required: A list of the required fields in this simple registration request optional: A list of the optional fields in this simple registration request
Inheritance: extends Auth_OpenID_SRegBase
Auth_OpenID_SRegRequest Class Documentation
Example #1
0
 public function getSregRequest($required, $optional)
 {
     $sregService = new Auth_OpenID_SRegRequest();
     $sregRequest = $sregService->build($required, $optional);
     if ($sregRequest) {
         return $sregRequest;
     }
 }
Example #2
0
 /**
  * @throws InvalidArgumentException if an invalid OpenID was provided
  */
 public function authenticate($url, $return, $realm, $required = array(), $optional = array())
 {
     if (empty($realm)) {
         $realm = 'http' . (env('HTTPS') ? 's' : '') . '://' . env('SERVER_NAME');
     }
     if (trim($url) != '') {
         $consumer = $this->_consumer();
         $authRequest = $consumer->begin($url);
     }
     if (!isset($authRequest) || !$authRequest) {
         throw new InvalidArgumentException('Invalid OpenID');
     }
     $sregRequest = Auth_OpenID_SRegRequest::build($required, $optional);
     if ($sregRequest) {
         $authRequest->addExtension($sregRequest);
     }
     if (!$authRequest->shouldSendRedirect()) {
         $formId = 'openid_message';
         $formHtml = $authRequest->formMarkup($realm, $return, false, array('id' => $formId));
         if (Auth_OpenID::isFailure($formHtml)) {
             throw new Exception('Could not redirect to server: ' . $formHtml->message);
         }
         echo '<html><head><title>OpenID transaction in progress</title></head>' . "<body onload='document.getElementById(\"{$formId}\").submit()'>" . $formHtml . '</body></html>';
         exit;
     }
     $redirectUrl = $authRequest->redirectUrl($realm, $return);
     if (Auth_OpenID::isFailure($redirectUrl)) {
         throw new Exception('Could not redirect to server: ' . $redirectUrl->message);
     }
     $this->_controller->redirect($redirectUrl, null, true);
 }
Example #3
0
function run()
{
    $openid = getOpenIDURL();
    $consumer = getConsumer();
    // Begin the OpenID authentication process.
    $auth_request = $consumer->begin($openid);
    // No auth request means we can't begin OpenID.
    if (!$auth_request) {
        displayError("Authentication error; not a valid OpenID.");
    }
    $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    // Create attribute request object
    // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
    // Usage: make($type_uri, $count=1, $required=false, $alias=null)
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
    $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
    // Create AX fetch request
    $ax = new Auth_OpenID_AX_FetchRequest();
    // Add attributes to AX fetch request
    foreach ($attribute as $attr) {
        $ax->add($attr);
    }
    $auth_request->addExtension($ax);
    $policy_uris = $_GET['policies'];
    $pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
    if ($pape_request) {
        $auth_request->addExtension($pape_request);
    }
    // Redirect the user to the OpenID server for authentication.
    // Store the token for this authentication so we can verify the
    // response.
    // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
    // form to send a POST request to the server.
    if ($auth_request->shouldSendRedirect()) {
        $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
        // If the redirect URL can't be built, display an error
        // message.
        if (Auth_OpenID::isFailure($redirect_url)) {
            displayError("Could not redirect to server: " . $redirect_url->message);
        } else {
            // Send redirect.
            header("Location: " . $redirect_url);
        }
    } else {
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated;
        // otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            displayError("Could not redirect to server: " . $form_html->message);
        } else {
            print $form_html;
        }
    }
}
Example #4
0
 function authenticate($openId)
 {
     $consumer = $this->_getConsumer();
     $authRequest = $consumer->begin($openId);
     // No auth request means we can't begin OpenID.
     if (!$authRequest) {
         $this->_set_message(true, 'openid_auth_error');
     }
     if ($this->sreg_enable) {
         $sreg_request = Auth_OpenID_SRegRequest::build($this->sreg_required, $this->sreg_optional, $this->sreg_policy);
         if ($sreg_request) {
             $authRequest->addExtension($sreg_request);
         } else {
             $this->_set_message(true, 'openid_sreg_failed');
         }
     }
     if ($this->pape_enable) {
         $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris);
         if ($pape_request) {
             $authRequest->addExtension($pape_request);
         } else {
             $this->_set_message(true, 'openid_pape_failed');
         }
     }
     if ($this->ext_args != null) {
         foreach ($this->ext_args as $extensionArgument) {
             if (count($extensionArgument) == 3) {
                 $authRequest->addExtensionArg($extensionArgument[0], $extensionArgument[1], $extensionArgument[2]);
             }
         }
     }
     // Redirect the user to the OpenID server for authentication.
     // Store the token for this authentication so we can verify the
     // response.
     // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
     // form to send a POST request to the server.
     if ($authRequest->shouldSendRedirect()) {
         $redirect_url = $authRequest->redirectURL($this->trust_root, $this->request_to);
         // If the redirect URL can't be built, display an error
         // message.
         if (Auth_OpenID::isFailure($redirect_url)) {
             $this->_set_message(true, 'openid_redirect_failed', $redirect_url->message);
         } else {
             // Send redirect.
             header("Location: " . $redirect_url);
         }
     } else {
         // Generate form markup and render it.
