function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } $auth_request->addExtension($ax); $policy_uris = $_GET['policies']; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
public function validateIdentifier($validator, $values, $arguments = array()) { $authRequest = $this->getAuthAdapter()->getConsumer()->begin($values['openid_identifier']); if (!$authRequest) { throw new sfValidatorError($validator, 'Authentication error: not a valid OpenID.'); } $sregExchange = new opOpenIDProfileExchange('sreg'); $authRequest->addExtension(Auth_OpenID_SRegRequest::build(array(), $sregExchange->getImportSupportedProfiles())); // for OpenID1 if ($authRequest->shouldSendRedirect()) { $values['redirect_url'] = $authRequest->redirectURL($arguments['realm'], $arguments['return_to']); if (Auth_OpenID::isFailure($values['redirect_url'])) { throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_url']->message); } } else { $axExchange = new opOpenIDProfileExchange('ax'); $axRequest = new Auth_OpenID_AX_FetchRequest(); foreach ($axExchange->getImportSupportedProfiles() as $key => $value) { $axRequest->add(Auth_OpenID_AX_AttrInfo::make($value, 1, false, 'profile_' . $key)); } $authRequest->addExtension($axRequest); $values['redirect_html'] = $authRequest->htmlMarkup($arguments['realm'], $arguments['return_to']); if (Auth_OpenID::isFailure($values['redirect_html'])) { throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_html']->message); } } return $values; }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); $return_to = getReturnTo(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } // add AX request if ($_GET['ax'] == 'true') { $ax_request = new Auth_OpenID_AX_FetchRequest(); global $ax_data; foreach ($ax_data as $ax_key => $ax_data_ns) { // set AX params if ($_GET['ax_' . $ax_key] == 'true') { $ax_request->add(new Auth_OpenID_AX_AttrInfo($ax_data_ns, 1, true, $ax_key)); } } // add extension if ($ax_request) { $auth_request->addExtension($ax_request); } } // add UI extension request if ($_GET['ui'] == 'true') { $UI_request = new OpenID_UI_Request(); // set icon if ($_GET['icon'] == 'true') { $UI_request->setIcon(); } // set lang if ($_GET['lang'] == 'true' && $_GET['pref_lang']) { $UI_request->setLang($_GET['pref_lang']); } // set popup if ($_GET['popup'] == 'true') { $UI_request->setPopup(); $return_to .= "popup=true"; } $auth_request->addExtension($UI_request); } else { if ($_GET['callback'] == "ax") { $return_to .= "callback=ax"; } } $redirect_url = $auth_request->redirectURL(getTrustRoot(), $return_to); if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } }
public function getAXRequest($axAttributes) { $axRequest = new Auth_OpenID_AX_FetchRequest(); foreach ($axAttributes as $attr) { //$axInfo = new Auth_OpenID_AX_AttrInfo($attr); $attrInfo = Auth_OpenID_AX_AttrInfo::make($attr['type_uri'], $attr['count'], $attr['required'], $attr['alias']); $axRequest->add($attrInfo); } return $axRequest; }
function attach_ax() { //build attribute request list $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, 1, 'gender'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/media/image/default', 1, 1, 'picture'); //create attribute exchange request $ax = new Auth_OpenID_AX_FetchRequest(); //add attributes to ax request foreach ($attribute as $attr) { $ax->add($attr); } //return ax request return $ax; }
function openid_try($url) { $store = new Auth_OpenID_MySQLStore(theDb()); $store->createTables(); $consumer = new Auth_OpenID_Consumer($store); $auth_request = $consumer->begin($url); if (!$auth_request) { $_SESSION["auth_error"] = "Error: not a valid OpenID."; header("Location: ./"); } $sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Attribute Exchange (Google ignores Simple Registration) // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname')); $auth_request->addExtension($ax); if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { die("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
public function googleAction() { $consumer = $this->getGoogleConsumer(); $url = 'https://www.google.com/accounts/o8/id'; $auth_request = $consumer->begin($url); if (!$auth_request) { return $this->alert('Authentication error, not a valid OpenID', '/'); } $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email')); $auth_request->addExtension($ax); $pape_request = new Auth_OpenID_PAPE_Request(null); $auth_request->addExtension($pape_request); $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup('http://' . $_SERVER['HTTP_HOST'], 'http://' . $_SERVER['HTTP_HOST'] . '/login/googledone', false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $this->alert("Could not redirect to server: " . $form_html->message, '/'); } else { print $form_html; return $this->noview(); } }
/** * Returns null and sets a flash message on all errors. **/ static function beginAuth($openid, $policyUris) { $consumer = self::getConsumer(); $auth_request = $consumer->begin($openid); if (!$auth_request) { FlashMessage::add('Ați introdus un OpenID incorect.'); return null; } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname')); $auth_request->addExtension($ax); // For OpenID 1, send a redirect. For OpenID 2, use a Javascript form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(util_getFullServerUrl(), self::getReturnTo()); if (Auth_OpenID::isFailure($redirect_url)) { FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $redirect_url->message); return null; } else { header("Location: {$redirect_url}"); exit; } } else { $form_html = $auth_request->htmlMarkup(util_getFullServerUrl(), self::getReturnTo(), false, array('id' => 'openid_message')); if (Auth_OpenID::isFailure($form_html)) { FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $form_html->message); return null; } else { print $form_html; } } }
