function openid_check($ci, $callback_url, &$data) { if (!isset($data)) { $data = array(); } $ci->lang->load('openid'); $ci->config->load('openid'); $ci->openid->set_request_to($callback_url); $response = $ci->openid->getResponse(); switch ($response->status) { case Auth_OpenID_CANCEL: push_message($ci->lang->line('openid_cancel'), 'error', $ci); break; case Auth_OpenID_FAILURE: push_message(set_message('openid_failure', $response->message), 'error', $ci); break; case Auth_OpenID_SUCCESS: $openid = $response->getDisplayIdentifier(); $esc_identity = htmlspecialchars($openid, ENT_QUOTES); $data['openid_identifier'] = $openid; $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); $ax_resp = new Auth_OpenID_AX_FetchResponse(); $ax = $ax_resp->fromSuccessResponse($response); if (isset($sreg['email'])) { $data['email'] = $sreg['email']; } if ($ax) { if (isset($ax->data['http://axschema.org/contact/email'])) { $data['email'] = $ax->getSingle('http://axschema.org/contact/email'); } if (isset($ax->data['http://axschema.org/namePerson/first'])) { $first_name = $ax->getSingle('http://axschema.org/namePerson/first'); } else { $first_name = "Sample"; } if (isset($ax->data['http://axschema.org/namePerson/last'])) { $last_name = $ax->getSingle('http://axschema.org/namePerson/last'); } else { $last_name = "Avatar"; } if ($first_name != null && $last_name != null) { $data['username'] = "******"; } } return true; } return false; }
function run() { $consumer = getConsumer(); // Complete the authentication process using the server's // response. $return_to = getReturnTo(); $response = $consumer->complete($return_to); // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { // This means the authentication was cancelled. $msg = 'Verification cancelled.'; if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } session_destroy(); } else { if ($response->status == Auth_OpenID_FAILURE) { // Authentication failed; display the error message. $msg = "OpenID authentication failed: " . $response->message; if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } session_destroy(); } else { if ($response->status == Auth_OpenID_SUCCESS) { // This means the authentication succeeded; extract the // identity URL and Simple Registration data (if it was // returned). $openid = $response->getDisplayIdentifier(); $esc_identity = escape($openid); $_SESSION = array(); $_SESSION['openid'] = $esc_identity; if ($response->endpoint->canonicalID) { $escaped_canonicalID = escape($response->endpoint->canonicalID); $success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') '; $_SESSION['openid'] = $escaped_canonicalID; } // AX Process $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); if ($ax_resp) { global $ax_data; foreach ($ax_data as $ax_key => $ax_data_ns) { if ($ax_resp->data[$ax_data_ns][0]) { $_SESSION['ax_' . $ax_key] = $ax_resp->data[$ax_data_ns][0]; } } } } } } if ($_GET["popup"] == "true") { include 'close.php'; } else { if ($_GET["callback"] == "ax") { header("Location: ./ax_example.php"); } else { header("Location: ./index.php"); } } }
public function googledoneAction() { $consumer = $this->getGoogleConsumer(); $return_to = 'http://' . $_SERVER['HTTP_HOST'] . '/login/googledone'; $response = $consumer->complete($return_to); if ($response->status == Auth_OpenID_CANCEL) { return $this->alert('取消登入', '/'); } if ($response->status == Auth_OpenID_FAILURE) { return $this->alert('登入失敗: ' . $response->message, '/'); } $ax = new Auth_OpenID_AX_FetchResponse(); $obj = $ax->fromSuccessResponse($response); $email = $obj->data['http://axschema.org/contact/email'][0]; if (!($user = User::search(array('user_name' => 'google://' . $email))->first())) { $user = User::insert(array('user_name' => 'google://' . $email)); } Pix_Session::set('user_id', $user->user_id); return $this->redirect('/'); }
public function getResponseAx() { $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($this->response); return $ax_resp; }
