function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("Authentication error; not a valid OpenID.");
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Create attribute request object
// See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
// Usage: make($type_uri, $count=1, $required=false, $alias=null)
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($attribute as $attr) {
$ax->add($attr);
}
$auth_request->addExtension($ax);
$policy_uris = $_GET['policies'];
$pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
if ($pape_request) {
$auth_request->addExtension($pape_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("Could not redirect to server: " . $form_html->message);
} else {
print $form_html;
}
}
}
public function validateIdentifier($validator, $values, $arguments = array())
{
$authRequest = $this->getAuthAdapter()->getConsumer()->begin($values['openid_identifier']);
if (!$authRequest) {
throw new sfValidatorError($validator, 'Authentication error: not a valid OpenID.');
}
$sregExchange = new opOpenIDProfileExchange('sreg');
$authRequest->addExtension(Auth_OpenID_SRegRequest::build(array(), $sregExchange->getImportSupportedProfiles()));
// for OpenID1
if ($authRequest->shouldSendRedirect()) {
$values['redirect_url'] = $authRequest->redirectURL($arguments['realm'], $arguments['return_to']);
if (Auth_OpenID::isFailure($values['redirect_url'])) {
throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_url']->message);
}
} else {
$axExchange = new opOpenIDProfileExchange('ax');
$axRequest = new Auth_OpenID_AX_FetchRequest();
foreach ($axExchange->getImportSupportedProfiles() as $key => $value) {
$axRequest->add(Auth_OpenID_AX_AttrInfo::make($value, 1, false, 'profile_' . $key));
}
$authRequest->addExtension($axRequest);
$values['redirect_html'] = $authRequest->htmlMarkup($arguments['realm'], $arguments['return_to']);
if (Auth_OpenID::isFailure($values['redirect_html'])) {
throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_html']->message);
}
}
return $values;
}
function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
$return_to = getReturnTo();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("Authentication error; not a valid OpenID.");
}
// add AX request
if ($_GET['ax'] == 'true') {
$ax_request = new Auth_OpenID_AX_FetchRequest();
global $ax_data;
foreach ($ax_data as $ax_key => $ax_data_ns) {
// set AX params
if ($_GET['ax_' . $ax_key] == 'true') {
$ax_request->add(new Auth_OpenID_AX_AttrInfo($ax_data_ns, 1, true, $ax_key));
}
}
// add extension
if ($ax_request) {
$auth_request->addExtension($ax_request);
}
}
// add UI extension request
if ($_GET['ui'] == 'true') {
$UI_request = new OpenID_UI_Request();
// set icon
if ($_GET['icon'] == 'true') {
$UI_request->setIcon();
}
// set lang
if ($_GET['lang'] == 'true' && $_GET['pref_lang']) {
$UI_request->setLang($_GET['pref_lang']);
}
// set popup
if ($_GET['popup'] == 'true') {
$UI_request->setPopup();
$return_to .= "popup=true";
}
$auth_request->addExtension($UI_request);
} else {
if ($_GET['callback'] == "ax") {
$return_to .= "callback=ax";
}
}
$redirect_url = $auth_request->redirectURL(getTrustRoot(), $return_to);
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
}
public function getAXRequest($axAttributes)
{
$axRequest = new Auth_OpenID_AX_FetchRequest();
foreach ($axAttributes as $attr) {
//$axInfo = new Auth_OpenID_AX_AttrInfo($attr);
$attrInfo = Auth_OpenID_AX_AttrInfo::make($attr['type_uri'], $attr['count'], $attr['required'], $attr['alias']);
$axRequest->add($attrInfo);
}
return $axRequest;
}
function attach_ax()
{
//build attribute request list
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, 1, 'gender');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/media/image/default', 1, 1, 'picture');
//create attribute exchange request
$ax = new Auth_OpenID_AX_FetchRequest();
//add attributes to ax request
foreach ($attribute as $attr) {
$ax->add($attr);
}
//return ax request
return $ax;
}
function openid_try($url)
{
$store = new Auth_OpenID_MySQLStore(theDb());
$store->createTables();
$consumer = new Auth_OpenID_Consumer($store);
$auth_request = $consumer->begin($url);
if (!$auth_request) {
$_SESSION["auth_error"] = "Error: not a valid OpenID.";
header("Location: ./");
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Attribute Exchange (Google ignores Simple Registration)
// See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
$ax = new Auth_OpenID_AX_FetchRequest();
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'));
$auth_request->addExtension($ax);
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
die("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("Could not redirect to server: " . $form_html->message);
} else {
print $form_html;
}
}
}
public function googleAction()
{
$consumer = $this->getGoogleConsumer();
$url = 'https://www.google.com/accounts/o8/id';
$auth_request = $consumer->begin($url);
if (!$auth_request) {
return $this->alert('Authentication error, not a valid OpenID', '/');
}
$ax = new Auth_OpenID_AX_FetchRequest();
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'));
$auth_request->addExtension($ax);
$pape_request = new Auth_OpenID_PAPE_Request(null);
$auth_request->addExtension($pape_request);
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup('http://' . $_SERVER['HTTP_HOST'], 'http://' . $_SERVER['HTTP_HOST'] . '/login/googledone', false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
$this->alert("Could not redirect to server: " . $form_html->message, '/');
} else {
print $form_html;
return $this->noview();
}
}
/**
* Returns null and sets a flash message on all errors.
