public function validateIdentifier($validator, $values, $arguments = array()) { $authRequest = $this->getAuthAdapter()->getConsumer()->begin($values['openid_identifier']); if (!$authRequest) { throw new sfValidatorError($validator, 'Authentication error: not a valid OpenID.'); } $sregExchange = new opOpenIDProfileExchange('sreg'); $authRequest->addExtension(Auth_OpenID_SRegRequest::build(array(), $sregExchange->getImportSupportedProfiles())); // for OpenID1 if ($authRequest->shouldSendRedirect()) { $values['redirect_url'] = $authRequest->redirectURL($arguments['realm'], $arguments['return_to']); if (Auth_OpenID::isFailure($values['redirect_url'])) { throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_url']->message); } } else { $axExchange = new opOpenIDProfileExchange('ax'); $axRequest = new Auth_OpenID_AX_FetchRequest(); foreach ($axExchange->getImportSupportedProfiles() as $key => $value) { $axRequest->add(Auth_OpenID_AX_AttrInfo::make($value, 1, false, 'profile_' . $key)); } $authRequest->addExtension($axRequest); $values['redirect_html'] = $authRequest->htmlMarkup($arguments['realm'], $arguments['return_to']); if (Auth_OpenID::isFailure($values['redirect_html'])) { throw new sfValidatorError($validator, 'Could not redirect to the server: ' . $values['redirect_html']->message); } } return $values; }
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } $auth_request->addExtension($ax); $policy_uris = $_GET['policies']; $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
public function getAXRequest($axAttributes) { $axRequest = new Auth_OpenID_AX_FetchRequest(); foreach ($axAttributes as $attr) { //$axInfo = new Auth_OpenID_AX_AttrInfo($attr); $attrInfo = Auth_OpenID_AX_AttrInfo::make($attr['type_uri'], $attr['count'], $attr['required'], $attr['alias']); $axRequest->add($attrInfo); } return $axRequest; }
function attach_ax() { //build attribute request list $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, 1, 'gender'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/media/image/default', 1, 1, 'picture'); //create attribute exchange request $ax = new Auth_OpenID_AX_FetchRequest(); //add attributes to ax request foreach ($attribute as $attr) { $ax->add($attr); } //return ax request return $ax; }
function openid_try($url) { $store = new Auth_OpenID_MySQLStore(theDb()); $store->createTables(); $consumer = new Auth_OpenID_Consumer($store); $auth_request = $consumer->begin($url); if (!$auth_request) { $_SESSION["auth_error"] = "Error: not a valid OpenID."; header("Location: ./"); } $sreg_request = Auth_OpenID_SRegRequest::build(array('email'), array('nickname', 'fullname')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Attribute Exchange (Google ignores Simple Registration) // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname')); $auth_request->addExtension($ax); if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { die("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
/** * Begin the OpenID login by redirecting user to the OP to authenticate. * * @param string $openid */ public function openid_begin_login($openid) { $this->lang->load('openid'); $this->load->library('openid'); $request_to = site_url('user/check_openid_login'); $req = array('nickname'); $opt = array('fullname', 'email', 'dob', 'country'); $policy = site_url('user/openid_policy'); $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, TRUE); $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, TRUE); $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, TRUE); $ax_attributes[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/country', 1, TRUE); $this->openid->set_request_to($request_to); $this->openid->set_trust_root(base_url()); $this->openid->set_sreg(TRUE, $req, $opt, $policy); $this->openid->set_ax(TRUE, $ax_attributes); // Redirection to OP site will follow. $this->openid->authenticate($openid); }
/** * Returns null and sets a flash message on all errors. **/ static function beginAuth($openid, $policyUris) { $consumer = self::getConsumer(); $auth_request = $consumer->begin($openid); if (!$auth_request) { FlashMessage::add('Ați introdus un OpenID incorect.'); return null; } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname')); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname')); $auth_request->addExtension($ax); // For OpenID 1, send a redirect. For OpenID 2, use a Javascript form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(util_getFullServerUrl(), self::getReturnTo()); if (Auth_OpenID::isFailure($redirect_url)) { FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $redirect_url->message); return null; } else { header("Location: {$redirect_url}"); exit; } } else { $form_html = $auth_request->htmlMarkup(util_getFullServerUrl(), self::getReturnTo(), false, array('id' => 'openid_message')); if (Auth_OpenID::isFailure($form_html)) { FlashMessage::add('Nu vă putem redirecționa către serverul OpenID: ' . $form_html->message); return null; } else { print $form_html; } } }
public function googleAction() { $consumer = $this->getGoogleConsumer(); $url = 'https://www.google.com/accounts/o8/id'; $auth_request = $consumer->begin($url); if (!$auth_request) { return $this->alert('Authentication error, not a valid OpenID', '/'); } $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email')); $auth_request->addExtension($ax); $pape_request = new Auth_OpenID_PAPE_Request(null); $auth_request->addExtension($pape_request); $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup('http://' . $_SERVER['HTTP_HOST'], 'http://' . $_SERVER['HTTP_HOST'] . '/login/googledone', false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $this->alert("Could not redirect to server: " . $form_html->message, '/'); } else { print $form_html; return $this->noview(); } }