function run() { $consumer = getConsumer(); // Complete the authentication process using the server's // response. $return_to = getReturnTo(); $response = $consumer->complete($return_to); // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { // This means the authentication was cancelled. $msg = 'Verification cancelled.'; } else { if ($response->status == Auth_OpenID_FAILURE) { // Authentication failed; display the error message. $msg = "OpenID authentication failed: " . $response->message; } else { if ($response->status == Auth_OpenID_SUCCESS) { // This means the authentication succeeded; extract the // identity URL and Simple Registration data (if it was // returned). $openid = $response->getDisplayIdentifier(); $esc_identity = escape($openid); $success = sprintf('You have successfully verified ' . '<a href="%s">%s</a> as your identity.', $esc_identity, $esc_identity); if ($response->endpoint->canonicalID) { $escaped_canonicalID = escape($response->endpoint->canonicalID); $success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') '; } $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); if (@$sreg['email']) { $success .= " You also returned '" . escape($sreg['email']) . "' as your email."; } if (@$sreg['nickname']) { $success .= " Your nickname is '" . escape($sreg['nickname']) . "'."; } if (@$sreg['fullname']) { $success .= " Your fullname is '" . escape($sreg['fullname']) . "'."; } // Show all the registration data $success .= '<h2>SReg Data</h2>'; $success .= PHP_EOL . '<pre>'; $success .= print_r(@$sreg, true); $success .= '</pre>' . PHP_EOL; $ax = new Auth_OpenID_AX_FetchResponse(); $obj = $ax->fromSuccessResponse($response); $success .= '<h2>AX Data</h2>'; if ($obj) { $success .= PHP_EOL . '<pre>'; $success .= print_r($obj->data, true); $success .= '</pre>' . PHP_EOL; } else { $success .= PHP_EOL . '<pre>'; $success .= PHP_EOL . 'Type is ' . gettype($obj) . PHP_EOL; $success .= print_r($obj, true); $success .= '</pre>' . PHP_EOL; } $pape_resp = Auth_OpenID_PAPE_Response::fromSuccessResponse($response); if ($pape_resp) { if ($pape_resp->auth_policies) { $success .= "<p>The following PAPE policies affected the authentication:</p><ul>"; foreach ($pape_resp->auth_policies as $uri) { $escaped_uri = escape($uri); $success .= "<li><tt>{$escaped_uri}</tt></li>"; } $success .= "</ul>"; } else { $success .= "<p>No PAPE policies affected the authentication.</p>"; } if ($pape_resp->auth_age) { $age = escape($pape_resp->auth_age); $success .= "<p>The authentication age returned by the " . "server is: <tt>" . $age . "</tt></p>"; } if ($pape_resp->nist_auth_level) { $auth_level = escape($pape_resp->nist_auth_level); $success .= "<p>The NIST auth level returned by the " . "server is: <tt>" . $auth_level . "</tt></p>"; } } else { $success .= "<p>No PAPE response was sent by the provider.</p>"; } } } } include 'index.php'; }
private function finishAuth() { $consumer = getConsumer(); // Complete the authentication process using the server's // response. $return_to = getReturnTo(); $response = $consumer->complete($return_to); // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { // This means the authentication was cancelled. echo 'Verification cancelled.'; } else { if ($response->status == Auth_OpenID_FAILURE) { // Authentication failed; display the error message. echo "OpenID authentication failed: " . $response->message; } else { if ($response->status == Auth_OpenID_SUCCESS) { // This means the authentication succeeded; extract the // identity URL and Simple Registration data (if it was // returned). $openid = $response->getDisplayIdentifier(); $esc_identity = escape($openid); // Fetch some random information if ($response->endpoint->canonicalID) { $escaped_canonicalID = escape($response->endpoint->canonicalID); $success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') '; } $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); $email = isset($sreg['email']) ? $sreg['email'] : null; $language = isset($sreg['language']) ? strtolower($sreg['language']) : null; $country = isset($sreg['country']) ? $sreg['country'] : null; $dob = isset($sreg['dob']) ? $sreg['dob'] : null; $gender = isset($sreg['gender']) ? $sreg['gender'] : null; if (!empty($dob)) { $_SESSION['birthday'] = strtotime($dob); } if (!empty($gender)) { $_SESSION['gender'] = $gender; } $nickname = isset($sreg['nickname']) ? $sreg['nickname'] : null; //customMail ('*****@*****.