fromPostArgs() static public method

static public fromPostArgs ( $args )
Beispiel #1
0
	/**
	 * Given an HTTP query in an array (key-value pairs), decode it
	 * into an Auth_OpenID_Request object.
	 */
	function decode($query)
	{
		if (!$query) {
			return null;
		}

		$message = Auth_OpenID_Message::fromPostArgs($query);

		if ($message === null) {
			/*
			 * It's useful to have a Message attached to a
			 * ProtocolError, so we override the bad ns value to build
			 * a Message out of it.  Kinda kludgy, since it's made of
			 * lies, but the parts that aren't lies are more useful
			 * than a 'None'.
			 */
			$old_ns = $query['openid.ns'];

			$query['openid.ns'] = Auth_OpenID_OPENID2_NS;
			$message = Auth_OpenID_Message::fromPostArgs($query);
			return new Auth_OpenID_ServerError(
			$message,
			sprintf("Invalid OpenID namespace URI: %s", $old_ns));
		}

		$mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
		if (!$mode) {
			return new Auth_OpenID_ServerError($message,
                                               "No mode value in message");
		}

		if (Auth_OpenID::isFailure($mode)) {
			return new Auth_OpenID_ServerError($message,
			$mode->message);
		}

		$handlerCls = Auth_OpenID::arrayGet($this->handlers, $mode,
		$this->defaultDecoder($message));

