After getting the answers I needed from the OAuth list, I decided to go back to hacking at getting OAuth to play nice with AtomPub on my host. I am pleased to report that it now works! It requires a two-line patch to WordPress (for my host anyway, YMMV), and I had to change the wp-oauth plugin a bit (lastest in SVN), but I have successfully posted to my test blog using a remote AtomPub script authenticated using OAuth.
See some example code. The future is bright!
10 Responses
Joseph Scott •
I uploaded a new AtomPub patch on that ticket, http://trac.wordpress.org/attachment/ticket/6995/wp-app.php.diff can you confirm that the new patch works as expected.
Ming •
Hi Singpolyma,
I got some some errors when playing with your oAuth/Wordpress code. I will appreciate it if you could make some comments from the screen dump listed below. It seems the test passed oAuth but was not able to post to WordPress. In this test, wp_app.php was in the oauth plugin folder. If there is nothing apparently wrong, maybe I should test the WordPress Atompub separately. It looks like APE is difficult to setup, I think I should just try to use the cURL routines.
1)
http://localhost/wordpress/wp-app.php/posts?oauth_version=1.0&oauth_nonce=be69e7af98c008c2baa9ea3b5627e1f6&oauth_timestamp=1213975361&oauth_consumer_key=91a8964820d53b9faab85c68d5c964158aa01470&oauth_token=&oauth_signature_method=HMAC-SHA1&oauth_signature=SGWl9XFBVQU%2B4TO22TlIO35MyMY%3D
string(215) “HTTP/1.1 404 Not Found
Date: Fri, 20 Jun 2008 15:22:41 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.1 with Suhosin-Patch
X-Powered-By: PHP/5.2.4-2ubuntu5.1
Content-Length: 0
Content-Type: text/plain
______________________________________________________________________
2)
**When $service = curl_exec($curl) is commented out, the screen dump is listed below. Please note that base_string is NULL. Is there something wrong with it?
http://localhost/wordpress/wp-app.php/posts?oauth_version=1.0&oauth_nonce=19d219064006656cd398c1e7950ae727&oauth_timestamp=1213975481&oauth_consumer_key=91a8964820d53b9faab85c68d5c964158aa01470&oauth_token=2741d783759305b6ebf8dfe9b222b3add7269da4&oauth_signature_method=HMAC-SHA1&oauth_signature=fc8VSycdBPqWgvKNGndDzNg6TMU%3D
object(OAuthRequest)#86 (4) {
[“parameters:private”]=>
array(7) {
[“oauth_version”]=>
string(3) “1.0”
[“oauth_nonce”]=>
string(32) “19d219064006656cd398c1e7950ae727”
[“oauth_timestamp”]=>
int(1213975481)
[“oauth_consumer_key”]=>
string(40) “91a8964820d53b9faab85c68d5c964158aa01470”
[“oauth_token”]=>
string(40) “2741d783759305b6ebf8dfe9b222b3add7269da4”
[“oauth_signature_method”]=>
string(9) “HMAC-SHA1”
[“oauth_signature”]=>
string(28) “fc8VSycdBPqWgvKNGndDzNg6TMU=”
}
[“http_method:private”]=>
string(4) “POST”
[“http_url:private”]=>
string(43) “http://localhost/wordpress/wp-app.php/posts”
[“base_string:private”]=>
NULL
}
________________________________________________________________________________
**I had to hard-code the callback_url. Otherwise, it would not work. If callback_url is simply commented out, wordpress will display “Authorized! You may now close this window”
$callback_url = “/wordpress/wp-content/plugins/wp-oauth/wp_app.php?action=access”;
//$callback_url = “$base_url/wp_app.php?action=access”;
Note: the last line in Common.inc.php has to be commented out in order to use wp_app.php in a different folder from the plugin iself.
Stephen Paul Weber •
@Ming RE (1) : have you applied the patch? You will get a 404 if you have not. If you have, can you send me the contents of $_SERVER for that request?
RE (2) : I have no idea if that’s wrong… is there a specific problem?
RE (3) : This is expected behaviour
RE NOTE : What is your setup like? PHP should resolve __FILE__ to the file the statement is in, and then the relative path should work… always has for me.