include 'index.php'; exit; } } else { $error = "Please enter a valid email address or OpenID."; if (isset($_GET['json'])) { json_out('{"error":"' . addslashes($error) . '"}'); } include 'index.php'; exit; } } $sreg = Auth_OpenID_SRegRequest::build('', array('nickname', 'fullname', 'email'), ''); $auth_request->addExtension($sreg); if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) { $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true)); $auth_request->addExtension($ax_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $process_url); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) {
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/projects', 'unlimited', 1, 'projects'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/slices', 'unlimited', 1, 'slices'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/user/urn', 1, 1, 'urn'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/user/prettyname', 1, 1, 'prettyname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/wimax/username', 1, 1, 'wimax'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/irods/username', 1, 1, 'irodsuser'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/irods/zone', 1, 1, 'irodszone'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax); $policy_uris = null; if (isset($_GET['policies'])) { $policy_uris = $_GET['policies']; } $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
/** * Initiate an OpenID request * * @param boolean $allow_sreg Default true * @param string $process_url Default empty (will use $CFG->wwwroot) * @param array $params Array of extra parameters to append to the request */ function do_request($allow_sreg = true, $process_url = '', $params = array()) { global $CFG, $USER; // Create the consumer instance $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid'); $consumer = new Auth_OpenID_Consumer($store); $openid_url = optional_param('openid_url', null); if (defined('GOOGLE_OPENID_URL') && !empty($openid_url) && (stristr($openid_url, '@google.') || stristr($openid_url, '@gmail.'))) { // BJB101206: map Google email addresses to OpenID url $tmpemail = $openid_url; $openid_url = GOOGLE_OPENID_URL; logout_guestuser(); if (empty($USER->id) && ($tmpuser = get_complete_user_data('email', $tmpemail)) && $tmpuser->auth != 'openid') { $allow_sreg = true; // would like to verify email later $process_url = $CFG->wwwroot . '/auth/openid/actions.php'; $USER = $tmpuser; $params['openid_tmp_login'] = true; // require flag in action.php $params['openid_action'] = 'change'; $params['openid_url'] = $openid_url; $params['openid_mode'] = 'switch2openid'; // arbitrary != null //error_log('/auth/openid/auth.php::do_request() - Found user email: '.$tmpemail); } } if (!empty($this->config->auth_openid_google_apps_domain)) { $openid_url = $this->config->auth_openid_google_apps_domain; new GApps_OpenID_Discovery($consumer); } $authreq = $consumer->begin($openid_url); if (!$authreq && $this->is_sso()) { $endpoint = new Auth_OpenID_ServiceEndpoint(); $endpoint->server_url = $openid_url; $endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT; $endpoint->type_uris = array('http://specs.openid.net/auth/2.0/signon'); $authreq = $consumer->beginWithoutDiscovery($endpoint); } if (!$authreq) { print_error('auth_openid_login_error', 'auth_openid'); } else { // Add any simple registration fields to the request if ($allow_sreg === true) { $sreg_added = false; $req = array(); $opt = array(); $privacy_url = null; // Required fields if (!empty($this->config->openid_sreg_required)) { $req = array_map('trim', explode(',', $this->config->openid_sreg_required)); $sreg_added = true; } // Optional fields if (!empty($this->config->openid_sreg_optional)) { $opt = array_map('trim', explode(',', $this->config->openid_sreg_optional)); $sreg_added = true; } // Privacy statement if ($sreg_added && !empty($this->config->openid_privacy_url)) { $privacy_url = $this->config->openid_privacy_url; } // We call the on_openid_do_request event handler function if it // exists. This is called before the simple registration (sreg) // extension is added to allow changes to be made to the sreg // data fields if required if (function_exists('on_openid_do_request')) { on_openid_do_request($authreq); } // Finally, the simple registration data is added if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) { $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url); if ($sreg_request) { $authreq->addExtension($sreg_request); } } if (defined('ADD_AX_SUPPORT')) { $AXattr = array(); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_EMAIL, 1, 1, 'email'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_NICKNAME, 1, 1, 'nickname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FULLNAME, 1, 1, 'fullname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FIRSTNAME, 1, 1, 'firstname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_LASTNAME, 1, 1, 'lastname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_COUNTRY, 1, 1, 'country'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($AXattr as $attr) { $ax->add($attr); } // Add AX fetch request to authentication request $authreq->addExtension($ax); } } // Prepare the remaining components for the request if (empty($process_url)) { $process_url = $CFG->wwwroot . '/login/index.php'; } if (is_array($params) && !empty($params)) { $query = ''; foreach ($params as $key => $val) { $query .= '&' . $key . '=' . $val; } $process_url .= '?' . substr($query, 1); } $trust_root = $CFG->wwwroot . '/'; $_SESSION['openid_process_url'] = $process_url; // Finally, redirect to the OpenID provider // Check if the server is allowed ... if (!openid_server_allowed($authreq->endpoint->server_url, $this->config)) { print_error('auth_openid_server_blacklisted', 'auth_openid', '', $authreq->endpoint->server_url); } elseif ($authreq->shouldSendRedirect()) { $redirect_url = $authreq->redirectURL($trust_root, $process_url); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { error($redirect_url->message); } else { redirect($redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $message = $authreq->getMessage($trust_root, $process_url, false); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($message)) { error($message); } else { $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue')); echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>'; exit; } } } }
