }
+
+ return $may_edit;
+}
+
+/**
+ * Deterines if a user has the necessary permissions to create consumers.
+ *
+ * @param object $account
+ * The user account to check permissions for. Defaults to the currently
+ * logged in user.
+ * @return bool
+ */
+function oauth_common_can_create_consumers($account = NULL) {
+ global $user;
+ if (!$account) {
+ $account = $user;
+ }
+
+ $can_register_consumers = user_access('oauth register any consumers', $account);
+ if (!$can_register_consumers) {
+ foreach (oauth_common_context_list() as $context => $title) {
+ $can_register_consumers = $can_register_consumers || user_access(sprintf('oauth register consumers in %s', $context), $account);
+ }
+ }
+ return $can_register_consumers;
+}
+
+/**
+ * This function is used as a access callback
+ * when the authentication of the request shouldn't be
+ * done by the menu system.
+ *
+ * @return bool
+ * Always returns TRUE
+ */
+function _oauth_common_always_true() {
+ return TRUE;
+}
+
+/**
+ * Access callback that checks if a user may create authorizations in the
+ * consumers context.
+ *
+ * @param DrupalOAuthConsumer $consumer
+ * @return bool
+ */
+function oauth_common_can_authorize_consumer($consumer) {
+ return user_access(sprintf('oauth authorize consumers in %s', $consumer->context));
+}
+
+/**
+ * Check if oauth_common is acting as a provider.
+ */
+function oauth_commmon_is_provider() {
+ return variable_get('oauth_common_enable_provider', TRUE);
+}
+
+/**
+ * Gets a request token from a oauth provider and returns the authorization
+ * url. The request token is saved in the database.
+ *
+ * @param OAuthToken $consumer_token
+ * The consumer token to use
+ * @param string $request_endpoint
+ * Optional. Pass a custom endpoint if needed. Defaults to '/oauth/request_token'.
+ * @param string $authorize_endpoint
+ * Optional. Pass a custom endpoint if needed. Defaults to '/oauth/authorize'.
+ * @return string
+ * The url that the client should be redirected to to authorize
+ * the request token.
+ */
+function oauth_common_get_request_token($consumer_token, $request_endpoint = '/oauth/request_token', $authorize_endpoint = '/oauth/authorize') {
+ $client = new DrupalOAuthClient($consumer_token);
+ $request_token = $client->getRequestToken($request_endpoint);
+ $request_token->write();
+ return $client->getAuthorizationUrl($authorize_endpoint);
+}
+
+/**
+ * Gets the tokens for a user.
+ *
+ * @param string $uid
+ * @param string $type
+ * @return array
+ */
+function oauth_common_get_user_provider_tokens($uid) {
+ $q = db_select('oauth_common_token', 't')
+ ->condition('t.uid', $uid, '=')
+ ->condition('t.type', OAUTH_COMMON_TOKEN_TYPE_ACCESS, '=');
+
+ $q->join('oauth_common_provider_token', 'pt', 'pt.tid = t.tid');
+
+ $res = $q->fields('t')
+ ->fields('pt', array('created', 'changed', 'services', 'authorized'))
+ ->execute();
+
+ $tokens = array();
+ while ($token = DrupalOAuthToken::fromResult($res)) {
+ $tokens[] = $token;
+ }
+ return $tokens;
+}
+
+/**
+ * Create a new context with defaults appropriately set from schema.
+ *
+ * @return stdClass
+ * A context initialized with the default values.
+ */
+function oauth_common_context_new() {
+ if (!module_exists('ctools')) {
+ return FALSE;
+ }
+ ctools_include('export');
+ return ctools_export_new_object('oauth_common_context');
+}
+
+/**
+ * Load a single context.
+ *
+ * @param string $name
+ * The name of the context.
+ * @return stdClass
+ * The context configuration.
+ */
+function oauth_common_context_load($name) {
+ if (!module_exists('ctools')) {
+ return FALSE;
+ }
+ ctools_include('export');
+ $result = ctools_export_load_object('oauth_common_context', 'names', array($name));
+ if (isset($result[$name])) {
+ return $result[$name];
+ }
+ else {
+ return FALSE;
+ }
+}
+
+/**
+ * Loads the context for a request.