**/
static function beginAuth($openid, $policyUris)
{
$consumer = self::getConsumer();
$auth_request = $consumer->begin($openid);
if (!$auth_request) {
FlashMessage::add('Ați introdus un OpenID incorect.');
return null;
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$ax = new Auth_OpenID_AX_FetchRequest();
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'));
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'));
$auth_request->addExtension($ax);
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(util_getFullServerUrl(), self::getReturnTo());
if (Auth_OpenID::isFailure($redirect_url)) {
FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $redirect_url->message);
return null;
} else {
header("Location: {$redirect_url}");
exit;
}
} else {
$form_html = $auth_request->htmlMarkup(util_getFullServerUrl(), self::getReturnTo(), false, array('id' => 'openid_message'));
if (Auth_OpenID::isFailure($form_html)) {
FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $form_html->message);
return null;
} else {
print $form_html;
}
}
}
include 'index.php';
exit;
}
} else {
$error = "Please enter a valid email address or OpenID.";
if (isset($_GET['json'])) {
json_out('{"error":"' . addslashes($error) . '"}');
}
include 'index.php';
exit;
}
}
$sreg = Auth_OpenID_SRegRequest::build('', array('nickname', 'fullname', 'email'), '');
$auth_request->addExtension($sreg);
if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) {
$ax_request = new Auth_OpenID_AX_FetchRequest();
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true));
$auth_request->addExtension($ax_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($trust_root, $process_url);
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
function run()
{
$openid = getOpenIDURL();
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("Authentication error; not a valid OpenID.");
}
$sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/projects', 'unlimited', 1, 'projects');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/slices', 'unlimited', 1, 'slices');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/user/urn', 1, 1, 'urn');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/user/prettyname', 1, 1, 'prettyname');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/wimax/username', 1, 1, 'wimax');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/irods/username', 1, 1, 'irodsuser');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/irods/zone', 1, 1, 'irodszone');
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($attribute as $attr) {
$ax->add($attr);
}
// Add AX fetch request to authentication request
$auth_request->addExtension($ax);
$policy_uris = null;
if (isset($_GET['policies'])) {
$policy_uris = $_GET['policies'];
}
$pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
if ($pape_request) {
$auth_request->addExtension($pape_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("Could not redirect to server: " . $form_html->message);
} else {
print $form_html;
}
}
}
/**
* Initiate an OpenID request
*
* @param boolean $allow_sreg Default true
* @param string $process_url Default empty (will use $CFG->wwwroot)
* @param array $params Array of extra parameters to append to the request
*/
function do_request($allow_sreg = true, $process_url = '', $params = array())
{
global $CFG, $USER;
// Create the consumer instance
$store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid');
$consumer = new Auth_OpenID_Consumer($store);
$openid_url = optional_param('openid_url', null);
if (defined('GOOGLE_OPENID_URL') && !empty($openid_url) && (stristr($openid_url, '@google.') || stristr($openid_url, '@gmail.'))) {
// BJB101206: map Google email addresses to OpenID url
$tmpemail = $openid_url;
$openid_url = GOOGLE_OPENID_URL;
logout_guestuser();
if (empty($USER->id) && ($tmpuser = get_complete_user_data('email', $tmpemail)) && $tmpuser->auth != 'openid') {
$allow_sreg = true;
// would like to verify email later
$process_url = $CFG->wwwroot . '/auth/openid/actions.php';
$USER = $tmpuser;
$params['openid_tmp_login'] = true;
// require flag in action.php
$params['openid_action'] = 'change';
$params['openid_url'] = $openid_url;
$params['openid_mode'] = 'switch2openid';
// arbitrary != null
//error_log('/auth/openid/auth.php::do_request() - Found user email: '.$tmpemail);
}
}
if (!empty($this->config->auth_openid_google_apps_domain)) {
$openid_url = $this->config->auth_openid_google_apps_domain;
new GApps_OpenID_Discovery($consumer);
}
$authreq = $consumer->begin($openid_url);
if (!$authreq && $this->is_sso()) {
$endpoint = new Auth_OpenID_ServiceEndpoint();
$endpoint->server_url = $openid_url;
$endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT;
$endpoint->type_uris = array('http://specs.openid.net/auth/2.0/signon');
$authreq = $consumer->beginWithoutDiscovery($endpoint);
}
if (!$authreq) {
print_error('auth_openid_login_error', 'auth_openid');
} else {
// Add any simple registration fields to the request
if ($allow_sreg === true) {
$sreg_added = false;
$req = array();
$opt = array();
$privacy_url = null;
// Required fields
if (!empty($this->config->openid_sreg_required)) {
$req = array_map('trim', explode(',', $this->config->openid_sreg_required));
$sreg_added = true;
}
// Optional fields
if (!empty($this->config->openid_sreg_optional)) {
$opt = array_map('trim', explode(',', $this->config->openid_sreg_optional));
$sreg_added = true;
}
// Privacy statement
if ($sreg_added && !empty($this->config->openid_privacy_url)) {
$privacy_url = $this->config->openid_privacy_url;
}
// We call the on_openid_do_request event handler function if it
// exists. This is called before the simple registration (sreg)
// extension is added to allow changes to be made to the sreg
// data fields if required
if (function_exists('on_openid_do_request')) {
on_openid_do_request($authreq);
}
// Finally, the simple registration data is added
if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) {
$sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url);
if ($sreg_request) {
$authreq->addExtension($sreg_request);
}
}
if (defined('ADD_AX_SUPPORT')) {
$AXattr = array();
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_EMAIL, 1, 1, 'email');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_NICKNAME, 1, 1, 'nickname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FULLNAME, 1, 1, 'fullname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FIRSTNAME, 1, 1, 'firstname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_LASTNAME, 1, 1, 'lastname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_COUNTRY, 1, 1, 'country');
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($AXattr as $attr) {
$ax->add($attr);
}
// Add AX fetch request to authentication request
$authreq->addExtension($ax);
}
}
// Prepare the remaining components for the request
if (empty($process_url)) {
$process_url = $CFG->wwwroot . '/login/index.php';
}
if (is_array($params) && !empty($params)) {
$query = '';
foreach ($params as $key => $val) {
$query .= '&' . $key . '=' . $val;
}
$process_url .= '?' . substr($query, 1);
}
$trust_root = $CFG->wwwroot . '/';
$_SESSION['openid_process_url'] = $process_url;
// Finally, redirect to the OpenID provider
// Check if the server is allowed ...
if (!openid_server_allowed($authreq->endpoint->server_url, $this->config)) {
print_error('auth_openid_server_blacklisted', 'auth_openid', '', $authreq->endpoint->server_url);
} elseif ($authreq->shouldSendRedirect()) {
$redirect_url = $authreq->redirectURL($trust_root, $process_url);
// If the redirect URL can't be built, display an error message.
if (Auth_OpenID::isFailure($redirect_url)) {
error($redirect_url->message);
} else {
redirect($redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$message = $authreq->getMessage($trust_root, $process_url, false);
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($message)) {
error($message);
} else {
$form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue'));
echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>';
exit;
}
}
}
}
/**
* Show the "login" page
*
* @return string Returns the "login" page as HTML code.
