/** * testing forAll * */ public function testForAll() { $params = array(); $this->assertTrue(Zend_OpenId_Extension::forAll(null, 'getTrustData', $params)); $this->assertSame(array(), $params); $params = array(); $this->assertTrue(Zend_OpenId_Extension::forAll(array(), 'getTrustData', $params)); $this->assertSame(array(), $params); $params = array(); $this->assertFalse(Zend_OpenId_Extension::forAll(array(1), 'getTrustData', $params)); $params = array(); $this->assertFalse(Zend_OpenId_Extension::forAll(new stdClass(), 'getTrustData', $params)); $ext = new Zend_OpenId_Extension_Sreg(); $params = array(); $this->assertTrue(Zend_OpenId_Extension::forAll($ext, 'getTrustData', $params)); $this->assertSame(array('Zend_OpenId_Extension_Sreg' => array()), $params); $ext = new Zend_OpenId_Extension_Sreg(); $params = array(); $this->assertTrue(Zend_OpenId_Extension::forAll(array($ext), 'getTrustData', $params)); $this->assertSame(array('Zend_OpenId_Extension_Sreg' => array()), $params); $ext = new Zend_OpenId_Extension_Helper(); $params = array(); $this->assertTrue(Zend_OpenId_Extension::forAll(array($ext), 'getTrustData', $params)); $this->assertSame(array(), $params); $this->assertFalse(Zend_OpenId_Extension::forAll(array($ext), 'wrong', $params)); $this->assertSame(array(), $params); }
/** * Performs check of OpenID identity. * * This is the first step of OpenID authentication process. * On success the function does not return (it does HTTP redirection to * server and exits). On failure it returns false. * * @param bool $immediate enables or disables interaction with user * @param string $id OpenID identity * @param string $returnTo HTTP URL to redirect response from server to * @param string $root HTTP URL to identify consumer on server * @param mixed $extensions extension object or array of extensions objects * @param Zend_Controller_Response_Abstract $response an optional response * object to perform HTTP or HTML form redirection * @return bool */ protected function _checkId($immediate, $id, $returnTo = null, $root = null, $extensions = null, Zend_Controller_Response_Abstract $response = null) { $this->_setError(''); if (!Zend_OpenId::normalize($id)) { $this->_setError("Normalisation failed"); return false; } $claimedId = $id; if (!$this->_discovery($id, $server, $version)) { $this->_setError("Discovery failed: " . $this->getError()); return false; } if (!$this->_associate($server, $version)) { $this->_setError("Association failed: " . $this->getError()); return false; } if (!$this->_getAssociation($server, $handle, $macFunc, $secret, $expires)) { /* Use dumb mode */ unset($handle); unset($macFunc); unset($secret); unset($expires); } $params = array(); if ($version >= 2.0) { $params['openid.ns'] = Zend_OpenId::NS_2_0; } $params['openid.mode'] = $immediate ? 'checkid_immediate' : 'checkid_setup'; $params['openid.identity'] = $id; $params['openid.claimed_id'] = $claimedId; if ($version <= 2.0) { if ($this->_session !== null) { $this->_session->identity = $id; $this->_session->claimed_id = $claimedId; } else { if (defined('SID')) { $_SESSION["zend_openid"] = array("identity" => $id, "claimed_id" => $claimedId); } else { require_once "Zend/Session/Namespace.php"; $this->_session = new Zend_Session_Namespace("zend_openid"); $this->_session->identity = $id; $this->_session->claimed_id = $claimedId; } } } if (isset($handle)) { $params['openid.assoc_handle'] = $handle; } $params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo); if (empty($root)) { $root = Zend_OpenId::selfUrl(); if ($root[strlen($root) - 1] != '/') { $root = dirname($root); } } if ($version >= 2.0) { $params['openid.realm'] = $root; } else { $params['openid.trust_root'] = $root; } if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) { $this->_setError("Extension::prepareRequest failure"); return false; } Zend_OpenId::redirect($server, $params, $response); return true; }