		if (!is_a($handlerCls, 'Auth_OpenID_ServerError')) {
			return call_user_func_array(array($handlerCls, 'fromMessage'),
			array($message, $this->server));
		} else {
			return $handlerCls;
		}
	}
Beispiel #2
0
 /**
  * @access private
  */
 function _verifyReturnToArgs($query)
 {
     // Verify that the arguments in the return_to URL are present in this
     // response.
     $message = Auth_OpenID_Message::fromPostArgs($query);
     $return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to');
     if (Auth_OpenID::isFailure($return_to)) {
         return $return_to;
     }
     // XXX: this should be checked by _idResCheckForFields
     if (!$return_to) {
         return new Auth_OpenID_FailureResponse(null, "Response has no return_to");
     }
     $parsed_url = parse_url($return_to);
     $q = array();
     if (array_key_exists('query', $parsed_url)) {
         $rt_query = $parsed_url['query'];
         $q = Auth_OpenID::parse_str($rt_query);
     }
     foreach ($q as $rt_key => $rt_value) {
         if (!array_key_exists($rt_key, $query)) {
             return new Auth_OpenID_FailureResponse(null, sprintf("return_to parameter %s absent from query", $rt_key));
         } else {
             $value = $query[$rt_key];
             if ($rt_value != $value) {
                 return new Auth_OpenID_FailureResponse(null, sprintf("parameter %s value %s does not match " . "return_to value %s", $rt_key, $value, $rt_value));
             }
         }
     }
     // Make sure all non-OpenID arguments in the response are also
     // in the signed return_to.
     $bare_args = $message->getArgs(Auth_OpenID_BARE_NS);
     foreach ($bare_args as $key => $value) {
         if (Auth_OpenID::arrayGet($q, $key) != $value) {
             return new Auth_OpenID_FailureResponse(null, sprintf("Parameter %s = %s not in return_to URL", $key, $value));
         }
     }
     return true;
 }
 function test_overrideRequired()
 {
     // Be sure that caller CANNOT change the form charset for
     // encoding type.
     $m = Auth_OpenID_Message::fromPostArgs($this->postargs);
     $tag_attrs = $this->form_tag_attrs;
     $tag_attrs['accept-charset'] = 'UCS4';
     $tag_attrs['enctype'] = 'invalid/x-broken';
     $html = $m->toFormMarkup($this->action_url, $tag_attrs, $this->submit_text);
     $this->_checkForm($html, $m, $this->action_url, $tag_attrs, $this->submit_text);
 }
Beispiel #4
0
 function setUp()
 {
     $this->store = new GoodAssocStore();
     $this->consumer = new Auth_OpenID_GenericConsumer($this->store);
     $this->consumer->discoverMethod = array($this, 'discoveryFunc');
     $this->identifier = "http://idp.unittest/1337";
     $this->server_url = "http://endpoint.unittest/";
     $this->message = Auth_OpenID_Message::fromPostArgs(array('openid.ns' => Auth_OpenID_OPENID2_NS, 'openid.identity' => $this->identifier, 'openid.claimed_id' => $this->identifier, 'openid.op_endpoint' => $this->server_url));
     $this->endpoint = new Auth_OpenID_ServiceEndpoint();
     $this->endpoint->server_url = $this->server_url;
 }
 function index()
 {
     try {
         $member = Member::currentUser();
         if ($member) {
             // user is already logged in
             return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
         }
         $consumer = Injector::inst()->get('MyOpenIDConsumer');
         $query = Auth_OpenID::getQuery();
         $message = Auth_OpenID_Message::fromPostArgs($query);
         $nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce');
         list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce);
         $claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id');
         error_log(sprintf('OpenStackIdAuthenticator : id %s - salt %s - timestamp %s', $claimed_id, $salt, $timestamp));
         // Complete the authentication process using the server's response.
         $response = $consumer->complete(OpenStackIdCommon::getReturnTo());
         if ($response->status == Auth_OpenID_CANCEL) {
             error_log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL');
             SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_CANCEL', SS_Log::WARN);
             throw new Exception('The verification was cancelled. Please try again.');
         } else {
             if ($response->status == Auth_OpenID_FAILURE) {
                 error_log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE');
                 SS_Log::log('OpenStackIdAuthenticator : Auth_OpenID_FAILURE', SS_Log::WARN);
                 throw new Exception("The OpenID authentication failed.");
             } else {
                 if ($response->status == Auth_OpenID_SUCCESS) {
                     error_log('OpenStackIdAuthenticator : Auth_OpenID_SUCCESS');
                     $openid = $response->getDisplayIdentifier();
                     $openid = OpenStackIdCommon::escape($openid);
                     if ($response->endpoint->canonicalID) {
                         $openid = escape($response->endpoint->canonicalID);
                     }
                     //get user info from openid response
                     $member = null;
                     list($email, $full_name) = $this->getUserProfileInfo($response);
                     if (!is_null($email)) {
                         //try to get user by email
                         $member = $this->member_repository->findByEmail($email);
                     }
                     if (!$member) {
                         // or by openid
                         $member = Member::get()->filter('IdentityURL', $openid)->first();
                     }
                     if ($member) {
                         $result = $member->canLogIn();
                         if ($result->valid()) {
                             $member->setIdentityUrl($openid);
                             $member->write();
                             $member->LogIn(true);