*/
public function login()
{
try {
if (!defined('OPENSTACKID_ENABLED') || OPENSTACKID_ENABLED == false) {
return parent::login();
}
$member = Member::currentUser();
if ($member) {
// user is already logged in
return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
}
if (!Director::is_https()) {
OpenStackIdCommon::redirectToSSL($_SERVER['REQUEST_URI']);
}
// Begin the OpenID authentication process.
$auth_request = $this->consumer->begin(IDP_OPENSTACKID_URL);
//remove jainrain nonce
unset($auth_request->return_to_args['janrain_nonce']);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
throw new Exception("The OpenID authentication failed.");
}
if (Auth_OpenID_supportsSReg($auth_request->endpoint)) {
//SREG
$sreg_request = Auth_OpenID_SRegRequest::build(array('email', 'fullname'), array('country', 'language'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
} else {
//AX
// Create attribute request object
// See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
// Usage: make($type_uri, $count=1, $required=false, $alias=null)
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname');
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($attribute as $attr) {
$ax->add($attr);
}
// Add AX fetch request to authentication request
$auth_request->addExtension($ax);
}
//Redirect the user to the OpenID server for authentication .
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
echo "Could not redirect to server: " . $redirect_url->message;
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(OpenStackIdCommon::getTrustRoot(), OpenStackIdCommon::getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
echo "Could not redirect to server: " . $form_html->message;
} else {
print $form_html;
}
}
exit;
} catch (Exception $ex) {
SS_Log::log($ex, SS_Log::WARN);
Session::set("Security.Message.message", $ex->getMessage());
Session::set("Security.Message.type", "bad");
return $this->redirect("Security/badlogin");
}
}
<?php
require_once "config.php";
require_once "authCommon.php";
$openID_request = $openID->begin($providerURL);
if (!$openID_request) {
die("Failed to create OpenID request.");
}
$ax = new Auth_OpenID_AX_FetchRequest();
$ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'));
$openID_request->addExtension($ax);
$redirectTo = $openID_request->redirectURL($baseURL, $baseURL . $basePath);
header("Location: " . $redirectTo);
/**
* Send an authentication request to the OpenID provider.
*
* @param array &$state The state array.
* @param string $openid The OpenID we should try to authenticate with.
*/
public function doAuth(array &$state, $openid)
{
assert('is_string($openid)');
$stateId = SimpleSAML_Auth_State::saveState($state, 'openid:auth');
$consumer = $this->getConsumer($state);
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
throw new SimpleSAML_Error_BadRequest('Not a valid OpenID: ' . var_export($openid, TRUE));
}
$sreg_request = Auth_OpenID_SRegRequest::build($this->requiredAttributes, $this->optionalAttributes);
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Create attribute request object
$ax_attribute = array();
foreach ($this->requiredAXAttributes as $attr) {
$ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, true);
}
foreach ($this->optionalAXAttributes as $attr) {
$ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, false);
}
if (count($ax_attribute) > 0) {
// Create AX fetch request
$ax_request = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($ax_attribute as $attr) {
$ax_request->add($attr);
}
// Add AX fetch request to authentication request
$auth_request->addExtension($ax_request);
}
foreach ($this->extensionArgs as $ext_ns => $ext_arg) {
if (is_array($ext_arg)) {
foreach ($ext_arg as $ext_key => $ext_value) {
$auth_request->addExtensionArg($ext_ns, $ext_key, $ext_value);
}
}
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript form
// to send a POST request to the server or use redirect if
// prefer_http_redirect is enabled and redirect URL size
// is less than 2049
$should_send_redirect = $auth_request->shouldSendRedirect();
if ($this->preferHttpRedirect || $should_send_redirect) {
$redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId));
// If the redirect URL can't be built, display an error message.
if (Auth_OpenID::isFailure($redirect_url)) {
throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($redirect_url->message, TRUE));
}
// For OpenID 2 failover to POST if redirect URL is longer than 2048
if ($should_send_redirect || strlen($redirect_url) <= 2048) {
SimpleSAML_Utilities::redirectTrustedURL($redirect_url);
assert('FALSE');
}
}
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id));
// Display an error if the form markup couldn't be generated; otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($form_html->message, TRUE));
} else {
echo '<html><head><title>OpenID transaction in progress</title></head>
<body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>';
exit;
}
}
//define oauth & openid params
require_once '../config.inc.php';
//ammend include path so we can include files consistently
$includePath = get_include_path() . PATH_SEPARATOR . OPENID_INCLUDE_PATH . PATH_SEPARATOR . OAUTH_INCLUDE_PATH . PATH_SEPARATOR;
set_include_path($includePath);
//include openid files
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/AX.php";
//init basic openid auth url generation
$openidFileStore = new Auth_OpenID_FileStore('/tmp/');
$openidConsumer =& new Auth_OpenID_Consumer($openidFileStore);
//this could just as easily be set dynamically
$openidIdentifier = 'yahoo.com';
$openidAuthRequest = $openidConsumer->begin($openidIdentifier);
//add openid ax req params for all the fields mentioned in the blog post below
//ref: http://developer.yahoo.net/blog/archives/2009/12/yahoo_openid_now_with_attribute_exchange.html
//ref: http://stackoverflow.com/questions/1183788/example-usage-of-ax-in-php-openid
$openid_ax_attributes = array(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/media/image/default', 1, 1, 'profile_pic'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, 1, 'gender'));
$openid_ax_request = new Auth_OpenID_AX_FetchRequest();
foreach ($openid_ax_attributes as $attribute) {
$openid_ax_request->add($attribute);
}
$openidAuthRequest->addExtension($openid_ax_request);
//this is the url for openid provider log in page
$openidLoginRedirectUrl = $openidAuthRequest->redirectURL(OPENID_REALM_URI, OPENID_RETURN_TO_URI);
//append hybrid auth fields
$additionalFields = array('openid.ns.oauth' => 'http://specs.openid.net/extensions/oauth/1.0', 'openid.oauth.consumer' => YAHOO_OAUTH_APP_KEY);
$openidLoginRedirectUrl .= '&' . http_build_query($additionalFields);
//redirect for auth
header('Location: ' . $openidLoginRedirectUrl);
/**
* Send an authentication request to the OpenID provider.
