function make_request() { //get openid identifier URL if (empty($_GET['openid_url'])) { $error = "Expected an OpenID URL."; print $error; exit(0); } $openid = $_GET['openid_url']; $consumer = get_consumer(); //begin openid authentication $auth_request = $consumer->begin($openid); //no authentication available if (!$auth_request) { print "Authentication error; not a valid OpenID."; } //add openid extensions to the request $auth_request->addExtension(attach_ax()); //attribute exchange //generate redirect url $return_url = sprintf("%s%s", APP_ROOT, FILE_COMPLETE); $trust_root = sprintf("http://%s%s/", $_SERVER['SERVER_NAME'], dirname($_SERVER['PHP_SELF'])); $redirect_url = $auth_request->redirectURL($trust_root, $return_url); //attach oauth extension parameters to redirect url $hybrid_fields = array('openid.ns.oauth' => 'http://specs.openid.net/extensions/oauth/1.0', 'openid.oauth.consumer' => CONSUMER_KEY); $redirect_url .= '&' . http_build_query($hybrid_fields); //if no redirect available display error message, else redirect if (Auth_OpenID::isFailure($redirect_url)) { print "Could not redirect to server: " . $redirect_url->message; } else { header("Location: " . $redirect_url); } }
/** * @throws InvalidArgumentException if an invalid OpenID was provided */ public function authenticate($url, $return, $realm, $required = array(), $optional = array()) { if (empty($realm)) { $realm = 'http' . (env('HTTPS') ? 's' : '') . '://' . env('SERVER_NAME'); } if (trim($url) != '') { $consumer = $this->_consumer(); $authRequest = $consumer->begin($url); } if (!isset($authRequest) || !$authRequest) { throw new InvalidArgumentException('Invalid OpenID'); } $sregRequest = Auth_OpenID_SRegRequest::build($required, $optional); if ($sregRequest) { $authRequest->addExtension($sregRequest); } if (!$authRequest->shouldSendRedirect()) { $formId = 'openid_message'; $formHtml = $authRequest->formMarkup($realm, $return, false, array('id' => $formId)); if (Auth_OpenID::isFailure($formHtml)) { throw new Exception('Could not redirect to server: ' . $formHtml->message); } echo '<html><head><title>OpenID transaction in progress</title></head>' . "<body onload='document.getElementById(\"{$formId}\").submit()'>" . $formHtml . '</body></html>'; exit; } $redirectUrl = $authRequest->redirectUrl($realm, $return); if (Auth_OpenID::isFailure($redirectUrl)) { throw new Exception('Could not redirect to server: ' . $redirectUrl->message); } $this->_controller->redirect($redirectUrl, null, true); }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } $auth_request->addExtension($ax); $policy_uris = $_GET['policies']; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
public function validateIdentifier($validator, $values, $arguments = array()) { $authRequest = $this->getAuthAdapter()->getConsumer()->begin($values['openid_identifier']); if (!$authRequest) { throw new sfValidatorError($validator, 'Authentication error: not a valid OpenID.'); } $sregExchange = new opOpenIDProfileExchange('sreg'); $authRequest->addExtension(Auth_OpenID_SRegRequest::build(array(), $sregExchange->getImportSupportedProfiles())); // for OpenID1 if ($authRequest->shouldSendRedirect()) { $values['redirect_url'] = $authRequest->redirectURL($arguments['realm'], $arguments['return_to']); if (Auth_OpenID::isFailure($values['redirect_url'])) { throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_url']->message); } } else { $axExchange = new opOpenIDProfileExchange('ax'); $axRequest = new Auth_OpenID_AX_FetchRequest(); foreach ($axExchange->getImportSupportedProfiles() as $key => $value) { $axRequest->add(Auth_OpenID_AX_AttrInfo::make($value, 1, false, 'profile_' . $key)); } $authRequest->addExtension($axRequest); $values['redirect_html'] = $authRequest->htmlMarkup($arguments['realm'], $arguments['return_to']); if (Auth_OpenID::isFailure($values['redirect_html'])) { throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_html']->message); } } return $values; }
public function try_auth($openid) { $url = HttpRequest::getPathUrl(); $nb = strlen($url); $base_url = ''; if ($nb == 0 || $url[$nb - 1] != "/") { $base_url = "http://" . $_SERVER['HTTP_HOST'] . $url . "/"; } else { $base_url = "http://" . $_SERVER['HTTP_HOST'] . $url; } $trust_root = $base_url; $return_url = $base_url . 'index.php/openid/finish_auth'; $store = new WMySqlStore(DbUtil::accessFactory()); $store->createTables(); $consumer =& new Auth_OpenID_Consumer($store); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { $_SESSION['isError'] = true; $_SESSION['message'] = __("Authentication error; not a valid OpenID."); DefaultFC::redirection('users/index'); exit; } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $return_url); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { $_SESSION['isError'] = true; $_SESSION['message'] = __("Could not redirect to server: ") . $redirect_url->message; DefaultFC::redirection('users/index'); exit; } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup($trust_root, $return_url, false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $_SESSION['isError'] = true; $_SESSION['message'] = __("Could not redirect to server: ") . $form_html->message; DefaultFC::redirection('users/index'); exit; } else { print $form_html; } } }