Ming •
Thank you very much. I reapplied the patch manually after I found that the patch command did not work as expected. Now it looks like this in file wp-app.php:
global $always_authenticate;
if( !empty( $_SERVER[‘ORIG_PATH_INFO’] ) )
$path = $_SERVER[‘ORIG_PATH_INFO’];
else
$path = $_SERVER[‘PATH_INFO’];
$method = $_SERVER[‘REQUEST_METHOD’];
log_app(‘REQUEST’,”$method $path\n================”);
This is the dumped $SERVER:
[“SERVER_SOFTWARE”]=>
string(61) “Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.1 with Suhosin-Patch”
[“SERVER_NAME”]=>
string(9) “localhost”
[“SERVER_ADDR”]=>
string(9) “127.0.0.1”
[“SERVER_PORT”]=>
string(2) “80”
[“REMOTE_ADDR”]=>
string(9) “127.0.0.1”
[“DOCUMENT_ROOT”]=>
string(9) “/var/www/”
[“SERVER_ADMIN”]=>
string(19) “webmaster@localhost”
[“SCRIPT_FILENAME”]=>
string(29) “/var/www/oauthtest/wp_app.php”
[“REMOTE_PORT”]=>
string(5) “49426”
[“GATEWAY_INTERFACE”]=>
string(7) “CGI/1.1”
[“SERVER_PROTOCOL”]=>
string(8) “HTTP/1.1”
[“REQUEST_METHOD”]=>
string(3) “GET”
[“QUERY_STRING”]=>
string(13) “action=access”
[“REQUEST_URI”]=>
string(35) “/oauthtest/wp_app.php?action=access”
[“SCRIPT_NAME”]=>
string(21) “/oauthtest/wp_app.php”
[“PHP_SELF”]=>
string(21) “/oauthtest/wp_app.php”
[“REQUEST_TIME”]=>
int(1214026621)
[“argv”]=>
array(1) {
[0]=>
string(13) “action=access”
}
[“argc”]=>
int(1)
}
This is the description about how the error still happened (wp_app.php in another folder)
Once I clicked the test button, I was redirected to the WordPress to authorize the consumer right. I then clicked yes, then I got the error of non-existent URL “http://localhost/wp_app.php?action=access”, which should be “http://localhost/oauthtest/wp_app.php?action=access”
Tring to make it work, I changed “$callback_url = “$base_url/wp_app.php?action=access” to “$callback_url = “http://localhost/oauthtest/wp_app.php?action=access”” because I thought something is wrong with the base_url.
I then cliked the test button again, this time the authorization window did not show up (already approved), I got an error as
“http://localhost/wordpress/wp-app.php/posts?oauth_version=1.0&oauth_nonce=a6c0ce38cff5bf899d072867d0d4694e&oauth_timestamp=1214025525&oauth_consumer_key=ccaa282c3f6c66cf0b2491b9f152e11ad4bd822c&oauth_token=faebda8608c455bfef6d2f0628fd5c055276659a&oauth_signature_method=HMAC-SHA1&oauth_signature=VzGlNOYOHhq1XaTL4wk9mWuiQsI%3D
string(215) “HTTP/1.1 404 Not Found”
Ming •
Thank you very much. I reapplied the patch manually after I found that the patch command did not work as expected.
