oauth1.h

/***
* ==++==
*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ==--==
* =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
*
* HTTP Library: Oauth 1.0
*
* For the latest on this and related APIs, please see http://casablanca.codeplex.com.
*
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
****/
#pragma once

#ifndef _CASA_OAUTH1_H
#define _CASA_OAUTH1_H

#include "cpprest/http_msg.h"

namespace web
{
namespace http
{
namespace client
{
    // Forward declaration to avoid circular include dependency.
    class http_client_config;
}

namespace oauth1
{
namespace details
{

class oauth1_handler;

// State currently used by oauth1_config to authenticate request.
// The state varies for every request (due to timestamp and nonce).
// The state also contains extra transmitted protocol parameters during
// authorization flow (i.e. 'oauth_callback' or 'oauth_verifier').
class oauth1_state
{
public:
    oauth1_state(utility::string_t timestamp, utility::string_t nonce,
            utility::string_t extra_key=utility::string_t(),
            utility::string_t extra_value=utility::string_t()) :
        m_timestamp(std::move(timestamp)),
        m_nonce(std::move(nonce)),
        m_extra_key(std::move(extra_key)),
        m_extra_value(std::move(extra_value))
    {}

    const utility::string_t& timestamp() const { return m_timestamp; }
    void set_timestamp(utility::string_t timestamp) { m_timestamp = std::move(timestamp); }

    const utility::string_t& nonce() const { return m_nonce; }
    void set_nonce(utility::string_t nonce) { m_nonce = std::move(nonce); }

    const utility::string_t& extra_key() const { return m_extra_key; }
    void set_extra_key(utility::string_t key) { m_extra_key = std::move(key); }

    const utility::string_t& extra_value() const { return m_extra_value; }
    void set_extra_value(utility::string_t value) { m_extra_value = std::move(value); }

private:
    utility::string_t m_timestamp;
    utility::string_t m_nonce;
    utility::string_t m_extra_key;
    utility::string_t m_extra_value;
};

// Constant strings for OAuth 1.0.
typedef utility::string_t oauth1_string;
class oauth1_strings
{
public:
#define _OAUTH1_STRINGS
#define DAT(a_, b_) _ASYNCRTIMP static const oauth1_string a_;
#include "cpprest/details/http_constants.dat"
#undef _OAUTH1_STRINGS
#undef DAT
};

} // namespace web::http::oauth1::details

namespace experimental
{

typedef utility::string_t oauth1_method;
class oauth1_methods
{
public:
#define _OAUTH1_METHODS
#define DAT(a,b) _ASYNCRTIMP static const oauth1_method a;
#include "cpprest/details/http_constants.dat"
#undef _OAUTH1_METHODS
#undef DAT
};

class oauth1_exception : public std::exception
{
public:
    oauth1_exception(utility::string_t msg) : m_msg(utility::conversions::to_utf8string(std::move(msg))) {}
    ~oauth1_exception() CPPREST_NOEXCEPT {}
    const char* what() const CPPREST_NOEXCEPT { return m_msg.c_str(); }

private:
    std::string m_msg;
};

class oauth1_token
{
public:

    oauth1_token() {}

    oauth1_token(utility::string_t access_token, utility::string_t secret) :
        m_token(std::move(access_token)),
        m_secret(std::move(secret))
    {}

    bool is_valid_access_token() const { return !(access_token().empty() || secret().empty()); }

    const utility::string_t& access_token() const { return m_token; }

    void set_access_token(utility::string_t &&access_token) { m_token = std::move(access_token); }

    void set_access_token(const utility::string_t &access_token) { m_token = access_token; }

    const utility::string_t& secret() const { return m_secret; }

    void set_secret(utility::string_t &&secret) { m_secret = std::move(secret); }

    void set_secret(const utility::string_t &secret) { m_secret = secret; }

    const std::map<utility::string_t, utility::string_t> &additional_parameters() const { return m_additional_parameters; }