private function issueOpenid2Connexion(Auth_OpenID_AuthRequest $auth_request, $redirect_url) { $form_id = "openid_message"; $form_html = $auth_request->htmlMarkup($this->getTrustRoot(), $this->getReturnTo($redirect_url), false, array('id' => $form_id)); if (Auth_OpenID::isFailure($form_html)) { throw new OpenId_OpenIdException($GLOBALS['Language']->getText('plugin_openid', 'error_openid_connect')); } echo $form_html; }
/** * takes an associative array and adds OpenID * * @param array $params (reference ) an assoc array of name/value pairs * * @return object CRM_Core_BAO_OpenID object on success, null otherwise * @access public * @static */ static function add(&$params) { $openId =& new CRM_Core_DAO_OpenID(); // normalize the OpenID URL require_once 'Auth/OpenID.php'; $params['openid'] = Auth_OpenID::normalizeURL($params['openid']); $openId->copyValues($params); return $openId->save(); }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); $return_to = getReturnTo(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } // add AX request if ($_GET['ax'] == 'true') { $ax_request = new Auth_OpenID_AX_FetchRequest(); global $ax_data; foreach ($ax_data as $ax_key => $ax_data_ns) { // set AX params if ($_GET['ax_' . $ax_key] == 'true') { $ax_request->add(new Auth_OpenID_AX_AttrInfo($ax_data_ns, 1, true, $ax_key)); } } // add extension if ($ax_request) { $auth_request->addExtension($ax_request); } } // add UI extension request if ($_GET['ui'] == 'true') { $UI_request = new OpenID_UI_Request(); // set icon if ($_GET['icon'] == 'true') { $UI_request->setIcon(); } // set lang if ($_GET['lang'] == 'true' && $_GET['pref_lang']) { $UI_request->setLang($_GET['pref_lang']); } // set popup if ($_GET['popup'] == 'true') { $UI_request->setPopup(); $return_to .= "popup=true"; } $auth_request->addExtension($UI_request); } else { if ($_GET['callback'] == "ax") { $return_to .= "callback=ax"; } } $redirect_url = $auth_request->redirectURL(getTrustRoot(), $return_to); if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } }
function test_cryptrand() { // It's possible, but HIGHLY unlikely that a correct // implementation will fail by returning the same number twice $s = Auth_OpenID_CryptUtil::getBytes(32); $t = Auth_OpenID_CryptUtil::getBytes(32); $this->assertEquals(Auth_OpenID::bytes($s), 32); $this->assertEquals(Auth_OpenID::bytes($t), 32); $this->assertFalse($s == $t); }
function xorSecret($composite, $secret, $hash_func) { $dh_shared = $this->getSharedSecret($composite); $dh_shared_str = $this->lib->longToBinary($dh_shared); $hash_dh_shared = $hash_func($dh_shared_str); $xsecret = ""; for ($i = 0; $i < Auth_OpenID::bytes($secret); $i++) { $xsecret .= chr(ord($secret[$i]) ^ ord($hash_dh_shared[$i])); } return $xsecret; }
/** * Return whether a URL can be fetched. Returns false if the URL * scheme is not allowed or is not supported by this fetcher * implementation; returns true otherwise. * * @return bool */ function canFetchURL($url) { if ($this->isHTTPS($url) && !$this->supportsSSL()) { Auth_OpenID::log("HTTPS URL unsupported fetching %s", $url); return false; } if (!$this->allowedURL($url)) { Auth_OpenID::log("URL fetching not allowed for '%s'", $url); return false; } return true; }
/** * Compute an HMAC/SHA1 hash. * * @access private * @param string $key The HMAC key * @param string $text The message text to hash * @return string $mac The MAC */ function Auth_OpenID_HMACSHA1($key, $text) { if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) { $key = Auth_OpenID_SHA1($key, true); } $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x0)); $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE); $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE); $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true); $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true); return $hmac; }