/** * Show the "login" page * * @return string Returns the "login" page as HTML code. */ public function login() { try { if (!defined('OPENSTACKID_ENABLED') || OPENSTACKID_ENABLED == false) { return parent::login(); } $member = Member::currentUser(); if ($member) { // user is already logged in return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } if (!Director::is_https()) { OpenStackIdCommon::redirectToSSL($_SERVER['REQUEST_URI']); } // Begin the OpenID authentication process. $auth_request = $this->consumer->begin(IDP_OPENSTACKID_URL); //remove jainrain nonce unset($auth_request->return_to_args['janrain_nonce']); // No auth request means we can't begin OpenID. if (!$auth_request) { throw new Exception("The OpenID authentication failed."); } if (Auth_OpenID_supportsSReg($auth_request->endpoint)) { //SREG $sreg_request = Auth_OpenID_SRegRequest::build(array('email', 'fullname'), array('country', 'language')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } } else { //AX // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax); } //Redirect the user to the OpenID server for authentication . // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { echo "Could not redirect to server: " . $redirect_url->message; } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(OpenStackIdCommon::getTrustRoot(), OpenStackIdCommon::getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { echo "Could not redirect to server: " . $form_html->message; } else { print $form_html; } } exit; } catch (Exception $ex) { SS_Log::log($ex, SS_Log::WARN); Session::set("Security.Message.message", $ex->getMessage()); Session::set("Security.Message.type", "bad"); return $this->redirect("Security/badlogin"); } }
<?php require_once "config.php"; require_once "authCommon.php"; $openID_request = $openID->begin($providerURL); if (!$openID_request) { die("Failed to create OpenID request."); } $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email')); $openID_request->addExtension($ax); $redirectTo = $openID_request->redirectURL($baseURL, $baseURL . $basePath); header("Location: " . $redirectTo);
/** * Send an authentication request to the OpenID provider. * * @param array &$state The state array. * @param string $openid The OpenID we should try to authenticate with. */ public function doAuth(array &$state, $openid) { assert('is_string($openid)'); $stateId = SimpleSAML_Auth_State::saveState($state, 'openid:auth'); $consumer = $this->getConsumer($state); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { throw new SimpleSAML_Error_BadRequest('Not a valid OpenID: ' . var_export($openid, TRUE)); } $sreg_request = Auth_OpenID_SRegRequest::build($this->requiredAttributes, $this->optionalAttributes); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object $ax_attribute = array(); foreach ($this->requiredAXAttributes as $attr) { $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, true); } foreach ($this->optionalAXAttributes as $attr) { $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, false); } if (count($ax_attribute) > 0) { // Create AX fetch request $ax_request = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($ax_attribute as $attr) { $ax_request->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax_request); } foreach ($this->extensionArgs as $ext_ns => $ext_arg) { if (is_array($ext_arg)) { foreach ($ext_arg as $ext_key => $ext_value) { $auth_request->addExtensionArg($ext_ns, $ext_key, $ext_value); } } } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript form // to send a POST request to the server or use redirect if // prefer_http_redirect is enabled and redirect URL size // is less than 2049 $should_send_redirect = $auth_request->shouldSendRedirect(); if ($this->preferHttpRedirect || $should_send_redirect) { $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId)); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($redirect_url->message, TRUE)); } // For OpenID 2 failover to POST if redirect URL is longer than 2048 if ($should_send_redirect || strlen($redirect_url) <= 2048) { SimpleSAML_Utilities::redirectTrustedURL($redirect_url); assert('FALSE'); } } // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($form_html->message, TRUE)); } else { echo '<html><head><title>OpenID transaction in progress</title></head> <body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>'; exit; } }