    void set_additional_parameter(utility::string_t &&paramName, utility::string_t &&paramValue)
    {
        m_additional_parameters[std::move(paramName)] = std::move(paramValue);
    }

    void set_additional_parameter(const utility::string_t &paramName, const utility::string_t &paramValue)
    {
        m_additional_parameters[paramName] = paramValue;
    }

    void clear_additional_parameters() { m_additional_parameters.clear(); }

private:
    friend class oauth1_config;

    utility::string_t m_token;
    utility::string_t m_secret;
    std::map<utility::string_t, utility::string_t> m_additional_parameters;
};

class oauth1_config
{
public:
    oauth1_config(utility::string_t consumer_key, utility::string_t consumer_secret,
            utility::string_t temp_endpoint, utility::string_t auth_endpoint,
            utility::string_t token_endpoint, utility::string_t callback_uri,
            oauth1_method method, utility::string_t realm=utility::string_t()) :
        m_consumer_key(std::move(consumer_key)),
        m_consumer_secret(std::move(consumer_secret)),
        m_temp_endpoint(std::move(temp_endpoint)),
        m_auth_endpoint(std::move(auth_endpoint)),
        m_token_endpoint(std::move(token_endpoint)),
        m_callback_uri(std::move(callback_uri)),
        m_realm(std::move(realm)),
        m_method(std::move(method)),
        m_is_authorization_completed(false)
    {}

    _ASYNCRTIMP pplx::task<utility::string_t> build_authorization_uri();

    _ASYNCRTIMP pplx::task<void> token_from_redirected_uri(const web::http::uri& redirected_uri);

    pplx::task<void> token_from_verifier(utility::string_t verifier)
    {
        return _request_token(_generate_auth_state(details::oauth1_strings::verifier, std::move(verifier)), false);
    }

    pplx::task<void> refresh_token(const utility::string_t &key)
    {
        return _request_token(_generate_auth_state(key, m_token.additional_parameters().at(key)), false);
    }

    const utility::string_t& consumer_key() const { return m_consumer_key; }
    void set_consumer_key(utility::string_t key) { m_consumer_key = std::move(key); }

    const utility::string_t& consumer_secret() const { return m_consumer_secret; }
    void set_consumer_secret(utility::string_t secret) { m_consumer_secret = std::move(secret); }

    const utility::string_t& temp_endpoint() const { return m_temp_endpoint; }
    void set_temp_endpoint(utility::string_t temp_endpoint) { m_temp_endpoint = std::move(temp_endpoint); }

    const utility::string_t& auth_endpoint() const { return m_auth_endpoint; }
    void set_auth_endpoint(utility::string_t auth_endpoint) { m_auth_endpoint = std::move(auth_endpoint); }

    const utility::string_t& token_endpoint() const { return m_token_endpoint; }
    void set_token_endpoint(utility::string_t token_endpoint) { m_token_endpoint = std::move(token_endpoint); }

    const utility::string_t& callback_uri() const { return m_callback_uri; }
    void set_callback_uri(utility::string_t callback_uri) { m_callback_uri = std::move(callback_uri); }

    _ASYNCRTIMP const oauth1_token& token() const;

    void set_token(oauth1_token token)
    {
        m_token = std::move(token);
        m_is_authorization_completed = true;
    }

    const oauth1_method& method() const { return m_method; }
    void set_method(oauth1_method method) { m_method = std::move(method); }

    const utility::string_t& realm() const { return m_realm; }
    void set_realm(utility::string_t realm) { m_realm = std::move(realm); }

    bool is_enabled() const { return token().is_valid_access_token() && !(consumer_key().empty() || consumer_secret().empty()); }

    // Builds signature base string according to:
    // http://tools.ietf.org/html/rfc5849#section-3.4.1.1
    _ASYNCRTIMP utility::string_t _build_signature_base_string(http_request request, details::oauth1_state state) const;

