function make_request()
{
//get openid identifier URL
if (empty($_GET['openid_url'])) {
$error = "Expected an OpenID URL.";
print $error;
exit(0);
}
$openid = $_GET['openid_url'];
$consumer = get_consumer();
//begin openid authentication
$auth_request = $consumer->begin($openid);
//no authentication available
if (!$auth_request) {
print "Authentication error; not a valid OpenID.";
}
//add openid extensions to the request
$auth_request->addExtension(attach_ax());
//attribute exchange
//generate redirect url
$return_url = sprintf("%s%s", APP_ROOT, FILE_COMPLETE);
$trust_root = sprintf("http://%s%s/", $_SERVER['SERVER_NAME'], dirname($_SERVER['PHP_SELF']));
$redirect_url = $auth_request->redirectURL($trust_root, $return_url);
//attach oauth extension parameters to redirect url
$hybrid_fields = array('openid.ns.oauth' => 'http://specs.openid.net/extensions/oauth/1.0', 'openid.oauth.consumer' => CONSUMER_KEY);
$redirect_url .= '&' . http_build_query($hybrid_fields);
//if no redirect available display error message, else redirect
if (Auth_OpenID::isFailure($redirect_url)) {
print "Could not redirect to server: " . $redirect_url->message;
} else {
header("Location: " . $redirect_url);
}
}
/**
* @throws InvalidArgumentException if an invalid OpenID was provided
*/
public function authenticate($url, $return, $realm, $required = array(), $optional = array())
{
if (empty($realm)) {
$realm = 'http' . (env('HTTPS') ? 's' : '') . '://' . env('SERVER_NAME');
}
if (trim($url) != '') {
$consumer = $this->_consumer();
$authRequest = $consumer->begin($url);
}
if (!isset($authRequest) || !$authRequest) {
throw new InvalidArgumentException('Invalid OpenID');
}
$sregRequest = Auth_OpenID_SRegRequest::build($required, $optional);
if ($sregRequest) {
$authRequest->addExtension($sregRequest);
}
if (!$authRequest->shouldSendRedirect()) {
$formId = 'openid_message';
$formHtml = $authRequest->formMarkup($realm, $return, false, array('id' => $formId));
if (Auth_OpenID::isFailure($formHtml)) {
throw new Exception('Could not redirect to server: ' . $formHtml->message);
}
echo '<html><head><title>OpenID transaction in progress</title></head>' . "<body onload='document.getElementById(\"{$formId}\").submit()'>" . $formHtml . '</body></html>';
exit;
}
$redirectUrl = $authRequest->redirectUrl($realm, $return);
if (Auth_OpenID::isFailure($redirectUrl)) {
throw new Exception('Could not redirect to server: ' . $redirectUrl->message);
}
$this->_controller->redirect($redirectUrl, null, true);
}
function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("Authentication error; not a valid OpenID.");
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Create attribute request object
// See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
// Usage: make($type_uri, $count=1, $required=false, $alias=null)
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($attribute as $attr) {
$ax->add($attr);
}
$auth_request->addExtension($ax);
$policy_uris = $_GET['policies'];
$pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
if ($pape_request) {
$auth_request->addExtension($pape_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("Could not redirect to server: " . $form_html->message);
} else {
print $form_html;
}
}
}
public function validateIdentifier($validator, $values, $arguments = array())
{
$authRequest = $this->getAuthAdapter()->getConsumer()->begin($values['openid_identifier']);
if (!$authRequest) {
throw new sfValidatorError($validator, 'Authentication error: not a valid OpenID.');
}
$sregExchange = new opOpenIDProfileExchange('sreg');
$authRequest->addExtension(Auth_OpenID_SRegRequest::build(array(), $sregExchange->getImportSupportedProfiles()));
// for OpenID1
if ($authRequest->shouldSendRedirect()) {
$values['redirect_url'] = $authRequest->redirectURL($arguments['realm'], $arguments['return_to']);
if (Auth_OpenID::isFailure($values['redirect_url'])) {
throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_url']->message);
}
} else {
$axExchange = new opOpenIDProfileExchange('ax');
$axRequest = new Auth_OpenID_AX_FetchRequest();
foreach ($axExchange->getImportSupportedProfiles() as $key => $value) {
$axRequest->add(Auth_OpenID_AX_AttrInfo::make($value, 1, false, 'profile_' . $key));
}
$authRequest->addExtension($axRequest);
$values['redirect_html'] = $authRequest->htmlMarkup($arguments['realm'], $arguments['return_to']);