         $form_id = 'openid_message';
         $form_html = $authRequest->formMarkup($this->trust_root, $this->request_to, false, array('id' => $form_id));
         // Display an error if the form markup couldn't be generated;
         // otherwise, render the HTML.
         if (Auth_OpenID::isFailure($form_html)) {
             $this->_set_message(true, 'openid_redirect_failed', $form_html->message);
         } else {
             $page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>");
             print implode("\n", $page_contents);
         }
     }
 }
Example #5
0
 public function validateIdentifier($validator, $values, $arguments = array())
 {
     $authRequest = $this->getAuthAdapter()->getConsumer()->begin($values['openid_identifier']);
     if (!$authRequest) {
         throw new sfValidatorError($validator, 'Authentication error: not a valid OpenID.');
     }
     $sregExchange = new opOpenIDProfileExchange('sreg');
     $authRequest->addExtension(Auth_OpenID_SRegRequest::build(array(), $sregExchange->getImportSupportedProfiles()));
     // for OpenID1
     if ($authRequest->shouldSendRedirect()) {
         $values['redirect_url'] = $authRequest->redirectURL($arguments['realm'], $arguments['return_to']);
         if (Auth_OpenID::isFailure($values['redirect_url'])) {
             throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_url']->message);
         }
     } else {
         $axExchange = new opOpenIDProfileExchange('ax');
         $axRequest = new Auth_OpenID_AX_FetchRequest();
         foreach ($axExchange->getImportSupportedProfiles() as $key => $value) {
             $axRequest->add(Auth_OpenID_AX_AttrInfo::make($value, 1, false, 'profile_' . $key));
         }
         $authRequest->addExtension($axRequest);
         $values['redirect_html'] = $authRequest->htmlMarkup($arguments['realm'], $arguments['return_to']);
         if (Auth_OpenID::isFailure($values['redirect_html'])) {
             throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_html']->message);
         }
     }
     return $values;
 }
Example #6
0
 public function GetSRegDataForRequest(User $user)
 {
     require_once 'Auth/OpenID/SReg.php';
     // Other common SReg fields we could fill are:
     //   dob, country, language, timezone.
     $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($this->request);
     return Auth_OpenID_SRegResponse::extractResponse($sreg_request, array('fullname' => $user->fullName(), 'nickname' => $user->displayName(), 'email' => $user->bestEmail(), 'gender' => $user->isFemale() ? 'F' : 'M'));
 }
Example #7
0
/**
 * See if the OpenID authentication request includes SReg and add additional hooks if so.
 */
function openid_server_sreg_post_auth($request)
{
    $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request);
    if ($sreg_request) {
        $GLOBALS['openid_server_sreg_request'] = $sreg_request;
        add_action('openid_server_trust_form', 'openid_server_sreg_trust_form');
        add_action('openid_server_trust_submit', 'openid_server_sreg_trust_submit', 10, 2);
        add_filter('openid_server_store_trusted_site', 'openid_server_sreg_store_trusted_site');
        add_action('openid_server_auth_response', 'openid_server_sreg_auth_response');
    }
}
Example #8
0
 private function runTry()
 {
     $openid = $this->getOpenIDUrl();
     $consumer = $this->getConsumer();
     $auth_request = $consumer->begin($openid);
     // No auth request means we can't begin OpenID.
     if (!$auth_request) {
         displayError("Authentication error; not a valid OpenID.");
     }
     $sreg_request = \Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
     if ($sreg_request) {
         $auth_request->addExtension($sreg_request);
     }
     $policy_uris = null;
     if (isset($_GET['policies'])) {
         $policy_uris = $_GET['policies'];
     }
     $pape_request = new \Auth_OpenID_PAPE_Request($policy_uris);
     if ($pape_request) {
         $auth_request->addExtension($pape_request);
     }
     // Redirect the user to the OpenID server for authentication.
     // Store the token for this authentication so we can verify the
     // response.
     // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
     // form to send a POST request to the server.
     if ($auth_request->shouldSendRedirect()) {
         $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo());
         // If the redirect URL can't be built, display an error
         // message.
         if (\Auth_OpenID::isFailure($redirect_url)) {
             displayError("Could not redirect to server: " . $redirect_url->message);
         } else {
             // Send redirect.
             //header("Location: ".$redirect_url);
             return Response::redirect($redirect_url);
         }
     } else {
         // Generate form markup and render it.
         $form_id = 'openid_message';
         $form_html = $auth_request->htmlMarkup($this->getTrustRoot(), $this->getReturnTo(), false, array('id' => $form_id));
         // Display an error if the form markup couldn't be generated;
         // otherwise, render the HTML.
         if (\Auth_OpenID::isFailure($form_html)) {
             displayError("Could not redirect to server: " . $form_html->message);
         } else {
             print $form_html;
         }
     }
     return null;
 }
Example #9
0
function run()
{
    $openid = getOpenIDURL();
    $consumer = getConsumer();
    // Begin the OpenID authentication process.
    $auth_request = $consumer->begin($openid);
    // No auth request means we can't begin OpenID.
    if (!$auth_request) {
        displayError("认证错误,不是有效的OpenID。");
    }
    $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('gender'));
    //'nickname','fullname', 'email', 'dob','gender','postcode','country','language','timezone'
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    /*NOTE:目前还很少有网站要用到PAPE这个功能
       $policy_uris = $_GET['policies'];
    
        $pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
        if ($pape_request) {
            $auth_request->addExtension($pape_request);
        }
    	*/
    // Redirect the user to the OpenID server for authentication.
    // Store the token for this authentication so we can verify the
    // response.
    // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
    // form to send a POST request to the server.
    if ($auth_request->shouldSendRedirect()) {
        $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
        // If the redirect URL can't be built, display an error
        // message.
        if (Auth_OpenID::isFailure($redirect_url)) {
            displayError("不能跳转到: " . $redirect_url->message);
        } else {
            // Send redirect.
            header("Location: " . $redirect_url);
        }
    } else {
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated;
        // otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            displayError("不能跳转到: " . $form_html->message);
        } else {
            print $form_html;
        }
    }
}
Example #10
0
function run()
{
    $openid = getOpenIDURL();
    $consumer = getConsumer();
    // Begin the OpenID authentication process.