/** * Perepares information to send back to consumer's authentication request * and signs it using shared secret. * * @param float $version OpenID protcol version * @param array $ret arguments to be send back to consumer * @param array $params GET or POST request variables * @param mixed $extensions extension object or array of extensions objects * @return array */ protected function _respond($version, $ret, $params, $extensions = null) { if (empty($params['openid_assoc_handle']) || !$this->_storage->getAssociation($params['openid_assoc_handle'], $macFunc, $secret, $expires)) { /* Use dumb mode */ if (!empty($params['openid_assoc_handle'])) { $ret['openid.invalidate_handle'] = $params['openid_assoc_handle']; } $macFunc = $version >= 2.0 ? 'sha256' : 'sha1'; $secret = $this->_genSecret($macFunc); $handle = uniqid(); $expiresIn = $this->_sessionTtl; $this->_storage->addAssociation($handle, $macFunc, $secret, time() + $expiresIn); $ret['openid.assoc_handle'] = $handle; } else { $ret['openid.assoc_handle'] = $params['openid_assoc_handle']; } if (isset($params['openid_return_to'])) { $ret['openid.return_to'] = $params['openid_return_to']; } if (isset($params['openid_claimed_id'])) { $ret['openid.claimed_id'] = $params['openid_claimed_id']; } if (isset($params['openid_identity'])) { $ret['openid.identity'] = $params['openid_identity']; } if ($version >= 2.0) { if (!empty($this->_opEndpoint)) { $ret['openid.op_endpoint'] = $this->_opEndpoint; } else { $ret['openid.op_endpoint'] = Zend_OpenId::selfUrl(); } } $ret['openid.response_nonce'] = gmdate('Y-m-d\\TH:i:s\\Z') . uniqid(); $ret['openid.mode'] = 'id_res'; Zend_OpenId_Extension::forAll($extensions, 'prepareResponse', $ret); $signed = ''; $data = ''; foreach ($ret as $key => $val) { if (strpos($key, 'openid.') === 0) { $key = substr($key, strlen('openid.')); if (!empty($signed)) { $signed .= ','; } $signed .= $key; $data .= $key . ':' . $val . "\n"; } } $signed .= ',signed'; $data .= 'signed:' . $signed . "\n"; $ret['openid.signed'] = $signed; $ret['openid.sig'] = base64_encode(Zend_OpenId::hashHmac($macFunc, $data, $secret)); return $ret; }
/** * Performs check of OpenID identity. * * This is the first step of OpenID authentication process. * On success the function does not return (it does HTTP redirection to * server and exits). On failure it returns false. * * @param bool $immediate enables or disables interaction with user * @param string $id OpenID identity * @param string $returnTo HTTP URL to redirect response from server to * @param string $root HTTP URL to identify consumer on server * @param mixed $extensions extension object or array of extensions objects * @param Zend_Controller_Response_Abstract $response an optional response * object to perform HTTP or HTML form redirection * @return bool */ protected function _checkId($immediate, $id, $returnTo = null, $root = null, $extensions = null, Zend_Controller_Response_Abstract $response = null) { if (!Zend_OpenId::normalize($id)) { return false; } $claimedId = $id; if (!$this->_discovery($id, $server, $version)) { return false; } if (!$this->_associate($server, $version)) { return false; } if (!$this->_getAssociation($server, $handle, $macFunc, $secret, $expires)) { /* Use dumb mode */ unset($handle); unset($macFunc); unset($secret); unset($expires); } $params = array(); if ($version >= 2.0) { $params['openid.ns'] = Zend_OpenId::NS_2_0; } $params['openid.mode'] = $immediate ? 'checkid_immediate' : 'checkid_setup'; $params['openid.identity'] = $id; $params['openid.claimed_id'] = $claimedId; if (isset($handle)) { $params['openid.assoc_handle'] = $handle; } $params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo); if (empty($root)) { $root = dirname(Zend_OpenId::selfUrl()); } if ($version >= 2.0) { $params['openid.realm'] = $root; } else { $params['openid.trust_root'] = $root; } if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) { return false; } Zend_OpenId::redirect($server, $params, $response); return true; }