                             return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
                         }
                         throw new Exception("Inactive User!");
                     }
                     throw new Exception("The OpenID authentication failed: can not find user " . $openid);
                 }
             }
         }
     } catch (Exception $ex) {
         Session::set("Security.Message.message", $ex->getMessage());
         Session::set("Security.Message.type", "bad");
         SS_Log::log($ex, SS_Log::WARN);
         return $this->redirect("Security/badlogin");
     }
 }
 function test_fromPostArgs_ns11()
 {
     // An example of the stuff that some Drupal installations send us,
     // which includes openid.ns but is 1.1.
     $query = array('openid.assoc_handle' => '', 'openid.claimed_id' => 'http://foobar.invalid/', 'openid.identity' => 'http://foobar.myopenid.com', 'openid.mode' => 'checkid_setup', 'openid.ns' => 'http://openid.net/signon/1.1', 'openid.ns.sreg' => 'http://openid.net/extensions/sreg/1.1', 'openid.return_to' => 'http://drupal.invalid/return_to', 'openid.sreg.required' => 'nickname,email', 'openid.trust_root' => 'http://drupal.invalid');
     $m = Auth_OpenID_Message::fromPostArgs($query);
     $this->assertTrue($m->isOpenID1());
 }
 function test_verifyAssocMismatch()
 {
     // Attempt to validate sign-all message with a signed-list
     // assoc.
     $assoc_handle = '{vroom}{zoom}';
     $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, 'sekrit', 'HMAC-SHA1');
     $this->store->storeAssociation($this->dumb_key, $assoc);
     $signed = Auth_OpenID_Message::fromPostArgs(array('foo' => 'bar', 'apple' => 'orange', 'openid.sig' => "d71xlHtqnq98DonoSgoK/nD+QRM="));
     $verified = $this->signatory->verify($assoc_handle, $signed);
     $this->assertFalse($verified);
 }
Beispiel #8
0
 /**
  * Given an HTTP query in an array (key-value pairs), decode it
  * into an Auth_OpenID_Request object.
  */
 function decode($query)
 {
     if (!$query) {
         return null;
     }
     $message = Auth_OpenID_Message::fromPostArgs($query);
     $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
     if (!$mode) {
         return new Auth_OpenID_ServerError($message, "No mode value in message");
     }
     $handlerCls = Auth_OpenID::arrayGet($this->handlers, $mode, $this->defaultDecoder($message));
     if (!is_a($handlerCls, 'Auth_OpenID_ServerError')) {
         return call_user_func_array(array($handlerCls, 'fromMessage'), array($message, $this->server));
     } else {
         return $handlerCls;
     }
 }
Beispiel #9
0
 /**
  * @access private
  */
 function _verifyReturnToArgs($query)
 {
     // Verify that the arguments in the return_to URL are present in this
     // response.
     $message = Auth_OpenID_Message::fromPostArgs($query);
     $return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to');
     // XXX: this should be checked by _idResCheckForFields
     if (!$return_to) {
         return new Auth_OpenID_FailureResponse(null, "no openid.return_to in query");
     }
     $parsed_url = parse_url($return_to);
     $q = array();
     if (array_key_exists('query', $parsed_url)) {
         $rt_query = $parsed_url['query'];
         $q = Auth_OpenID::parse_str($rt_query);
     }
     foreach ($q as $rt_key => $rt_value) {
         if (!array_key_exists($rt_key, $query)) {
             return new Auth_OpenID_FailureResponse(null, sprintf("return_to parameter %s absent from query", $rt_key));
         } else {
             $value = $query[$rt_key];
             if ($rt_value != $value) {
                 return new Auth_OpenID_FailureResponse(null, sprintf("parameter %s value %s does not match " . "return_to value %s", $rt_key, $value, $rt_value));
             }
         }
     }
     return true;
 }
Beispiel #10
0
 /**
  * @access private
  */
 function _verifyReturnToArgs($query)
 {
     // Verify that the arguments in the return_to URL are present in this
     // response.
     $message = Auth_OpenID_Message::fromPostArgs($query);
     $return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to');
     // modified by ben brown 2010-01-21
     // for some reason the return url being specified is all jacked
     //$return_to = preg_replace("/(.*?)\?.*/","$1",$return_to);
     error_log("Looking at return to = {$return_to}");
     if (Auth_OpenID::isFailure($return_to)) {
         error_log("failing 1");
         return $return_to;
     }
     // XXX: this should be checked by _idResCheckForFields
     if (!$return_to) {
         error_log("failing 2");
         return new Auth_OpenID_FailureResponse(null, "Response has no return_to");
     }
     $parsed_url = parse_url($return_to);
     error_log("parsed url: {$parsed_url}");
     $q = array();
     if (array_key_exists('query', $parsed_url)) {
         $rt_query = $parsed_url['query'];
         $q = Auth_OpenID::parse_str($rt_query);
     }
     foreach ($q as $rt_key => $rt_value) {
         if (!array_key_exists($rt_key, $query)) {
             error_log("failing 3");
             return new Auth_OpenID_FailureResponse(null, sprintf("return_to parameter %s absent from query", $rt_key));
         } else {
             $value = $query[$rt_key];
             if ($rt_value != $value) {
                 error_log("failing 4");
                 return new Auth_OpenID_FailureResponse(null, sprintf("parameter %s value %s does not match " . "return_to value %s", $rt_key, $value, $rt_value));
             }
         }
     }
     // Make sure all non-OpenID arguments in the response are also
     // in the signed return_to.
     $bare_args = $message->getArgs(Auth_OpenID_BARE_NS);
     foreach ($bare_args as $key => $value) {
         if (Auth_OpenID::arrayGet($q, $key) != $value) {
             error_log("failing 5");
             return new Auth_OpenID_FailureResponse(null, sprintf("Parameter %s = %s not in return_to URL", $key, $value));
         }
     }
     return true;
 }