*
* @param array &$state The state array.
* @param string $openid The OpenID we should try to authenticate with.
*/
public function doAuth(array &$state, $openid)
{
assert('is_string($openid)');
$stateId = SimpleSAML_Auth_State::saveState($state, 'openid:state');
$consumer = $this->getConsumer($state);
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
throw new Exception("Authentication error; not a valid OpenID.");
}
$sreg_request = Auth_OpenID_SRegRequest::build($this->requiredAttributes, $this->optionalAttributes);
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Create attribute request object
$ax_attribute = array();
foreach ($this->requiredAXAttributes as $attr) {
$ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, true);
}
foreach ($this->optionalAXAttributes as $attr) {
$ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, false);
}
if (count($ax_attribute) > 0) {
// Create AX fetch request
$ax_request = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($ax_attribute as $attr) {
$ax_request->add($attr);
}
// Add AX fetch request to authentication request
$auth_request->addExtension($ax_request);
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId));
// If the redirect URL can't be built, display an error message.
if (Auth_OpenID::isFailure($redirect_url)) {
throw new Exception("Could not redirect to server: " . $redirect_url->message);
}
SimpleSAML_Utilities::redirect($redirect_url);
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id));
// Display an error if the form markup couldn't be generated; otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
throw new Exception("Could not redirect to server: " . $form_html->message);
} else {
echo '<html><head><title>OpenID transaction in progress</title></head>
<body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>';
exit;
}
}
}
/**
* Build an Attribute Exchange attribute query extension if we've never seen this OpenID before.
*/
function openid_add_ax_extension($extensions, $auth_request) {
if(!get_user_by_openid($auth_request->endpoint->claimed_id)) {
set_include_path( dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
require_once('Auth/OpenID/AX.php');
restore_include_path();
if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) {
$ax_request = new Auth_OpenID_AX_FetchRequest();
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true));
$extensions[] = $ax_request;
}
}
return $extensions;
}
/**
* This initiates openid connection. This method can also used for google/yahoo
* signin, since those support openid.
* @param type $auth_site
*/
function openIdConnect($auth_site)
{
//required includes
//session_start();
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/SReg.php";
require_once "Auth/OpenID/AX.php";
$objAltConfig = $this->getObject('altconfig', 'config');
$this->objDbSysconfig = $this->getObject('dbsysconfig', 'sysconfig');
$modPath = $objAltConfig->getModulePath();
$moduleUri = $objAltConfig->getModuleURI();
$siteRoot = $objAltConfig->getSiteRoot();
$DEFAULT_REDIRECT_ULR = $siteRoot . '?module=security&action=openidloginresult';
$OPENID_AUTH_PAGE = $siteRoot . '?module=security&action=openidlogin';
$OPENID_CALLBACK_PAGE = $siteRoot . '?module=security&action=openidlogin';
$_SESSION['AUTH'] = false;
switch ($auth_site) {
case "google":
$oid_identifier = 'https://www.google.com/accounts/o8/id';
$_SESSION['auth_site'] = "Google";
break;
case "yahoo":
$oid_identifier = 'https://yahoo.com';
$_SESSION['auth_site'] = "Yahoo!";
break;
case "openid":
if (!$_POST['openIDField']) {
header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_invalidopenid", 'security'));
} else {
$oid_identifier = $_POST['openIDField'];
$_SESSION['openid_user'] = $oid_identifier;
$_SESSION['auth_site'] = "OpenID";
}
break;
default:
header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_invalidorunsupportedopenidprovider", 'security'));
}
//Here starts the authentication process
// Create file storage area for OpenID data
$openidPath = $this->objConfig->getcontentBasePath() . '/openid';
$objMkDir = $this->getObject('mkdir', 'files');
$objMkDir->mkdirs($openidPath);
$store = new Auth_OpenID_FileStore($openidPath);
// Create OpenID consumer
$consumer = new Auth_OpenID_Consumer($store);
// Create an authentication request to the OpenID provider
$auth = $consumer->begin($oid_identifier);
//checks for errors
if (!$auth) {
header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider);
}
//configuring atributtes to be retrieved
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
if (!$ax) {
header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider);
}
foreach ($attribute as $attr) {
$ax->add($attr);
}
if (!$auth) {
header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider);
}
try {
// Add AX fetch request to authentication request
$auth->addExtension($ax);
} catch (Exception $ex) {
header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider);
}
// redirect to the OpenID provider's website for authentication
$url = $auth->redirectURL($siteRoot, $OPENID_CALLBACK_PAGE);
header('Location: ' . $url);
}
function login($openid_url, $finish_page)
{
global $wgTrustRoot, $wgOut;
# If it's an interwiki link, expand it
$openid_url = $this->interwikiExpand($openid_url);
# Check if the URL is allowed
if (!$this->canLogin($openid_url)) {
$wgOut->showErrorPage('openidpermission', 'openidpermissiontext');
return;
}
if (!is_null($wgTrustRoot)) {
$trust_root = $wgTrustRoot;
} else {
global $wgScriptPath, $wgServer;
$trust_root = $wgServer . $wgScriptPath;
}
wfSuppressWarnings();
$consumer = $this->getConsumer();
if (!$consumer) {
wfDebug("OpenID: no consumer\n");
$wgOut->showErrorPage('openiderror', 'openiderrortext');
return;
}
# Make sure the user has a session!
$this->setupSession();
$auth_request = $consumer->begin($openid_url);
// Handle failure status return values.