function _requestAssociation($endpoint, $assoc_type, $session_type) { $m = array_pop($this->return_messages); if (is_a($m, 'Auth_OpenID_Message')) { return Auth_OpenID_ServerErrorContainer::fromMessage($m); } else { if (Auth_OpenID::isFailure($m)) { return $m; } else { return $m; } } }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("认证错误,不是有效的OpenID。"); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('gender')); //'nickname','fullname', 'email', 'dob','gender','postcode','country','language','timezone' if ($sreg_request) { $auth_request->addExtension($sreg_request); } /*NOTE:目前还很少有网站要用到PAPE这个功能 $policy_uris = $_GET['policies']; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } */ // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("不能跳转到: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("不能跳转到: " . $form_html->message); } else { print $form_html; } } }
/** * Handle a standard OpenID server request */ function action_default() { global $store; $server =& getServer(); $method = $_SERVER['REQUEST_METHOD']; /*$request = null; if ($method == 'GET') { $request = $_GET; } else { $request = $_POST; } */ $request = $server->decodeRequest(); if (!$request) { return ""; //about_render(); } setRequestInfo($request); if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) { $identity = getLoggedInUser(); if (isTrusted($identity, $request->trust_root, $request->return_to)) { if ($request->message->isOpenID1()) { $response =& $request->answer(true); } else { $response =& $request->answer(true, false, getServerURL(), $identity); } } else { if ($request->immediate) { $response =& $request->answer(false, getServerURL()); } else { if (!getLoggedInUser()) { $_SESSION['last_forward_from'] = current_page_url() . '?' . http_build_query(Auth_OpenID::getQuery()); system_message(elgg_echo('openid_server:not_logged_in')); forward('login'); } return trust_render($request); } } addSregFields(&$response); } else { $response =& $server->handleRequest($request); } $webresponse =& $server->encodeResponse($response); foreach ($webresponse->headers as $k => $v) { header("{$k}: {$v}"); } header(header_connection_close); print $webresponse->body; exit(0); }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError(_CORE_OID_URL_INVALID); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('fullname', 'dob', 'gender', 'postcode', 'country', 'language', 'timezone')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $policy_uris = isset($_GET['policies']) ? filter_var($_GET['policies'], FILTER_SANITIZE_URL) : NULL; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { //displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header('Location: ' . $redirect_url); exit; } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError(sprintf(_CORE_OID_REDIRECT_FAILED, $form_html->message)); } else { $page_contents = array("<html><head><title>", _CORE_OID_INPROGRESS, "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>"); print implode("\n", $page_contents); } } }
function fromSuccessResponse(&$success_response, $signed_only = true) { $obj = new Auth_OpenID_OAuthResponse(); $obj->ns_uri = Auth_OpenID_OAUTH_NS_URI; if ($signed_only) { $args = $success_response->getSignedNS($obj->ns_uri); } else { $args = $success_response->message->getArgs($obj->ns_uri); } if ($args === null || Auth_OpenID::isFailure($args)) { return null; } $obj->authorized_request_token = new OAuthToken($args['request_token'], ''); return $obj; }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $policy_uris = $_GET['policies']; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { $page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>"); print implode("\n", $page_contents); } } }
/** * @Route("/login", name="progrupa_3dwarehouse_auth_init") * @Template */ public function authInitAction(Request $request) { if ($request->getMethod() == Request::METHOD_POST) { $openid = $request->get('sketchup_openid'); $consumer = new \Auth_OpenID_Consumer(new \Auth_OpenID_FileStore(sys_get_temp_dir())); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { return ['error' => "Authentication error; not a valid OpenID."]; } $sreg_request = \Auth_OpenID_SRegRequest::build(['email'], []); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $policy_uris = null; $pape_request = new \Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an erro message. if (\Auth_OpenID::isFailure($redirect_url)) { return ['error' => "Could not redirect to server: " . $redirect_url->message]; } else { // Send redirect. return new RedirectResponse($redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated otherwise, render the HTML. if (\Auth_OpenID::isFailure($form_html)) { return ['error' => "Could not redirect to server: " . $form_html->message]; } else { return new Response($form_html); } } } return []; }
