protected function isOpenidProvider($identity)
{
// add http prefix if its not an email
if (strpos($identity, '@') === false && substr($identity, 0, 7) != 'http://' && substr($identity, 0, 8) != 'https://') {
$identity = 'http://' . $identity;
}
// build callback
$callback = $this->pageUrl . '/callback/remote';
// create an openid object
$openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store);
// check whether identity is an url if not it is an email
$filter = new Filter\Url();
if ($filter->apply($identity) === false) {
$pos = strpos($identity, '@');
$provider = substr($identity, $pos + 1);
// check whether the provider belongs to an connected website. If
// yes we also try to get an token and tokenSecret for the user
$host = $this->hm->getTable('AmunService\\Core\\Host')->select(array('id', 'consumerKey', 'url', 'template'))->where('name', '=', $provider)->where('status', '=', Host\Record::NORMAL)->getRow();
if (!empty($host)) {
// make webfinger request
$webfinger = new Webfinger($this->http);
$acct = 'acct:' . $identity;
$xrd = $webfinger->getLrdd($acct, $host['template']);
// check subject
if (strcmp($xrd->getSubject(), $acct) !== 0) {
throw new Exception('Invalid subject');
}
// get profile url
$profileUrl = $xrd->getLinkHref('profile');
if (empty($profileUrl)) {
throw new Exception('Could not find profile');
}
// get global id
$globalId = $xrd->getPropertyValue('http://ns.amun-project.org/2011/meta/id');
// initalize openid
$openid->initialize($profileUrl, $callback);
// if the provider is connected with the website and supports
// the oauth extension request an token
$identity = sha1($this->config['amun_salt'] . OpenId::normalizeIdentifier($profileUrl));
$con = new Condition(array('identity', '=', $identity));
$userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con);
$oauth = false;
if (!empty($userId)) {
$con = new Condition();
$con->add('hostId', '=', $host['id']);
$con->add('userId', '=', $userId);
$requestId = $this->hm->getTable('AmunService\\Core\\Host\\Request')->getField('id', $con);
if (empty($requestId)) {
$oauth = true;
}
} else {
$oauth = true;
}
if ($oauth) {
$oauth = new Extension\Oauth($host['consumerKey']);
if ($openid->hasExtension($oauth->getNs())) {
$this->session->set('openid_register_user_host_id', $host['id']);
$this->session->set('openid_register_user_global_id', $globalId);
$openid->add($oauth);
}
}
return $openid;
}
}
return false;
}
protected function getAcctProfile($email, $lrddTemplate)
{
$http = new Http();
$webfinger = new Webfinger($http);
// check subject
$acct = 'acct:' . $email;
$xrd = $webfinger->getLrdd($acct, $lrddTemplate);
if (strcmp($xrd->getSubject(), $acct) !== 0) {
throw new Exception('Invalid subject');
}
// get properties
$profile = array();
$profile['id'] = $xrd->getPropertyValue('http://ns.amun-project.org/2011/meta/id');
$profile['name'] = $xrd->getPropertyValue('http://ns.amun-project.org/2011/meta/name');
$profile['url'] = $xrd->getLinkHref('profile');
// check data
if (isset($profile['id']) && isset($profile['name']) && isset($profile['url'])) {
return $profile;
} else {
throw new Exception('Could not find profile with necessary data');
}
}
private function discoverProfileUrl($hostId, $name)
{
if (empty($name)) {
throw new Exception('Need name to discover remote profile');
}
$sql = <<<SQL
SELECT
\t`host`.`name` AS `hostName`,
\t`host`.`template` AS `hostTemplate`
FROM
\t{$this->registry['table.core_host']} `host`
WHERE
\t`host`.`id` = ?
AND
\t`host`.`status` = ?
SQL;
$row = $this->sql->getRow($sql, array($hostId, Host\Record::NORMAL));
if (!empty($row)) {
$http = new Http();
$webfinger = new Webfinger($http);
$email = $name . '@' . $row['hostName'];
return $webfinger->getAcctProfile($email, $row['hostTemplate']);
} else {
throw new Exception('Invalid host id');
}
}