    $auth_request = $consumer->begin($openid);
    // No auth request means we can't begin OpenID.
    if (!$auth_request) {
        displayError(_CORE_OID_URL_INVALID);
    }
    $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('fullname', 'dob', 'gender', 'postcode', 'country', 'language', 'timezone'));
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    $policy_uris = isset($_GET['policies']) ? filter_var($_GET['policies'], FILTER_SANITIZE_URL) : NULL;
    $pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
    if ($pape_request) {
        $auth_request->addExtension($pape_request);
    }
    // Redirect the user to the OpenID server for authentication.
    // Store the token for this authentication so we can verify the
    // response.
    // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
    // form to send a POST request to the server.
    if ($auth_request->shouldSendRedirect()) {
        $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
        // If the redirect URL can't be built, display an error
        // message.
        if (Auth_OpenID::isFailure($redirect_url)) {
            //displayError("Could not redirect to server: " . $redirect_url->message);
        } else {
            // Send redirect.
            header('Location: ' . $redirect_url);
            exit;
        }
    } else {
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated;
        // otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            displayError(sprintf(_CORE_OID_REDIRECT_FAILED, $form_html->message));
        } else {
            $page_contents = array("<html><head><title>", _CORE_OID_INPROGRESS, "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>");
            print implode("\n", $page_contents);
        }
    }
}
Example #11
0
 /**
  * @Route("/login", name="progrupa_3dwarehouse_auth_init")
  * @Template
  */
 public function authInitAction(Request $request)
 {
     if ($request->getMethod() == Request::METHOD_POST) {
         $openid = $request->get('sketchup_openid');
         $consumer = new \Auth_OpenID_Consumer(new \Auth_OpenID_FileStore(sys_get_temp_dir()));
         // Begin the OpenID authentication process.
         $auth_request = $consumer->begin($openid);
         // No auth request means we can't begin OpenID.
         if (!$auth_request) {
             return ['error' => "Authentication error; not a valid OpenID."];
         }
         $sreg_request = \Auth_OpenID_SRegRequest::build(['email'], []);
         if ($sreg_request) {
             $auth_request->addExtension($sreg_request);
         }
         $policy_uris = null;
         $pape_request = new \Auth_OpenID_PAPE_Request($policy_uris);
         if ($pape_request) {
             $auth_request->addExtension($pape_request);
         }
         // Redirect the user to the OpenID server for authentication.
         // Store the token for this authentication so we can verify the
         // response.
         // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
         // form to send a POST request to the server.
         if ($auth_request->shouldSendRedirect()) {
             $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
             // If the redirect URL can't be built, display an erro message.
             if (\Auth_OpenID::isFailure($redirect_url)) {
                 return ['error' => "Could not redirect to server: " . $redirect_url->message];
             } else {
                 // Send redirect.
                 return new RedirectResponse($redirect_url);
             }
         } else {
             // Generate form markup and render it.
             $form_id = 'openid_message';
             $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
             // Display an error if the form markup couldn't be generated otherwise, render the HTML.
             if (\Auth_OpenID::isFailure($form_html)) {
                 return ['error' => "Could not redirect to server: " . $form_html->message];
             } else {
                 return new Response($form_html);
             }
         }
     }
     return [];
 }
Example #12
0
function run()
{
    $openid = getOpenIDURL();
    $consumer = getConsumer();
    // Begin the OpenID authentication process.
    $auth_request = $consumer->begin($openid);
    // No auth request means we can't begin OpenID.
    if (!$auth_request) {
        displayError("Authentication error; not a valid OpenID.");
    }
    $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    $policy_uris = $_GET['policies'];
    $pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
    if ($pape_request) {
        $auth_request->addExtension($pape_request);
    }
    // Redirect the user to the OpenID server for authentication.
    // Store the token for this authentication so we can verify the
    // response.
    // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
    // form to send a POST request to the server.
    if ($auth_request->shouldSendRedirect()) {
        $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
        // If the redirect URL can't be built, display an error
        // message.
        if (Auth_OpenID::isFailure($redirect_url)) {
            displayError("Could not redirect to server: " . $redirect_url->message);
        } else {
            // Send redirect.
            header("Location: " . $redirect_url);
        }
    } else {
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated;
        // otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            displayError("Could not redirect to server: " . $form_html->message);
        } else {
            $page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>");
            print implode("\n", $page_contents);
        }
    }
}
Example #13
0
function addSregFields(&$response, $info, $req_url)
{
    $username = getUsernameFromUrl($req_url);
    $user = get_user_by_username($username);
    if ($user) {
        $email = $user->email;
        $fullname = $user->name;
        $sreg_data = array('fullname' => $fullname, 'email' => $email);
        // Add the simple registration response values to the OpenID
        // response message.