//define oauth & openid params require_once '../config.inc.php'; //ammend include path so we can include files consistently $includePath = get_include_path() . PATH_SEPARATOR . OPENID_INCLUDE_PATH . PATH_SEPARATOR . OAUTH_INCLUDE_PATH . PATH_SEPARATOR; set_include_path($includePath); //include openid files require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/AX.php"; //init basic openid auth url generation $openidFileStore = new Auth_OpenID_FileStore('/tmp/'); $openidConsumer =& new Auth_OpenID_Consumer($openidFileStore); //this could just as easily be set dynamically $openidIdentifier = 'yahoo.com'; $openidAuthRequest = $openidConsumer->begin($openidIdentifier); //add openid ax req params for all the fields mentioned in the blog post below //ref: http://developer.yahoo.net/blog/archives/2009/12/yahoo_openid_now_with_attribute_exchange.html //ref: http://stackoverflow.com/questions/1183788/example-usage-of-ax-in-php-openid $openid_ax_attributes = array(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/media/image/default', 1, 1, 'profile_pic'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, 1, 'gender')); $openid_ax_request = new Auth_OpenID_AX_FetchRequest(); foreach ($openid_ax_attributes as $attribute) { $openid_ax_request->add($attribute); } $openidAuthRequest->addExtension($openid_ax_request); //this is the url for openid provider log in page $openidLoginRedirectUrl = $openidAuthRequest->redirectURL(OPENID_REALM_URI, OPENID_RETURN_TO_URI); //append hybrid auth fields $additionalFields = array('openid.ns.oauth' => 'http://specs.openid.net/extensions/oauth/1.0', 'openid.oauth.consumer' => YAHOO_OAUTH_APP_KEY); $openidLoginRedirectUrl .= '&' . http_build_query($additionalFields); //redirect for auth header('Location: ' . $openidLoginRedirectUrl);
/** * Send an authentication request to the OpenID provider. * * @param array &$state The state array. * @param string $openid The OpenID we should try to authenticate with. */ public function doAuth(array &$state, $openid) { assert('is_string($openid)'); $stateId = SimpleSAML_Auth_State::saveState($state, 'openid:state'); $consumer = $this->getConsumer($state); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { throw new Exception("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build($this->requiredAttributes, $this->optionalAttributes); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object $ax_attribute = array(); foreach ($this->requiredAXAttributes as $attr) { $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, true); } foreach ($this->optionalAXAttributes as $attr) { $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, false); } if (count($ax_attribute) > 0) { // Create AX fetch request $ax_request = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($ax_attribute as $attr) { $ax_request->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId)); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { throw new Exception("Could not redirect to server: " . $redirect_url->message); } SimpleSAML_Utilities::redirect($redirect_url); } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { throw new Exception("Could not redirect to server: " . $form_html->message); } else { echo '<html><head><title>OpenID transaction in progress</title></head> <body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>'; exit; } } }
/** * Build an Attribute Exchange attribute query extension if we've never seen this OpenID before. */ function openid_add_ax_extension($extensions, $auth_request) { if(!get_user_by_openid($auth_request->endpoint->claimed_id)) { set_include_path( dirname(__FILE__) . PATH_SEPARATOR . get_include_path() ); require_once('Auth/OpenID/AX.php'); restore_include_path(); if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) { $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true)); $extensions[] = $ax_request; } } return $extensions; }
/** * This initiates openid connection. This method can also used for google/yahoo * signin, since those support openid. * @param type $auth_site */ function openIdConnect($auth_site) { //required includes //session_start(); require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/SReg.php"; require_once "Auth/OpenID/AX.php"; $objAltConfig = $this->getObject('altconfig', 'config'); $this->objDbSysconfig = $this->getObject('dbsysconfig', 'sysconfig'); $modPath = $objAltConfig->getModulePath(); $moduleUri = $objAltConfig->getModuleURI(); $siteRoot = $objAltConfig->getSiteRoot(); $DEFAULT_REDIRECT_ULR = $siteRoot . '?module=security&action=openidloginresult'; $OPENID_AUTH_PAGE = $siteRoot . '?module=security&action=openidlogin'; $OPENID_CALLBACK_PAGE = $siteRoot . '?module=security&action=openidlogin'; $_SESSION['AUTH'] = false; switch ($auth_site) { case "google": $oid_identifier = 'https://www.google.com/accounts/o8/id'; $_SESSION['auth_site'] = "Google"; break; case "yahoo": $oid_identifier = 'https://yahoo.com'; $_SESSION['auth_site'] = "Yahoo!"; break; case "openid": if (!$_POST['openIDField']) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_invalidopenid", 'security')); } else { $oid_identifier = $_POST['openIDField']; $_SESSION['openid_user'] = $oid_identifier; $_SESSION['auth_site'] = "OpenID"; } break; default: header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_invalidorunsupportedopenidprovider", 'security')); } //Here starts the authentication process // Create file storage area for OpenID data $openidPath = $this->objConfig->getcontentBasePath() . '/openid'; $objMkDir = $this->getObject('mkdir', 'files'); $objMkDir->mkdirs($openidPath); $store = new Auth_OpenID_FileStore($openidPath); // Create OpenID consumer $consumer = new Auth_OpenID_Consumer($store); // Create an authentication request to the OpenID provider $auth = $consumer->begin($oid_identifier); //checks for errors if (!$auth) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider); } //configuring atributtes to be retrieved $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); if (!$ax) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider); } foreach ($attribute as $attr) { $ax->add($attr); } if (!$auth) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider); } try { // Add AX fetch request to authentication request $auth->addExtension($ax); } catch (Exception $ex) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider); } // redirect to the OpenID provider's website for authentication $url = $auth->redirectURL($siteRoot, $OPENID_CALLBACK_PAGE); header('Location: ' . $url); }
