Example #1
0
 function checkid($req)
 {
     // This function does the logic for the checkid functions.
     // Since the only difference in behavior between them is how
     // authentication errors are handled, this does all logic for
     // dealing with successful authentication, and raises an
     // exception for its caller to handle on a failed authentication.
     $tr = TrustRoot::parse($req->get('trust_root'));
     if (!$tr) {
         //raise ProtocolError('Malformed trust_root: %s' % req.trust_root)
         $error = sprintf('Malformed trust_root: %s', $req->get('trust_root'));
         return OpenIDServer::_error_page($error);
     }
     if (!$tr->isSane()) {
         // raise ProtocolError('trust_root %r makes no sense' % req.trust_root)
         $error = sprintf('trust_root %s makes no sense', $req->get('trust_root'));
         return OpenIDServer::_error_page($error);
     }
     if (!$tr->validateURL($req->get('return_to'))) {
         //    raise ProtocolError('url(%s) not valid against trust_root(%s)' % (
         //        req.return_to, req.trust_root))
         $error = sprintf('url(%s) not valid against trust_root(%s)', $req->get('return_to'), $req->get('trust_root'));
         return OpenIDServer::_error_page($error);
     }
     if (!$this->is_valid($req)) {
         // raise AuthenticationError
         return _oid_authentication_error;
     }
     $reply = array('openid.mode' => 'id_res', 'openid.return_to' => $req->get('return_to'), 'openid.identity' => $req->get('identity'));
     $assoc_handle = $req->get('assoc_handle');
     if ($assoc_handle) {
         $assoc = $this->estore->lookup($assoc_handle, 'HMAC-SHA1');
         // fall back to dumb mode if assoc_handle not found,
         // and send the consumer an invalidate_handle message
         if (!$assoc || $assoc->get_expires_in() <= 0) {
             if ($assoc && $assoc->get_expires_in() <= 0) {
                 $this->estore->remove($assoc->handle);
             }
             $assoc = $this->istore->get('HMAC-SHA1');
             $reply['openid.invalidate_handle'] = $assoc_handle;
         }
     } else {
         $assoc = $this->istore->get('HMAC-SHA1');
     }
     $reply['openid.assoc_handle'] = $assoc->handle;
     $_signed_fields = array('mode', 'identity', 'return_to');
     list($signed, $sig) = oidUtil::sign_reply($reply, $assoc->secret, $_signed_fields);
     $reply['openid.signed'] = $signed;
     $reply['openid.sig'] = $sig;
     return redirect(oidUtil::append_args($req->get('return_to'), $reply));
 }
Example #2
0
 function checkURL($trust_root, $url)
 {
     // quick func for validating a url against a trust root.  See the
     // TrustRoot class if you need more control.
     $tr = TrustRoot::parse($trust_root, true);
     return $tr && $tr->validateURL($url);
 }