From 8a5f583cac8952e978e560be46b25d664ba6447a Mon Sep 17 00:00:00 2001
From: Tom Needham <needham.thomas@gmail.com>
Date: Mon, 31 Dec 2012 16:19:46 +0000
Subject: [PATCH] Remove WIP OAuth code

---
 lib/oauth/server.php | 111 -------------------------------------------
 lib/oauth/store.php  |  95 ------------------------------------
 2 files changed, 206 deletions(-)
 delete mode 100644 lib/oauth/server.php
 delete mode 100644 lib/oauth/store.php

diff --git a/lib/oauth/server.php b/lib/oauth/server.php
deleted file mode 100644
index a82a1e2fb0e..00000000000
--- a/lib/oauth/server.php
+++ /dev/null
@@ -1,111 +0,0 @@
-<?php
-/**
-* ownCloud
-*
-* @author Tom Needham
-* @author Michael Gapczynski
-* @copyright 2012 Tom Needham tom@owncloud.com
-* @copyright 2012 Michael Gapczynski mtgap@owncloud.com
-* 
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either 
-* version 3 of the License, or any later version.
-* 
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*  
-* You should have received a copy of the GNU Affero General Public 
-* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
-* 
-*/
-
-require_once(OC::$THIRDPARTYROOT.'/3rdparty/OAuth/OAuth.php');
-
-class OC_OAuth_Server extends OAuthServer {
-
-	/** 
-	 * sets up the server object
-	 */
-	public static function init(){
-		$server = new OC_OAuth_Server(new OC_OAuth_Store());
-		$server->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1());
-		return $server;
-	}
-
-	public function get_request_token(&$request){
-		// Check the signature
-		$token = $this->fetch_request_token($request);
-		$scopes = $request->get_parameter('scopes');
-		// Add scopes to request token
-		$this->saveScopes($token, $scopes);
-		
-		return $token;
-	}
-	
-	public function saveScopes($token, $scopes){
-		$query = OC_DB::prepare("INSERT INTO `*PREFIX*oauth_scopes` (`key`, `scopes`) VALUES (?, ?)");
-		$result = $query->execute(array($token->key, $scopes));
-	}
-	
-	
-	/**
-	 * authorises a request token
-	 * @param string $request the request token to authorise
-	 * @return What does it return?
-	 */
-	public function authoriseRequestToken(&$request) {
-		$this->get_version($request);
-		$consumer = $this->get_consumer($request);
-		$this->check_signature($request, $consumer, null);
-		$token = $this->get_token($request, $consumer, 'request');
-		$this->check_signature($request, $consumer, $token);
-		return $this->data_store->authorise_request_token($token, $consumer, OC_User::getUser());
-	}
-	
-	/**
-	 * checks if request is authorised
-	 * TODO distinguish between failures as one is a 400 error and other is 401
-	 * @return string|int
-	 */
-	public static function isAuthorised($scope) {
-		try {
-			$request = OAuthRequest::from_request();
-			//$this->verify_request(); // TODO cannot use $this in static context
-			return true;
-		} catch (OAuthException $exception) {
-			return false;
-		}
-		// TODO Get user out of token? May have to write own verify_request()
-// 		$run = true;
-// 		OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $user ));
-// 		if(!$run){
-// 			return false;
-// 		}
-// 		OC_User::setUserId($user);
-// 		OC_Hook::emit( "OC_User", "post_login", array( "uid" => $user ));
-// 		return $user;
-	}
-	
-	/**
-	 * registers a consumer with the ownCloud Instance
-	 * @param string $name the name of the external app
-	 * @param string $url the url to find out more info on the external app
-	 * @param string $callbacksuccess the url to redirect to after autorisation success
-	 * @param string $callbackfail the url to redirect to if the user does not authorise the application
-	 * @return false|OAuthConsumer object
-	 */
-	static function register_consumer($name, $url, $callbacksuccess=null, $callbackfail=null){
-		// TODO validation
-		// Check callback url is outside of ownCloud for security
-		// Generate key and secret
-		$key = sha1(md5(uniqid(rand(), true)));
-		$secret = sha1(md5(uniqid(rand(), true)));
-		$query = OC_DB::prepare("INSERT INTO `*PREFIX*oauth_consumers` (`key`, `secret`, `name`, `url`, `callback_success`, `callback_fail`) VALUES (?, ?, ?, ?, ?, ?)");
-		$result = $query->execute(array($key, $secret, $name, $url, $callbacksuccess, $callbackfail));
-		return new OAuthConsumer($key, $secret, $callbacksuccess);
-	}
-	
-}
\ No newline at end of file
diff --git a/lib/oauth/store.php b/lib/oauth/store.php
deleted file mode 100644
index aa68d38957d..00000000000
--- a/lib/oauth/store.php
+++ /dev/null
@@ -1,95 +0,0 @@
-<?php
-/**
-* ownCloud
-*
-* @author Michael Gapczynski
-* @author Tom Needham
-* @copyright 2012 Michael Gapczynski mtgap@owncloud.com
-* @copyright 2012 Tom Needham tom@owncloud.com 
-* 
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either 
-* version 3 of the License, or any later version.
