protected function getOpenidProvider($identity) { $pos = strpos($identity, '@'); $provider = substr($identity, $pos + 1); // we check whether the email provider is an known openid porivder // make webfinger request // @todo we should probably add here an request cache for // the lrdd template $webfinger = new \PSX\Webfinger($this->http); $url = new Url('http://' . $provider); $template = $webfinger->getLrddTemplate($url); // get acct xrd $acct = 'acct:' . $identity; $xrd = $webfinger->getLrdd($acct, $template); // check subject if (strcmp($xrd->getSubject(), $acct) !== 0) { throw new Exception('Invalid subject'); } // find openid profile url $profileUrl = $xrd->getLinkHref('http://specs.openid.net/auth/2.0/provider'); if (!empty($profileUrl)) { // initalize openid $openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store); $openid->initialize($profileUrl, $callback); return $openid; } return false; }
/** * If $identity is an url we assume that this is an openid url and try to * discover the provider. If $identity is an email address we look first at * the provider and check whether it is also an OpenID provider in any other * case we return false * * @param string $identity * @return false|PSX_OpenId_ProviderInterface */ protected function getOpenidProvider($identity) { // add http prefix if its not an email if (strpos($identity, '@') === false && substr($identity, 0, 7) != 'http://' && substr($identity, 0, 8) != 'https://') { $identity = 'http://' . $identity; } // build callback $callback = $this->pageUrl . '/callback/openid'; $openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store); $openid->initialize($identity, $callback); return $openid; }
public function callback() { // initialize openid $openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store); if ($openid->verify() === true) { $identity = $openid->getIdentifier(); if (!empty($identity)) { // check whether user is already registered $data = $openid->getData(); $con = new Condition(array('identity', '=', sha1($this->config['amun_salt'] . $openid->getIdentifier()))); $userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con); if (empty($userId)) { // user doesnt exist so register a new user check whether // registration is enabled if (!$this->registry['login.registration_enabled']) { throw new Exception('Registration is disabled'); } $hostId = $this->session->get('openid_register_user_host_id'); $globalId = $this->session->get('openid_register_user_global_id'); if (empty($hostId)) { throw new Exception('No host id provided'); } if (empty($globalId)) { throw new Exception('No global id provided'); } // get data for account $acc = $this->getAccountData($data); if (empty($acc)) { throw new Exception('No user informations provided'); } if (empty($acc['name'])) { throw new Exception('No username provided'); } $name = $this->normalizeName($acc['name']); // create user account $security = new Security($this->registry); $handler = $this->hm->getHandler('AmunService\\User\\Account', $this->user); $account = $handler->getRecord(); $account->setGlobalId($globalId); $account->setGroupId($this->registry['core.default_user_group']); $account->setHostId($hostId); $account->setStatus(Account\Record::REMOTE); $account->setIdentity($identity); $account->setName($name); $account->setPw($security->generatePw()); $account->setGender($acc['gender']); $account->setTimezone($acc['timezone']); $account = $handler->create($account); $userId = $account->id; // if the id is not set the account was probably added to // the approval table if (!empty($userId)) { $this->setUserId($userId); } else { throw new Exception('Could not create account'); } } else { $this->setUserId($userId); } // redirect header('Location: ' . $this->config['psx_url']); exit; } else { throw new Exception('Invalid identity'); } } else { throw new Exception('Authentication failed'); } }