/** * Try to authenticate a user using AX. * * @access public * @param string the openid url * @param string the path to return to after authenticating * @param array a list of PAPE policies to request from the server * @param array a list of required return values * @param array a list of optional return values * @return void */ public function try_auth_ax($openid, $return_to, $policy_uris = array(), $required = array('nickname', 'email'), $optional = array('fname', 'lname')) { if ($return_to[0] == '/') { $return_to = substr($return_to, 1); } $return_to = $this->_get_trust_root() . $return_to; if (empty($openid)) { return $this->_throw_error(OPENID_RETURN_NO_URL); } // Create OpenID consumer $consumer = $this->_get_consumer(); // Create an authentication request to the OpenID provider $auth = $consumer->begin($openid); // Create UI if needed if ($this->use_popup) { $ui = $this->_get_ui($return_to); $auth->addExtension($ui); } // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters foreach (array(1 => $required, 0 => $optional) as $key => $data) { foreach ($data as $item) { if (array_key_exists($item, $this->ax_properties)) { $ax->add(Auth_OpenID_AX_AttrInfo::make($this->ax_properties[$item], 1, $key, $item)); } else { return $this->_throw_error('AX property "' . $item . '" is not registered in the library'); } } } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. if (!$this->ci->session->userdata('EasyOpenID_provider')) { $this->ci->session->set_userdata('EasyOpenID_provider', $openid); } // Add AX fetch request to authentication request $auth->addExtension($ax); // Redirect to OpenID provider for authentication $url = $auth->redirectURL($this->_get_trust_root(), $return_to); // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth->shouldSendRedirect()) { $redirect_url = $auth->redirectURL($this->_get_trust_root(), $return_to); // If the redirect URL can't be built, die. if (Auth_OpenID::isFailure($redirect_url)) { return $this->_throw_error(OPENID_RETURN_NO_CONNECT); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth->htmlMarkup($this->_get_trust_root(), $return_to, FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { return $this->_throw_error(OPENID_RETURN_NO_CONNECT); } else { die($form_html); } } }
} else { $error = "Please enter a valid email address or OpenID."; if (isset($_GET['json'])) { json_out('{"error":"' . addslashes($error) . '"}'); } include 'index.php'; exit; } } $sreg = Auth_OpenID_SRegRequest::build('', array('nickname', 'fullname', 'email'), ''); $auth_request->addExtension($sreg); if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) { $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true)); $auth_request->addExtension($ax_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $process_url); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { $error = "Could not redirect to server: " . $redirect_url->message; if (isset($_GET['json'])) { json_out('{"error":"' . addslashes($error) . '"}');
function run() { $openid = getOpenIDURL(); $consumer = getConsumer(); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { displayError("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build(array('nickname'), array('fullname', 'email')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/projects', 'unlimited', 1, 'projects'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/slices', 'unlimited', 1, 'slices'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/user/urn', 1, 1, 'urn'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/user/prettyname', 1, 1, 'prettyname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/wimax/username', 1, 1, 'wimax'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/irods/username', 1, 1, 'irodsuser'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://geni.net/irods/zone', 1, 1, 'irodszone'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax); $policy_uris = null; if (isset($_GET['policies'])) { $policy_uris = $_GET['policies']; } $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); if ($pape_request) { $auth_request->addExtension($pape_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL(getTrustRoot(), getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(getTrustRoot(), getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError("Could not redirect to server: " . $form_html->message); } else { print $form_html; } } }
/** * Initiate an OpenID request * * @param boolean $allow_sreg Default true * @param string $process_url Default empty (will use $CFG->wwwroot) * @param array $params Array of extra parameters to append to the request */ function do_request($allow_sreg = true, $process_url = '', $params = array()) { global $CFG, $USER; // Create the consumer instance $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid'); $consumer = new Auth_OpenID_Consumer($store); $openid_url = optional_param('openid_url', null); if (defined('GOOGLE_OPENID_URL') && !empty($openid_url) && (stristr($openid_url, '@google.') || stristr($openid_url, '@gmail.'))) { // BJB101206: map Google email addresses to OpenID url $tmpemail = $openid_url; $openid_url = GOOGLE_OPENID_URL; logout_guestuser(); if (empty($USER->id) && ($tmpuser = get_complete_user_data('email', $tmpemail)) && $tmpuser->auth != 'openid') { $allow_sreg = true; // would like to verify email later $process_url = $CFG->wwwroot . '/auth/openid/actions.php'; $USER = $tmpuser; $params['openid_tmp_login'] = true; // require flag in action.php $params['openid_action'] = 'change'; $params['openid_url'] = $openid_url; $params['openid_mode'] = 'switch2openid'; // arbitrary != null //error_log('/auth/openid/auth.php::do_request() - Found user email: '.$tmpemail); } } if (!empty($this->config->auth_openid_google_apps_domain)) { $openid_url = $this->config->auth_openid_google_apps_domain; new GApps_OpenID_Discovery($consumer); } $authreq = $consumer->begin($openid_url); if (!$authreq && $this->is_sso()) { $endpoint = new Auth_OpenID_ServiceEndpoint(); $endpoint->server_url = $openid_url; $endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT; $endpoint->type_uris = array('http://specs.openid.net/auth/2.0/signon'); $authreq = $consumer->beginWithoutDiscovery($endpoint); } if (!$authreq) { print_error('auth_openid_login_error', 'auth_openid'); } else { // Add any simple registration fields to the request if ($allow_sreg === true) { $sreg_added = false; $req = array(); $opt = array(); $privacy_url = null; // Required fields if (!empty($this->config->openid_sreg_required)) { $req = array_map('trim', explode(',', $this->config->openid_sreg_required)); $sreg_added = true; } // Optional fields if (!empty($this->config->openid_sreg_optional)) { $opt = array_map('trim', explode(',', $this->config->openid_sreg_optional)); $sreg_added = true; } // Privacy statement if ($sreg_added && !empty($this->config->openid_privacy_url)) { $privacy_url = $this->config->openid_privacy_url; } // We call the on_openid_do_request event handler function if it // exists. This is called before the simple registration (sreg) // extension is added to allow changes to be made to the sreg // data fields if required if (function_exists('on_openid_do_request')) { on_openid_do_request($authreq); } // Finally, the simple registration data is added if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) { $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url); if ($sreg_request) { $authreq->addExtension($sreg_request); } } if (defined('ADD_AX_SUPPORT')) { $AXattr = array(); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_EMAIL, 1, 1, 'email'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_NICKNAME, 1, 1, 'nickname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FULLNAME, 1, 1, 'fullname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FIRSTNAME, 1, 1, 'firstname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_LASTNAME, 1, 1, 'lastname'); $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_COUNTRY, 1, 1, 'country'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($AXattr as $attr) { $ax->add($attr); } // Add AX fetch request to authentication request $authreq->addExtension($ax); } } // Prepare the remaining components for the request if (empty($process_url)) { $process_url = $CFG->wwwroot . '/login/index.php'; } if (is_array($params) && !empty($params)) { $query = ''; foreach ($params as $key => $val) { $query .