/** * Send the user to their OpenID provider to authenticate. * * @param Auth_OpenID_AuthRequest $auth_request OpenID authentication request object * @param string $trust_root OpenID trust root * @param string $return_to URL where the OpenID provider should return the user */ function openid_redirect($auth_request, $trust_root, $return_to) { do_action('openid_redirect', $auth_request, $trust_root, $return_to); $message = $auth_request->getMessage($trust_root, $return_to, false); if (Auth_OpenID::isFailure($message)) { return openid_error('Could not redirect to server: ' . $message->message); } $_SESSION['openid_return_to'] = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'); // send 302 redirect or POST if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $return_to); wp_redirect($redirect_url); } else { openid_repost($auth_request->endpoint->server_url, $message->toPostArgs()); } }
/** * Compute an HMAC/SHA1 hash. * * @access private * @param string $key The HMAC key * @param string $text The message text to hash * @return string $mac The MAC */ function Auth_OpenID_HMACSHA1($key, $text) { if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) { $key = Auth_OpenID_SHA1($key, true); } if (function_exists('hash_hmac') && function_exists('hash_algos') && in_array('sha1', hash_algos())) { return hash_hmac('sha1', $text, $key, true); } // Home-made solution $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x0)); $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE); $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE); $hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true); $hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true); return $hmac; }
function make_request() { //get openid identifier URL if (empty($_GET['openid_url'])) { $error = "Expected an OpenID URL."; print $error; exit(0); } $openid = $_GET['openid_url']; $consumer = get_consumer(); //begin openid authentication $auth_request = $consumer->begin($openid); //no authentication available if (!$auth_request) { echo "Authentication error; not a valid OpenID."; } //add openid extensions to the request $auth_request->addExtension(attach_ax()); //attribute exchange $auth_request->addExtension(attach_sreg()); //simple registration $auth_request->addExtension(attach_pape()); //pape policies $return_url = sprintf("%s%s", APP_ROOT, FILE_COMPLETE); $trust_root = sprintf("http://%s%s/", $_SERVER['SERVER_NAME'], dirname($_SERVER['PHP_SELF'])); //openid v1 - send through redirect if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $return_url); //if no redirect available display error message, else redirect if (Auth_OpenID::isFailure($redirect_url)) { print "Could not redirect to server: " . $redirect_url->message; } else { header("Location: " . $redirect_url); } //openid v2 - use javascript form to send POST to server } else { //build form markup $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup($trust_root, $return_url, false, array('id' => $form_id)); //if markup cannot be built display error, else render form if (Auth_OpenID::isFailure($form_html)) { print "Could not redirect to server: " . $form_html->message; } else { print $form_html; } } }
public static function login(Request &$request) { Pea::begin_loose_syntax(); require_once 'Auth/OpenID/Consumer.php'; require_once 'Auth/OpenID/FileStore.php'; require_once 'Auth/OpenID/SReg.php'; require_once 'Auth/OpenID/PAPE.php'; if ($request->in_vars('openid_url') != "" || $request->in_vars('openid_verify')) { Log::debug("begin openid auth: " . $request->in_vars('openid_url')); // OpenID Auth $consumer = new Auth_OpenID_Consumer(new Auth_OpenID_FileStore(work_path('openid'))); if ($request->is_vars('openid_verify')) { $response = $consumer->complete($request->request_url()); if ($response->status == Auth_OpenID_SUCCESS) { return $response->getDisplayIdentifier(); } } else { $auth_request = $consumer->begin($request->in_vars('openid_url')); if (!$auth_request) { throw new RuntimeException('invalid openid url'); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(url(), $request->request_url(false) . '?openid_verify=true'); if (Auth_OpenID::isFailure($redirect_url)) { throw new RuntimeException("Could not redirect to server: {$redirect_url->message}"); } else { $request->redirect($redirect_url); } } else { $form_html = $auth_request->htmlMarkup(url(), $request->request_url(false) . '?openid_verify=true', false, array('id' => 'openid_message')); if (Auth_OpenID::isFailure($form_html)) { throw new RuntimeException("Could not redirect to server: {$form_html->message}"); } else { echo $form_html; exit; } } } } Pea::end_loose_syntax(); return null; }