        $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
        $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
        //error_log('DEBUG:' . (string)($response->fields));
        $sreg_response->toMessage($response->fields);
    }
}
Example #14
0
 public static function login(Request &$request)
 {
     Pea::begin_loose_syntax();
     require_once 'Auth/OpenID/Consumer.php';
     require_once 'Auth/OpenID/FileStore.php';
     require_once 'Auth/OpenID/SReg.php';
     require_once 'Auth/OpenID/PAPE.php';
     if ($request->in_vars('openid_url') != "" || $request->in_vars('openid_verify')) {
         Log::debug("begin openid auth: " . $request->in_vars('openid_url'));
         // OpenID Auth
         $consumer = new Auth_OpenID_Consumer(new Auth_OpenID_FileStore(work_path('openid')));
         if ($request->is_vars('openid_verify')) {
             $response = $consumer->complete($request->request_url());
             if ($response->status == Auth_OpenID_SUCCESS) {
                 return $response->getDisplayIdentifier();
             }
         } else {
             $auth_request = $consumer->begin($request->in_vars('openid_url'));
             if (!$auth_request) {
                 throw new RuntimeException('invalid openid url');
             }
             $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
             if ($sreg_request) {
                 $auth_request->addExtension($sreg_request);
             }
             if ($auth_request->shouldSendRedirect()) {
                 $redirect_url = $auth_request->redirectURL(url(), $request->request_url(false) . '?openid_verify=true');
                 if (Auth_OpenID::isFailure($redirect_url)) {
                     throw new RuntimeException("Could not redirect to server: {$redirect_url->message}");
                 } else {
                     $request->redirect($redirect_url);
                 }
             } else {
                 $form_html = $auth_request->htmlMarkup(url(), $request->request_url(false) . '?openid_verify=true', false, array('id' => 'openid_message'));
                 if (Auth_OpenID::isFailure($form_html)) {
                     throw new RuntimeException("Could not redirect to server: {$form_html->message}");
                 } else {
                     echo $form_html;
                     exit;
                 }
             }
         }
     }
     Pea::end_loose_syntax();
     return null;
 }
Example #15
0
function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null)
{
    if (!$info) {
        // There is no authentication information, so bail
        return authCancel(null);
    }
    if ($info->idSelect()) {
        if ($idpSelect) {
            $req_url = idURL($idpSelect);
        } else {
            $trusted = false;
        }
    } else {
        $req_url = $info->identity;
    }
    $user = getLoggedInUser();
    setRequestInfo($info);
    if (!$info->idSelect() && $req_url != idURL($user)) {
        return login_render(array(), $req_url, $req_url);
    }
    $trust_root = $info->trust_root;
    if ($trusted) {
        setRequestInfo();
        $server =& getServer();
        $response =& $info->answer(true, null, $req_url);
        // Answer with some sample Simple Registration data.
        $sreg_data = array('fullname' => 'Example User', 'nickname' => 'example', 'dob' => '1970-01-01', 'email' => '*****@*****.**', 'gender' => 'F', 'postcode' => '12345', 'country' => 'ES', 'language' => 'eu', 'timezone' => 'America/New_York');
        // Add the simple registration response values to the OpenID
        // response message.
        $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info);
        $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data);
        $sreg_response->toMessage($response->fields);
        // Generate a response to send to the user agent.
        $webresponse =& $server->encodeResponse($response);
        $new_headers = array();
        foreach ($webresponse->headers as $k => $v) {
            $new_headers[] = $k . ": " . $v;
        }
        return array($new_headers, $webresponse->body);
    } elseif ($fail_cancels) {
        return authCancel($info);
    } else {
        return trust_render($info);
    }
}
Example #16
0
function openid_try($url)
{
    $store = new Auth_OpenID_MySQLStore(theDb());
    $store->createTables();
    $consumer = new Auth_OpenID_Consumer($store);
    $auth_request = $consumer->begin($url);
    if (!$auth_request) {
        $_SESSION["auth_error"] = "Error: not a valid OpenID.";
        header("Location: ./");
    }
    $sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname'));
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    // Attribute Exchange (Google ignores Simple Registration)
    // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
    $ax = new Auth_OpenID_AX_FetchRequest();
    $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'));
    $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'));
    $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'));
    $auth_request->addExtension($ax);
    if ($auth_request->shouldSendRedirect()) {
        $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
        // If the redirect URL can't be built, display an error
        // message.
        if (Auth_OpenID::isFailure($redirect_url)) {
            die("Could not redirect to server: " . $redirect_url->message);
        } else {
            // Send redirect.
            header("Location: " . $redirect_url);
        }
    } else {
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated;
        // otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            displayError("Could not redirect to server: " . $form_html->message);
        } else {
            print $form_html;
        }
    }
}
Example #17
0
function run()
{
    $openid = getOpenIDURL();
    $consumer = getConsumer();
    // Begin the OpenID authentication process.
    $auth_request = $consumer->begin($openid);
    // No auth request means we can't begin OpenID.
    if (!$auth_request) {
        // check for new install, if no, go to index, else goto new-install page
        require_once 'CRM/Core/BAO/UFMatch.php';
        $contactIds = CRM_Core_BAO_UFMatch::getContactIDs();
        if (count($contactIds) > 0) {
            displayError("Authentication error; not a valid OpenID.");
        } else {
            $session =& CRM_Core_Session::singleton();
            $session->set('new_install', true);
            include 'new_install.html';
            exit(1);
        }
    }
    $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    $policy_uris = null;
    if (isset($_REQUEST['policies'])) {
        $policy_uris = $_REQUEST['policies'];
    }
    $pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
    if ($pape_request) {
        $auth_request->addExtension($pape_request);
    }
    $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
    // If the redirect URL can't be built, display an error
    // message.
    if (Auth_OpenID::isFailure($redirect_url)) {
        displayError("Could not redirect to server: " . $redirect_url->message);
    } else {
        // Send redirect.
        header("Location: " . $redirect_url);
        exit(2);
    }
}
Example #18
0
function run_try_auth()
{
    global $authSource;
    $openid = $_GET['openid_url'];
    $consumer = getConsumer();
    // Begin the OpenID authentication process.
    $auth_request = $consumer->begin($openid);
    // No auth request means we can't begin OpenID.
    if (!$auth_request) {
        displayError("Authentication error; not a valid OpenID.");
    }
    $sreg_request = Auth_OpenID_SRegRequest::build($authSource->getRequiredAttributes(), $authSource->getOptionalAttributes());
    if ($sreg_request) {
        $auth_request->addExtension($sreg_request);
    }
    // Redirect the user to the OpenID server for authentication.
    // Store the token for this authentication so we can verify the
    // response.
    // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
    // form to send a POST request to the server.
    if ($auth_request->shouldSendRedirect()) {
        $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo());
        // If the redirect URL can't be built, display an error message.
        if (Auth_OpenID::isFailure($redirect_url)) {
            displayError("Could not redirect to server: " . $redirect_url->message);
        } else {
            header("Location: " . $redirect_url);
            // Send redirect.