= '&' . $key . '=' . $val; } $process_url .= '?' . substr($query, 1); } $trust_root = $CFG->wwwroot . '/'; $_SESSION['openid_process_url'] = $process_url; // Finally, redirect to the OpenID provider // Check if the server is allowed ... if (!openid_server_allowed($authreq->endpoint->server_url, $this->config)) { print_error('auth_openid_server_blacklisted', 'auth_openid', '', $authreq->endpoint->server_url); } elseif ($authreq->shouldSendRedirect()) { $redirect_url = $authreq->redirectURL($trust_root, $process_url); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { error($redirect_url->message); } else { redirect($redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $message = $authreq->getMessage($trust_root, $process_url, false); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($message)) { error($message); } else { $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue')); echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>'; exit; } } } }
/** * Show the "login" page * * @return string Returns the "login" page as HTML code. */ public function login() { try { if (!defined('OPENSTACKID_ENABLED') || OPENSTACKID_ENABLED == false) { return parent::login(); } $member = Member::currentUser(); if ($member) { // user is already logged in return $this->redirect(OpenStackIdCommon::getRedirectBackUrl()); } if (!Director::is_https()) { OpenStackIdCommon::redirectToSSL($_SERVER['REQUEST_URI']); } // Begin the OpenID authentication process. $auth_request = $this->consumer->begin(IDP_OPENSTACKID_URL); //remove jainrain nonce unset($auth_request->return_to_args['janrain_nonce']); // No auth request means we can't begin OpenID. if (!$auth_request) { throw new Exception("The OpenID authentication failed."); } if (Auth_OpenID_supportsSReg($auth_request->endpoint)) { //SREG $sreg_request = Auth_OpenID_SRegRequest::build(array('email', 'fullname'), array('country', 'language')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } } else { //AX // Create attribute request object // See http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($attribute as $attr) { $ax->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax); } //Redirect the user to the OpenID server for authentication . // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo()); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { echo "Could not redirect to server: " . $redirect_url->message; } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup(OpenStackIdCommon::getTrustRoot(), OpenStackIdCommon::getReturnTo(), false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { echo "Could not redirect to server: " . $form_html->message; } else { print $form_html; } } exit; } catch (Exception $ex) { SS_Log::log($ex, SS_Log::WARN); Session::set("Security.Message.message", $ex->getMessage()); Session::set("Security.Message.type", "bad"); return $this->redirect("Security/badlogin"); } }
<?php require_once "config.php"; require_once "authCommon.php"; $openID_request = $openID->begin($providerURL); if (!$openID_request) { die("Failed to create OpenID request."); } $ax = new Auth_OpenID_AX_FetchRequest(); $ax->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 2, 1, 'email')); $openID_request->addExtension($ax); $redirectTo = $openID_request->redirectURL($baseURL, $baseURL . $basePath); header("Location: " . $redirectTo);
/** * Send an authentication request to the OpenID provider. * * @param array &$state The state array. * @param string $openid The OpenID we should try to authenticate with. */ public function doAuth(array &$state, $openid) { assert('is_string($openid)'); $stateId = SimpleSAML_Auth_State::saveState($state, 'openid:auth'); $consumer = $this->getConsumer($state); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { throw new SimpleSAML_Error_BadRequest('Not a valid OpenID: ' . var_export($openid, TRUE)); } $sreg_request = Auth_OpenID_SRegRequest::build($this->requiredAttributes, $this->optionalAttributes); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object $ax_attribute = array(); foreach ($this->requiredAXAttributes as $attr) { $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, true); } foreach ($this->optionalAXAttributes as $attr) { $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, false); } if (count($ax_attribute) > 0) { // Create AX fetch request $ax_request = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($ax_attribute as $attr) { $ax_request->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax_request); } foreach ($this->extensionArgs as $ext_ns => $ext_arg) { if (is_array($ext_arg)) { foreach ($ext_arg as $ext_key => $ext_value) { $auth_request->addExtensionArg($ext_ns, $ext_key, $ext_value); } } } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript form // to send a POST request to the server or use redirect if // prefer_http_redirect is enabled and redirect URL size // is less than 2049 $should_send_redirect = $auth_request->shouldSendRedirect(); if ($this->preferHttpRedirect || $should_send_redirect) { $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId)); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($redirect_url->message, TRUE)); } // For OpenID 2 failover to POST if redirect URL is longer than 2048 if ($should_send_redirect || strlen($redirect_url) <= 2048) { SimpleSAML_Utilities::redirectTrustedURL($redirect_url); assert('FALSE'); } } // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { throw new SimpleSAML_Error_AuthSource($this->authId, 'Could not redirect to server: ' . var_export($form_html->message, TRUE)); } else { echo '<html><head><title>OpenID transaction in progress</title></head> <body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>'; exit; } }