if (!$auth_request) {
wfDebug("OpenID: no auth_request\n");
$wgOut->showErrorPage('openiderror', 'openiderrortext');
return;
}
# Check the processed URLs, too
$endpoint = $auth_request->endpoint;
if (!is_null($endpoint)) {
# Check if the URL is allowed
if (isset($endpoint->identity_url) && !$this->canLogin($endpoint->identity_url)) {
$wgOut->showErrorPage('openidpermission', 'openidpermissiontext');
return;
}
if (isset($endpoint->delegate) && !$this->canLogin($endpoint->delegate)) {
$wgOut->showErrorPage('openidpermission', 'openidpermissiontext');
return;
}
}
$sreg_request = Auth_OpenID_SRegRequest::build(array(), array('nickname', 'email', 'fullname', 'language', 'timezone'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Create attribute request object. Depending on your endpoint, you can request many things:
// see http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters.
// Usage: make($type_uri, $count=1, $required=false, $alias=null)
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
$attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
// Create AX fetch request and add attributes
$ax_request = new Auth_OpenID_AX_FetchRequest();
foreach ($attribute as $attr) {
$ax_request->add($attr);
}
if ($ax_request) {
$auth_request->addExtension($ax_request);
}
$process_url = $this->scriptUrl($finish_page);
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL($trust_root, $process_url);
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
# OK, now go
$wgOut->redirect($redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup($trust_root, $process_url, false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError('Could not redirect to server: ' . $form_html->message);
} else {
$wgOut->addWikiMsg('openidautosubmit');
$wgOut->addHTML($form_html);
$wgOut->addInlineScript("function submitOpenIDForm() {\n document.getElementById(\"" . $form_id . "\").submit()\n }\nhookEvent(\"load\", submitOpenIDForm);\n");
}
}
wfRestoreWarnings();
}
/**
* Try to authenticate a user using AX.
*
* @access public
* @param string the openid url
* @param string the path to return to after authenticating
* @param array a list of PAPE policies to request from the server
* @param array a list of required return values
* @param array a list of optional return values
* @return void
*/
public function try_auth_ax($openid, $return_to, $policy_uris = array(), $required = array('nickname', 'email'), $optional = array('fname', 'lname'))
{
if ($return_to[0] == '/') {
$return_to = substr($return_to, 1);
}
$return_to = $this->_get_trust_root() . $return_to;
if (empty($openid)) {
return $this->_throw_error(OPENID_RETURN_NO_URL);
}
// Create OpenID consumer
$consumer = $this->_get_consumer();
// Create an authentication request to the OpenID provider
$auth = $consumer->begin($openid);
// Create UI if needed
if ($this->use_popup) {
$ui = $this->_get_ui($return_to);
$auth->addExtension($ui);
}
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
// Create attribute request object
// See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
foreach (array(1 => $required, 0 => $optional) as $key => $data) {
foreach ($data as $item) {
if (array_key_exists($item, $this->ax_properties)) {
$ax->add(Auth_OpenID_AX_AttrInfo::make($this->ax_properties[$item], 1, $key, $item));
} else {
return $this->_throw_error('AX property "' . $item . '" is not registered in the library');
}
}
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
if (!$this->ci->session->userdata('EasyOpenID_provider')) {
$this->ci->session->set_userdata('EasyOpenID_provider', $openid);
}
// Add AX fetch request to authentication request
$auth->addExtension($ax);
// Redirect to OpenID provider for authentication
$url = $auth->redirectURL($this->_get_trust_root(), $return_to);
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth->shouldSendRedirect()) {
$redirect_url = $auth->redirectURL($this->_get_trust_root(), $return_to);
// If the redirect URL can't be built, die.
if (Auth_OpenID::isFailure($redirect_url)) {
return $this->_throw_error(OPENID_RETURN_NO_CONNECT);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth->htmlMarkup($this->_get_trust_root(), $return_to, FALSE, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
return $this->_throw_error(OPENID_RETURN_NO_CONNECT);
} else {
die($form_html);
}
}
}
function authenticate($openId)
{
$consumer = $this->_get_consumer();
$authRequest = $consumer->begin($openId);
// No auth request means we can't begin OpenID.
if (!$authRequest) {
$this->_set_message(TRUE, 'openid_auth_error');
}
if ($this->sreg_enable) {
$sreg_request = Auth_OpenID_SRegRequest::build($this->sreg_required, $this->sreg_optional, $this->sreg_policy);
if ($sreg_request) {
$authRequest->addExtension($sreg_request);
} else {
$this->_set_message(TRUE, 'openid_sreg_failed');
}
}
if ($this->ax_enable) {
$ax_request = new Auth_OpenID_AX_FetchRequest();
if ($ax_request) {
foreach ($this->ax_attributes as $attr) {
$ax_request->add($attr);
}
$authRequest->addExtension($ax_request);
} else {
$this->_set_message(TRUE, 'openid_ax_failed');
}
}
if ($this->pape_enable) {
$pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
if ($pape_request) {
$authRequest->addExtension($pape_request);
} else {
$this->_set_message(TRUE, 'openid_pape_failed');
}
}
if ($this->ext_args != NULL) {
foreach ($this->ext_args as $extensionArgument) {
if (count($extensionArgument) == 3) {
$authRequest->addExtensionArg($extensionArgument[0], $extensionArgument[1], $extensionArgument[2]);
}
}
}
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($authRequest->shouldSendRedirect()) {
$redirect_url = $authRequest->redirectURL($this->trust_root, $this->request_to);
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
$this->_set_message(TRUE, 'openid_redirect_failed', $redirect_url->message);
} else {
// Send redirect.