+ *
+ * @param OAuthRequest $request
+ * @return object
+ * The context configuration.
+ */
+function oauth_common_context_from_request($request) {
+ $context = NULL;
+ $consumer_key = $request->get_parameter('oauth_consumer_key');
+ $token_key = $request->get_parameter('oauth_token');
+
+ if (empty($consumer_key) && !empty($token_key)) {
+ $token = DrupalOAuthToken::loadByKey($token_key, FALSE, OAUTH_COMMON_TOKEN_TYPE_REQUEST);
+ if ($token) {
+ $consumer = $token->consumer;
+ }
+ }
+
+ if (!empty($consumer_key)) {
+ $consumer = DrupalOAuthConsumer::loadProviderByKey($consumer_key);
+ }
+
+ if (!empty($consumer)) {
+ $context = oauth_common_context_load($consumer->context);
+ }
+
+ return $context;
+}
+
+/**
+ * Load all contexts.
+ *
+ * @return array
+ * Array of context objects keyed by context names.
+ */
+function oauth_common_context_load_all() {
+ if (!module_exists('ctools')) {
+ return FALSE;
+ }
+ ctools_include('export');
+ return ctools_export_load_object('oauth_common_context');
+}
+
+/**
+ * Saves a context in the database.
+ *
+ * @return void
+ */
+function oauth_common_context_save($context) {
+ $update = (isset($context->cid)) ? array('cid') : array();
+ drupal_write_record('oauth_common_context', $context, $update);
+}
+
+/**
+ * Remove a context.
+ *
+ * @return void
+ */
+function oauth_common_context_delete($context) {
+ db_delete('oauth_common_context')
+ ->condition('name', $context->name)
+ ->condition('cid', $context->cid)
+ ->execute();
+}
+
+/**
+ * Export a context.
+ *
+ * @return string
+ */
+function oauth_common_context_export($context, $indent = '') {
+ if (!module_exists('ctools')) {
+ return FALSE;
+ }
+ ctools_include('export');
+ $output = ctools_export_object('oauth_common_context', $context, $indent);
+ return $output;
+}
+
+/**
+ * Lists all available contexts.
+ *
+ * @return array
+ */
+function oauth_common_context_list() {
+ $return = array();
+ $contexts = oauth_common_context_load_all();
+ if ($contexts) {
+ foreach ($contexts as $context) {
+ $return[$context->name] = $context->title;
+ }
+ }
+ return $return;
+}
+
+/**
+ * Finds the current version of the OAuth module, used in eg. user agents
+ *
+ * @return string
+ */
+function _oauth_common_version() {
+ static $version;
+ if (!isset($version)) {
+ $info = db_query("SELECT info FROM {system} WHERE name = 'oauth_common'")->fetchField();
+ $info = $info ? unserialize($info) : FALSE;
+ if (!$info || empty($info['version'])) {
+ $version = OAUTH_COMMON_CODE_BRANCH;
+ }
+ else {
+ $version = $info['version'];
+ }
+ }
+ return $version;
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.pages.inc b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.pages.inc
new file mode 100644
index 0000000..49695e9
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common.pages.inc
@@ -0,0 +1,399 @@
+<?php
+/**
+ * @file
+ * Page callbacks for OAuth module
+ */
+
+/**
+ * Combined menu callback for tests of consumers and access tokens
+ */
+function _oauth_common_validate_request_callback($type, $unsigned = NULL) {
+ try {
+ module_load_include('inc', 'oauth_common');
+
+ list($signed, $consumer, $token) = oauth_common_verify_request();
+
+ if ($consumer == NULL) {
+ throw new OAuthException('Missing consumer token');
+ }
+
+ if (!$signed && $unsigned != 'unsigned') {
+ throw new OAuthException("The request wasn't signed");
+ }
+
+ if ($token == NULL && $type == 'access token') {
+ throw new OAuthException('Missing access token');
+ }
+ }
+ catch (OAuthException $e) {
+ drupal_add_http_header('Status', '401 Unauthorized: ' . $e->getMessage());
+ drupal_add_http_header('WWW-Authenticate', sprintf('OAuth realm="%s"', url('', array('absolute' => TRUE))));
+ }
+ exit;
+}
+
+/**
+ * Menu callback for when something has been authorized - used in both client and provider flow
+ *
+ * @param $csid Should contain the id of the consumer when used in the client flow
+ */