//define oauth & openid params require_once '../config.inc.php'; //ammend include path so we can include files consistently $includePath = get_include_path() . PATH_SEPARATOR . OPENID_INCLUDE_PATH . PATH_SEPARATOR . OAUTH_INCLUDE_PATH . PATH_SEPARATOR; set_include_path($includePath); //include openid files require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/AX.php"; //init basic openid auth url generation $openidFileStore = new Auth_OpenID_FileStore('/tmp/'); $openidConsumer =& new Auth_OpenID_Consumer($openidFileStore); //this could just as easily be set dynamically $openidIdentifier = 'yahoo.com'; $openidAuthRequest = $openidConsumer->begin($openidIdentifier); //add openid ax req params for all the fields mentioned in the blog post below //ref: http://developer.yahoo.net/blog/archives/2009/12/yahoo_openid_now_with_attribute_exchange.html //ref: http://stackoverflow.com/questions/1183788/example-usage-of-ax-in-php-openid $openid_ax_attributes = array(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, 1, 'fullname'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/media/image/default', 1, 1, 'profile_pic'), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, 1, 'gender')); $openid_ax_request = new Auth_OpenID_AX_FetchRequest(); foreach ($openid_ax_attributes as $attribute) { $openid_ax_request->add($attribute); } $openidAuthRequest->addExtension($openid_ax_request); //this is the url for openid provider log in page $openidLoginRedirectUrl = $openidAuthRequest->redirectURL(OPENID_REALM_URI, OPENID_RETURN_TO_URI); //append hybrid auth fields $additionalFields = array('openid.ns.oauth' => 'http://specs.openid.net/extensions/oauth/1.0', 'openid.oauth.consumer' => YAHOO_OAUTH_APP_KEY); $openidLoginRedirectUrl .= '&' . http_build_query($additionalFields); //redirect for auth header('Location: ' . $openidLoginRedirectUrl);
/** * Send an authentication request to the OpenID provider. * * @param array &$state The state array. * @param string $openid The OpenID we should try to authenticate with. */ public function doAuth(array &$state, $openid) { assert('is_string($openid)'); $stateId = SimpleSAML_Auth_State::saveState($state, 'openid:state'); $consumer = $this->getConsumer($state); // Begin the OpenID authentication process. $auth_request = $consumer->begin($openid); // No auth request means we can't begin OpenID. if (!$auth_request) { throw new Exception("Authentication error; not a valid OpenID."); } $sreg_request = Auth_OpenID_SRegRequest::build($this->requiredAttributes, $this->optionalAttributes); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object $ax_attribute = array(); foreach ($this->requiredAXAttributes as $attr) { $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, true); } foreach ($this->optionalAXAttributes as $attr) { $ax_attribute[] = Auth_OpenID_AX_AttrInfo::make($attr, 1, false); } if (count($ax_attribute) > 0) { // Create AX fetch request $ax_request = new Auth_OpenID_AX_FetchRequest(); // Add attributes to AX fetch request foreach ($ax_attribute as $attr) { $ax_request->add($attr); } // Add AX fetch request to authentication request $auth_request->addExtension($ax_request); } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($this->getTrustRoot(), $this->getReturnTo($stateId)); // If the redirect URL can't be built, display an error message. if (Auth_OpenID::isFailure($redirect_url)) { throw new Exception("Could not redirect to server: " . $redirect_url->message); } SimpleSAML_Utilities::redirect($redirect_url); } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup($this->getTrustRoot(), $this->getReturnTo($stateId), FALSE, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { throw new Exception("Could not redirect to server: " . $form_html->message); } else { echo '<html><head><title>OpenID transaction in progress</title></head> <body onload=\'document.getElementById("' . $form_id . '").submit()\'>' . $form_html . '</body></html>'; exit; } } }
/** * This initiates openid connection. This method can also used for google/yahoo * signin, since those support openid. * @param type $auth_site */ function openIdConnect($auth_site) { //required includes //session_start(); require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/SReg.php"; require_once "Auth/OpenID/AX.php"; $objAltConfig = $this->getObject('altconfig', 'config'); $this->objDbSysconfig = $this->getObject('dbsysconfig', 'sysconfig'); $modPath = $objAltConfig->getModulePath(); $moduleUri = $objAltConfig->getModuleURI(); $siteRoot = $objAltConfig->getSiteRoot(); $DEFAULT_REDIRECT_ULR = $siteRoot . '?module=security&action=openidloginresult'; $OPENID_AUTH_PAGE = $siteRoot . '?module=security&action=openidlogin'; $OPENID_CALLBACK_PAGE = $siteRoot . '?module=security&action=openidlogin'; $_SESSION['AUTH'] = false; switch ($auth_site) { case "google": $oid_identifier = 'https://www.google.com/accounts/o8/id'; $_SESSION['auth_site'] = "Google"; break; case "yahoo": $oid_identifier = 'https://yahoo.com'; $_SESSION['auth_site'] = "Yahoo!"; break; case "openid": if (!$_POST['openIDField']) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_invalidopenid", 'security')); } else { $oid_identifier = $_POST['openIDField']; $_SESSION['openid_user'] = $oid_identifier; $_SESSION['auth_site'] = "OpenID"; } break; default: header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_invalidorunsupportedopenidprovider", 'security')); } //Here starts the authentication process // Create file storage area for OpenID data $openidPath = $this->objConfig->getcontentBasePath() . '/openid'; $objMkDir = $this->getObject('mkdir', 'files'); $objMkDir->mkdirs($openidPath); $store = new Auth_OpenID_FileStore($openidPath); // Create OpenID consumer $consumer = new Auth_OpenID_Consumer($store); // Create an authentication request to the OpenID provider $auth = $consumer->begin($oid_identifier); //checks for errors if (!$auth) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider); } //configuring atributtes to be retrieved $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); // Create AX fetch request $ax = new Auth_OpenID_AX_FetchRequest(); if (!$ax) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider); } foreach ($attribute as $attr) { $ax->add($attr); } if (!$auth) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider); } try { // Add AX fetch request to authentication request $auth->addExtension($ax); } catch (Exception $ex) { header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=' . $this->objLanguage->languageText("mod_security_errorconnectingtoprovider", 'security') . ': ' . $auth_provider); } // redirect to the OpenID provider's website for authentication $url = $auth->redirectURL($siteRoot, $OPENID_CALLBACK_PAGE); header('Location: ' . $url); }