function login($openid_url, $finish_page) { global $wgTrustRoot, $wgOut; # If it's an interwiki link, expand it $openid_url = $this->interwikiExpand($openid_url); # Check if the URL is allowed if (!$this->canLogin($openid_url)) { $wgOut->showErrorPage('openidpermission', 'openidpermissiontext'); return; } if (!is_null($wgTrustRoot)) { $trust_root = $wgTrustRoot; } else { global $wgScriptPath, $wgServer; $trust_root = $wgServer . $wgScriptPath; } wfSuppressWarnings(); $consumer = $this->getConsumer(); if (!$consumer) { wfDebug("OpenID: no consumer\n"); $wgOut->showErrorPage('openiderror', 'openiderrortext'); return; } # Make sure the user has a session! $this->setupSession(); $auth_request = $consumer->begin($openid_url); // Handle failure status return values. if (!$auth_request) { wfDebug("OpenID: no auth_request\n"); $wgOut->showErrorPage('openiderror', 'openiderrortext'); return; } # Check the processed URLs, too $endpoint = $auth_request->endpoint; if (!is_null($endpoint)) { # Check if the URL is allowed if (isset($endpoint->identity_url) && !$this->canLogin($endpoint->identity_url)) { $wgOut->showErrorPage('openidpermission', 'openidpermissiontext'); return; } if (isset($endpoint->delegate) && !$this->canLogin($endpoint->delegate)) { $wgOut->showErrorPage('openidpermission', 'openidpermissiontext'); return; } } $sreg_request = Auth_OpenID_SRegRequest::build(array(), array('nickname', 'email', 'fullname', 'language', 'timezone')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object. Depending on your endpoint, you can request many things: // see http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters. // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); // Create AX fetch request and add attributes $ax_request = new Auth_OpenID_AX_FetchRequest(); foreach ($attribute as $attr) { $ax_request->add($attr); } if ($ax_request) { $auth_request->addExtension($ax_request); } $process_url = $this->scriptUrl($finish_page); if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $process_url); if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { # OK, now go $wgOut->redirect($redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup($trust_root, $process_url, false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError('Could not redirect to server: ' . $form_html->message); } else { $wgOut->addWikiMsg('openidautosubmit'); $wgOut->addHTML($form_html); $wgOut->addInlineScript("function submitOpenIDForm() {\n document.getElementById(\"" . $form_id . "\").submit()\n }\nhookEvent(\"load\", submitOpenIDForm);\n"); } } wfRestoreWarnings(); }
/** * Try to authenticate a user using AX. * * @access public * @param string the openid url * @param string the path to return to after authenticating * @param array a list of PAPE policies to request from the server * @param array a list of required return values * @param array a list of optional return values * @return void */ public function try_auth_ax($openid, $return_to, $policy_uris = array(), $required = array('nickname', 'email'), $optional = array('fname', 'lname')) { if ($return_to[0] == '/') { $return_to = substr($return_to, 1); } $return_to = $this->_get_trust_root() . $return_to; if (empty($openid)) { return $this->_throw_error(OPENID_RETURN_NO_URL); } // Create OpenID consumer $consumer = $this->_get_consumer(); // Create an authentication request to the OpenID provider $auth = $consumer->begin($openid); // Create UI if needed if ($this->use_popup) { $ui = $this->_get_ui($return_to); $auth->addExtension($ui); } // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters foreach (array(1 => $required, 0 => $optional) as $key => $data) { foreach ($data as $item) { if (array_key_exists($item, $this->ax_properties)) { $ax->add(Auth_OpenID_AX_AttrInfo::make($this->ax_properties[$item], 1, $key, $item)); } else { return $this->_throw_error('AX property "' . $item . '" is not registered in the library'); } } } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. if (!$this->ci->session->userdata('EasyOpenID_provider')) { $this->ci->session->set_userdata('EasyOpenID_provider', $openid); } // Add AX fetch request to authentication request $auth->addExtension($ax); // Redirect to OpenID provider for authentication $url = $auth->redirectURL($this->_get_trust_root(), $return_to); // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth->shouldSendRedirect()) { $redirect_url = $auth->redirectURL($this->_get_trust_root(), $return_to); // If the redirect URL can't be built, die. if (Auth_OpenID::isFailure($redirect_url)) { return $this->_throw_error(OPENID_RETURN_NO_CONNECT); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth->htmlMarkup($this->_get_trust_root(), $return_to, FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { return $this->_throw_error(OPENID_RETURN_NO_CONNECT); } else { die($form_html); } } }