if (Auth_OpenID::isFailure($values['redirect_html'])) {
throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_html']->message);
}
}
return $values;
}
public function try_auth($openid)
{
$url = HttpRequest::getPathUrl();
$nb = strlen($url);
$base_url = '';
if ($nb == 0 || $url[$nb - 1] != "/") {
$base_url = "http://" . $_SERVER['HTTP_HOST'] . $url . "/";
} else {
$base_url = "http://" . $_SERVER['HTTP_HOST'] . $url;
}
$trust_root = $base_url;
$return_url = $base_url . 'index.php/openid/finish_auth';
$store = new WMySqlStore(DbUtil::accessFactory());
$store->createTables();
$consumer =& new Auth_OpenID_Consumer($store);
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
$_SESSION['isError'] = true;
$_SESSION['message'] = __("Authentication error; not a valid OpenID.");
DefaultFC::redirection('users/index');
exit;
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($trust_root, $return_url);
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
$_SESSION['isError'] = true;
$_SESSION['message'] = __("Could not redirect to server: ") . $redirect_url->message;
DefaultFC::redirection('users/index');
exit;
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup($trust_root, $return_url, false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
$_SESSION['isError'] = true;
$_SESSION['message'] = __("Could not redirect to server: ") . $form_html->message;
DefaultFC::redirection('users/index');
exit;
} else {
print $form_html;
}
}
}
private function issueOpenid2Connexion(Auth_OpenID_AuthRequest $auth_request, $redirect_url)
{
$form_id = "openid_message";
$form_html = $auth_request->htmlMarkup($this->getTrustRoot(), $this->getReturnTo($redirect_url), false, array('id' => $form_id));
if (Auth_OpenID::isFailure($form_html)) {
throw new OpenId_OpenIdException($GLOBALS['Language']->getText('plugin_openid', 'error_openid_connect'));
}
echo $form_html;
}
/**
* takes an associative array and adds OpenID
*
* @param array $params (reference ) an assoc array of name/value pairs
*
* @return object CRM_Core_BAO_OpenID object on success, null otherwise
* @access public
* @static
*/
static function add(&$params)
{
$openId =& new CRM_Core_DAO_OpenID();
// normalize the OpenID URL
require_once 'Auth/OpenID.php';
$params['openid'] = Auth_OpenID::normalizeURL($params['openid']);
$openId->copyValues($params);
return $openId->save();
}
function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
$return_to = getReturnTo();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("Authentication error; not a valid OpenID.");
}
// add AX request
if ($_GET['ax'] == 'true') {
$ax_request = new Auth_OpenID_AX_FetchRequest();
global $ax_data;
foreach ($ax_data as $ax_key => $ax_data_ns) {
// set AX params
if ($_GET['ax_' . $ax_key] == 'true') {
$ax_request->add(new Auth_OpenID_AX_AttrInfo($ax_data_ns, 1, true, $ax_key));
}
}
// add extension
if ($ax_request) {
$auth_request->addExtension($ax_request);
}
}
// add UI extension request
if ($_GET['ui'] == 'true') {
$UI_request = new OpenID_UI_Request();
// set icon
if ($_GET['icon'] == 'true') {
$UI_request->setIcon();
}
// set lang
if ($_GET['lang'] == 'true' && $_GET['pref_lang']) {
$UI_request->setLang($_GET['pref_lang']);
}
// set popup
if ($_GET['popup'] == 'true') {
$UI_request->setPopup();
$return_to .= "popup=true";
}
$auth_request->addExtension($UI_request);
} else {
if ($_GET['callback'] == "ax") {
$return_to .= "callback=ax";
}
}
$redirect_url = $auth_request->redirectURL(getTrustRoot(), $return_to);
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
}
function test_cryptrand()
{
// It's possible, but HIGHLY unlikely that a correct
// implementation will fail by returning the same number twice
$s = Auth_OpenID_CryptUtil::getBytes(32);
$t = Auth_OpenID_CryptUtil::getBytes(32);
$this->assertEquals(Auth_OpenID::bytes($s), 32);
$this->assertEquals(Auth_OpenID::bytes($t), 32);
$this->assertFalse($s == $t);
}
function xorSecret($composite, $secret, $hash_func)
{
$dh_shared = $this->getSharedSecret($composite);
$dh_shared_str = $this->lib->longToBinary($dh_shared);
$hash_dh_shared = $hash_func($dh_shared_str);
$xsecret = "";
for ($i = 0; $i < Auth_OpenID::bytes($secret); $i++) {
$xsecret .= chr(ord($secret[$i]) ^ ord($hash_dh_shared[$i]));
}
return $xsecret;
}
/**
* Return whether a URL can be fetched. Returns false if the URL
* scheme is not allowed or is not supported by this fetcher
* implementation; returns true otherwise.