/** * Build an Attribute Exchange attribute query extension if we've never seen this OpenID before. */ function openid_add_ax_extension($extensions, $auth_request) { if (!get_user_by_openid($auth_request->endpoint->claimed_id)) { require_once 'Auth/OpenID/AX.php'; if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) { $default_fields = array(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true), Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true)); $fields = apply_filters('openid_consumer_ax_fields', $default_fields); $ax_request = new Auth_OpenID_AX_FetchRequest(); foreach ($fields as $field) { $ax_request->add($field); } $extensions[] = $ax_request; } } return $extensions; }
function login($openid_url, $finish_page) { global $wgTrustRoot, $wgOut; # If it's an interwiki link, expand it $openid_url = $this->interwikiExpand($openid_url); # Check if the URL is allowed if (!$this->canLogin($openid_url)) { $wgOut->showErrorPage('openidpermission', 'openidpermissiontext'); return; } if (!is_null($wgTrustRoot)) { $trust_root = $wgTrustRoot; } else { global $wgScriptPath, $wgServer; $trust_root = $wgServer . $wgScriptPath; } wfSuppressWarnings(); $consumer = $this->getConsumer(); if (!$consumer) { wfDebug("OpenID: no consumer\n"); $wgOut->showErrorPage('openiderror', 'openiderrortext'); return; } # Make sure the user has a session! $this->setupSession(); $auth_request = $consumer->begin($openid_url); // Handle failure status return values. if (!$auth_request) { wfDebug("OpenID: no auth_request\n"); $wgOut->showErrorPage('openiderror', 'openiderrortext'); return; } # Check the processed URLs, too $endpoint = $auth_request->endpoint; if (!is_null($endpoint)) { # Check if the URL is allowed if (isset($endpoint->identity_url) && !$this->canLogin($endpoint->identity_url)) { $wgOut->showErrorPage('openidpermission', 'openidpermissiontext'); return; } if (isset($endpoint->delegate) && !$this->canLogin($endpoint->delegate)) { $wgOut->showErrorPage('openidpermission', 'openidpermissiontext'); return; } } $sreg_request = Auth_OpenID_SRegRequest::build(array(), array('nickname', 'email', 'fullname', 'language', 'timezone')); if ($sreg_request) { $auth_request->addExtension($sreg_request); } // Create attribute request object. Depending on your endpoint, you can request many things: // see http://code.google.com/apis/accounts/docs/OpenID.html#Parameters for parameters. // Usage: make($type_uri, $count=1, $required=false, $alias=null) $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, 1, 'email'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, 1, 'firstname'); $attribute[] = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, 1, 'lastname'); // Create AX fetch request and add attributes $ax_request = new Auth_OpenID_AX_FetchRequest(); foreach ($attribute as $attr) { $ax_request->add($attr); } if ($ax_request) { $auth_request->addExtension($ax_request); } $process_url = $this->scriptUrl($finish_page); if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_root, $process_url); if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { # OK, now go $wgOut->redirect($redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->formMarkup($trust_root, $process_url, false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { displayError('Could not redirect to server: ' . $form_html->message); } else { $wgOut->addWikiMsg('openidautosubmit'); $wgOut->addHTML($form_html); $wgOut->addInlineScript("function submitOpenIDForm() {\n document.getElementById(\"" . $form_id . "\").submit()\n }\nhookEvent(\"load\", submitOpenIDForm);\n"); } } wfRestoreWarnings(); }
function authenticate($openId) { $consumer = $this->_getConsumer(); $authRequest = $consumer->begin($openId); // No auth request means we can't begin OpenID. if (!$authRequest) { $this->_set_message(true, 'openid_auth_error'); } if ($this->sreg_enable) { $sreg_request = Auth_OpenID_SRegRequest::build($this->sreg_required, $this->sreg_optional, $this->sreg_policy); if ($sreg_request) { $authRequest->addExtension($sreg_request); } else { $this->_set_message(true, 'openid_sreg_failed'); } } if ($this->ax_enable) { $ax_request = new Auth_OpenID_AX_FetchRequest(); if ($this->ax_required) { foreach ($this->ax_required as $attrib => $alias) { $ax_request->add(Auth_OpenID_AX_AttrInfo::make($attrib, 1, true, $alias)); } } if ($this->ax_optional) { foreach ($this->ax_optional as $attrib => $alias) { $ax_request->add(Auth_OpenID_AX_AttrInfo::make($attrib, 1, false, $alias)); } } $authRequest->addExtension($ax_request); } if ($this->pape_enable) { $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris); if ($pape_request) { $authRequest->addExtension($pape_request); } else { $this->_set_message(true, 'openid_pape_failed'); } } if ($this->ext_args != null) { foreach ($this->ext_args as $extensionArgument) { if (count($extensionArgument) == 3) { $authRequest->addExtensionArg($extensionArgument[0], $extensionArgument[1], $extensionArgument[2]); } } } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($authRequest->shouldSendRedirect()) { $redirect_url = $authRequest->redirectURL($this->trust_root, $this->request_to); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { $this->_set_message(true, 'openid_redirect_failed', $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $authRequest->formMarkup($this->trust_root, $this->request_to, false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $this->_set_message(true, 'openid_redirect_failed', $form_html->message); } else { $page_contents = array("<html><head><title>", "OpenID transaction in progress", "</title></head>", "<body onload='document.getElementById(\"" . $form_id . "\").submit()'>", $form_html, "</body></html>"); print implode("\n", $page_contents); } } }