        }
    } else {
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->formMarkup(getTrustRoot(), getReturnTo(), FALSE, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated; otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            displayError("Could not redirect to server: " . $form_html->message);
        } else {
            echo '<html><head><title>OpenID transaction in progress</title></head>
            		<body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>';
        }
    }
}
Example #19
0
File: Do.php Project: riaf/pastit 
 /**
  *  login_do action implementation.
  *
  *  @access public
  *  @return string  forward name.
  */
 public function perform()
 {
     require_once 'Auth/OpenID.php';
     require_once "Auth/OpenID/Consumer.php";
     require_once "Auth/OpenID/FileStore.php";
     require_once "Auth/OpenID/SReg.php";
     require_once "Auth/OpenID/PAPE.php";
     $store_path = $this->backend->getController()->getDirectory('tmp') . "/openid_filestore";
     $consumer = new Auth_OpenID_Consumer(new Auth_OpenID_FileStore($store_path));
     $auth_request = $consumer->begin($this->af->get('url'));
     if (!$auth_request) {
         $this->ae->add(null, "OpenID が不正です");
         return 'login';
     }
     $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array());
     if ($sreg_request) {
         $auth_request->addExtension($sreg_request);
     }
     if ($auth_request->shouldSendRedirect()) {
         $redirect_url = $auth_request->redirectURL($this->config->get('url'), $this->config->get('url') . "login_finish");
         // If the redirect URL can't be built, display an error
         // message.
         if (Auth_OpenID::isFailure($redirect_url)) {
             $this->ae->add(null, "Could not redirect to server: " . $redirect_url->message);
             return 'login';
         } else {
             return array('redirect', $redirect_url);
         }
     } else {
         // Generate form markup and render it.
         $form_html = $auth_request->formMarkup($this->config->get('url'), $this->config->get('url') . "login_finish", false, array('id' => 'openid_form'));
         // Display an error if the form markup couldn't be generated;
         // otherwise, render the HTML.
         if (Auth_OpenID::isFailure($form_html)) {
             $this->ae->add(null, "Could not redirect to server: " . $form_html->message);
             return 'login';
         } else {
             return array('login_do', $form_html);
         }
     }
     return 'login_do';
 }
Example #20
0
 private function begin($openid = NULL)
 {
     $store = new Auth_OpenID_FileStore($this->store_path);
     $consumer = new Auth_OpenID_Consumer($store);
     $auth_request = $consumer->begin($openid);
     if (!$auth_request) {
         throw new Exception(__('Authentication error: not a valid OpenID.'));
     }
     $sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname'));
     if ($sreg_request) {
         $auth_request->addExtension($sreg_request);
     }
     $pape_request = new Auth_OpenID_PAPE_Request();
     if ($pape_request) {
         $auth_request->addExtension($pape_request);
     }
     // Build the redirect URL with the return page included
     $redirect_url = URL::site('openid/finish?return_to=' . Arr::get($_REQUEST, 'return_to', ''), TRUE);
     // Redirect the user to the OpenID server for authentication.
     // Store the token for this authentication so we can verify the response.
     // For OpenID 1, send a redirect:
     if ($auth_request->shouldSendRedirect()) {
         $redirect_url = $auth_request->redirectURL(URL::base(TRUE, TRUE), $redirect_url);
         if (Auth_OpenID::isFailure($redirect_url)) {
             throw new Exception(__('Could not redirect to server:') . ' ' . $redirect_url->message);
         }
         $this->request->redirect($redirect_url);
     } else {
         // the OpenID library will return a full html document
         // Auth_OpenID::autoSubmitHTML will wrap the form in body and html tags
         // see: mobules/openid/vendor/Auth/OpenID/Consumer.php
         $form_html = $auth_request->htmlMarkup(URL::base(TRUE, TRUE), $redirect_url, false, array('id' => 'openid_message'));
         // We just want the form HTML, so strip out the form
         $form_html = preg_replace('/^.*<html.*<form/im', '<form', $form_html);
         $form_html = preg_replace('/<\\/body>.*/im', '', $form_html);
         if (Auth_OpenID::isFailure($form_html)) {
             throw new Exception(__('Could not redirect to server:') . ' ' . $form_html->message);
         }
         $this->template->content->form = $form_html;
     }
 }
Example #21
0
 /**
  * Auth login function
  * Redirects to openid provider
  * @param object $username
  * @param object $status
  * @param object $auth
  * @return 
  */
 public function callProvider($username, $status, $auth)
 {
     global $ilCtrl;
     $username = $_POST['oid_username'];
     if (!$this->parseUsername($username, $auth)) {
         return false;
     }
     $consumer = $this->settings->getConsumer();
     $oid_auth = $consumer->begin($username);
     if (!$oid_auth) {
         $auth->status = AUTH_WRONG_LOGIN;
         return false;
     }
     include_once 'Auth/OpenID/SReg.php';
     $sreg_req = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'dob', 'email', 'gender', 'postcode', 'language', 'timezone'));
     if ($sreg_req) {
         $oid_auth->addExtension($sreg_req);
     }
     // TODO: Switch openid v. 1,2
     $url = $oid_auth->redirectURL(ILIAS_HTTP_PATH, $this->settings->getReturnLocation());
     ilUtil::redirect($url);
 }
Example #22
0
 public function getConsumer()
 {
     $store_path = $_ENV["basepath"] . "/app/cache/openid_store";
     if (!file_exists($store_path) && !mkdir($store_path, true)) {
         die("Verzeichnis kann nicht erstellt werden");
     }
     $store = new Auth_OpenID_FileStore($store_path);
     $consumer = new Auth_OpenID_Consumer($store);
     $response = $consumer->complete($_ENV["baseurl"] . "/account/signin?action=login_yahoo");
     if ($response->status == "failure" and $response->endpoint . "" == "") {
         //Authentifizieren
         $auth_request = $consumer->begin("https://me.yahoo.com/");
         if (!$auth_request) {
             die("Authentication error; not a valid OpenID.");
         }
         $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
         $auth_request->addExtension($sreg_request);
         $redirect_url = $auth_request->redirectURL($ENV["baseurl"], $_ENV["baseurl"] . "/account/signin?action=login_yahoo");
         print_r($redirect_url);
     }
     return $consumer;
 }
Example #23
0
 /**
  * Returns null and sets a flash message on all errors.