function openid_try($url) { $store = new Auth_OpenID_MySQLStore(theDb()); $store->createTables(); $consumer = new Auth_OpenID_Consumer($store); $auth_request = $consumer->begin($url); if (!$auth_request) { $_SESSION["auth_error"] = "Error: not a valid OpenID."; header("Location: ./"); } $sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Attribute Exchange (Google ignores Simple Registration) // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname')); $auth_request->addExtension($ax); if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { die("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { // check for new install, if no, go to index, else goto new-install page require_once 'CRM/Core/BAO/UFMatch.php'; $contactIds = CRM_Core_BAO_UFMatch::getContactIDs(); if (count($contactIds) > 0) { displayError("Authentication error; not a valid OpenID."); } else { $session =& CRM_Core_Session::singleton(); $session->set('new_install', true); include 'new_install.html'; exit(1); } } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $policy_uris = null; if (isset($_REQUEST['policies'])) { $policy_uris = $_REQUEST['policies']; } $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); exit(2); } }
function run_try_auth() { global $authSource; $openid = $_GET['openid_url']; $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build($authSource->getRequiredAttributes(), $authSource->getOptionalAttributes()); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { header("Location: " . $redirect_url); // Send redirect. } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { echo '<html><head><title>OpenID transaction in progress</title></head> <body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>'; } } }
/** * Check the input values for a login request */ function login_checkInput($input) { $openid_url = false; $errors = array(); if (!isset($input['openid_url'])) { $errors[] = 'Enter an OpenID URL to continue'; } if (!isset($input['password'])) { $errors[] = 'Enter a password to continue'; } if (count($errors) == 0) { $openid_url = $input['openid_url']; $openid_url = Auth_OpenID::normalizeUrl($openid_url); $password = $input['password']; if (!checkLogin($openid_url, $password)) { $errors[] = 'The entered password does not match the ' . 'entered identity URL.'; } } return array($errors, $openid_url); }
private function begin($openid = NULL) { $store = new Auth_OpenID_FileStore($this->store_path); $consumer = new Auth_OpenID_Consumer($store); $auth_request = $consumer->begin($openid); if (!$auth_request) { throw new Exception(__('Authentication error: not a valid OpenID.')); } $sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $pape_request = new Auth_OpenID_PAPE_Request(); if ($pape_request) { $auth_request->addExtension($pape_request); } // Build the redirect URL with the return page included $redirect_url = URL::site('openid/finish?return_to=' . Arr::get($_REQUEST, 'return_to', ''), TRUE); // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the response. // For OpenID 1, send a redirect: if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(URL::base(TRUE, TRUE), $redirect_url); if (Auth_OpenID::isFailure($redirect_url)) { throw new Exception(__('Could not redirect to server:') . ' ' . $redirect_url->message); } $this->request->redirect($redirect_url); } else { // the OpenID library will return a full html document // Auth_OpenID::autoSubmitHTML will wrap the form in body and html tags // see: mobules/openid/vendor/Auth/OpenID/Consumer.php $form_html = $auth_request->htmlMarkup(URL::base(TRUE, TRUE), $redirect_url, false, array('id' => 'openid_message')); // We just want the form HTML, so strip out the form $form_html = preg_replace('/^.*<html.*<form/im', '<form', $form_html); $form_html = preg_replace('/<\\/body>.*/im', '', $form_html); if (Auth_OpenID::isFailure($form_html)) { throw new Exception(__('Could not redirect to server:') . ' ' . $form_html->message); } $this->template->content->form = $form_html; } }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID." . "\n OpenID::" . $openid); } $oauth_req = new Auth_OpenID_OAuthRequest(CONSUMER_KEY); $auth_request->addExtension($oauth_req); // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
/** * Returns null and sets a flash message on all errors. **/ static function beginAuth($openid, $policyUris) { $consumer = self::getConsumer(); $auth_request = $consumer->begin($openid); if (!$auth_request) { FlashMessage::add('Ați introdus un OpenID incorect.'); return null; } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname')); $auth_request->addExtension($ax); // For OpenID 1, send a redirect. For OpenID 2, use a Javascript form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(util_getFullServerUrl(), self::getReturnTo()); if (Auth_OpenID::isFailure($redirect_url)) { FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $redirect_url->message); return null; } else { header("Location: {$redirect_url}"); exit; } } else { $form_html = $auth_request->htmlMarkup(util_getFullServerUrl(), self::getReturnTo(), false, array('id' => 'openid_message')); if (Auth_OpenID::isFailure($form_html)) { FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $form_html->message); return null; } else { print $form_html; } } }