function openid($credentials, $options) { $mainframe =& JFactory::getApplication(); $provider = $credentials[PROVIDER]; $db = JFactory::getDBO(); $selectProvider = 'select p.id, p.discovery_url, p.prefix, p.suffix, p.use_email from #__providers p where p.name = "' . $provider . '"'; $db->setQuery($selectProvider); $dbprovider = $db->loadObject(); $prefix = trim($dbprovider->prefix); $suffix = trim($dbprovider->suffix); //$discovery = trim($dbprovider->discovery_url); // $discovery = ($dbprovider->discovery_url == null) ? null : trim($dbprovider->discovery_url); $discovery = $dbprovider->discovery_url; $username = trim($credentials['username']); $beginning = substr($username, 0, strlen($prefix)); $ending = substr($username, strlen($username) - strlen($suffix)); if ($beginning != $prefix) { $username = $prefix . $username; } if ($ending != $suffix) { $username = $username . $suffix; } //$discovery_url = ($discovery) ? $discovery : $credentials['username']; $discovery_url = $discovery ? $discovery : $username; $username = $discovery ? '' : $username; ################################################ if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { define('Auth_OpenID_RAND_SOURCE', null); } else { $f = @fopen('/dev/urandom', 'r'); if ($f !== false) { define('Auth_OpenID_RAND_SOURCE', '/dev/urandom'); fclose($f); } else { $f = @fopen('/dev/random', 'r'); if ($f !== false) { define('Auth_OpenID_RAND_SOURCE', '/dev/urandom'); fclose($f); } else { define('Auth_OpenID_RAND_SOURCE', null); } } } jimport('openid.consumer'); jimport('joomla.filesystem.folder'); // Access the session data $session =& JFactory::getSession(); $info = array(); // Create and/or start using the data store $store_path = JPATH_ROOT . '/tmp/_joomla_openid_store'; if (!JFolder::exists($store_path) && !JFolder::create($store_path)) { $info[STATUS] = Auth_FAILURE; //$response->type = JAUTHENTICATE_STATUS_FAILURE; //$response->error_message = "Could not create the FileStore directory '$store_path'. " . " Please check the effective permissions."; return false; } // Create store object $store = new Auth_OpenID_FileStore($store_path); // Create a consumer object $consumer = new Auth_OpenID_Consumer($store); if (!isset($_SESSION['_openid_consumer_last_token'])) { // Begin the OpenID authentication process. if (!($auth_request = $consumer->begin($discovery_url))) { $info[STATUS] = Auth_FAILURE; //$response->type = JAUTHENTICATE_STATUS_FAILURE; //$response->error_message = 'Authentication error : could not connect to the openid server'; return $info; } // if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) { $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true)); // } $sreg_request = Auth_OpenID_SRegRequest::build(array('email')); if ($ax_request) { $auth_request->addExtension($ax_request); $auth_request->addExtension($sreg_request); } // $policy_uris = array(); // if ($this->params->get( 'phishing-resistant', 0)) { // $policy_uris[] = 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant'; // } // // if ($this->params->get( 'multi-factor', 0)) { // $policy_uris[] = 'http://schemas.openid.net/pape/policies/2007/06/multi-factor'; // } // // if ($this->params->get( 'multi-factor-physical', 0)) { // $policy_uris[] = 'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical'; // } // // $pape_request = new Auth_OpenID_PAPE_Request($policy_uris); // if ($pape_request) { // $auth_request->addExtension($pape_request); // } //Create the entry url $entry_url = isset($options['entry_url']) ? $options['entry_url'] : JURI::base(); $entry_url = JURI::getInstance($entry_url); unset($options['entry_url']); //We don't need this anymore //Create the url query information $options['return'] = isset($options['return']) ? base64_encode($options['return']) : base64_encode(JURI::base()); $options[JUtility::getToken()] = 1; $process_url = sprintf($entry_url->toString() . "?option=com_user&task=login&provider=%s", $provider); $process_url = isset($username) && $username ? sprintf("%s&username=%s", $process_url, urlencode($username)) : $process_url; $process_url .= '&' . JURI::buildQuery($options); $session->set('return_url', $process_url); $trust_url = $entry_url->toString(array('path', 'host', 'port', 'scheme')); $session->set('trust_url', $trust_url); // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($auth_request->shouldSendRedirect()) { $redirect_url = $auth_request->redirectURL($trust_url, $process_url); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { displayError("Could not redirect to server: " . $redirect_url->message); } else { // Send redirect. $mainframe->redirect($redirect_url); return false; } } else { // Generate form markup and render it. $form_id = 'openid_message'; $form_html = $auth_request->htmlMarkup($trust_url, $process_url, false, array('id' => $form_id)); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { //displayError("Could not redirect to server: " . $form_html->message); } else { JResponse::setBody($form_html); echo JResponse::toString($mainframe->getCfg('gzip')); $mainframe->close(); return false; } } } $result = $consumer->complete($session->get('return_url')); // estandarizo el formato de salida de los datos necesarios $info[EXTERNAL_ID] = $result->getDisplayIdentifier(); switch ($result->status) { case Auth_OpenID_SUCCESS: $info[STATUS] = Auth_SUCCESS; $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($result); if ($ax_resp) { $email = $ax_resp->getSingle('http://axschema.org/contact/email'); if ($email && !is_a($email, 'Auth_OpenID_AX_Error')) { $info[EMAIL] = $email; } } $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($result); if (!isset($info[EMAIL]) && $sreg_resp) { $sreg = $sreg_resp->contents(); if (isset($sreg['email'])) { $info[EMAIL] = $sreg['email']; } } $info[EMAIL] = isset($info[EMAIL]) ? $info[EMAIL] : $info[EXTERNAL_ID]; $info[LABEL] = $dbprovider->use_email ? $info[EMAIL] : $info[EXTERNAL_ID]; break; case Auth_OpenID_CANCEL: $info[STATUS] = Auth_CANCEL; break; case Auth_OpenID_FAILURE: $info[STATUS] = Auth_FAILURE; break; } return $info; }
/** * Given attribute exchange arguments, populate this FetchRequest. * * @return $result Auth_OpenID_AX_Error if the data to be parsed * does not follow the attribute exchange specification. At least * when 'if_available' or 'required' is not specified for a * particular attribute type. Returns true otherwise. */ function parseExtensionArgs($ax_args) { $result = $this->_checkMode($ax_args); if (Auth_OpenID_AX::isError($result)) { return $result; } $aliases = new Auth_OpenID_NamespaceMap(); foreach ($ax_args as $key => $value) { if (strpos($key, 'type.') === 0) { $alias = substr($key, 5); $type_uri = $value; $alias = $aliases->addAlias($type_uri, $alias); if ($alias === null) { return new Auth_OpenID_AX_Error(sprintf("Could not add alias %s for URI %s", $alias, $type_uri)); } $count_s = Auth_OpenID::arrayGet($ax_args, 'count.' . $alias); if ($count_s) { $count = Auth_OpenID::intval($count_s); if ($count === false && $count_s === Auth_OpenID_AX_UNLIMITED_VALUES) { $count = $count_s; } } else { $count = 1; } if ($count === false) { return new Auth_OpenID_AX_Error(sprintf("Integer value expected for %s, got %s", 'count.' . $alias, $count_s)); } $attrinfo = Auth_OpenID_AX_AttrInfo::make($type_uri, $count, false, $alias); if (Auth_OpenID_AX::isError($attrinfo)) { return $attrinfo; } $this->add($attrinfo); } } $required = Auth_OpenID_AX_toTypeURIs($aliases, Auth_OpenID::arrayGet($ax_args, 'required')); foreach ($required as $type_uri) { $attrib =& $this->requested_attributes[$type_uri]; $attrib->required = true; } $if_available = Auth_OpenID_AX_toTypeURIs($aliases, Auth_OpenID::arrayGet($ax_args, 'if_available')); $all_type_uris = array_merge($required, $if_available); foreach ($aliases->iterNamespaceURIs() as $type_uri) { if (!in_array($type_uri, $all_type_uris)) { return new Auth_OpenID_AX_Error(sprintf('Type URI %s was in the request but not ' . 'present in "required" or "if_available"', $type_uri)); } } $this->update_url = Auth_OpenID::arrayGet($ax_args, 'update_url'); return true; }