header("Location: " . $redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $authRequest->htmlMarkup($this->trust_root, $this->request_to, FALSE, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
$this->_set_message(TRUE, 'openid_redirect_failed', $form_html->message);
} else {
print $form_html;
}
}
}
public function executeTrust(sfWebRequest $request)
{
opApplicationConfiguration::registerJanRainOpenID();
require_once 'Auth/OpenID/Server.php';
require_once 'Auth/OpenID/FileStore.php';
require_once 'Auth/OpenID/SReg.php';
require_once 'Auth/OpenID/AX.php';
$info = unserialize($_SESSION['request']);
$this->forward404Unless($info);
$trusted = $request->hasParameter('trust') || $request->hasParameter('permanent');
if (!$trusted) {
unset($_SESSION['request']);
$url = $info->getCancelURL();
$this->redirect($url);
}
$reqUrl = $this->getController()->genUrl('OpenID/member?id=' . $this->getUser()->getMemberId(), true);
if (!$info->idSelect()) {
$this->forward404Unless($reqUrl === $info->identity, 'request:' . $reqUrl . '/identity:' . $info->identity);
}
unset($_SESSION['request']);
$server = new Auth_OpenID_Server(new Auth_OpenID_FileStore(sfConfig::get('sf_cache_dir')), $info->identity);
$response = $info->answer(true, null, $reqUrl);
$sregRequest = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
$axRequest = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info);
$allowedProfiles = $request->getParameter('profiles', array());
$requiredProfiles = $this->createListOfRequestedProfiles($sregRequest, $axRequest);
$rejectedProfiles = array_diff_key($requiredProfiles, array_flip($allowedProfiles));
if (in_array(true, $rejectedProfiles)) {
$url = $info->getCancelURL();
$this->redirect($url);
}
if ($sregRequest) {
$sregExchange = new opOpenIDProfileExchange('sreg', $this->getUser()->getMember());
$sregResp = Auth_OpenID_SRegResponse::extractResponse($sregRequest, $sregExchange->getData($allowedProfiles));
$response->addExtension($sregResp);
}
if ($axRequest && !$axRequest instanceof Auth_OpenID_AX_Error) {
$axResp = new Auth_OpenID_AX_FetchResponse();
$axExchange = new opOpenIDProfileExchange('ax', $this->getUser()->getMember());
$userData = $axExchange->getData($allowedProfiles);
foreach ($axRequest->requested_attributes as $k => $v) {
if (!empty($userData[$k])) {
$axResp->addValue($k, $userData[$k]);
}
}
$response->addExtension($axResp);
}
$log = Doctrine::getTable('OpenIDTrustLog')->log($info->trust_root, $this->getUser()->getMemberId());
if ($request->hasParameter('permanent')) {
$log->is_permanent = true;
$log->save();
}
$response = $server->encodeResponse($response);
return $this->writeResponse($response);
}
/**
* Extract a FetchRequest from an OpenID message
*
* @param request: The OpenID request containing the attribute
* fetch request
*
* @returns mixed An Auth_OpenID_AX_Error or the
* Auth_OpenID_AX_FetchRequest extracted from the request message if
* successful
*/
function &fromOpenIDRequest($request)
{
$m = $request->message;
$obj = new Auth_OpenID_AX_FetchRequest();
$ax_args = $m->getArgs($obj->ns_uri);
$result = $obj->parseExtensionArgs($ax_args);
if (Auth_OpenID_AX::isError($result)) {
return $result;
}
if ($obj->update_url) {
// Update URL must match the openid.realm of the
// underlying OpenID 2 message.
$realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm', $m->getArg(Auth_OpenID_OPENID_NS, 'return_to'));
if (!$realm) {
$obj = new Auth_OpenID_AX_Error(sprintf("Cannot validate update_url %s " . "against absent realm", $obj->update_url));
} else {
if (!Auth_OpenID_TrustRoot::match($realm, $obj->update_url)) {
$obj = new Auth_OpenID_AX_Error(sprintf("Update URL %s failed validation against realm %s", $obj->update_url, $realm));
}
}
}
return $obj;
}
private function tryAuth()
{
// Check for launch date
if (defined('LAUNCH_DATE')) {
if (LAUNCH_DATE > time()) {
$page = new Neuron_Core_Template();
$page->set('name', '');
$page->set('launchdate', Neuron_Core_Tools::getCountdown(LAUNCH_DATE));
echo $page->parse('launchdate.phpt');
exit;
}
}
$openid = getOpenIDURL();
$consumer = getConsumer();
// Begin the OpenID authentication process.
$auth_request = $consumer->begin($openid);
// No auth request means we can't begin OpenID.
if (!$auth_request) {
displayError("Authentication error; not a valid OpenID:<br />" . $openid);
}
$sreg_request = Auth_OpenID_SRegRequest::build(array(), array('email', 'language', 'country', 'nickname', 'dob', 'gender'));
if ($sreg_request) {
$auth_request->addExtension($sreg_request);
}
// Add AX request for notification URL
$ax = new Auth_OpenID_AX_FetchRequest();
$ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/notify_url.xml', 1, false, 'notify_url'));
$ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/profilebox_url.xml', 1, false, 'profilebox_url'));
$ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/messagebundle_url.xml', 1, false, 'messagebundle_url'));
$ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/fullscreen.xml', 1, false, 'fullscreen'));
$ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/userstats_url.xml', 1, false, 'userstats_url'));
$ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/hide_advertisement.xml', 1, false, 'hide_advertisement'));
$ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/hide_chat.xml', 1, false, 'hide_chat'));
$ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/tracker_url.xml', 1, false, 'tracker_url'));
$ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/welcome_url.xml', 1, false, 'welcome_url'));
$auth_request->addExtension($ax);
/*
$policy_uris = isset ($_GET['policies']) ? $_GET['policies'] : null;
$pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
if ($pape_request)
{
$auth_request->addExtension($pape_request);
}
*/
// Redirect the user to the OpenID server for authentication.
