function doAuth($info, $trusted = null, $fail_cancels = false) { if (!$info) { // There is no authentication information, so bail return authCancel(null); } $req_url = $info->identity; $user = getLoggedInUser(); setRequestInfo($info); if ($req_url != $user) { return login_render(array(), $req_url, $req_url); } $sites = getSessionSites(); $trust_root = $info->trust_root; $fail_cancels = $fail_cancels || isset($sites[$trust_root]); $trusted = isset($trusted) ? $trusted : isTrusted($req_url, $trust_root); if ($trusted) { setRequestInfo(); $server =& getServer(); $response =& $info->answer(true); $webresponse =& $server->encodeResponse($response); $new_headers = array(); foreach ($webresponse->headers as $k => $v) { $new_headers[] = $k . ": " . $v; } return array($new_headers, $webresponse->body); } elseif ($fail_cancels) { return authCancel($info); } else { return trust_render($info); } }
/** * Handle a standard OpenID server request */ function action_default() { header('X-XRDS-Location: ' . buildURL('idpXrds')); $server =& getServer(); $method = $_SERVER['REQUEST_METHOD']; $request = null; if ($method == 'GET') { $request = $_GET; } else { $request = $_POST; } $request = $server->decodeRequest(); if (!$request) { return about_render(); } setRequestInfo($request); if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) { if ($request->idSelect()) { // Perform IDP-driven identifier selection if ($request->mode == 'checkid_immediate') { $response =& $request->answer(false); } else { return trust_render($request); } } else { if (!$request->identity && !$request->idSelect()) { // No identifier used or desired; display a page saying // so. return noIdentifier_render(); } else { if ($request->immediate) { $response =& $request->answer(false, buildURL()); } else { /* if (!getLoggedInUser()) { return login_render(); } */ return trust_render($request); } } } } else { $response =& $server->handleRequest($request); } $webresponse =& $server->encodeResponse($response); if ($webresponse->code != AUTH_OPENID_HTTP_OK) { header(sprintf("HTTP/1.1 %d ", $webresponse->code), true, $webresponse->code); } foreach ($webresponse->headers as $k => $v) { header("{$k}: {$v}"); } header(header_connection_close); print $webresponse->body; exit(0); }
/** * Handle a standard OpenID server request */ function action_default() { global $store; $server =& getServer(); $method = $_SERVER['REQUEST_METHOD']; /*$request = null; if ($method == 'GET') { $request = $_GET; } else { $request = $_POST; } */ $request = $server->decodeRequest(); if (!$request) { return ""; //about_render(); } setRequestInfo($request); if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) { $identity = getLoggedInUser(); if (isTrusted($identity, $request->trust_root, $request->return_to)) { if ($request->message->isOpenID1()) { $response =& $request->answer(true); } else { $response =& $request->answer(true, false, getServerURL(), $identity); } } else { if ($request->immediate) { $response =& $request->answer(false, getServerURL()); } else { if (!getLoggedInUser()) { $_SESSION['last_forward_from'] = current_page_url() . '?' . http_build_query(Auth_OpenID::getQuery()); system_message(elgg_echo('openid_server:not_logged_in')); forward('login'); } return trust_render($request); } } addSregFields(&$response); } else { $response =& $server->handleRequest($request); } $webresponse =& $server->encodeResponse($response); foreach ($webresponse->headers as $k => $v) { header("{$k}: {$v}"); } header(header_connection_close); print $webresponse->body; exit(0); }
/** * Handle a standard OpenID server request */ function action_default() { $server =& getServer(); $method = $_SERVER['REQUEST_METHOD']; $request = null; if ($method == 'GET') { $request = $_GET; } else { $request = $_POST; } $request = Auth_OpenID::fixArgs($request); $request = $server->decodeRequest($request); if (!$request) { return about_render(); } setRequestInfo($request); if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) { if (isTrusted($request->identity, $request->trust_root)) { $response =& $request->answer(true); $sreg = getSreg($request->identity); if (is_array($sreg)) { foreach ($sreg as $k => $v) { $response->addField('sreg', $k, $v); } } } else { if ($request->immediate) { $response =& $request->answer(false, getServerURL()); } else { if (!getLoggedInUser()) { return login_render(); } return trust_render($request); } } } else { $response =& $server->handleRequest($request); } $webresponse =& $server->encodeResponse($response); foreach ($webresponse->headers as $k => $v) { header("{$k}: {$v}"); } header(header_connection_close); print $webresponse->body; exit(0); }
function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null) { if (!$info) { // There is no authentication information, so bail return authCancel(null); } if ($info->idSelect()) { if ($idpSelect) { $req_url = idURL($idpSelect); } else { $trusted = false; } } else { $req_url = $info->identity; } $user = getLoggedInUser(); setRequestInfo($info); if (!$info->idSelect() && $req_url != idURL($user)) { return login_render(array(), $req_url, $req_url); } $trust_root = $info->trust_root; if ($trusted) { setRequestInfo(); $server =& getServer(); $response =& $info->answer(true, null, $req_url); // Answer with some sample Simple Registration data. $sreg_data = array('fullname' => 'Example User', 'nickname' => 'example', 'dob' => '1970-01-01', 'email' => '*****@*****.**', 'gender' => 'F', 'postcode' => '12345', 'country' => 'ES', 'language' => 'eu', 'timezone' => 'America/New_York'); // Add the simple registration response values to the OpenID // response message. $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); $sreg_response->toMessage($response->fields); // Generate a response to send to the user agent. $webresponse =& $server->encodeResponse($response); $new_headers = array(); foreach ($webresponse->headers as $k => $v) { $new_headers[] = $k . ": " . $v; } return array($new_headers, $webresponse->body); } elseif ($fail_cancels) { return authCancel($info); } else { return trust_render($info); } }