  **/
 static function beginAuth($openid, $policyUris)
 {
     $consumer = self::getConsumer();
     $auth_request = $consumer->begin($openid);
     if (!$auth_request) {
         FlashMessage::add('Ați introdus un OpenID incorect.');
         return null;
     }
     $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
     if ($sreg_request) {
         $auth_request->addExtension($sreg_request);
     }
     $ax = new Auth_OpenID_AX_FetchRequest();
     $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'));
     $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'));
     $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'));
     $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'));
     $auth_request->addExtension($ax);
     // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript form to send a POST request to the server.
     if ($auth_request->shouldSendRedirect()) {
         $redirect_url = $auth_request->redirectURL(util_getFullServerUrl(), self::getReturnTo());
         if (Auth_OpenID::isFailure($redirect_url)) {
             FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $redirect_url->message);
             return null;
         } else {
             header("Location: {$redirect_url}");
             exit;
         }
     } else {
         $form_html = $auth_request->htmlMarkup(util_getFullServerUrl(), self::getReturnTo(), false, array('id' => 'openid_message'));
         if (Auth_OpenID::isFailure($form_html)) {
             FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $form_html->message);
             return null;
         } else {
             print $form_html;
         }
     }
 }
Example #24
0
 /**
  * Perform first pass through login handler routine
  *
  * @access	private
  * @return	mixed		Boolean on failure else output/redirect
  */
 private function _doFirstPass()
 {
     //-----------------------------------------
     // Do the same cleaning we do when storing url
     //-----------------------------------------
     $url = trim($this->request['openid_url']);
     $url = rtrim($url, "/");
     if (!strpos($url, 'http://') === 0 and !strpos($url, 'https://') === 0) {
         $url = 'http://' . $url;
     }
     if (!IPSText::xssCheckUrl($url)) {
         $this->auth_errors[] = 'bad_url';
         $this->return_code = 'WRONG_AUTH';
         return false;
     }
     $consumer = $this->_getConsumer();
     if (!is_object($consumer)) {
         return false;
     }
     //-----------------------------------------
     // Store some of the input data..
     //-----------------------------------------
     $id = md5(uniqid(mt_rand(), true));
     $this->DB->delete('openid_temp', "fullurl='" . $url . "'");
     $this->DB->insert('openid_temp', array('id' => $id, 'referrer' => $this->request['referer'], 'cookiedate' => intval($this->request['rememberMe']), 'privacy' => intval($this->request['anonymous']), 'fullurl' => $url));
     //-----------------------------------------
     // Set the URLs
     //-----------------------------------------
     $openid = $url;
     if ($this->is_admin_auth) {
         $process_url = $this->settings['base_url'] . 'app=core&module=login&do=login-complete&firstpass=1&myopenid=' . $id;
     } else {
         $process_url = $this->settings['base_url'] . 'app=core&module=global&section=login&do=process&firstpass=1&myopenid=' . $id;
     }
     $trust_root = strpos($this->settings['base_url'], '.php') !== false ? substr($this->settings['base_url'], 0, strpos($this->settings['base_url'], '.php') + 4) : $this->settings['base_url'];
     $policy_url = $this->openid_config['openid_policy'];
     //-----------------------------------------
     // Begin OpenID Auth
     //-----------------------------------------
     $auth_request = $consumer->begin($openid);
     if (!$auth_request) {
         $this->return_code = 'WRONG_OPENID';
         $this->auth_errors[] = 'bad_request';
         return false;
     }
     //-----------------------------------------
     // Set required, optional, policy attribs
     //-----------------------------------------
     $sreg_request = Auth_OpenID_SRegRequest::build(explode(',', $this->openid_config['args_req']), explode(',', $this->openid_config['args_opt']), $policy_url);
     if ($sreg_request) {
         $auth_request->addExtension($sreg_request);
     }
     //-----------------------------------------
     // Redirect user
     //-----------------------------------------
     $redirect_url = $auth_request->redirectURL($trust_root, $process_url);
     if ($this->request['module'] == 'ajax') {
         require_once IPS_KERNEL_PATH . 'classAjax.php';
         $ajax = new classAjax();
         $ajax->returnJsonArray(array('url' => $redirect_url));
     }
     // If the redirect URL can't be built, try HTML inline
     if (!Auth_OpenID::isFailure($redirect_url)) {
         header("Location: " . $redirect_url);
         exit;
     } else {
         $form_id = 'openid_message';
         $form_html = $auth_request->formMarkup($trust_root, $process_url, false, array('id' => $form_id));
         // Display an error if the form markup couldn't be generated;
         if (Auth_OpenID::isFailure($form_html)) {
             $this->return_code = 'WRONG_AUTH';
             $this->auth_errors[] = 'bad_request';
             return false;
         } else {
             $page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>");
             print implode("\n", $page_contents);
             exit;
         }
     }
 }
Example #25
0
 /**
  * Show the "login" page
  *
  * @return string Returns the "login" page as HTML code.
  */
 public function login()
 {
     try {
         if (!defined('OPENSTACKID_ENABLED') || OPENSTACKID_ENABLED == false) {
             return parent::login();
         }
         $member = Member::currentUser();
         if ($member) {
             // user is already logged in
             return $this->redirect(OpenStackIdCommon::getRedirectBackUrl());
         }
         if (!Director::is_https()) {
             OpenStackIdCommon::redirectToSSL($_SERVER['REQUEST_URI']);
         }
         // Begin the OpenID authentication process.