function authenticate($openId) { $consumer = $this->_get_consumer(); $authRequest = $consumer->begin($openId); // No auth request means we can't begin OpenID. if (!$authRequest) { $this->_set_message(TRUE, 'openid_auth_error'); } if ($this->sreg_enable) { $sreg_request = Auth_OpenID_SRegRequest::build($this->sreg_required, $this->sreg_optional, $this->sreg_policy); if ($sreg_request) { $authRequest->addExtension($sreg_request); } else { $this->_set_message(TRUE, 'openid_sreg_failed'); } } if ($this->ax_enable) { $ax_request = new Auth_OpenID_AX_FetchRequest(); if ($ax_request) { foreach ($this->ax_attributes as $attr) { $ax_request->add($attr); } $authRequest->addExtension($ax_request); } else { $this->_set_message(TRUE, 'openid_ax_failed'); } } if ($this->pape_enable) { $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris); if ($pape_request) { $authRequest->addExtension($pape_request); } else { $this->_set_message(TRUE, 'openid_pape_failed'); } } if ($this->ext_args != NULL) { foreach ($this->ext_args as $extensionArgument) { if (count($extensionArgument) == 3) { $authRequest->addExtensionArg($extensionArgument[0], $extensionArgument[1], $extensionArgument[2]); } } } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($authRequest->shouldSendRedirect()) { $redirect_url = $authRequest->redirectURL($this->trust_root, $this->request_to); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { $this->_set_message(TRUE, 'openid_redirect_failed', $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $authRequest->htmlMarkup($this->trust_root, $this->request_to, FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $this->_set_message(TRUE, 'openid_redirect_failed', $form_html->message); } else { print $form_html; } } }
public function executeTrust(sfWebRequest $request) { opApplicationConfiguration::registerJanRainOpenID(); require_once 'Auth/OpenID/Server.php'; require_once 'Auth/OpenID/FileStore.php'; require_once 'Auth/OpenID/SReg.php'; require_once 'Auth/OpenID/AX.php'; $info = unserialize($_SESSION['request']); $this->forward404Unless($info); $trusted = $request->hasParameter('trust') || $request->hasParameter('permanent'); if (!$trusted) { unset($_SESSION['request']); $url = $info->getCancelURL(); $this->redirect($url); } $reqUrl = $this->getController()->genUrl('OpenID/member?id=' . $this->getUser()->getMemberId(), true); if (!$info->idSelect()) { $this->forward404Unless($reqUrl === $info->identity, 'request:' . $reqUrl . '/identity:' . $info->identity); } unset($_SESSION['request']); $server = new Auth_OpenID_Server(new Auth_OpenID_FileStore(sfConfig::get('sf_cache_dir')), $info->identity); $response = $info->answer(true, null, $reqUrl); $sregRequest = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $axRequest = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info); $allowedProfiles = $request->getParameter('profiles', array()); $requiredProfiles = $this->createListOfRequestedProfiles($sregRequest, $axRequest); $rejectedProfiles = array_diff_key($requiredProfiles, array_flip($allowedProfiles)); if (in_array(true, $rejectedProfiles)) { $url = $info->getCancelURL(); $this->redirect($url); } if ($sregRequest) { $sregExchange = new opOpenIDProfileExchange('sreg', $this->getUser()->getMember()); $sregResp = Auth_OpenID_SRegResponse::extractResponse($sregRequest, $sregExchange->getData($allowedProfiles)); $response->addExtension($sregResp); } if ($axRequest && !$axRequest instanceof Auth_OpenID_AX_Error) { $axResp = new Auth_OpenID_AX_FetchResponse(); $axExchange = new opOpenIDProfileExchange('ax', $this->getUser()->getMember()); $userData = $axExchange->getData($allowedProfiles); foreach ($axRequest->requested_attributes as $k => $v) { if (!empty($userData[$k])) { $axResp->addValue($k, $userData[$k]); } } $response->addExtension($axResp); } $log = Doctrine::getTable('OpenIDTrustLog')->log($info->trust_root, $this->getUser()->getMemberId()); if ($request->hasParameter('permanent')) { $log->is_permanent = true; $log->save(); } $response = $server->encodeResponse($response); return $this->writeResponse($response); }
/** * Extract a FetchRequest from an OpenID message * * @param request: The OpenID request containing the attribute * fetch request * * @returns mixed An Auth_OpenID_AX_Error or the * Auth_OpenID_AX_FetchRequest extracted from the request message if * successful */ function &fromOpenIDRequest($request) { $m = $request->message; $obj = new Auth_OpenID_AX_FetchRequest(); $ax_args = $m->getArgs($obj->ns_uri); $result = $obj->parseExtensionArgs($ax_args); if (Auth_OpenID_AX::isError($result)) { return $result; } if ($obj->update_url) { // Update URL must match the openid.realm of the // underlying OpenID 2 message. $realm = $m->getArg(Auth_OpenID_OPENID_NS, 'realm', $m->getArg(Auth_OpenID_OPENID_NS, 'return_to')); if (!$realm) { $obj = new Auth_OpenID_AX_Error(sprintf("Cannot validate update_url %s " . "against absent realm", $obj->update_url)); } else { if (!Auth_OpenID_TrustRoot::match($realm, $obj->update_url)) { $obj = new Auth_OpenID_AX_Error(sprintf("Update URL %s failed validation against realm %s", $obj->update_url, $realm)); } } } return $obj; }
private function tryAuth() { // Check for launch date if (defined('LAUNCH_DATE')) { if (LAUNCH_DATE > time()) { $page = new Neuron_Core_Template(); $page->set('name', ''); $page->set('launchdate', Neuron_Core_Tools::getCountdown(LAUNCH_DATE)); echo $page->parse('launchdate.phpt'); exit; } } $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID:<br />" . $openid); } $sreg_request = Auth_OpenID_SRegRequest::build(array(), array('email', 'language', 'country', 'nickname', 'dob', 'gender')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Add AX request for notification URL $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/notify_url.xml', 1, false, 'notify_url')); $ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/profilebox_url.xml', 1, false, 'profilebox_url')); $ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/messagebundle_url.xml', 1, false, 'messagebundle_url')); $ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/fullscreen.xml', 1, false, 'fullscreen')); $ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/userstats_url.xml', 1, false, 'userstats_url')); $ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/hide_advertisement.xml', 1, false, 'hide_advertisement')); $ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/hide_chat.xml', 1, false, 'hide_chat')); $ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/tracker_url.xml', 1, false, 'tracker_url')); $ax->add(new Auth_OpenID_AX_AttrInfo('http://www.browser-games-hub.org/schema/openid/welcome_url.xml', 1, false, 'welcome_url')); $auth_request->addExtension($ax); /* $policy_uris = isset ($_GET['policies']) ? $_GET['policies'] : null; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } */ // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. if (!