// Store the token for this authentication so we can verify the
// response.
// For OpenID 1, send a redirect. For OpenID 2, use a Javascript
// form to send a POST request to the server.
if ($auth_request->shouldSendRedirect()) {
$redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
// If the redirect URL can't be built, display an error
// message.
if (Auth_OpenID::isFailure($redirect_url)) {
displayError("Could not redirect to server: " . $redirect_url->message);
} else {
// Send redirect.
if (!$this->disableredirect) {
header("Location: " . $redirect_url);
}
echo '<html>';
echo '<head><style type="text/css">body { background: black; color: white; }</style><head>';
echo '<body>';
echo '<p>Redirecting to OpenID Gateway...</p>';
if ($this->disableredirect) {
echo '<p><a href="' . $redirect_url . '">Click to continue.</a></p>';
}
echo '</body>';
echo '</html>';
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {
displayError("Could not redirect to server: " . $form_html->message);
} else {
//echo '<p>Redirecting to OpenID Gateway...</p>';
if (!$this->disableredirect) {
print $form_html;
} else {
$form_html = str_replace("onload='document.forms[0].submit();", "", $form_html);
$form_html = str_replace('<script>var elements = document.forms[0].elements;for (var i = 0; i < elements.length; i++) { elements[i].style.display = "none";}</script>', '', $form_html);
print $form_html;
}
}
}
}
function index()
{
// Enable SSL?
maintain_ssl($this->config->item("ssl_enabled"));
// Get OpenID store object
$store = new Auth_OpenID_FileStore($this->config->item("openid_file_store_path"));
// Get OpenID consumer object
$consumer = new Auth_OpenID_Consumer($store);
if ($this->input->get('janrain_nonce')) {
// Complete authentication process using server response
$response = $consumer->complete(site_url('account/connect_google'));
// Check the response status
if ($response->status == Auth_OpenID_SUCCESS) {
// Check if user has connect google to a3m
if ($user = $this->account_openid_model->get_by_openid($response->getDisplayIdentifier())) {
// Check if user is not signed in on a3m
if (!$this->authentication->is_signed_in()) {
// Run sign in routine
$this->authentication->sign_in($user->account_id);
}
$user->account_id === $this->session->userdata('account_id') ? $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_this_account'), lang('connect_google'))) : $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_another_account'), lang('connect_google')));
redirect('account/account_linked');
} else {
// Check if user is signed in on a3m
if (!$this->authentication->is_signed_in()) {
$openid_google = array();
if ($ax_args = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response)) {
$ax_args = $ax_args->data;
if (isset($ax_args['http://axschema.org/namePerson/friendly'][0])) {
$openid_google['username'] = $ax_args['http://axschema.org/namePerson/friendly'][0];
}
if (isset($ax_args['http://axschema.org/contact/email'][0])) {
$email = $ax_args['http://axschema.org/contact/email'][0];
}
if (isset($ax_args['http://axschema.org/namePerson'][0])) {
$openid_google['fullname'] = $ax_args['http://axschema.org/namePerson'][0];
}
if (isset($ax_args['http://axschema.org/birthDate'][0])) {
$openid_google['dateofbirth'] = $ax_args['http://axschema.org/birthDate'][0];
}
if (isset($ax_args['http://axschema.org/person/gender'][0])) {
$openid_google['gender'] = $ax_args['http://axschema.org/person/gender'][0];
}
if (isset($ax_args['http://axschema.org/contact/postalCode/home'][0])) {
$openid_google['postalcode'] = $ax_args['http://axschema.org/contact/postalCode/home'][0];
}
if (isset($ax_args['http://axschema.org/contact/country/home'][0])) {
$openid_google['country'] = $ax_args['http://axschema.org/contact/country/home'][0];
}
if (isset($ax_args['http://axschema.org/pref/language'][0])) {
$openid_google['language'] = $ax_args['http://axschema.org/pref/language'][0];
}
if (isset($ax_args['http://axschema.org/pref/timezone'][0])) {
$openid_google['timezone'] = $ax_args['http://axschema.org/pref/timezone'][0];
}
if (isset($ax_args['http://axschema.org/namePerson/first'][0])) {
$openid_google['firstname'] = $ax_args['http://axschema.org/namePerson/first'][0];
}
// google only
if (isset($ax_args['http://axschema.org/namePerson/last'][0])) {
$openid_google['lastname'] = $ax_args['http://axschema.org/namePerson/last'][0];
}
// google only
}
// Store user's google data in session
$this->session->set_userdata('connect_create', array(array('provider' => 'openid', 'provider_id' => $response->getDisplayIdentifier(), 'email' => isset($email) ? $email : NULL), $openid_google));
// Create a3m account
redirect('account/connect_create');
} else {
// Connect google to a3m
$this->account_openid_model->insert($response->getDisplayIdentifier(), $this->session->userdata('account_id'));
$this->session->set_flashdata('linked_info', sprintf(lang('linked_linked_with_your_account'), lang('connect_google')));
redirect('account/account_linked');
}
}
} else {
$this->authentication->is_signed_in() ? redirect('account/account_linked') : redirect('account/sign_up');
}
}
// Begin OpenID authentication process
$auth_request = $consumer->begin($this->config->item("openid_google_discovery_endpoint"));
// Create ax request (Attribute Exchange)
$ax_request = new Auth_OpenID_AX_FetchRequest();
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, TRUE, 'username'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, TRUE, 'email'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, TRUE, 'fullname'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/birthDate', 1, TRUE, 'dateofbirth'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, TRUE, 'gender'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/postalCode/home', 1, TRUE, 'postalcode'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/country/home', 1, TRUE, 'country'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/language', 1, TRUE, 'language'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/timezone', 1, TRUE, 'timezone'));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, TRUE, 'firstname'));
// google only
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, TRUE, 'lastname'));
// google only
$auth_request->addExtension($ax_request);
// Redirect to authorizate URL
header("Location: " . $auth_request->redirectURL(base_url(), site_url('account/connect_google')));
}
function tryAuth($tid, $openid, $remember_openid = null)
{
$context = Model_Context::getInstance();
$trust_root = $context->getProperty('uri.host') . "/";
ob_start();
$auth_request = $this->consumer->begin($openid);
ob_end_clean();
// Handle failure status return values.