+function oauth_common_page_authorized($csid = NULL) {
+ // If we have an oauth_token we're acting as a consumer and just got authorized
+ if (!empty($_GET['oauth_token'])) {
+ //TODO: Add documentation on how to use the callback url with
+ $consumer = $csid ? DrupalOAuthConsumer::loadById($csid, FALSE) : FALSE;
+ if ($consumer) {
+ $request_token = DrupalOAuthToken::loadByKey($_GET['oauth_token'], $consumer, OAUTH_COMMON_TOKEN_TYPE_REQUEST);
+ }
+ else {
+ // Backwards compatibility with 6.x-3.0-beta3
+ $request_token = DrupalOAuthToken::load($_GET['oauth_token'], FALSE);
+ $consumer = $request_token ? $request_token->consumer : FALSE;
+ }
+ if (!empty($request_token)) {
+ $client = new DrupalOAuthClient($consumer, $request_token);
+
+ $verifier = isset($_GET['oauth_verifier']) ? $_GET['oauth_verifier'] : NULL;
+
+ $access_token = $client->getAccessToken(NULL, array('verifier' => $verifier));
+ if ($access_token) {
+ // We received a new token - save it
+ if (!$access_token->in_database) {
+ $access_token->write();
+ }
+ $request_token->delete();
+ module_invoke_all('oauth_common_authorized', $consumer, $access_token, $request_token);
+ }
+ }
+ }
+ return t('The application has been authorized');
+}
+
+/**
+ * Form for granting access to the consumer
+ */
+function oauth_common_form_authorize() {
+ module_load_include('inc', 'oauth_common');
+ $req = DrupalOAuthRequest::from_request();
+ $context = oauth_common_context_from_request($req);
+ $auth_ops = $context->authorization_options;
+
+ if (!$context) {
+ drupal_set_message(t("Can't find OAuth context, check the site's settings."), 'error');
+ return;
+ }
+
+ $token = $req->get_parameter('oauth_token');
+ $callback = $req->get_parameter('oauth_callback');
+ $token = DrupalOAuthToken::loadByKey($token, FALSE, OAUTH_COMMON_TOKEN_TYPE_REQUEST);
+
+ // Check that we have a valid token
+ if (!$token) {
+ drupal_set_message(t('Please include a valid OAuth token in your request.'), 'error');
+ return;
+ }
+
+ $consumer = $token->consumer;
+
+ // Redirect to the right form, or present an error.
+ global $user;
+ if ($user->uid) {
+ // There's some strange bug in the ?destination=... handling
+ // This is not exactly beautiful, but it gets the work done
+ // TODO: Find out why!
+ if (drupal_substr($_SERVER['REQUEST_URI'], 0, 2) == '//') {
+ header('Location: ' . drupal_substr($_SERVER['REQUEST_URI'], 1), TRUE, 302);
+ }
+
+ if (!(user_access('oauth authorize any consumers') || user_access('oauth authorize consumers in ' . $consumer->context))) {
+ drupal_set_message(t('You are not authorized to allow external services access to this system.'), 'error');
+ return drupal_access_denied();
+ }
+
+ if (!empty($auth_ops['automatic_authorization'])
+ && $auth_ops['automatic_authorization']
+ && !empty($consumer->callback_url)) {
+ // Authorize the request token
+ $token->uid = $user->uid;
+ $token->authorized = 1;
+ $token->services = $context->authorization_options['default_authorization_levels'];
+ $token->write(TRUE);
+
+ // Pick the callback url apart and add the token parameter
+ $callback = parse_url($consumer->callback_url);
+ $query = array();
+ if (!empty($callback['query'])) {
+ parse_str($callback['query'], $query);
+ }
+ $query['oauth_token'] = $token->key;
+ $callback['query'] = http_build_query($query, 'idx_', '&');
+
+ // Return to the consumer site
+ header('Location: ' . _oauth_common_glue_url($callback), TRUE, 302);
+ exit;
+ }
+
+ $tvars = array(
+ '@user' => $user->name,
+ '@appname' => $consumer->name,
+ '@sitename' => variable_get('site_name', ''),
+ );
+
+ $title = !empty($context->title) ? $context->title : 'Authorize @appname';
+ drupal_set_title(t($title, $tvars), PASS_THROUGH);
+
+ $form = array();
+
+ $form['token'] = array(
+ '#type' => 'value',
+ '#value' => $token,
+ );
+
+ $message = !empty($auth_ops['message']) ? $auth_ops['message'] :
+ 'The application @appname wants to access @sitename on your behalf, check the permissions ' .