-* 
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*  
-* You should have received a copy of the GNU Affero General Public 
-* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
-* 
-*/
-
-class OC_OAuth_Store extends OAuthDataStore {
-
-	static private $MAX_TIMESTAMP_DIFFERENCE = 300;
-
-	function lookup_consumer($consumer_key) {
-		$query = OC_DB::prepare("SELECT `key`, `secret`, `callback_success` FROM `*PREFIX*oauth_consumers` WHERE `key` = ?");
-		$results = $query->execute(array($consumer_key));
-		if($results->numRows()==0){
-			return NULL;
-		} else {
-			$details = $results->fetchRow();
-			$callback = !empty($details['callback_success']) ? $details['callback_success'] : NULL;
-			return new OAuthConsumer($details['key'], $details['secret'], $callback);
-		}
-	}
-
-	function lookup_token($consumer, $token_type, $token) {
-		$query = OC_DB::prepare("SELECT `key`, `secret`, `type` FROM `*PREFIX*oauth_tokens` WHERE `consumer_key` = ? AND `key` = ? AND `type` = ?");
-		$results = $query->execute(array($consumer->key, $token->key, $token_type));
-		if($results->numRows()==0){
-			return NULL;
-		} else {
-			$token = $results->fetchRow();
-			return new OAuthToken($token['key'], $token['secret']);
-		}
-	}
-
-	function lookup_nonce($consumer, $token, $nonce, $timestamp) {
-		$query = OC_DB::prepare("INSERT INTO `*PREFIX*oauth_nonce` (`consumer_key`, `token`, `timestamp`, `nonce`) VALUES (?, ?, ?, ?)");
-		$affectedrows = $query->execute(array($consumer->key, $token, $timestamp, $nonce));
-		// Delete all timestamps older than the one passed
-		$query = OC_DB::prepare("DELETE FROM `*PREFIX*oauth_nonce` WHERE `consumer_key` = ? AND `token` = ? AND `timestamp` < ?");
-		$result = $query->exec(array($consumer->key, $token, $timestamp - self::$MAX_TIMESTAMP_DIFFERENCE));
-		return $result;
-	}
-
-	function new_token($consumer, $token_type) {
-		$key = md5(time());
-		$secret = time() + time();
-		$token = new OAuthToken($key, md5(md5($secret)));
-		$query = OC_DB::prepare("INSERT INTO `*PREFIX*oauth_tokens` (`consumer_key`, `key`, `secret`, `type`, `timestamp`) VALUES (?, ?, ?, ?, ?, ?)");
-		$result = $query->execute(array($consumer->key, $key, $secret, $token_type, time()));
-		return $token;
-	}
-
-	function new_request_token($consumer, $callback = null) {
-		return $this->new_token($consumer, 'request');
-	}
-
-	function authorise_request_token($token, $consumer, $uid) {
-		$query = OC_DB::prepare("UPDATE `*PREFIX*oauth_tokens` SET uid = ? WHERE `consumer_key` = ? AND `key` = ? AND `type` = ?");
-		$query->execute(array($uid, $consumer->key, $token->key, 'request'));
-		// TODO Return oauth_verifier
-	}
-
-	function new_access_token($token, $consumer, $verifier = null) {
-		$query = OC_DB::prepare("SELECT `timestamp`, `scope` FROM `*PREFIX*oauth_tokens` WHERE `consumer_key` = ? AND `key` = ? AND `type` = ?");
-		$result = $query->execute(array($consumer->key, $token->key, 'request'))->fetchRow();
-		if (isset($result['timestamp'])) {
-			if ($timestamp + self::MAX_REQUEST_TOKEN_TTL < time()) {
-				return false;
-			}
-			$accessToken = $this->new_token($consumer, 'access', $result['scope']);
-		}
-		// Delete request token
-		$query = OC_DB::prepare("DELETE FROM `*PREFIX*oauth_tokens` WHERE `key` = ? AND `type` = ?");
-		$query->execute(array($token->key, 'request'));
-		return $accessToken;
-	}
-
-}
\ No newline at end of file
-- 
2.39.5