    // Builds HMAC-SHA1 signature according to:
    // http://tools.ietf.org/html/rfc5849#section-3.4.2
    utility::string_t _build_hmac_sha1_signature(http_request request, details::oauth1_state state) const
    {
        auto text(_build_signature_base_string(std::move(request), std::move(state)));
        auto digest(_hmac_sha1(_build_key(), std::move(text)));
        auto signature(utility::conversions::to_base64(std::move(digest)));
        return signature;
    }

    // Builds PLAINTEXT signature according to:
    // http://tools.ietf.org/html/rfc5849#section-3.4.4
    utility::string_t _build_plaintext_signature() const
    {
        return _build_key();
    }

    details::oauth1_state _generate_auth_state(utility::string_t extra_key, utility::string_t extra_value)
    {
        return details::oauth1_state(_generate_timestamp(), _generate_nonce(), std::move(extra_key), std::move(extra_value));
    }

    details::oauth1_state _generate_auth_state()
    {
        return details::oauth1_state(_generate_timestamp(), _generate_nonce());
    }

    const std::map<utility::string_t, utility::string_t>& parameters() const { return m_parameters_to_sign; }

    void add_parameter(const utility::string_t &key, const utility::string_t &value) { m_parameters_to_sign[key] = value; }

    void add_parameter(utility::string_t &&key, utility::string_t &&value) { m_parameters_to_sign[std::move(key)] = std::move(value); }

    void set_parameters(const std::map<utility::string_t, utility::string_t> &parameters)
    {
        m_parameters_to_sign.clear();
        m_parameters_to_sign = parameters;
    }

    void clear_parameters() { m_parameters_to_sign.clear(); }

private:
    friend class web::http::client::http_client_config;
    friend class web::http::oauth1::details::oauth1_handler;

    oauth1_config() :
        m_is_authorization_completed(false)
    {}

    utility::string_t _generate_nonce()
    {
        return m_nonce_generator.generate();
    }

    static utility::string_t _generate_timestamp()
    {
        return utility::conversions::print_string(utility::datetime::utc_timestamp(), std::locale::classic());
    }

    _ASYNCRTIMP static std::vector<unsigned char> __cdecl _hmac_sha1(const utility::string_t& key, const utility::string_t& data);

    static utility::string_t _build_base_string_uri(const uri& u);

    utility::string_t _build_normalized_parameters(web::http::uri u, const details::oauth1_state& state) const;

    utility::string_t _build_signature(http_request request, details::oauth1_state state) const;

    utility::string_t _build_key() const
    {
        return uri::encode_data_string(consumer_secret()) + _XPLATSTR("&") + uri::encode_data_string(m_token.secret());
    }

    void _authenticate_request(http_request &req)
    {
        _authenticate_request(req, _generate_auth_state());
    }

    _ASYNCRTIMP void _authenticate_request(http_request &req, details::oauth1_state state);

    _ASYNCRTIMP pplx::task<void> _request_token(details::oauth1_state state, bool is_temp_token_request);

    utility::string_t m_consumer_key;
    utility::string_t m_consumer_secret;
    oauth1_token m_token;

    utility::string_t m_temp_endpoint;
    utility::string_t m_auth_endpoint;
    utility::string_t m_token_endpoint;
    utility::string_t m_callback_uri;
    utility::string_t m_realm;
    oauth1_method m_method;

    std::map<utility::string_t, utility::string_t> m_parameters_to_sign;

    utility::nonce_generator m_nonce_generator;
    bool m_is_authorization_completed;
};

} // namespace web::http::oauth1::experimental

namespace details
{

class oauth1_handler : public http_pipeline_stage
{
public:
    oauth1_handler(std::shared_ptr<experimental::oauth1_config> cfg) :
        m_config(std::move(cfg))
    {}

    virtual pplx::task<http_response> propagate(http_request request) override
    {
        if (m_config)
        {
            m_config->_authenticate_request(request);
        }
        return next_stage()->propagate(request);
    }

private:
    std::shared_ptr<experimental::oauth1_config> m_config;
};

}}}}

#endif