*
* @return bool
*/
function canFetchURL($url)
{
if ($this->isHTTPS($url) && !$this->supportsSSL()) {
Auth_OpenID::log("HTTPS URL unsupported fetching %s", $url);
return false;
}
if (!$this->allowedURL($url)) {
Auth_OpenID::log("URL fetching not allowed for '%s'", $url);
return false;
}
return true;
}
/**
* Compute an HMAC/SHA1 hash.
*
* @access private
* @param string $key The HMAC key
* @param string $text The message text to hash
* @return string $mac The MAC
*/
function Auth_OpenID_HMACSHA1($key, $text)
{
if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) {
$key = Auth_OpenID_SHA1($key, true);
}
$key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x0));
$ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE);
$opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE);
$hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true);
$hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true);
return $hmac;
}
function _requestAssociation($endpoint, $assoc_type, $session_type)
{
$m = array_pop($this->return_messages);
if (is_a($m, 'Auth_OpenID_Message')) {
return Auth_OpenID_ServerErrorContainer::fromMessage($m);
} else {
if (Auth_OpenID::isFailure($m)) {
return $m;
} else {
return $m;
}
}
}
function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("认证错误,不是有效的OpenID。");
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('gender'));
//'nickname','fullname', 'email', 'dob','gender','postcode','country','language','timezone'
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
/*NOTE:目前还很少有网站要用到PAPE这个功能
$policy_uris = $_GET['policies'];
$pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
if ($pape_request) {
$auth_request->addExtension($pape_request);
}
*/
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("不能跳转到: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("不能跳转到: " . $form_html->message);
} else {
print $form_html;
}
}
}
/**
* Handle a standard OpenID server request
*/
function action_default()
{
global $store;
$server =& getServer();
$method = $_SERVER['REQUEST_METHOD'];
/*$request = null;
if ($method == 'GET') {
$request = $_GET;
} else {
$request = $_POST;
} */
$request = $server->decodeRequest();
if (!$request) {
return "";
//about_render();
}
setRequestInfo($request);
if (in_array($request->mode, array('checkid_immediate', 'checkid_setup'))) {
$identity = getLoggedInUser();
if (isTrusted($identity, $request->trust_root, $request->return_to)) {
if ($request->message->isOpenID1()) {
$response =& $request->answer(true);
} else {
$response =& $request->answer(true, false, getServerURL(), $identity);
}
} else {
if ($request->immediate) {
$response =& $request->answer(false, getServerURL());
} else {
if (!getLoggedInUser()) {
$_SESSION['last_forward_from'] = current_page_url() . '?' . http_build_query(Auth_OpenID::getQuery());
system_message(elgg_echo('openid_server:not_logged_in'));
forward('login');
}
return trust_render($request);
}
}
addSregFields(&$response);
} else {
$response =& $server->handleRequest($request);
}
$webresponse =& $server->encodeResponse($response);
foreach ($webresponse->headers as $k => $v) {
header("{$k}: {$v}");
}
header(header_connection_close);
print $webresponse->body;
exit(0);
}
function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError(_CORE_OID_URL_INVALID);
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('fullname', 'dob', 'gender', 'postcode', 'country', 'language', 'timezone'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$policy_uris = isset($_GET['policies']) ? filter_var($_GET['policies'], FILTER_SANITIZE_URL) : NULL;
$pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
if ($pape_request) {
