Back to Y!OS SDKs Forum
0

Is Yahoo Authentication working correclty after I added input validation logic?

Hi,
I want to make clear whether Yahoo Authentication working correctly after I added input validation logic for $_GET, $_POST data or not.

FileName - Yahoo.inc

function hasSession($consumerKey, $consumerSecret, $applicationId = NULL, $sessionStore = NULL, $verifier = NULL)

{

if(is_null($sessionStore)) {

$sessionStore = new NativeSessionStore();

}



if(is_null($verifier) && array_key_exists("oauth_verifier", $_GET)) {

$verifier = $_GET["oauth_verifier"];

}



$session = YahooSession::initSession($consumerKey, $consumerSecret, $applicationId, FALSE, NULL, $sessionStore, $verifier);

return !is_null($session);

}





function requireSession($consumerKey, $consumerSecret, $applicationId = NULL,

$callback = NULL, $sessionStore = NULL, $verifier = NULL)

{

if(is_null($sessionStore)) {

$sessionStore = new NativeSessionStore();

}



if(is_null($verifier) && array_key_exists("oauth_verifier", $_GET)) {

$verifier = $_GET["oauth_verifier"];

}



return YahooSession::initSession($consumerKey, $consumerSecret, $applicationId, TRUE, $callback, $sessionStore, $verifier);

}







function initSessionFromYAP($consumerKey, $consumerSecret, $appid)

{

global $GLOBAL_YAHOO_SESSION;



if(!YahooUtil::is_yap_canvas()) {

// TODO: throw a YahooException

return NULL;

}



$consumer = new stdclass();

$consumer->key = $consumerKey;

$consumer->secret = $consumerSecret;



if ($consumer->key != $_POST["yap_consumer_key"]) {

YahooLogger::error("Consumer key from YAP does not match provided key.");

// TODO: throw a YahooException

$GLOBAL_YAHOO_SESSION = NULL;

return;

}



$signature_ok = YahooUtil::verify_signature($consumer, null, $_REQUEST['oauth_signature']);



if (!$signature_ok)

{

YahooLogger::error("Signature from YAP failed.");

// TODO: throw a YahooException

$GLOBAL_YAHOO_SESSION = NULL;

return;

}



$accessToken = new stdclass();

$accessToken->key = $_POST["yap_viewer_access_token"];

$accessToken->secret = $_POST["yap_viewer_access_token_secret"];

$accessToken->guid = $_POST["yap_viewer_guid"];

$accessToken->owner = $_POST["yap_owner_guid"];

$accessToken->tokenExpires = -1;



YahooLogger::debug("YAP AT: " . $accessToken->key . " ATS: " . $accessToken->secret);



$applicationId = $_POST["yap_appid"];

$GLOBAL_YAHOO_SESSION = new YahooSession($consumer, $accessToken, $applicationId);



return $GLOBAL_YAHOO_SESSION;

}


Thanks in advance for your help.

by
Report Abuse
0 Replies
This forum is locked.
Ask a Question

Recent Posts

in Y!OS SDKs