+ 'that you would like the application to have.';
+ $form['message'] = array(
+ '#type' => 'item',
+ '#markup' => t($message, $tvars),
+ );
+
+ $message = !empty($auth_ops['warning']) ? $auth_ops['warning'] :
+ 'If you don\'t know what @appname is, or don\'t want to give it access to your content, ' .
+ 'just click here and we\'ll take you away from this page without granting @appname any access ' .
+ 'to @sitename.';
+ $form['warning'] = array(
+ '#type' => 'item',
+ '#markup' => l(t($message, $tvars), 'oauth/authorization/deny/' . $token->key),
+ '#attributes' => array(
+ 'class' => array('abort-authorization'),
+ ),
+ );
+
+ $disable_selection = !empty($auth_ops['disable_auth_level_selection'])
+ && !empty($auth_ops['default_authorization_levels'])
+ && $auth_ops['disable_auth_level_selection'];
+
+ if (!$disable_selection) {
+ $authorization_title = !empty($auth_ops['authorization_title']) ? $auth_ops['authorization_title'] :
+ 'Permissions';
+ $form['authorization'] = array(
+ '#type' => 'fieldset',
+ '#title' => t($authorization_title, $tvars),
+ );
+ $form['authorization']['levels'] = array(
+ '#tree' => TRUE,
+ );
+ foreach ($context->authorization_levels as $name => $level) {
+ $auth_level_opt = array(
+ '#type' => 'checkbox',
+ '#title' => t($level['title'], $tvars),
+ '#description' => t($level['description'], $tvars),
+ '#value' => $level['default'],
+ );
+ $form['authorization']['levels'][$name] = $auth_level_opt;
+ }
+ }
+ else {
+ $form['authorization']['levels'] = array(
+ '#tree' => TRUE,
+ );
+ foreach ($auth_ops['default_authorization_levels'] as $level) {
+ $form['authorization']['levels'][$level] = array(
+ '#type' => 'value',
+ '#value' => $level,
+ );
+ }
+ }
+
+ $deny_title = !empty($auth_ops['deny_access_title']) ? $auth_ops['deny_access_title'] :
+ 'Deny access';
+ $form['deny'] = array(
+ '#type' => 'item',
+ '#markup' => l(t($deny_title), 'oauth/authorization/deny/' . $token->key),
+ '#attributes' => array(
+ 'class' => array('deny-access'),
+ ),
+ );
+
+ $grant_title = !empty($auth_ops['grant_access_title']) ? $auth_ops['grant_access_title'] :
+ 'Grant access';
+ $form['actions'] = array('#type' => 'actions');
+ $form['actions']['confirm'] = array(
+ '#type' => 'submit',
+ '#value' => t($grant_title),
+ );
+
+ return $form;
+ }
+ else {
+ $query = $_GET;
+ unset($query['q']); // why are there so few q's?
+ // Allow this path to be set to something other than the standard
+ // login page in case the site has a mobile-enhanced login page.