if (!$auth_request) {
return $this->_redirectWithError(_text("인증하지 못하였습니다. 아이디를 확인하세요"), $tid);
}
if (!$this->IsExisted($auth_request->endpoint->claimed_id)) {
if ($auth_request->message->isOpenID2()) {
$ax_nickname = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true, 'nickname');
$ax_request = new Auth_OpenID_AX_FetchRequest();
$ax_request->add($ax_nickname);
$auth_request->addExtension($ax_request);
} else {
$sreg_request = Auth_OpenID_SRegRequest::build(null, array('nickname'));
$auth_request->addExtension($sreg_request);
}
}
if ($remember_openid) {
$this->setCookie('openid', empty($auth_request->endpoint->display_identifier) ? $auth_request->endpoint->claimed_id : $auth_request->endpoint->display_identifier);
} else {
$this->clearCookie('openid');
}
$tr = Transaction::taste($tid);
$finishURL = $tr['finishURL'];
$redirect_url = $auth_request->redirectURL($trust_root, $finishURL);
return $this->redirect($redirect_url);
}
/**
* Returns URL to which user can be directed for
* authentication via CS50 ID.
*
* @param trust_root URL that CS50 ID should prompt user to trust
* @param return_to URL to which CS50 ID should return user
* @param fields Simple Registration fields to request from CS50 ID
* @param attributes Attribute Exchange attributes to request from CS50 ID
*
* @return URL for CS50 ID
*/
public static function getLoginUrl($trust_root, $return_to, $fields = ["email", "fullname"], $attributes = [])
{
// ignore Janrain's use of deprecated functions
$error_reporting = error_reporting();
error_reporting($error_reporting & ~E_DEPRECATED);
// load Janrain's libary
set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . DIRECTORY_SEPARATOR . "share" . DIRECTORY_SEPARATOR . "php-openid-2.3.0");
require_once "Auth/OpenID/AX.php";
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/SReg.php";
// ensure $_SESSION exists for Yadis
@session_start();
// prepare filesystem-based store
$path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . md5($return_to);
@mkdir($path, 0700);
if (!is_dir($path)) {
trigger_error("Could not create {$path}", E_USER_ERROR);
}
if (!is_readable($path)) {
trigger_error("Could not read from {$path}", E_USER_ERROR);
}
if (!is_writable($path)) {
trigger_error("Could not write to {$path}", E_USER_ERROR);
}
$store = new Auth_OpenID_FileStore($path);
// prepare request
$consumer = new Auth_OpenID_Consumer($store);
$auth_request = $consumer->begin("https://id.cs50.net/");
// request Simple Registration fields
if (is_array($fields) && count($fields) > 0) {
$sreg_request = Auth_OpenID_SRegRequest::build(null, $fields);
$auth_request->addExtension($sreg_request);
}
// request Attribute Exchange attributes
if (is_array($attributes) && count($attributes) > 0) {
$ax_request = new Auth_OpenID_AX_FetchRequest();
foreach ($attributes as $attribute) {
$ax_request->add(Auth_OpenID_AX_AttrInfo::make($attribute, 1, false));
}
$auth_request->addExtension($ax_request);
}
// generate URL for redirection
$redirect_url = $auth_request->redirectURL($trust_root, $return_to);
// restore error_reporting
error_reporting($error_reporting);
// return URL unless error
if (Auth_OpenID::isFailure($redirect_url)) {
trigger_error($redirect_url->message);
return false;
} else {
return $redirect_url;
}
}
/**
* Build an Attribute Exchange attribute query extension if we've never seen this OpenID before.
*/
function openid_add_ax_extension($extensions, $auth_request)
{
if (!get_user_by_openid($auth_request->endpoint->claimed_id)) {
require_once 'Auth/OpenID/AX.php';
if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) {
$ax_request = new Auth_OpenID_AX_FetchRequest();
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true));
$ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true));
$extensions[] = $ax_request;
}
}
return $extensions;
}
function test_getExtensionArgs_some_request()
{
$expected_args = array('mode' => 'fetch_response', 'type.' . $this->alias_a => $this->type_a, 'value.' . $this->alias_a . '.1' => $this->value_a, 'count.' . $this->alias_a => '1');
$req = new Auth_OpenID_AX_FetchRequest();
$req->add(Auth_OpenID_AX_AttrInfo::make($this->type_a, 1, false, $this->alias_a));
$this->msg->addValue($this->type_a, $this->value_a);
$result = $this->msg->getExtensionArgs($req);
$this->assertEquals($expected_args, $result);
}
/**
* Build an Attribute Exchange attribute query extension if we've never seen this OpenID before.
*/
function openid_add_ax_extension($extensions, $auth_request)
{
if (!get_user_by_openid($auth_request->endpoint->claimed_id)) {
require_once 'Auth/OpenID/AX.php';
if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) {
$default_fields = array(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true));
$fields = apply_filters('openid_consumer_ax_fields', $default_fields);
$ax_request = new Auth_OpenID_AX_FetchRequest();
foreach ($fields as $field) {
$ax_request->add($field);
}
$extensions[] = $ax_request;
}
}
return $extensions;
}
