/**
* @param OpenIdResponse $response
* @return IHttpResponseStrategy
* @throws \Exception
*/
public static function buildStrategy(OpenIdResponse $response)
{
$type = $response->getType();
switch ($type) {
case OpenIdIndirectResponse::OpenIdIndirectResponse:
return ServiceLocator::getInstance()->getService(OpenIdIndirectResponse::OpenIdIndirectResponse);
break;
case OpenIdDirectResponse::OpenIdDirectResponse:
return ServiceLocator::getInstance()->getService(OpenIdDirectResponse::OpenIdDirectResponse);
break;
default:
throw new \Exception("Invalid OpenId response Type");
break;
}
}
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
{
try {
$simple_reg_request = new OpenIdSREGRequest($request->getMessage());
if (!$simple_reg_request->isValid()) {
return;
}
$response->addParam(self::paramNamespace(), self::NamespaceUrl);
$attributes = $simple_reg_request->getRequiredAttributes();
$opt_attributes = $simple_reg_request->getOptionalAttributes();
$attributes = array_merge($attributes, $opt_attributes);
$user = $this->auth_service->getCurrentUser();
foreach ($attributes as $attr => $value) {
$context->addSignParam(self::param($attr));
if ($attr == self::Email) {
$response->addParam(self::param($attr), $user->getEmail());
}
if ($attr == self::Country) {
$response->addParam(self::param($attr), $user->getCountry());
}
if ($attr == self::Nickname || $attr == self::FullName) {
$response->addParam(self::param($attr), $user->getFullName());
}
if ($attr == self::Language) {
$response->addParam(self::param($attr), $user->getLanguage());
}
}
} catch (Exception $ex) {
$this->log_service->error($ex);
}
}
public function __construct()
{
// Successful Responses: A server receiving a valid request MUST send a
// response with an HTTP status code of 200.
parent::__construct(self::HttpOkResponse, self::IndirectResponseContentType);
/*
* This particular value MUST be present for the response to be a valid OpenID 2.0
* response. Future versions of the specification may define different values in order
* to allow message recipients to properly interpret the request.
*/
$this[OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS)] = OpenIdProtocol::OpenID2MessageType;
}
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
{
try {
$ax_request = new OpenIdAXRequest($request->getMessage());
if (!$ax_request->isValid()) {
return;
}
$response->addParam(self::paramNamespace(), self::NamespaceUrl);
$response->addParam(self::param(self::Mode), self::FetchResponse);
$context->addSignParam(self::param(self::Mode));
$attributes = $ax_request->getRequiredAttributes();
$user = $this->auth_service->getCurrentUser();
foreach ($attributes as $attr) {
$response->addParam(self::param(self::Type) . "." . $attr, self::$available_properties[$attr]);
$context->addSignParam(self::param(self::Type) . "." . $attr);
$context->addSignParam(self::param(self::Value) . "." . $attr);
if ($attr == "email") {
$response->addParam(self::param(self::Value) . "." . $attr, $user->getEmail());
}
if ($attr == "country") {
$response->addParam(self::param(self::Value) . "." . $attr, $user->getCountry());
}
if ($attr == "firstname") {
$response->addParam(self::param(self::Value) . "." . $attr, $user->getFirstName());
}
if ($attr == "lastname") {
$response->addParam(self::param(self::Value) . "." . $attr, $user->getLastName());
}
if ($attr == "language") {
$response->addParam(self::param(self::Value) . "." . $attr, $user->getLanguage());
}
}
} catch (Exception $ex) {
$this->log_service->error($ex);
}
}
/**
* @param OpenIdRequest $request
* @param OpenIdResponse $response
* @param ResponseContext $context
* @return mixed|void
*/
public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context)
{
try {
$oauth2_request = new OpenIdOAuth2Request($request->getMessage());
if (!$oauth2_request->isValid()) {
return;
}
//get auth code
$oauth2_msg = new OAuth2Message(array(OAuth2Protocol::OAuth2Protocol_ClientId => $oauth2_request->getClientId(), OAuth2Protocol::OAuth2Protocol_Scope => $oauth2_request->getScope(), OAuth2Protocol::OAuth2Protocol_RedirectUri => $request->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo), OAuth2Protocol::OAuth2Protocol_State => $oauth2_request->getState(), OAuth2Protocol::OAuth2Protocol_Approval_Prompt => $oauth2_request->getApprovalPrompt(), OAuth2Protocol::OAuth2Protocol_AccessType => $oauth2_request->getAccessType(), OAuth2Protocol::OAuth2Protocol_ResponseType => OAuth2Protocol::OAuth2Protocol_ResponseType_Code));
// do oauth2 Authorization Code Grant 1st step (get auth code to exchange for an access token)
// http://tools.ietf.org/html/rfc6749#section-4.1
$oauth2_response = $this->oauth2_protocol->authorize(new OAuth2AuthorizationRequest($oauth2_msg));
if (get_class($oauth2_response) == 'oauth2\\responses\\OAuth2AuthorizationResponse') {
//add namespace
$response->addParam(self::paramNamespace(), self::NamespaceUrl);
$context->addSignParam(self::paramNamespace());
//add auth code
$response->addParam(self::param(self::RequestToken), $oauth2_response->getAuthCode());
$context->addSignParam(self::param(self::RequestToken));
//add requested scope
$response->addParam(self::param(self::Scope), $oauth2_response->getScope());
$context->addSignParam(self::param(self::Scope));
//add state
$response->addParam(self::param(self::State), $oauth2_request->getState());
$context->addSignParam(self::param(self::State));
}
} catch (Exception $ex) {
$this->log_service->error($ex);
$this->checkpoint_service->trackException($ex);
//http://step2.googlecode.com/svn/spec/openid_oauth_extension/latest/openid_oauth_extension.html#AuthResp
/*
* To note that the OAuth Authorization was declined or not valid, the Combined Provider SHALL only
* respond with the parameter "openid.ns.oauth".
*/
//add namespace
$response->addParam(self::paramNamespace(), self::NamespaceUrl);
$context->addSignParam(self::paramNamespace());
}
}