+ $path = variable_get('oauth_common_login_path', OAUTH_COMMON_LOGIN_PATH);
+ drupal_goto($path, array('query' => array(
+ 'destination' => url('oauth/authorize', array(
+ 'query' => $query,
+ )),
+ )));
+ }
+}
+
+/**
+ * Validation of the form for granting access to the consumer
+ */
+function oauth_common_form_authorize_validate($form, &$form_state) {
+ $values = $form_state['values'];
+ $got_permission = FALSE;
+
+ $consumer = $values['token']->consumer;
+ $context = oauth_common_context_load($consumer->context);
+
+ if (!$context) {
+ form_set_error('confirm', t("Can't find OAuth context."));
+ return;
+ }
+
+ if (!$context->authorization_options['disable_auth_level_selection']) {
+ foreach ($context->authorization_levels as $name => $level) {
+ if ($values['levels'][$name]) {
+ $got_permission = TRUE;
+ break;
+ }
+ }
+
+ if (!$got_permission) {
+ form_set_error('confirm', t("You haven't given the application access to anything. " .
+ "Click on 'Deny access' or just close this window if you don't want to authorize it."));
+ }
+ }
+}
+
+/**
+ * Form submit handler that grants access to the consumer
+ */
+function oauth_common_form_authorize_submit(&$form, &$form_state) {
+ global $user;
+ $values = $form_state['values'];
+
+ // Save the list of all services that the user allowed the
+ // consumer to do
+ $token = $values['token'];
+ $token->uid = $user->uid;
+ $token->authorized = 1;
+ $consumer = $token->consumer;
+ $context = oauth_common_context_load($consumer->context);
+
+ if (!$context) {
+ drupal_set_message(t("Can't find OAuth context, check the site's settings."), 'error');
+ return;
+ }
+
+ // Add services
+ if (!empty($values['full_access'])) { // TODO: Full access should be a configurable auth level
+ $token->services = array('*');
+ }
+ elseif (!empty($values['levels'])) {
+ $token->services = array_keys(array_filter($values['levels']));
+ }
+ else {
+ $token->services = array();
+ }
+
+ $token->write(TRUE);
+
+ if (!empty($consumer->callback_url) && $consumer->callback_url !== 'oob') {
+ // Pick the callback url apart and add the token parameter
+ $callback = parse_url($consumer->callback_url);
+ $query = array();
+ if (!empty($callback['query'])) {
+ parse_str($callback['query'], $query);
+ }
+ $query['oauth_token'] = $token->key;
+ $callback['query'] = http_build_query($query, 'idx_', '&');
+
+ // Return to the consumer site
+ header('Location: ' . _oauth_common_glue_url($callback), TRUE, 302);
+ exit;
+ }
+ else {
+ drupal_goto('oauth/authorized');
+ }
+}
+
+/**
+ * Constructs the url to which to return someone who has asked for access to a consumer
+ */
+function _oauth_common_glue_url($parsed) {
+ $uri = isset($parsed['scheme']) ? $parsed['scheme'] . '://' : '';
+ $uri .= isset($parsed['user']) ? $parsed['user'] . (isset($parsed['pass']) ? ':' . $parsed['pass'] : '') . '@' : '';
+ $uri .= isset($parsed['host']) ? $parsed['host'] : '';
+ $uri .= isset($parsed['port']) ? ':' . $parsed['port'] : '';
+
+ if (isset($parsed['path'])) {
+ $uri .= (substr($parsed['path'], 0, 1) == '/') ?
+ $parsed['path'] :
+ ((!empty($uri) ? '/' : '' ) . $parsed['path']);
+ }
+
+ $uri .= isset($parsed['query']) ? '?' . $parsed['query'] : '';
+
+ return $uri;
+}
+
+/**
+ * Generate a request token from the request.
+ */
+function oauth_common_callback_request_token() {
+ try {
+ $req = DrupalOAuthRequest::from_request();
+ $context = oauth_common_context_from_request($req);
+ if (!$context) {
+ throw new OAuthException('No OAuth context found');
+ }
+ $server = new DrupalOAuthServer($context);
+ print $server->fetch_request_token($req);
+ }
+ catch (OAuthException $e) {
+ drupal_add_http_header('Status', '401 Unauthorized: ' . $e->getMessage());
+ drupal_add_http_header('WWW-Authenticate', sprintf('OAuth realm="%s"', url('', array('absolute' => TRUE))));
+ }
+}
+
+/**
+ * Get a access token for the request
+ */
+function oauth_common_callback_access_token() {
+ try {
+ $req = DrupalOAuthRequest::from_request();
+ $context = oauth_common_context_from_request($req);
+ if (!$context) {
+ throw new OAuthException('No OAuth context found');
+ }
+ $server = new DrupalOAuthServer($context);
+ $access_token = $server->fetch_access_token($req);
+
+ // Set the expiry time based on context settings or get parameter
+ $expires = !empty($context->authorization_options['access_token_lifetime']) ?