/** * Build an Attribute Exchange attribute query extension if we've never seen this OpenID before. */ function openid_add_ax_extension($extensions, $auth_request) { if(!get_user_by_openid($auth_request->endpoint->claimed_id)) { set_include_path( dirname(__FILE__) . PATH_SEPARATOR . get_include_path() ); require_once('Auth/OpenID/AX.php'); restore_include_path(); if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) { $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true)); $extensions[] = $ax_request; } } return $extensions; }
function index() { // Enable SSL? maintain_ssl($this->config->item("ssl_enabled")); // Get OpenID store object $store = new Auth_OpenID_FileStore($this->config->item("openid_file_store_path")); // Get OpenID consumer object $consumer = new Auth_OpenID_Consumer($store); if ($this->input->get('janrain_nonce')) { // Complete authentication process using server response $response = $consumer->complete(site_url('account/connect_google')); // Check the response status if ($response->status == Auth_OpenID_SUCCESS) { // Check if user has connect google to a3m if ($user = $this->account_openid_model->get_by_openid($response->getDisplayIdentifier())) { // Check if user is not signed in on a3m if (!$this->authentication->is_signed_in()) { // Run sign in routine $this->authentication->sign_in($user->account_id); } $user->account_id === $this->session->userdata('account_id') ? $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_this_account'), lang('connect_google'))) : $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_another_account'), lang('connect_google'))); redirect('account/account_linked'); } else { // Check if user is signed in on a3m if (!$this->authentication->is_signed_in()) { $openid_google = array(); if ($ax_args = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response)) { $ax_args = $ax_args->data; if (isset($ax_args['http://axschema.org/namePerson/friendly'][0])) { $openid_google['username'] = $ax_args['http://axschema.org/namePerson/friendly'][0]; } if (isset($ax_args['http://axschema.org/contact/email'][0])) { $email = $ax_args['http://axschema.org/contact/email'][0]; } if (isset($ax_args['http://axschema.org/namePerson'][0])) { $openid_google['fullname'] = $ax_args['http://axschema.org/namePerson'][0]; } if (isset($ax_args['http://axschema.org/birthDate'][0])) { $openid_google['dateofbirth'] = $ax_args['http://axschema.org/birthDate'][0]; } if (isset($ax_args['http://axschema.org/person/gender'][0])) { $openid_google['gender'] = $ax_args['http://axschema.org/person/gender'][0]; } if (isset($ax_args['http://axschema.org/contact/postalCode/home'][0])) { $openid_google['postalcode'] = $ax_args['http://axschema.org/contact/postalCode/home'][0]; } if (isset($ax_args['http://axschema.org/contact/country/home'][0])) { $openid_google['country'] = $ax_args['http://axschema.org/contact/country/home'][0]; } if (isset($ax_args['http://axschema.org/pref/language'][0])) { $openid_google['language'] = $ax_args['http://axschema.org/pref/language'][0]; } if (isset($ax_args['http://axschema.org/pref/timezone'][0])) { $openid_google['timezone'] = $ax_args['http://axschema.org/pref/timezone'][0]; } if (isset($ax_args['http://axschema.org/namePerson/first'][0])) { $openid_google['firstname'] = $ax_args['http://axschema.org/namePerson/first'][0]; } // google only if (isset($ax_args['http://axschema.org/namePerson/last'][0])) { $openid_google['lastname'] = $ax_args['http://axschema.org/namePerson/last'][0]; } // google only } // Store user's google data in session $this->session->set_userdata('connect_create', array(array('provider' => 'openid', 'provider_id' => $response->getDisplayIdentifier(), 'email' => isset($email) ? $email : NULL), $openid_google)); // Create a3m account redirect('account/connect_create'); } else { // Connect google to a3m $this->account_openid_model->insert($response->getDisplayIdentifier(), $this->session->userdata('account_id')); $this->session->set_flashdata('linked_info', sprintf(lang('linked_linked_with_your_account'), lang('connect_google'))); redirect('account/account_linked'); } } } else { $this->authentication->is_signed_in() ? redirect('account/account_linked') : redirect('account/sign_up'); } } // Begin OpenID authentication process $auth_request = $consumer->begin($this->config->item("openid_google_discovery_endpoint")); // Create ax request (Attribute Exchange) $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, TRUE, 'username')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, TRUE, 'email')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, TRUE, 'fullname')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/birthDate', 1, TRUE, 'dateofbirth')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, TRUE, 'gender')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/postalCode/home', 1, TRUE, 'postalcode')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/country/home', 1, TRUE, 'country')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/language', 1, TRUE, 'language')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/timezone', 1, TRUE, 'timezone')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, TRUE, 'firstname')); // google only $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, TRUE, 'lastname')); // google only $auth_request->addExtension($ax_request); // Redirect to authorizate URL header("Location: " . $auth_request->redirectURL(base_url(), site_url('account/connect_google'))); }