$auth_request->addExtension($pape_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
//displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header('Location: ' . $redirect_url);
exit;
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError(sprintf(_CORE_OID_REDIRECT_FAILED, $form_html->message));
} else {
$page_contents = array("<html><head><title>", _CORE_OID_INPROGRESS, "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>");
print implode("\n", $page_contents);
}
}
}
function fromSuccessResponse(&$success_response, $signed_only = true)
{
$obj = new Auth_OpenID_OAuthResponse();
$obj->ns_uri = Auth_OpenID_OAUTH_NS_URI;
if ($signed_only) {
$args = $success_response->getSignedNS($obj->ns_uri);
} else {
$args = $success_response->message->getArgs($obj->ns_uri);
}
if ($args === null || Auth_OpenID::isFailure($args)) {
return null;
}
$obj->authorized_request_token = new OAuthToken($args['request_token'], '');
return $obj;
}
function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("Authentication error; not a valid OpenID.");
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$policy_uris = $_GET['policies'];
$pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
if ($pape_request) {
$auth_request->addExtension($pape_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("Could not redirect to server: " . $form_html->message);
} else {
$page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>");
print implode("\n", $page_contents);
}
}
}
/**
* @Route("/login", name="progrupa_3dwarehouse_auth_init")
* @Template
*/
public function authInitAction(Request $request)
{
if ($request->getMethod() == Request::METHOD_POST) {
$openid = $request->get('sketchup_openid');
$consumer = new \Auth_OpenID_Consumer(new \Auth_OpenID_FileStore(sys_get_temp_dir()));
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
return ['error' => "Authentication error; not a valid OpenID."];
}
$sreg_request = \Auth_OpenID_SRegRequest::build(['email'], []);
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$policy_uris = null;
$pape_request = new \Auth_OpenID_PAPE_Request($policy_uris);
if ($pape_request) {
$auth_request->addExtension($pape_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an erro message.
if (\Auth_OpenID::isFailure($redirect_url)) {
return ['error' => "Could not redirect to server: " . $redirect_url->message];
} else {
// Send redirect.
return new RedirectResponse($redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated otherwise, render the HTML.
if (\Auth_OpenID::isFailure($form_html)) {
return ['error' => "Could not redirect to server: " . $form_html->message];
} else {
return new Response($form_html);
}
}
}
return [];
}
/**
* Send the user to their OpenID provider to authenticate.
*
* @param Auth_OpenID_AuthRequest $auth_request OpenID authentication request object
* @param string $trust_root OpenID trust root
* @param string $return_to URL where the OpenID provider should return the user
*/
function openid_redirect($auth_request, $trust_root, $return_to)
{
do_action('openid_redirect', $auth_request, $trust_root, $return_to);
$message = $auth_request->getMessage($trust_root, $return_to, false);
if (Auth_OpenID::isFailure($message)) {
return openid_error('Could not redirect to server: ' . $message->message);
}
$_SESSION['openid_return_to'] = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to');
// send 302 redirect or POST
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($trust_root, $return_to);
wp_redirect($redirect_url);
} else {
openid_repost($auth_request->endpoint->server_url, $message->toPostArgs());
}
}
/**
* Compute an HMAC/SHA1 hash.