+ REQUEST_TIME + $context->authorization_options['access_token_lifetime'] : 0;
+ if (!empty($_GET['expires']) && intval($_GET['expires'])) {
+ $hint = intval($_GET['expires']);
+ // Only accept more restrictive expiry times
+ if ($expires == 0 || $hint < $expires) {
+ $expires = $hint;
+ }
+ }
+
+ // Store the expiry time if the access token should expire
+ if ($expires) {
+ $access_token->expires = $expires;
+ $access_token->write(TRUE);
+ }
+
+ print $access_token;
+ }
+ catch (OAuthException $e) {
+ drupal_add_http_header('Status', '401 Unauthorized: ' . $e->getMessage());
+ drupal_add_http_header('WWW-Authenticate', sprintf('OAuth realm="%s"', url('', array('absolute' => TRUE))));
+ }
+}
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common_providerui.info b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common_providerui.info
new file mode 100644
index 0000000..cd5ca1a
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common_providerui.info
@@ -0,0 +1,14 @@
+name = OAuth Provider UI
+description = Provides a UI for when OAuth is acting as a provider.
+package = "OAuth"
+
+dependencies[] = oauth_common
+
+core = 7.x
+
+; Information added by drupal.org packaging script on 2013-02-04
+version = "7.x-3.1"
+core = "7.x"
+project = "oauth"
+datestamp = "1359936562"
+
diff --git a/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common_providerui.module b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common_providerui.module
new file mode 100644
index 0000000..7c46bbb
--- /dev/null
+++ b/kolab.org/www/drupal-7.18/sites/all/modules/oauth/oauth_common_providerui.module
@@ -0,0 +1,161 @@
+<?php
+/**
+ * OAuth Common Provider UI module
+ */
+
+/**
+ * Implements hook_menu().
+ */
+function oauth_common_providerui_menu() {
+ $menu = array();
+ $admin_base = array(
+ 'access arguments' => array('administer oauth'),
+ 'file' => 'oauth_common.admin.inc',
+ );
+
+ $menu['admin/config/services/oauth/contexts'] = array(
+ 'title' => 'Contexts',
+ 'description' => 'The different context for authorization',
+ 'page callback' => 'oauth_common_list_context',
+ 'type' => MENU_LOCAL_TASK,
+ 'weight' => 1,
+ ) + $admin_base;
+
+ ////////////
+ // Context administration
+ ////////////
+
+ $menu['admin/config/services/oauth/add'] = array(
+ 'title' => 'Add context',
+ 'page callback' => 'oauth_common_add_context',
+ 'type' => MENU_LOCAL_TASK,
+ 'weight' => 10,
+ ) + $admin_base;
+
+ $menu['admin/config/services/oauth/%oauth_common_context/edit'] = array(
+ 'title' => 'Edit context',
+ 'page callback' => 'oauth_common_edit_context',
+ 'page arguments' => array(4),
+ 'type' => MENU_LOCAL_TASK,
+ 'weight' => 10,
+ ) + $admin_base;
+
+ $menu['admin/config/services/oauth/%oauth_common_context/export'] = array(
+ 'title' => 'Export context',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('oauth_common_export_context', 4),
+ 'type' => MENU_LOCAL_TASK,
+ 'weight' => 20,
+ ) + $admin_base;
+
+ $menu['admin/config/services/oauth/%oauth_common_context/delete'] = array(
+ 'title' => 'Delete context',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('oauth_common_delete_confirm_context', 4),
+ 'type' => MENU_CALLBACK,
+ ) + $admin_base;
+
+ $menu['admin/config/services/oauth/%oauth_common_context/disable'] = array(
+ 'page callback' => 'oauth_common_context',
+ 'page arguments' => array(3),
+ 'type' => MENU_CALLBACK,
+ ) + $admin_base;
+
+ $menu['admin/config/services/oauth/%oauth_common_context/enable'] = array(
