static function ServerCheck($server, $request, $sreg, $imm = true)
 {
     assert(isset($server));
     assert(isset($request));
     assert(isset($sreg));
     assert(isset($imm) && is_bool($imm));
     # Is the passed identity URL a user page?
     $url = $request->identity;
     assert(isset($url) && strlen($url) > 0);
     $user = self::DEPRECATEDgetUsernameFromOpenIdUrl($url);
     if (!$user) {
         throw new Exception("OpenID: '{$url}' not a user page.\n");
         return $request->answer(false, self::getOpenIdServerUrl());
     }
     assert($user);
     # Is there a logged in user?
     if ($user != User::getCurrentUser()) {
         //throw new Exception ("OpenID: User not logged in.\n");
         if ($imm) {
             return $request->answer(false, self::getOpenIdServerUrl());
         } else {
             # Bank these for later
             self::serverSessionSaveValues($request, $sreg);
             self::serverLoginForm($request, null, $user);
             return NULL;
         }
     }
     assert($user);
     assert(is_array($sreg));
     # Does the request require sreg fields that the user has not specified?
     if (array_key_exists('required', $sreg)) {
         $notFound = false;
         foreach ($sreg['required'] as $reqfield) {
             if (is_null(self::getUserField($user, $reqfield))) {
                 $notFound = true;
                 break;
             }
         }
         if ($notFound) {
             //("OpenID: Consumer demands info we don't have.\n");
             return $request->answer(false, self::getOpenIdServerUrl());
         }
     }
     # Trust check
     $trust_root = $request->trust_root;
     assert(isset($trust_root) && is_string($trust_root) && strlen($trust_root) > 0);
     $trust = self::GetUserTrust($user, $trust_root);
     # Is there a trust record?
     if (is_null($trust)) {
         wfDebug("OpenID: No trust record.\n");
         if ($imm) {
             return $request->answer(false, self::getOpenIdServerUrl());
         } else {
             # Bank these for later
             self::serverSessionSaveValues($request, $sreg);
             OpenIDServerTrustForm($request, $sreg);
             return NULL;
         }
     }
     assert(!is_null($trust));
     # Is the trust record _not_ to allow trust?
     # NB: exactly equal
     if ($trust === false) {
         wfDebug("OpenID: User specified not to allow trust.\n");
         return $request->answer(false, self::getOpenIdServerUrl());
     }
     assert(isset($trust) && is_array($trust));
     # Does the request require sreg fields that the user has
     # not allowed us to pass, or has not specified?
     if (array_key_exists('required', $sreg)) {
         $notFound = false;
         foreach ($sreg['required'] as $reqfield) {
             if (!in_array($reqfield, $trust) || is_null(self::getUserField($user, $reqfield))) {
                 $notFound = true;
                 break;
             }
         }
         if ($notFound) {
             wfDebug("OpenID: Consumer demands info user doesn't want shared.\n");
             return $request->answer(false, self::getOpenIdServerUrl());
         }
     }
     # assert(all required sreg fields are in $trust)
     # XXX: run a hook here to check
     # SUCCESS
     $response_fields = array_intersect(array_unique(array_merge($sreg['required'], $sreg['optional'])), $trust);
     $response = $request->answer(true);
     assert(isset($response));
     foreach ($response_fields as $field) {
         $value = self::getUserField($user, $field);
         if (!is_null($value)) {
             $response->addField('sreg', $field, $value);
         }
     }
     return $response;
 }
Beispiel #2
0
 function OpenIDServerCheck($server, $request, $sreg, $imm = true)
 {
     global $wgUser, $wgOut;
     assert(isset($wgUser) && isset($wgOut));
     assert(isset($server));
     assert(isset($request));
     assert(isset($sreg));
     assert(isset($imm) && is_bool($imm));
     # Is the passed identity URL a user page?
     $url = $request->identity;
     assert(isset($url) && strlen($url) > 0);
     $name = OpenIDUrlToUserName($url);
     if (!isset($name) || strlen($name) == 0) {
         wfDebug("OpenID: '{$url}' not a user page.\n");
         return $request->answer(false, OpenIdServerUrl());
     }
     assert(isset($name) && strlen($name) > 0);
     # Is there a logged in user?
     if ($wgUser->getId() == 0) {
         wfDebug("OpenID: User not logged in.\n");
         if ($imm) {
             return $request->answer(false, OpenIdServerUrl());
         } else {
             # Bank these for later
             OpenIDServerSaveValues($request, $sreg);
             OpenIDServerLoginForm($request);
             return NULL;
         }
     }
     assert($wgUser->getId() != 0);
     # Is the user page for the logged-in user?
     $user = User::newFromName($name);
     if (!isset($user) || $user->getId() != $wgUser->getId()) {
         wfDebug("OpenID: User from url not logged in user.\n");
         return $request->answer(false, OpenIdServerUrl());
     }
     assert(isset($user) && $user->getId() == $wgUser->getId() && $user->getId() != 0);
     # Is the user an OpenID user?
     $openid = OpenIDGetUserUrl($user);
     if (isset($openid) && strlen($openid) > 0) {
         wfDebug("OpenID: Not one of our users; logs in with OpenID.\n");
         return $request->answer(false, OpenIdServerUrl());
     }
     assert(is_array($sreg));
     # Does the request require sreg fields that the user has not specified?
     if (array_key_exists('required', $sreg)) {
         $notFound = false;
         foreach ($sreg['required'] as $reqfield) {
             if (is_null(OpenIdGetUserField($user, $reqfield))) {
                 $notFound = true;
                 break;
             }
         }
         if ($notFound) {
             wfDebug("OpenID: Consumer demands info we don't have.\n");
             return $request->answer(false, OpenIdServerUrl());
         }
     }
     # Trust check
     $trust_root = $request->trust_root;
     assert(isset($trust_root) && is_string($trust_root) && strlen($trust_root) > 0);
     $trust = OpenIDGetUserTrust($user, $trust_root);
     # Is there a trust record?
     if (is_null($trust)) {
         wfDebug("OpenID: No trust record.\n");
         if ($imm) {
             return $request->answer(false, OpenIdServerUrl());
         } else {
             # Bank these for later
             OpenIDServerSaveValues($request, $sreg);
             OpenIDServerTrustForm($request, $sreg);
             return NULL;
         }
     }
     assert(!is_null($trust));
     # Is the trust record _not_ to allow trust?
     # NB: exactly equal
     if ($trust === false) {
         wfDebug("OpenID: User specified not to allow trust.\n");
         return $request->answer(false, OpenIdServerUrl());
     }
     assert(isset($trust) && is_array($trust));
     # Does the request require sreg fields that the user has
     # not allowed us to pass, or has not specified?
     if (array_key_exists('required', $sreg)) {
         $notFound = false;
         foreach ($sreg['required'] as $reqfield) {
             if (!in_array($reqfield, $trust) || is_null(OpenIdGetUserField($user, $reqfield))) {
                 $notFound = true;
                 break;
             }
         }
         if ($notFound) {
             wfDebug("OpenID: Consumer demands info user doesn't want shared.\n");
             return $request->answer(false, OpenIdServerUrl());
         }
     }
     # assert(all required sreg fields are in $trust)
     # XXX: run a hook here to check
     # SUCCESS
     $response_fields = array_intersect(array_unique(array_merge($sreg['required'], $sreg['optional'])), $trust);
     $response = $request->answer(true);
     assert(isset($response));
     foreach ($response_fields as $field) {
         $value = OpenIDGetUserField($user, $field);
         if (!is_null($value)) {
             $response->addField('sreg', $field, $value);
         }
     }
     return $response;
 }