$this->disableredirect) { header("Location: " . $redirect_url); } echo '<html>'; echo '<head><style type="text/css">body { background: black; color: white; }</style><head>'; echo '<body>'; echo '<p>Redirecting to OpenID Gateway...</p>'; if ($this->disableredirect) { echo '<p><a href="' . $redirect_url . '">Click to continue.</a></p>'; } echo '</body>'; echo '</html>'; } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { //echo '<p>Redirecting to OpenID Gateway...</p>'; if (!$this->disableredirect) { print $form_html; } else { $form_html = str_replace("onload='document.forms[0].submit();", "", $form_html); $form_html = str_replace('<script>var elements = document.forms[0].elements;for (var i = 0; i < elements.length; i++) { elements[i].style.display = "none";}</script>', '', $form_html); print $form_html; } } } }
function index() { // Enable SSL? maintain_ssl($this->config->item("ssl_enabled")); // Get OpenID store object $store = new Auth_OpenID_FileStore($this->config->item("openid_file_store_path")); // Get OpenID consumer object $consumer = new Auth_OpenID_Consumer($store); if ($this->input->get('janrain_nonce')) { // Complete authentication process using server response $response = $consumer->complete(site_url('account/connect_google')); // Check the response status if ($response->status == Auth_OpenID_SUCCESS) { // Check if user has connect google to a3m if ($user = $this->account_openid_model->get_by_openid($response->getDisplayIdentifier())) { // Check if user is not signed in on a3m if (!$this->authentication->is_signed_in()) { // Run sign in routine $this->authentication->sign_in($user->account_id); } $user->account_id === $this->session->userdata('account_id') ? $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_this_account'), lang('connect_google'))) : $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_another_account'), lang('connect_google'))); redirect('account/account_linked'); } else { // Check if user is signed in on a3m if (!$this->authentication->is_signed_in()) { $openid_google = array(); if ($ax_args = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response)) { $ax_args = $ax_args->data; if (isset($ax_args['http://axschema.org/namePerson/friendly'][0])) { $openid_google['username'] = $ax_args['http://axschema.org/namePerson/friendly'][0]; } if (isset($ax_args['http://axschema.org/contact/email'][0])) { $email = $ax_args['http://axschema.org/contact/email'][0]; } if (isset($ax_args['http://axschema.org/namePerson'][0])) { $openid_google['fullname'] = $ax_args['http://axschema.org/namePerson'][0]; } if (isset($ax_args['http://axschema.org/birthDate'][0])) { $openid_google['dateofbirth'] = $ax_args['http://axschema.org/birthDate'][0]; } if (isset($ax_args['http://axschema.org/person/gender'][0])) { $openid_google['gender'] = $ax_args['http://axschema.org/person/gender'][0]; } if (isset($ax_args['http://axschema.org/contact/postalCode/home'][0])) { $openid_google['postalcode'] = $ax_args['http://axschema.org/contact/postalCode/home'][0]; } if (isset($ax_args['http://axschema.org/contact/country/home'][0])) { $openid_google['country'] = $ax_args['http://axschema.org/contact/country/home'][0]; } if (isset($ax_args['http://axschema.org/pref/language'][0])) { $openid_google['language'] = $ax_args['http://axschema.org/pref/language'][0]; } if (isset($ax_args['http://axschema.org/pref/timezone'][0])) { $openid_google['timezone'] = $ax_args['http://axschema.org/pref/timezone'][0]; } if (isset($ax_args['http://axschema.org/namePerson/first'][0])) { $openid_google['firstname'] = $ax_args['http://axschema.org/namePerson/first'][0]; } // google only if (isset($ax_args['http://axschema.org/namePerson/last'][0])) { $openid_google['lastname'] = $ax_args['http://axschema.org/namePerson/last'][0]; } // google only } // Store user's google data in session $this->session->set_userdata('connect_create', array(array('provider' => 'openid', 'provider_id' => $response->getDisplayIdentifier(), 'email' => isset($email) ? $email : NULL), $openid_google)); // Create a3m account redirect('account/connect_create'); } else { // Connect google to a3m $this->account_openid_model->insert($response->getDisplayIdentifier(), $this->session->userdata('account_id')); $this->session->set_flashdata('linked_info', sprintf(lang('linked_linked_with_your_account'), lang('connect_google'))); redirect('account/account_linked'); } } } else { $this->authentication->is_signed_in() ? redirect('account/account_linked') : redirect('account/sign_up'); } } // Begin OpenID authentication process $auth_request = $consumer->begin($this->config->item("openid_google_discovery_endpoint")); // Create ax request (Attribute Exchange) $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, TRUE, 'username')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, TRUE, 'email')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, TRUE, 'fullname')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/birthDate', 1, TRUE, 'dateofbirth')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, TRUE, 'gender')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/postalCode/home', 1, TRUE, 'postalcode')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/country/home', 1, TRUE, 'country')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/language', 1, TRUE, 'language')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/timezone', 1, TRUE, 'timezone')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, TRUE, 'firstname')); // google only $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, TRUE, 'lastname')); // google only $auth_request->addExtension($ax_request); // Redirect to authorizate URL header("Location: " . $auth_request->redirectURL(base_url(), site_url('account/connect_google'))); }