         $auth_request = $this->consumer->begin(IDP_OPENSTACKID_URL);
         //remove jainrain nonce
         unset($auth_request->return_to_args['janrain_nonce']);
         // No auth request means we can't begin OpenID.
         if (!$auth_request) {
             throw new Exception("The OpenID authentication failed.");
         }
         if (Auth_OpenID_supportsSReg($auth_request->endpoint)) {
             //SREG
             $sreg_request = Auth_OpenID_SRegRequest::build(array('email', 'fullname'), array('country', 'language'));
             if ($sreg_request) {
                 $auth_request->addExtension($sreg_request);
             }
         } else {
             //AX
             // Create attribute request object
             // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters
             // Usage: make($type_uri, $count=1, $required=false, $alias=null)
             $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email');
             $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname');
             $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname');
             $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname');
             // Create AX fetch request
             $ax = new Auth_OpenID_AX_FetchRequest();
             // Add attributes to AX fetch request
             foreach ($attribute as $attr) {
                 $ax->add($attr);
             }
             // Add AX fetch request to authentication request
             $auth_request->addExtension($ax);
         }
         //Redirect the user to the OpenID server for authentication .
         // Store the token for this authentication so we can verify the
         // response.
         // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript
         // form to send a POST request to the server.
         if ($auth_request->shouldSendRedirect()) {
             $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo());
             // If the redirect URL can't be built, display an error
             // message.
             if (Auth_OpenID::isFailure($redirect_url)) {
                 echo "Could not redirect to server: " . $redirect_url->message;
             } else {
                 // Send redirect.
                 header("Location: " . $redirect_url);
             }
         } else {
             // Generate form markup and render it.
             $form_id = 'openid_message';
             $form_html = $auth_request->htmlMarkup(OpenStackIdCommon::getTrustRoot(), OpenStackIdCommon::getReturnTo(), false, array('id' => $form_id));
             // Display an error if the form markup couldn't be generated;
             // otherwise, render the HTML.
             if (Auth_OpenID::isFailure($form_html)) {
                 echo "Could not redirect to server: " . $form_html->message;
             } else {
                 print $form_html;
             }
         }
         exit;
     } catch (Exception $ex) {
         SS_Log::log($ex, SS_Log::WARN);
         Session::set("Security.Message.message", $ex->getMessage());
         Session::set("Security.Message.type", "bad");
         return $this->redirect("Security/badlogin");
     }
 }
Example #26
0
function attach_sreg()
{
    //create simple registration request
    $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
    //return sreg request
    return $sreg_request;
}
Example #27
0
 /**
  * Returns URL to which user can be directed for 
  * authentication via CS50 ID.
  *
  * @param trust_root  URL that CS50 ID should prompt user to trust
  * @param return_to   URL to which CS50 ID should return user
  * @param fields      Simple Registration fields to request from CS50 ID
  * @param attributes  Attribute Exchange attributes to request from CS50 ID
  *
  * @return URL for CS50 ID
  */
 public static function getLoginUrl($trust_root, $return_to, $fields = ["email", "fullname"], $attributes = [])
 {
     // ignore Janrain's use of deprecated functions
     $error_reporting = error_reporting();
     error_reporting($error_reporting & ~E_DEPRECATED);
     // load Janrain's libary
     set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . DIRECTORY_SEPARATOR . "share" . DIRECTORY_SEPARATOR . "php-openid-2.3.0");
     require_once "Auth/OpenID/AX.php";
     require_once "Auth/OpenID/Consumer.php";
     require_once "Auth/OpenID/FileStore.php";
     require_once "Auth/OpenID/SReg.php";
     // ensure $_SESSION exists for Yadis
     @session_start();
     // prepare filesystem-based store
     $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . md5($return_to);
     @mkdir($path, 0700);
     if (!is_dir($path)) {
         trigger_error("Could not create {$path}", E_USER_ERROR);
     }
     if (!is_readable($path)) {
         trigger_error("Could not read from {$path}", E_USER_ERROR);
     }
     if (!is_writable($path)) {
         trigger_error("Could not write to {$path}", E_USER_ERROR);
     }
     $store = new Auth_OpenID_FileStore($path);
     // prepare request
     $consumer = new Auth_OpenID_Consumer($store);
     $auth_request = $consumer->begin("https://id.cs50.net/");
     // request Simple Registration fields
     if (is_array($fields) && count($fields) > 0) {
         $sreg_request = Auth_OpenID_SRegRequest::build(null, $fields);
         $auth_request->addExtension($sreg_request);
     }
     // request Attribute Exchange attributes
     if (is_array($attributes) && count($attributes) > 0) {
         $ax_request = new Auth_OpenID_AX_FetchRequest();
         foreach ($attributes as $attribute) {
             $ax_request->add(Auth_OpenID_AX_AttrInfo::make($attribute, 1, false));
         }
         $auth_request->addExtension($ax_request);
     }
     // generate URL for redirection
     $redirect_url = $auth_request->redirectURL($trust_root, $return_to);
     // restore error_reporting
     error_reporting($error_reporting);
     // return URL unless error
     if (Auth_OpenID::isFailure($redirect_url)) {
         trigger_error($redirect_url->message);
         return false;
     } else {
         return $redirect_url;
     }
 }
Example #28
0
    /**
     * Send an authentication request to the OpenID provider.
     *
     * @param array &$state  The state array.
     * @param string $openid  The OpenID we should try to authenticate with.
     */
    public function doAuth(array &$state, $openid)
    {
        assert('is_string($openid)');
        $stateId = SimpleSAML_Auth_State::saveState($state, 'openid:auth');
        $consumer = $this->getConsumer($state);
        // Begin the OpenID authentication process.