+ 'page callback' => 'oauth_common_enable_context',
+ 'page arguments' => array(3),
+ 'type' => MENU_CALLBACK,
+ ) + $admin_base;
+
+ ////////////
+ // Authorization administration
+ ////////////
+
+ $menu['user/%user/oauth/authorizations'] = array(
+ 'title' => 'OAuth Authorizations',
+ 'page callback' => 'oauth_common_page_user_authorizations',
+ 'page arguments' => array(1, TRUE),
+ 'access callback' => '_oauth_common_user_access',
+ 'access arguments' => array(1, 'access own authorizations'),
+ 'file' => 'oauth_common.authorizations.inc',
+ 'type' => MENU_LOCAL_TASK,
+ );
+
+ $menu['user/%user/oauth/authorizations/%oauth_common_provider_token'] = array(
+ 'title' => 'Edit authorization',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('oauth_common_form_authorization', 4),
+ 'access callback' => '_oauth_common_user_access',
+ 'access arguments' => array(1, 'oauth authorize any consumers'),
+ 'file' => 'oauth_common.authorizations.inc',
+ 'type' => MENU_LOCAL_ACTION,
+ );
+
+ $menu['user/%user/oauth/authorizations/%oauth_common_provider_token/delete'] = array(
+ 'title' => 'Delete authorization',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('oauth_common_form_authorization_delete', 1, 4),
+ // We always want to allow the user to delete a authorization, that
+ // shouldn't be a permission that can be rescinded.
+ 'access callback' => 'user_edit_access',
+ 'access arguments' => array(1),
+ 'file' => 'oauth_common.authorizations.inc',
+ 'type' => MENU_LOCAL_ACTION,
+ );
+
+ ////////////
+ // Consumer administration
+ ////////////
+
+ $menu['user/%user/oauth/consumer'] = array(
+ 'title' => 'OAuth Consumers',
+ 'page callback' => 'oauth_common_page_user_consumers',
+ 'page arguments' => array(1),
+ 'access callback' => '_oauth_common_user_access',
+ 'access arguments' => array(1, 'access own consumers'),
+ 'file' => 'oauth_common.consumers.inc',
+ 'type' => MENU_LOCAL_TASK,
+ );
+
+ $menu['user/%user/oauth/consumer/add'] = array(
+ 'title' => 'Add consumer',
+ 'page callback' => 'oauth_common_add_consumer',
+ 'page arguments' => array(1),
+ 'access callback' => 'oauth_common_can_create_consumers',
+ 'file' => 'oauth_common.consumers.inc',
+ 'type' => MENU_LOCAL_ACTION,
+ 'weight' => 10,
+ );
+
+ $menu['user/%user/oauth/consumer/%oauth_common_consumer'] = array(
+ 'title' => 'Edit consumer',
+ 'page callback' => 'oauth_common_edit_consumer',
+ 'page arguments' => array(4),
+ 'access callback' => 'oauth_common_can_edit_consumer',
+ 'access arguments' => array(4),
+ 'file' => 'oauth_common.consumers.inc',
+ 'type' => MENU_LOCAL_ACTION,
+ );
+
+ $menu['user/%user/oauth/consumer/%oauth_common_consumer/delete'] = array(
+ 'title' => 'Delete consumer',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('oauth_common_form_consumer_delete', 4),
+ 'access callback' => 'oauth_common_can_edit_consumer',
+ 'access arguments' => array(4),
+ 'file' => 'oauth_common.consumers.inc',
+ 'type' => MENU_LOCAL_ACTION,
+ );
+
+ $menu['user/%user/oauth/consumer/%oauth_common_consumer/add-authorization'] = array(
+ 'title' => 'Add authorization',
+ 'page callback' => 'oauth_common_authorization_add',
+ 'page arguments' => array(4),
+ 'access callback' => 'oauth_common_can_authorize_consumer',
+ 'access arguments' => array(4),
+ 'file' => 'oauth_common.authorizations.inc',
+ 'type' => MENU_LOCAL_ACTION,
+ );
+
+ return $menu;
+}
More information about the commits
mailing list