/** * Performs check of OpenID identity. * * This is the first step of OpenID authentication process. * On success the function does not return (it does HTTP redirection to * server and exits). On failure it returns false. * * @param bool $immediate enables or disables interaction with user * @param string $id OpenID identity * @param string $returnTo HTTP URL to redirect response from server to * @param string $root HTTP URL to identify consumer on server * @param mixed $extensions extension object or array of extensions objects * @param Zend_Controller_Response_Abstract $response an optional response * object to perform HTTP or HTML form redirection * @return bool */ protected function _checkId($immediate, $id, $returnTo = null, $root = null, $extensions = null, Zend_Controller_Response_Abstract $response = null) { $this->_setError(''); if (!Zend_OpenId::normalize($id)) { $this->_setError("Normalisation failed"); return false; } $claimedId = $id; if (!$this->_discovery($id, $server, $version)) { $this->_setError("Discovery failed: " . $this->getError()); return false; } if (!$this->_associate($server, $version)) { $this->_setError("Association failed: " . $this->getError()); return false; } if (!$this->_getAssociation($server, $handle, $macFunc, $secret, $expires)) { /* Use dumb mode */ unset($handle); unset($macFunc); unset($secret); unset($expires); } $params = array(); if ($version >= 2.0) { $params['openid.ns'] = Zend_OpenId::NS_2_0; } $params['openid.mode'] = $immediate ? 'checkid_immediate' : 'checkid_setup'; $params['openid.identity'] = $id; $params['openid.claimed_id'] = $claimedId; if ($version <= 2.0) { if ($this->_session !== null) { $this->_session->identity = $id; $this->_session->claimed_id = $claimedId; if ($server == 'https://www.google.com/accounts/o8/ud') { $params['openid.identity'] = 'http://specs.openid.net/auth/2.0/identifier_select'; $params['openid.claimed_id'] = 'http://specs.openid.net/auth/2.0/identifier_select'; $params['openid.ns.ax'] = 'http://openid.net/srv/ax/1.0'; $params['openid.ax.mode'] = 'fetch_request'; $params['openid.ax.type.email'] = 'http://axschema.org/contact/email'; $params['openid.ax.type.country'] = 'http://axschema.org/contact/country/home'; $params['openid.ax.type.firstname'] = 'http://axschema.org/namePerson/first'; $params['openid.ax.type.lastname'] = 'http://axschema.org/namePerson/last'; $params['openid.ax.type.language'] = 'http://axschema.org/pref/language'; $params['openid.ax.required'] = 'country,firstname,email,language,lastname'; } } else { if (defined('SID')) { $_SESSION["zend_openid"] = array("identity" => $id, "claimed_id" => $claimedId); } else { require_once "Zend/Session/Namespace.php"; $this->_session = new Zend_Session_Namespace("zend_openid"); $this->_session->identity = $id; $this->_session->claimed_id = $claimedId; } } } if (isset($handle)) { $params['openid.assoc_handle'] = $handle; } $params['openid.return_to'] = Zend_OpenId::absoluteUrl($returnTo); if (empty($root)) { $root = Zend_OpenId::selfUrl(); if ($root[strlen($root) - 1] != '/') { $root = dirname($root); } } if ($version >= 2.0) { $params['openid.realm'] = $root; } else { $params['openid.trust_root'] = $root; } if (!Zend_OpenId_Extension::forAll($extensions, 'prepareRequest', $params)) { $this->_setError("Extension::prepareRequest failure"); return false; } Zend_OpenId::redirect($server, $params, $response); return true; }