function get_all($server_url) { // Subclasses should return a list of ConsumerAssociation // objects whose server_url attribute is equal to server_url.""" $result = array(); $query = sprintf($this->qstrs[1], $server_url); $this->connection->beginTransaction(); $cur = $this->connection->query($query); foreach ($cur as $row) { $result[] = new ConsumerAssociation($row['url'], $row['handle'], oidUtil::from_b64($row['secret']), $row['issued'], $row['lifetime']); } $this->connection->commit(); return result; }
function associate($server_url) { list($p, $g) = $this->get_mod_gen(); $dh = new DiffieHellman($p, $g, $this->srand); $cpub = $dh->createKeyExchange(); $args = array('openid.mode' => 'associate', 'openid.assoc_type' => 'HMAC-SHA1', 'openid.session_type' => 'DH-SHA1', 'openid.dh_modulus' => oidUtil::to_b64(oidUtil::long2a($dh->p)), 'openid.dh_gen' => oidUtil::to_b64(oidUtil::long2a($dh->g)), 'openid.dh_consumer_public' => oidUtil::to_b64(oidUtil::long2a($cpub))); $body = http_build_query($args); list($url, $data) = $this->http_client->post($server_url, $body); $results = oidUtil::parsekv($data); $assoc_type = $this->getResult($results, 'assoc_type'); if ($assoc_type != 'HMAC-SHA1') { trigger_error(sprintf('runtime error : Unknown association type %s', $assoc_type), E_USER_WARNING); } $assoc_handle = $this->getResult($results, 'assoc_handle'); $expires_in = isset($results['expires_in']) ? $results['expires_in'] : 0; $session_type = isset($results['session_type']) ? $results['session_type'] : 0; if (!$session_type) { $secret = oidUtil::from_b64($this->getResult($results, 'mac_key')); } else { if ($session_type != 'DH-SHA1') { trigger_error(sprintf('runtime error : Unknown Session Type: %s', $session_type), E_USER_WARNING); } $spub = oidUtil::a2long(oidUtil::from_b64($this->getResult($results, 'dh_server_public'))); $dh_shared = $dh->decryptKeyExchange($spub); $enc_mac_key = $this->getResult($results, 'enc_mac_key'); // print "enc_mac_key: " . $enc_mac_key; $secret = oidUtil::strxor(oidUtil::from_b64($enc_mac_key), oidUtil::sha1(oidUtil::long2a($dh_shared))); } return ConsumerAssociation::from_expires_in($expires_in, $server_url, $assoc_handle, $secret); }
function fromBase64($p = null, $g = null, $srand = null) { if ($p) { $p = oidUtil::a2long(oidUtil::from_b64($p)); } if ($g) { $g = oidUtil::a2long(oidUtil::from_b64($g)); } return new DiffieHellman($p, $g, $srand); }
$handler = new SimpleActionHandler($query, $consumer); if (isset($query['identity_url']) && $query['identity_url'] != 'http://') { $identity_url = $query['identity_url']; $ret = $consumer->find_identity_info($identity_url); if (!$ret) { COM_updateSpeedlimit('login'); $property = sprintf('%x', crc32($query['identity_url'])); COM_updateSpeedlimit('openid', $property); COM_errorLog('Unable to find an OpenID server for the identity URL ' . $identity_url); echo COM_refresh($_CONF['site_url'] . '/users.php?msg=89'); } else { // Found identity server info. list($identity_url, $server_id, $server_url) = $ret; // Redirect the user-agent to the OpenID server // which we are requesting information from. header('Location: ' . $consumer->handle_request($server_id, $server_url, oidUtil::append_args($_CONF['site_url'] . '/users.php', array('openid_login' => '1', 'open_id' => $identity_url)), $_CONF['site_url'], null, "email,nickname,fullname")); // Required fields. exit; } } elseif (isset($query['openid.mode']) || isset($query['openid_mode'])) { $openid_mode = ''; if (isset($query['openid.mode'])) { $openid_mode = $query['openid.mode']; } else { if (isset($query['openid_mode'])) { $openid_mode = $query['openid_mode']; } } if ($openid_mode == 'cancel') { COM_updateSpeedlimit('login'); echo COM_refresh($_CONF['site_url'] . '/users.php?msg=90');
function _error_page($error) { $edict = array('openid.mode' => 'error', 'openid.error' => $error); return error_page(oidUtil::kvform($edict)); }
function get_setup_response($req) { $args = array('identity' => $req->get('identity'), 'trust_root' => $req->get('trust_root'), 'fail_to' => oidUtil::append_args($req->get('return_to'), array('openid.mode' => 'cancel')), 'success_to' => oidUtil::append_args(addr, $req->args), 'action' => 'allow'); return redirect(oidUtil::append_args(addr, $args)); }
function do_id_res($req) { if (!$this->verify_return_to($req->get('return_to'))) { return new InvalidLogin(); } $user_setup_url = $req->get('user_setup_url'); if ($user_setup_url) { return new UserSetupNeeded($user_setup_url); } $server_url = $this->determine_server_url($req); $assoc = $this->assoc_mngr->get_association($server_url, $req->get('assoc_handle')); if (!$assoc) { // No matching association found. I guess we're in dumb mode... $check_args = array(); foreach ($req->args as $k => $v) { if (oidUtil::startsWith($k, 'openid.')) { $check_args[$k] = $v; } } $check_args['openid.mode'] = 'check_authentication'; $post_data = http_build_query($check_args); return new CheckAuthRequired($server_url, $req->get('return_to'), $post_data); } // Check the signature $sig = $req->get('sig'); $signed_fields = explode(',', trim($req->get('signed'))); list($_signed, $v_sig) = oidUtil::sign_reply($req->args, $assoc->secret, $signed_fields); if ($v_sig != $sig) { return new InvalidLogin(); } $vl = new ValidLogin($this, $req->get('identity')); if ($vl->verifyIdentity($req->openid)) { return $vl; } return new InvalidLogin(); }
function createReturnTo($base_url, $identity_url, $args = null) { if (!is_array($args)) { $args = array(); } $args['open_id'] = $identity_url; return oidUtil::append_args($base_url, $args); }
function create_return_to($base, $identity) { $args = array('id' => $identity, 'time' => (string) time()); $args['v'] = oidUtil::to_b64(oidUtil::hmacsha1($this->secret, $args['id'] . $args['time'])); return oidUtil::append_args($base, $args); }