function tryAuth($tid, $openid, $remember_openid = null) { $context = Model_Context::getInstance(); $trust_root = $context->getProperty('uri.host') . "/"; ob_start(); $auth_request = $this->consumer->begin($openid); ob_end_clean(); // Handle failure status return values. if (!$auth_request) { return $this->_redirectWithError(_text("인증하지 못하였습니다. 아이디를 확인하세요"), $tid); } if (!$this->IsExisted($auth_request->endpoint->claimed_id)) { if ($auth_request->message->isOpenID2()) { $ax_nickname = Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true, 'nickname'); $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add($ax_nickname); $auth_request->addExtension($ax_request); } else { $sreg_request = Auth_OpenID_SRegRequest::build(null, array('nickname')); $auth_request->addExtension($sreg_request); } } if ($remember_openid) { $this->setCookie('openid', empty($auth_request->endpoint->display_identifier) ? $auth_request->endpoint->claimed_id : $auth_request->endpoint->display_identifier); } else { $this->clearCookie('openid'); } $tr = Transaction::taste($tid); $finishURL = $tr['finishURL']; $redirect_url = $auth_request->redirectURL($trust_root, $finishURL); return $this->redirect($redirect_url); }
/** * Returns URL to which user can be directed for * authentication via CS50 ID. * * @param trust_root URL that CS50 ID should prompt user to trust * @param return_to URL to which CS50 ID should return user * @param fields Simple Registration fields to request from CS50 ID * @param attributes Attribute Exchange attributes to request from CS50 ID * * @return URL for CS50 ID */ public static function getLoginUrl($trust_root, $return_to, $fields = ["email", "fullname"], $attributes = []) { // ignore Janrain's use of deprecated functions $error_reporting = error_reporting(); error_reporting($error_reporting & ~E_DEPRECATED); // load Janrain's libary set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . DIRECTORY_SEPARATOR . "share" . DIRECTORY_SEPARATOR . "php-openid-2.3.0"); require_once "Auth/OpenID/AX.php"; require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/SReg.php"; // ensure $_SESSION exists for Yadis @session_start(); // prepare filesystem-based store $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . md5($return_to); @mkdir($path, 0700); if (!is_dir($path)) { trigger_error("Could not create {$path}", E_USER_ERROR); } if (!is_readable($path)) { trigger_error("Could not read from {$path}", E_USER_ERROR); } if (!is_writable($path)) { trigger_error("Could not write to {$path}", E_USER_ERROR); } $store = new Auth_OpenID_FileStore($path); // prepare request $consumer = new Auth_OpenID_Consumer($store); $auth_request = $consumer->begin("https://id.cs50.net/"); // request Simple Registration fields if (is_array($fields) && count($fields) > 0) { $sreg_request = Auth_OpenID_SRegRequest::build(null, $fields); $auth_request->addExtension($sreg_request); } // request Attribute Exchange attributes if (is_array($attributes) && count($attributes) > 0) { $ax_request = new Auth_OpenID_AX_FetchRequest(); foreach ($attributes as $attribute) { $ax_request->add(Auth_OpenID_AX_AttrInfo::make($attribute, 1, false)); } $auth_request->addExtension($ax_request); } // generate URL for redirection $redirect_url = $auth_request->redirectURL($trust_root, $return_to); // restore error_reporting error_reporting($error_reporting); // return URL unless error if (Auth_OpenID::isFailure($redirect_url)) { trigger_error($redirect_url->message); return false; } else { return $redirect_url; } }
/** * Build an Attribute Exchange attribute query extension if we've never seen this OpenID before. */ function openid_add_ax_extension($extensions, $auth_request) { if (!get_user_by_openid($auth_request->endpoint->claimed_id)) { require_once 'Auth/OpenID/AX.php'; if ($auth_request->endpoint->usesExtension(Auth_OpenID_AX_NS_URI)) { $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, true)); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, true)); $extensions[] = $ax_request; } } return $extensions; }
function test_getExtensionArgs_some_request() { $expected_args = array('mode' => 'fetch_response', 'type.' . $this->alias_a => $this->type_a, 'value.' . $this->alias_a . '.1' => $this->value_a, 'count.' . $this->alias_a => '1'); $req = new Auth_OpenID_AX_FetchRequest(); $req->add(Auth_OpenID_AX_AttrInfo::make($this->type_a, 1, false, $this->alias_a)); $this->msg->addValue($this->type_a, $this->value_a); $result = $this->msg->getExtensionArgs($req); $this->assertEquals($expected_args, $result); }
function authenticate($openId, $immediate = false) { $consumer = $this->_getConsumer(); $authRequest = $consumer->begin($openId); // No auth request means we can't begin OpenID. if (!$authRequest) { $this->_set_message(true, 'openid_auth_error'); } if ($this->sreg_enable) { $sreg_request = Auth_OpenID_SRegRequest::build($this->sreg_required, $this->sreg_optional, $this->sreg_policy); if ($sreg_request) { $authRequest->addExtension($sreg_request); } else { $this->_set_message(true, 'openid_sreg_failed'); } } if ($this->ax_enable) { $ax_request = new Auth_OpenID_AX_FetchRequest(); if ($ax_request) { foreach ($this->ax_types as $alias => &$type_url) { $ax_request->add(Auth_OpenID_AX_AttrInfo::make($type_url, 1, 1, $alias)); } $authRequest->addExtension($ax_request); } else { $this->_set_message(true, 'openid_ax_failed'); } } if ($this->pape_enable) { $pape_request = new Auth_OpenID_PAPE_Request($this->pape_policy_uris); if ($pape_request) { $authRequest->addExtension($pape_request); } else { $this->_set_message(true, 'openid_pape_failed'); } } if ($this->ext_args != null) { foreach ($this->ext_args as $extensionArgument) { if (count($extensionArgument) == 3) { $authRequest->addExtensionArg($extensionArgument[0], $extensionArgument[1], $extensionArgument[2]); } } } // Redirect the user to the OpenID server for authentication. // Store the token for this authentication so we can verify the // response. // For OpenID 1, send a redirect. For OpenID 2, use a Javascript // form to send a POST request to the server. if ($authRequest->shouldSendRedirect()) { $redirect_url = $authRequest->redirectURL($this->trust_root, $this->request_to, $immediate); // If the redirect URL can't be built, display an error // message. if (Auth_OpenID::isFailure($redirect_url)) { $this->_set_message(true, 'openid_redirect_failed', $redirect_url->message); } else { // Send redirect. header("Location: " . $redirect_url); } } else { // Generate form markup and return it. $form_html = $authRequest->formMarkup($this->trust_root, $this->request_to, $immediate, array('id' => 'openid_message')); // Display an error if the form markup couldn't be generated; // otherwise, render the HTML. if (Auth_OpenID::isFailure($form_html)) { $this->_set_message(true, 'openid_redirect_failed', $form_html->message); } else { return $form_html; } } }