*
* @access private
* @param string $key The HMAC key
* @param string $text The message text to hash
* @return string $mac The MAC
*/
function Auth_OpenID_HMACSHA1($key, $text)
{
if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) {
$key = Auth_OpenID_SHA1($key, true);
}
if (function_exists('hash_hmac') && function_exists('hash_algos') && in_array('sha1', hash_algos())) {
return hash_hmac('sha1', $text, $key, true);
}
// Home-made solution
$key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x0));
$ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE);
$opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE);
$hash1 = Auth_OpenID_SHA1(($key ^ $ipad) . $text, true);
$hmac = Auth_OpenID_SHA1(($key ^ $opad) . $hash1, true);
return $hmac;
}
function make_request()
{
//get openid identifier URL
if (empty($_GET['openid_url'])) {
$error = "Expected an OpenID URL.";
print $error;
exit(0);
}
$openid = $_GET['openid_url'];
$consumer = get_consumer();
//begin openid authentication
$auth_request = $consumer->begin($openid);
//no authentication available
if (!$auth_request) {
echo "Authentication error; not a valid OpenID.";
}
//add openid extensions to the request
$auth_request->addExtension(attach_ax());
//attribute exchange
$auth_request->addExtension(attach_sreg());
//simple registration
$auth_request->addExtension(attach_pape());
//pape policies
$return_url = sprintf("%s%s", APP_ROOT, FILE_COMPLETE);
$trust_root = sprintf("http://%s%s/", $_SERVER['SERVER_NAME'], dirname($_SERVER['PHP_SELF']));
//openid v1 - send through redirect
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($trust_root, $return_url);
//if no redirect available display error message, else redirect
if (Auth_OpenID::isFailure($redirect_url)) {
print "Could not redirect to server: " . $redirect_url->message;
} else {
header("Location: " . $redirect_url);
}
//openid v2 - use javascript form to send POST to server
} else {
//build form markup
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup($trust_root, $return_url, false, array('id' => $form_id));
//if markup cannot be built display error, else render form
if (Auth_OpenID::isFailure($form_html)) {
print "Could not redirect to server: " . $form_html->message;
} else {
print $form_html;
}
}
}
public static function login(Request &$request)
{
Pea::begin_loose_syntax();
require_once 'Auth/OpenID/Consumer.php';
require_once 'Auth/OpenID/FileStore.php';
require_once 'Auth/OpenID/SReg.php';
require_once 'Auth/OpenID/PAPE.php';
if ($request->in_vars('openid_url') != "" || $request->in_vars('openid_verify')) {
Log::debug("begin openid auth: " . $request->in_vars('openid_url'));
// OpenID Auth
$consumer = new Auth_OpenID_Consumer(new Auth_OpenID_FileStore(work_path('openid')));
if ($request->is_vars('openid_verify')) {
$response = $consumer->complete($request->request_url());
if ($response->status == Auth_OpenID_SUCCESS) {
return $response->getDisplayIdentifier();
}
} else {
$auth_request = $consumer->begin($request->in_vars('openid_url'));
if (!$auth_request) {
throw new RuntimeException('invalid openid url');
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(url(), $request->request_url(false) . '?openid_verify=true');
if (Auth_OpenID::isFailure($redirect_url)) {
throw new RuntimeException("Could not redirect to server: {$redirect_url->message}");
} else {
$request->redirect($redirect_url);
}
} else {
$form_html = $auth_request->htmlMarkup(url(), $request->request_url(false) . '?openid_verify=true', false, array('id' => 'openid_message'));
if (Auth_OpenID::isFailure($form_html)) {
throw new RuntimeException("Could not redirect to server: {$form_html->message}");
} else {
echo $form_html;
exit;
}
}
}
}
Pea::end_loose_syntax();
return null;
}
function openid_try($url)
{
$store = new Auth_OpenID_MySQLStore(theDb());
$store->createTables();
$consumer = new Auth_OpenID_Consumer($store);
$auth_request = $consumer->begin($url);
if (!$auth_request) {
$_SESSION["auth_error"] = "Error: not a valid OpenID.";
header("Location: ./");
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Attribute Exchange (Google ignores Simple Registration)
// See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
$ax = new Auth_OpenID_AX_FetchRequest();
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'));
$auth_request->addExtension($ax);
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
die("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("Could not redirect to server: " . $form_html->message);
} else {
print $form_html;
}
}
}
function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
// check for new install, if no, go to index, else goto new-install page
require_once 'CRM/Core/BAO/UFMatch.php';
$contactIds = CRM_Core_BAO_UFMatch::getContactIDs();
if (count($contactIds) > 0) {
displayError("Authentication error; not a valid OpenID.");
} else {
$session =& CRM_Core_Session::singleton();
$session->set('new_install', true);
include 'new_install.html';
exit(1);
}
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$policy_uris = null;
if (isset($_REQUEST['policies'])) {
$policy_uris = $_REQUEST['policies'];
}
$pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
if ($pape_request) {
$auth_request->addExtension($pape_request);
}
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
exit(2);
}
}
function run_try_auth()
{
global $authSource;
$openid = $_GET['openid_url'];
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("Authentication error; not a valid OpenID.");
}
$sreg_request = Auth_OpenID_SRegRequest::build($authSource->getRequiredAttributes(), $authSource->getOptionalAttributes());
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error message.