Now it looks like this in file wp-app.php:
global $always_authenticate;
if( !empty( $_SERVER[‘ORIG_PATH_INFO’] ) )
$path = $_SERVER[‘ORIG_PATH_INFO’];
else
$path = $_SERVER[‘PATH_INFO’];
$method = $_SERVER[‘REQUEST_METHOD’];
log_app(‘REQUEST’,”$method $path\n================”);
This is the dumped $SERVER (no PATH_INFO?):
[“SERVER_SOFTWARE”]=>
string(61) “Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.1 with Suhosin-Patch”
[“SERVER_NAME”]=>
string(9) “localhost”
[“SERVER_ADDR”]=>
string(9) “127.0.0.1”
[“SERVER_PORT”]=>
string(2) “80”
[“REMOTE_ADDR”]=>
string(9) “127.0.0.1”
[“DOCUMENT_ROOT”]=>
string(9) “/var/www/”
[“SERVER_ADMIN”]=>
string(19) “webmaster@localhost”
[“SCRIPT_FILENAME”]=>
string(29) “/var/www/oauthtest/wp_app.php”
[“REMOTE_PORT”]=>
string(5) “49426”
[“GATEWAY_INTERFACE”]=>
string(7) “CGI/1.1”
[“SERVER_PROTOCOL”]=>
string(8) “HTTP/1.1”
[“REQUEST_METHOD”]=>
string(3) “GET”
[“QUERY_STRING”]=>
string(13) “action=access”
[“REQUEST_URI”]=>
string(35) “/oauthtest/wp_app.php?action=access”
[“SCRIPT_NAME”]=>
string(21) “/oauthtest/wp_app.php”
[“PHP_SELF”]=>
string(21) “/oauthtest/wp_app.php”
[“REQUEST_TIME”]=>
int(1214026621)
[“argv”]=>
array(1) {
[0]=>
string(13) “action=access”
}
[“argc”]=>
int(1)
}
This is the description about how the error still happened (wp_app.php in another folder)
Once I clicked the test button, I was redirected to the WordPress to authorize the consumer right. I then clicked yes, then I got the error of non-existent URL “http://localhost/wp_app.php?action=access”, which should be “http://localhost/oauthtest/wp_app.php?action=access”
Tring to make it work, I changed “$callback_url = “$base_url/wp_app.php?action=access” to “$callback_url = “http://localhost/oauthtest/wp_app.php?action=access”” because I thought something is wrong with the base_url.
I then cliked the test button again, this time the authorization window did not show up (already approved), I got an error as
“http://localhost/wordpress/wp-app.php/posts?oauth_version=1.0&oauth_nonce=a6c0ce38cff5bf899d072867d0d4694e&oauth_timestamp=1214025525&oauth_consumer_key=ccaa282c3f6c66cf0b2491b9f152e11ad4bd822c&oauth_token=faebda8608c455bfef6d2f0628fd5c055276659a&oauth_signature_method=HMAC-SHA1&oauth_signature=VzGlNOYOHhq1XaTL4wk9mWuiQsI%3D
string(215) “HTTP/1.1 404 Not Found”
Ming •
I finally run through your code after making some minor changes:
1) In wp_app.php, I had to hard-code the callback-url because otherwise the base_url is empty.
//$callback_url = “$base_url/wp_app.php?action=access”;
2) At first SCRIPT_URI was undefined in my server setup. This was fixed by configuring virtualhost and enabling RewriteEngine module.
3) Finally, this thing got work after commenting out one line in wp-app.php:
//$_SERVER[‘PATH_INFO’] = preg_replace( ‘/.*\/wp-app\.php/’, ”, $_SERVER[‘REQUEST_URI’] );
Then I was able to post on my WordPress! Thanks for the work.
Stephen Paul Weber •
@Ming (1) wp_app.php is just a test script – not surprising you had to make some changes. (2&3) Might make sense to submit reports of some kind to WordPress, since those are requirements for WordPress AtomPub and not my plugin.
Zach Blank •
Hi Singpolyma,
after looking over all of the comments and playing with this myself i receive the following after running wp_app.php:
http://dotspot.zachblank.com/wp-app.php/posts?oauth_version=1.0&oauth_nonce=d4eae249bdc4f4dcc8fb02f22418d3ac&oauth_timestamp=1217184038&oauth_consumer_key=DUMMYKEY&oauth_token=d1e23d9aff528d994ddb7b6be48f12facb06c278&oauth_signature_method=HMAC-SHA1&oauth_signature=puMhdg4mu4VkRjENQ%2BH4YoflxDA%3D
string(610) “HTTP/1.1 Credentials required.
Date: Sun, 27 Jul 2008 18:40:38 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
WWW-Authenticate: Basic realm=”WordPress Atom Protocol”
Last-Modified: Sun, 27 Jul 2008 18:40:39 GMT
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html
401 Unauthorized
401 Unauthorized
Credentials required.
”
Can you see what the issue is here? seems like it is working BUT 401… how do i provide credentials if they are required?
Thank You!!!
Stephen Paul Weber •
@Zach are you getting to the “Authorize” step correctly? Correct flow if this all works should be:
1) Click button on test script
2) Click “Ok” to authorize key on WordPress site (may have to log in first)
3) Get success message.
Instead you are getting a 401? This is rather unusual… that means that the OAuth plugin is not correctly running before the rest – or that it is not looking in the right place. Do you have the lastest SVN version of wp-oauth and wp-xrds-simple installed and activated?
Anonymous •
Nice post!