        $auth_request = $consumer->begin($openid);
        // No auth request means we can't begin OpenID.
        if (!$auth_request) {
            throw new SimpleSAML_Error_BadRequest('Not a valid OpenID: ' . var_export($openid, TRUE));
        }
        $sreg_request = Auth_OpenID_SRegRequest::build($this->requiredAttributes, $this->optionalAttributes);
        if ($sreg_request) {
            $auth_request->addExtension($sreg_request);
        }
        // Create attribute request object
        $ax_attribute = array();
        foreach ($this->requiredAXAttributes as $attr) {
            $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, true);
        }
        foreach ($this->optionalAXAttributes as $attr) {
            $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, false);
        }
        if (count($ax_attribute) > 0) {
            // Create AX fetch request
            $ax_request = new Auth_OpenID_AX_FetchRequest();
            // Add attributes to AX fetch request
            foreach ($ax_attribute as $attr) {
                $ax_request->add($attr);
            }
            // Add AX fetch request to authentication request
            $auth_request->addExtension($ax_request);
        }
        foreach ($this->extensionArgs as $ext_ns => $ext_arg) {
            if (is_array($ext_arg)) {
                foreach ($ext_arg as $ext_key => $ext_value) {
                    $auth_request->addExtensionArg($ext_ns, $ext_key, $ext_value);
                }
            }
        }
        // Redirect the user to the OpenID server for authentication.
        // Store the token for this authentication so we can verify the
        // response.
        // For OpenID 1, send a redirect.  For OpenID 2, use a Javascript form
        // to send a POST request to the server or use redirect if
        // prefer_http_redirect is enabled and redirect URL size
        // is less than 2049
        $should_send_redirect = $auth_request->shouldSendRedirect();
        if ($this->preferHttpRedirect || $should_send_redirect) {
            $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId));
            // If the redirect URL can't be built, display an error message.
            if (Auth_OpenID::isFailure($redirect_url)) {
                throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($redirect_url->message, TRUE));
            }
            // For OpenID 2 failover to POST if redirect URL is longer than 2048
            if ($should_send_redirect || strlen($redirect_url) <= 2048) {
                SimpleSAML_Utilities::redirectTrustedURL($redirect_url);
                assert('FALSE');
            }
        }
        // Generate form markup and render it.
        $form_id = 'openid_message';
        $form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id));
        // Display an error if the form markup couldn't be generated; otherwise, render the HTML.
        if (Auth_OpenID::isFailure($form_html)) {
            throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($form_html->message, TRUE));
        } else {
            echo '<html><head><title>OpenID transaction in progress</title></head>
				<body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>';
            exit;
        }
    }
Example #29
0
session_start();
define('Auth_OpenID_RAND_SOURCE', null);
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
require_once "Auth/OpenID/SReg.php";
// got an open id submitted, send it off to be verified.
if (isset($_POST['openid'])) {
    $openid = $_POST['openid'];
    $consumer = getConsumer($POD);
    // Begin the OpenID authentication process.
    $auth_request = $consumer->begin($openid);
    // No auth request means we can't begin OpenID.
    if (!$auth_request) {
        $POD->addMessage("Authentication error; not a valid OpenID.");
    } else {
        $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email'));
        if ($sreg_request) {
            $auth_request->addExtension($sreg_request);
        }
        if ($auth_request->shouldSendRedirect()) {
            $redirect_url = $auth_request->redirectURL($POD->siteRoot(false) . '/openid', $POD->siteRoot(false) . '/openid?mode=verify');
            // If the redirect URL can't be built, display an error
            // message.
            if (Auth_OpenID::isFailure($redirect_url)) {
                $POD->addMessage("Could not redirect to server: " . $redirect_url->message);
            } else {
                // Send redirect.
                header("Location: " . $redirect_url);
                exit;
            }
        } else {
Example #30
0
 function start_login($claimed_url, $return_to, $action, $arguments)
 {
     if (empty($claimed_url)) {
         return;
     }
     // do nothing.
     if (!$this->late_bind()) {
         return;
     }
     // something is broken
     if (null !== $openid_auth_request) {
         $auth_request = $openid_auth_request;
     } else {
         set_error_handler(array($this, 'customer_error_handler'));
         $consumer = $this->getConsumer();
         $auth_request = $consumer->begin($claimed_url);
         restore_error_handler();
     }
     if (null === $auth_request) {
         $this->error = 'Could not discover an OpenID identity server endpoint at the url: ' . htmlentities($claimed_url);
         if (strpos($claimed_url, '@')) {
             $this->error .= '<br/>The address you specified had an @ sign in it, but OpenID ' . 'Identities are not email addresses, and should probably not contain an @ sign.';
         }
         $this->core->log->debug('OpenIDConsumer: ' . $this->error);
         return;
     }
     $this->core->log->debug('OpenIDConsumer: Is an OpenID url. Starting redirect.');
     // build return_to URL
     $return_to = get_option('siteurl') . $return_to . "?action={$action}";
     if (is_array($arguments) && !empty($arguments)) {
         foreach ($arguments as $k => $v) {
             if ($k && $v) {
                 $return_to .= sprintf('&%s=%s', urlencode($k), urlencode($v));
             }
         }
     }
     /* If we've never heard of this url before, do attribute query */
     if ($this->store->get_user_by_identity($auth_request->endpoint->identity_url) == NULL) {
         $attribute_query = true;
     }
     if ($attribute_query) {
         // SREG
         $sreg_request = Auth_OpenID_SRegRequest::build(array(), array('nickname', 'email', 'fullname'));
         if ($sreg_request) {
             $auth_request->addExtension($sreg_request);
         }
         // AX
     }
     $_SESSION['oid_return_to'] = $return_to;
     $this->doRedirect($auth_request, get_option('home'), $return_to);
     exit(0);
 }