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
header("Location: " . $redirect_url);
// Send redirect.
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id));
// Display an error if the form markup couldn't be generated; otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("Could not redirect to server: " . $form_html->message);
} else {
echo '<html><head><title>OpenID transaction in progress</title></head>
<body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>';
}
}
}
/**
* Check the input values for a login request
*/
function login_checkInput($input)
{
$openid_url = false;
$errors = array();
if (!isset($input['openid_url'])) {
$errors[] = 'Enter an OpenID URL to continue';
}
if (!isset($input['password'])) {
$errors[] = 'Enter a password to continue';
}
if (count($errors) == 0) {
$openid_url = $input['openid_url'];
$openid_url = Auth_OpenID::normalizeUrl($openid_url);
$password = $input['password'];
if (!checkLogin($openid_url, $password)) {
$errors[] = 'The entered password does not match the ' . 'entered identity URL.';
}
}
return array($errors, $openid_url);
}
private function begin($openid = NULL)
{
$store = new Auth_OpenID_FileStore($this->store_path);
$consumer = new Auth_OpenID_Consumer($store);
$auth_request = $consumer->begin($openid);
if (!$auth_request) {
throw new Exception(__('Authentication error: not a valid OpenID.'));
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$pape_request = new Auth_OpenID_PAPE_Request();
if ($pape_request) {
$auth_request->addExtension($pape_request);
}
// Build the redirect URL with the return page included
$redirect_url = URL::site('openid/finish?return_to=' . Arr::get($_REQUEST, 'return_to', ''), TRUE);
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the response.
// For OpenID 1, send a redirect:
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(URL::base(TRUE, TRUE), $redirect_url);
if (Auth_OpenID::isFailure($redirect_url)) {
throw new Exception(__('Could not redirect to server:') . ' ' . $redirect_url->message);
}
$this->request->redirect($redirect_url);
} else {
// the OpenID library will return a full html document
// Auth_OpenID::autoSubmitHTML will wrap the form in body and html tags
// see: mobules/openid/vendor/Auth/OpenID/Consumer.php
$form_html = $auth_request->htmlMarkup(URL::base(TRUE, TRUE), $redirect_url, false, array('id' => 'openid_message'));
// We just want the form HTML, so strip out the form
$form_html = preg_replace('/^.*<html.*<form/im', '<form', $form_html);
$form_html = preg_replace('/<\\/body>.*/im', '', $form_html);
if (Auth_OpenID::isFailure($form_html)) {
throw new Exception(__('Could not redirect to server:') . ' ' . $form_html->message);
}
$this->template->content->form = $form_html;
}
}
function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("Authentication error; not a valid OpenID." . "\n OpenID::" . $openid);
}
$oauth_req = new Auth_OpenID_OAuthRequest(CONSUMER_KEY);
$auth_request->addExtension($oauth_req);
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("Could not redirect to server: " . $form_html->message);
} else {
print $form_html;
}
}
}
/**
* Returns null and sets a flash message on all errors.
**/
static function beginAuth($openid, $policyUris)
{
$consumer = self::getConsumer();
$auth_request = $consumer->begin($openid);
if (!$auth_request) {
FlashMessage::add('Ați introdus un OpenID incorect.');
return null;
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$ax = new Auth_OpenID_AX_FetchRequest();
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'));
$auth_request->addExtension($ax);
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(util_getFullServerUrl(), self::getReturnTo());
if (Auth_OpenID::isFailure($redirect_url)) {
FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $redirect_url->message);
return null;
} else {
header("Location: {$redirect_url}");
exit;
}
} else {
$form_html = $auth_request->htmlMarkup(util_getFullServerUrl(), self::getReturnTo(), false, array('id' => 'openid_message'));
if (Auth_OpenID::isFailure($form_html)) {
FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $form_html->message);
return null;
} else {
print $form_html;
}
}
}
