<?php

/**
 * HybridAuth
 * http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
 * (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
 */

/**
 * To implement an OAuth 1 based service provider, Hybrid_Provider_Model_OAuth1
 * can be used to save the hassle of the authentication flow.
 *
 * Each class that inherit from Hybrid_Provider_Model_OAuth1 have to implement
 * at least 2 methods:
 *   Hybrid_Providers_{provider_name}::initialize()     to setup the provider api end-points urls
 *   Hybrid_Providers_{provider_name}::getUserProfile() to grab the user profile
 *
 * Hybrid_Provider_Model_OAuth1 use OAuth1Client v0.1 which can be found on
 * Hybrid/thirdparty/OAuth/OAuth1Client.php
 */
class Hybrid_Provider_Model_OAuth1 extends Hybrid_Provider_Model {

	/**
	 * Provider API client
	 * @var OAuth1Client 
	 */
	public $api = null;

	/**
	 * Request_tokens as received from provider
	 * @var stdClas
	 */
	public $request_tokens_raw = null;

	/**
	 * Access_tokens as received from provider
	 * @var stdClass
	 */
	public $access_tokens_raw = null;

	/**
	 * Try to get the error message from provider api
	 *
	 * @param int $code Error code
	 * @return string
	 */
	function errorMessageByStatus($code = null) {
		$http_status_codes = array(
			200 => "OK: Success!",
			304 => "Not Modified: There was no new data to return.",
			400 => "Bad Request: The request was invalid.",
			401 => "Unauthorized.",
			403 => "Forbidden: The request is understood, but it has been refused.",
			404 => "Not Found: The URI requested is invalid or the resource requested does not exists.",
			406 => "Not Acceptable.",
			500 => "Internal Server Error: Something is broken.",
			502 => "Bad Gateway.",
			503 => "Service Unavailable."
		);

		if (!$code && $this->api) {
			$code = $this->api->http_code;
		}

		if (isset($http_status_codes[$code])) {
			return $code . " " . $http_status_codes[$code];
		}
	}

	/**
	 * {@inheritdoc}
	 */
	function initialize() {
		// 1 - check application credentials
		if (!$this->config["keys"]["key"] || !$this->config["keys"]["secret"]) {
			throw new Exception("Your application key and secret are required in order to connect to {$this->providerId}.", 4);
		}

		// 2 - include OAuth lib and client
		if (! class_exists('OAuthConsumer') ) {
          		require_once Hybrid_Auth::$config["path_libraries"] . "OAuth/OAuth.php";
		}	
        	require_once Hybrid_Auth::$config["path_libraries"] . "OAuth/OAuth1Client.php";

		// 3.1 - setup access_token if any stored
		if ($this->token("access_token")) {
			$this->api = new OAuth1Client(
					$this->config["keys"]["key"], $this->config["keys"]["secret"], $this->token("access_token"), $this->token("access_token_secret")
			);
		}

		// 3.2 - setup request_token if any stored, in order to exchange with an access token
		elseif ($this->token("request_token")) {
			$this->api = new OAuth1Client(
					$this->config["keys"]["key"], $this->config["keys"]["secret"], $this->token("request_token"), $this->token("request_token_secret")
			);
		}

		// 3.3 - instanciate OAuth client with client credentials
		else {
			$this->api = new OAuth1Client($this->config["keys"]["key"], $this->config["keys"]["secret"]);
		}

		// Set curl proxy if exist
		if (isset(Hybrid_Auth::$config["proxy"])) {
			$this->api->curl_proxy = Hybrid_Auth::$config["proxy"];
		}
	}

	/**
	 * {@inheritdoc}
	 */
	function loginBegin() {
		$tokens = $this->api->requestToken($this->endpoint);

		// request tokens as received from provider
		$this->request_tokens_raw = $tokens;

		// check the last HTTP status code returned
		if ($this->api->http_code != 200) {
			throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5);
		}

		if (!isset($tokens["oauth_token"])) {
			throw new Exception("Authentication failed! {$this->providerId} returned an invalid oauth token.", 5);
		}

		$this->token("request_token", $tokens["oauth_token"]);
		$this->token("request_token_secret", $tokens["oauth_token_secret"]);

		# redirect the user to the provider authentication url
		Hybrid_Auth::redirect($this->api->authorizeUrl($tokens));
	}

	/**
	 * {@inheritdoc}
	 */
	function loginFinish() {
		$oauth_token = (array_key_exists('oauth_token', $_REQUEST)) ? $_REQUEST['oauth_token'] : "";
		$oauth_verifier = (array_key_exists('oauth_verifier', $_REQUEST)) ? $_REQUEST['oauth_verifier'] : "";

		if (!$oauth_token || !$oauth_verifier) {
			throw new Exception("Authentication failed! {$this->providerId} returned an invalid oauth verifier.", 5);
		}

		// request an access token
		$tokens = $this->api->accessToken($oauth_verifier);

		// access tokens as received from provider
		$this->access_tokens_raw = $tokens;

		// check the last HTTP status code returned
		if ($this->api->http_code != 200) {
			throw new Exception("Authentication failed! {$this->providerId} returned an error. " . $this->errorMessageByStatus($this->api->http_code), 5);
		}

		// we should have an access_token, or else, something has gone wrong
		if (!isset($tokens["oauth_token"])) {
			throw new Exception("Authentication failed! {$this->providerId} returned an invalid access token.", 5);
		}

		// we no more need to store request tokens
		$this->deleteToken("request_token");
		$this->deleteToken("request_token_secret");

		// store access_token for later user
		$this->token("access_token", $tokens['oauth_token']);
		$this->token("access_token_secret", $tokens['oauth_token_secret']);

		// set user as logged in to the current provider
		$this->setUserConnected();
	}

}