function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null) { if (!$info) { // There is no authentication information, so bail return authCancel(null); } $auth = getAuth(); $cert_webid_23 = str_replace('#', '%23', $auth['agent']['webid']); $cert_webid = str_replace('http://', '', $cert_webid_23); // $cert_webid = urlencode($auth['agent']['webid']); if ($_SERVER['HTTPS']) { $host = "https://openid4.me/"; } else { $host = "http://openid4.me/"; } $normalized_webid = $host . $cert_webid; if ($info->idSelect()) { // if ($idpSelect) { // $req_url = idURL($idpSelect); if ($auth[isAuthenticated]) { $req_url = $normalized_webid; } else { $trusted = false; } // } else { // $trusted = false; // } } else { $req_url = $info->identity; if ($req_url != $normalized_webid) { //Get link header $link_webid = fetch_foaf_profile($req_url); if ($cert_webid == $link_webid) { $trusted = true; } else { $agent = get_agent(urldecode($link_webid)); /* print "<pre>"; print_r($agent); print "</pre>"; */ $link_webid = isset($agent['agent']['webid']) ? str_replace('#', '%23', $agent['agent']['webid']) : ''; if ($cert_webid_23 == $link_webid) { $trusted = true; } else { $trusted = false; } } } else { $trusted = true; } } $user = getLoggedInUser(); setRequestInfo($info); /* if ((!$info->idSelect()) && ($req_url != idURL($user))) { return login_render(array(), $req_url, $req_url); } */ $trust_root = $info->trust_root; if ($trusted) { setRequestInfo(); $server =& getServer(); $response =& $info->answer(true, null, $req_url); // Answer with some sample Simple Registration data. $agent = get_agent($auth['agent']['webid']); $sreg_data = array(); if ($fullname = $agent['agent']['name']) { $sreg_data = array_merge($sreg_data, array('fullname' => $fullname)); } if ($nickname = $agent['agent']['nick'][0]) { $sreg_data = array_merge($sreg_data, array('nickname' => $nickname)); } if ($mbox = $agent['agent']['mbox'][0]) { $mbox = str_replace('mailto:', '', $mbox); $sreg_data = array_merge($sreg_data, array('email' => $mbox)); } // Add the simple registration response values to the OpenID // response message. $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); $sreg_response->toMessage($response->fields); // Generate a response to send to the user agent. $webresponse =& $server->encodeResponse($response); $new_headers = array(); foreach ($webresponse->headers as $k => $v) { $new_headers[] = $k . ": " . $v; } return array($new_headers, $webresponse->body); } elseif ($fail_cancels) { return authCancel($info); } else { return trust_render($info); } }
/** * Handle a standard OpenID server request */ function action_default() { header('X-XRDS-Location: ' . buildURL('idpXrds')); $server =& getServer(); $method = $_SERVER['REQUEST_METHOD']; $request = null; if ($method == 'GET') { $request = $_GET; } else { $request = $_POST; } $request = $server->decodeRequest(); if (!$request) { return about_render(); } setRequestInfo($request); if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) { // Redirect to indirect server here with a 307 code to redirect // the POST to the new location. Normal redirect (without 307) // causes a GET instead of a POST global $indirect_server_url; $new_location = $indirect_server_url; if ($method == 'GET') { // If the request comes in via get, we want to redirect // to a URL that includes the full query string. Otherwise // all that juicy data gets lost. This was a problem for GIMI, // which uses a ruby openid client. $new_location .= '?' . $_SERVER['QUERY_STRING']; } else { if ($method == 'POST') { $query = Auth_OpenID::getQuery(); $new_location .= '?' . http_build_query($query); } } header('Location: ' . $new_location, true, 307); exit; if ($request->idSelect()) { // Perform IDP-driven identifier selection if ($request->mode == 'checkid_immediate') { $response =& $request->answer(false); } else { return trust_render($request); } } else { if (!$request->identity && !$request->idSelect()) { // No identifier used or desired; display a page saying // so. return noIdentifier_render(); } else { if ($request->immediate) { $response =& $request->answer(false, buildURL()); } else { if (!getLoggedInUser()) { return login_render(); } return trust_render($request); } } } } else { $response =& $server->handleRequest($request); } $webresponse =& $server->encodeResponse($response); if ($webresponse->code != AUTH_OPENID_HTTP_OK) { header(sprintf("HTTP/1.1 %d ", $webresponse->code), true, $webresponse->code); } foreach ($webresponse->headers as $k => $v) { header("{$k}: {$v}"); } header(header_connection_close); print $webresponse->body; exit(0); }
$user_path = substr($user, strpos($user, ":")); if ($info->message->isOpenID1() && $req_url_path != $user_path) { register_error(sprintf(elgg_echo("openid_server:loggedin_as_wrong_user"), $req_url, $user)); forward(); } else { $trust_root = $info->trust_root; $trusted = isset($trusted) ? $trusted : isTrusted($identity, $trust_root); if ($trusted) { setRequestInfo(); $server =& getServer(); if ($info->message->isOpenID1()) { $response =& $info->answer(true, null, $req_url); } else { $response =& $info->answer(true, null, getServerURL(), $identity); } addSregFields($response, $info, $identity); $webresponse =& $server->encodeResponse($response); $new_headers = array(); foreach ($webresponse->headers as $k => $v) { $new_headers[] = $k . ": " . $v; } writeResponse(array($new_headers, $webresponse->body)); exit(0); } elseif ($fail_cancels) { setRequestInfo(); forward($info->getCancelURL()); } else { writeResponse(trust_render($info)); } } }