function tryAuth($tid, $openid, $remember_openid = null) { $context = Model_Context::getInstance(); $trust_root = $context->getProperty('uri.host') . "/"; ob_start(); $auth_request = $this->consumer->begin($openid); ob_end_clean(); // Handle failure status return values. if (!$auth_request) { return $this->_redirectWithError(_text("인증하지 못하였습니다. 아이디를 확인하세요"), $tid); } if (!$this->IsExisted($auth_request->endpoint->claimed_id)) { if ($auth_request->message->isOpenID2()) { $ax_nickname = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true, 'nickname'); $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add($ax_nickname); $auth_request->addExtension($ax_request); } else { $sreg_request = Auth_OpenID_SRegRequest::build(null, array('nickname')); $auth_request->addExtension($sreg_request); } } if ($remember_openid) { $this->setCookie('openid', empty($auth_request->endpoint->display_identifier) ? $auth_request->endpoint->claimed_id : $auth_request->endpoint->display_identifier); } else { $this->clearCookie('openid'); } $tr = Transaction::taste($tid); $finishURL = $tr['finishURL']; $redirect_url = $auth_request->redirectURL($trust_root, $finishURL); return $this->redirect($redirect_url); }
/** * Returns URL to which user can be directed for * authentication via CS50 ID. * * @param trust_root URL that CS50 ID should prompt user to trust * @param return_to URL to which CS50 ID should return user * @param fields Simple Registration fields to request from CS50 ID * @param attributes Attribute Exchange attributes to request from CS50 ID * * @return URL for CS50 ID */ public static function getLoginUrl($trust_root, $return_to, $fields = ["email", "fullname"], $attributes = []) { // ignore Janrain's use of deprecated functions $error_reporting = error_reporting(); error_reporting($error_reporting & ~E_DEPRECATED); // load Janrain's libary set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . DIRECTORY_SEPARATOR . "share" . DIRECTORY_SEPARATOR . "php-openid-2.3.0"); require_once "Auth/OpenID/AX.php"; require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/SReg.php"; // ensure $_SESSION exists for Yadis @session_start(); // prepare filesystem-based store $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . md5($return_to); @mkdir($path, 0700); if (!is_dir($path)) { trigger_error("Could not create {$path}", E_USER_ERROR); } if (!is_readable($path)) { trigger_error("Could not read from {$path}", E_USER_ERROR); } if (!is_writable($path)) { trigger_error("Could not write to {$path}", E_USER_ERROR); } $store = new Auth_OpenID_FileStore($path); // prepare request $consumer = new Auth_OpenID_Consumer($store); $auth_request = $consumer->begin("https://id.cs50.net/"); // request Simple Registration fields if (is_array($fields) && count($fields) > 0) { $sreg_request = Auth_OpenID_SRegRequest::build(null, $fields); $auth_request->addExtension($sreg_request); } // request Attribute Exchange attributes if (is_array($attributes) && count($attributes) > 0) { $ax_request = new Auth_OpenID_AX_FetchRequest(); foreach ($attributes as $attribute) { $ax_request->add(Auth_OpenID_AX_AttrInfo::make($attribute, 1, false)); } $auth_request->addExtension($ax_request); } // generate URL for redirection $redirect_url = $auth_request->redirectURL($trust_root, $return_to); // restore error_reporting error_reporting($error_reporting); // return URL unless error if (Auth_OpenID::isFailure($redirect_url)) { trigger_error($redirect_url->message); return false; } else { return $redirect_url; } }
/** * Build an Attribute Exchange attribute query extension if we've never seen this OpenID before. */ function openid_add_ax_extension($extensions, $auth_request) { if (!get_user_by_openid($auth_request->endpoint->claimed_id)) { require_once 'Auth/OpenID/AX.php'; if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) { $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true)); $extensions[] = $ax_request; } } return $extensions; }
function test_getExtensionArgs_some_request() { $expected_args = array('mode' => 'fetch_response', 'type.' . $this->alias_a => $this->type_a, 'value.' . $this->alias_a . '.1' => $this->value_a, 'count.' . $this->alias_a => '1'); $req = new Auth_OpenID_AX_FetchRequest(); $req->add(Auth_OpenID_AX_AttrInfo::make($this->type_a, 1, false, $this->alias_a)); $this->msg->addValue($this->type_a, $this->value_a); $result = $this->msg->getExtensionArgs($req); $this->assertEquals($expected_args, $result); }
/** * Build an Attribute Exchange attribute query extension if we've never seen this OpenID before. */ function openid_add_ax_extension($extensions, $auth_request) { if (!get_user_by_openid($auth_request->endpoint->claimed_id)) { require_once 'Auth/OpenID/AX.php'; if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) { $default_fields = array(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true)); $fields = apply_filters('openid_consumer_ax_fields', $default_fields); $ax_request = new Auth_OpenID_AX_FetchRequest(); foreach ($fields as $field) { $ax_request->add($field); } $extensions[] = $ax_request; } } return $extensions; }