**', 'login test', print_r ($sreg, true)); // Check if this language exists: if (isset($language)) { $allLanguages = Neuron_Core_Text::getLanguages(); if (in_array($language, $allLanguages)) { if (!isset($_COOKIE['user_language'])) { $_SESSION['language'] = $language; } //setcookie ('user_language', $language, time () + COOKIE_LIFE, '/'); } } if (isset($nickname)) { $_SESSION['openid_nickname'] = $nickname; } // Fetch the AX $notify_url = null; $profilebox_url = null; $openid_userstats = null; $ax = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); if ($ax) { $ax_data = $ax->data; $keyname = 'http://www.browser-games-hub.org/schema/openid/notify_url.xml'; $notify_url = isset($ax_data[$keyname]) ? $ax_data[$keyname] : array(); $keyname2 = 'http://www.browser-games-hub.org/schema/openid/profilebox_url.xml'; $profilebox_url = isset($ax_data[$keyname2]) ? $ax_data[$keyname2] : array(); $keyname3 = 'http://www.browser-games-hub.org/schema/openid/messagebundle_url.xml'; $messagebundle_url = isset($ax_data[$keyname3]) ? $ax_data[$keyname3] : array(); $keyname4 = 'http://www.browser-games-hub.org/schema/openid/container.xml'; $openid_container = isset($ax_data[$keyname4]) ? $ax_data[$keyname4] : array(); $keyname5 = 'http://www.browser-games-hub.org/schema/openid/fullscreen.xml'; $openid_fullscreen = isset($ax_data[$keyname5]) ? $ax_data[$keyname5] : array(); $keyname6 = 'http://www.browser-games-hub.org/schema/openid/userstats_url.xml'; $openid_userstats = isset($ax_data[$keyname6]) ? $ax_data[$keyname6] : array(); $keyname7 = 'http://www.browser-games-hub.org/schema/openid/hide_advertisement.xml'; $hide_advertisement = isset($ax_data[$keyname7]) ? $ax_data[$keyname7] : array(); $keyname8 = 'http://www.browser-games-hub.org/schema/openid/hide_advertisement.xml'; $hide_chat = isset($ax_data[$keyname8]) ? $ax_data[$keyname8] : array(); $notify_url = count($notify_url) > 0 ? $notify_url[0] : null; $profilebox_url = count($profilebox_url) > 0 ? $profilebox_url[0] : null; $messagebundle_url = count($messagebundle_url) > 0 ? $messagebundle_url[0] : null; $openid_container = count($openid_container) > 0 ? $openid_container[0] : null; $openid_fullscreen = count($openid_fullscreen) > 0 ? $openid_fullscreen[0] : null; $openid_userstats = count($openid_userstats) > 0 ? $openid_userstats[0] : null; $hide_advertisement = count($hide_advertisement) > 0 ? $hide_advertisement[0] : null; $hide_chat = count($hide_chat) > 0 ? $hide_chat[0] : null; $_SESSION['opensocial_messagebundle'] = $messagebundle_url; $_SESSION['opensocial_container'] = $openid_container; $_SESSION['fullscreen'] = $openid_fullscreen == 1; $_SESSION['hide_advertisement'] = $hide_advertisement == 1; $_SESSION['hide_chat'] = $hide_chat == 1; $_SESSION['welcome_url'] = getAXValue($ax_data, 'http://www.browser-games-hub.org/schema/openid/welcome_url.xml'); $_SESSION['tracker_url'] = getAXValue($ax_data, 'http://www.browser-games-hub.org/schema/openid/tracker_url.xml'); // Load the tracker if (isset($_SESSION['tracker_url'])) { $_SESSION['tracker_html'] = @file_get_contents($_SESSION['tracker_url']); } if (isset($_SESSION['welcome_url'])) { $_SESSION['welcome_html'] = @file_get_contents($_SESSION['welcome_url']); } } // Fetch a fresh user ID $db = Neuron_Core_Database::__getInstance(); $login = Neuron_Core_Login::__getInstance(); // See if there is an account available $acc = $db->select('n_auth_openid', array('user_id'), "openid_url = '" . $db->escape($esc_identity) . "'"); $_SESSION['neuron_openid_identity'] = $esc_identity; if (count($acc) == 1 && $acc[0]['user_id'] > 0) { $id = $acc[0]['user_id']; loginAndRedirect($acc[0]['user_id'], $email); } else { if (count($acc) == 0) { // Create a new account $db->insert('n_auth_openid', array('openid_url' => $esc_identity, 'user_id' => 0)); } // Set a session key to make sure // that the server still knows you // when you hit submit. $_SESSION['dolumar_openid_identity'] = $esc_identity; $_SESSION['dolumar_openid_email'] = $email; $url = ABSOLUTE_URL . 'dispatch.php?module=openid/register/&session_id=' . session_id(); header('Location: ' . $url); } // Update this ID $db->update('n_auth_openid', array('notify_url' => $notify_url, 'profilebox_url' => $profilebox_url, 'userstats_url' => $openid_userstats), "openid_url = '" . $db->escape($esc_identity) . "'"); } } } }
//connect to database /* Set identity cookie */ if ($_REQUEST['email']) { setcookie("user_openid", $_REQUEST['email'], time() + 3600 * 1000, '/'); } else { setcookie("user_openid", $response->identity_url, time() + 3600 * 1000, '/'); } //set cookie /* Get sreg resp or defaults */ $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); $fullname = explode(' ', mysql_real_escape_string(@$sreg['fullname'], $db)); $email = @$sreg['email'] ? mysql_real_escape_string(@$sreg['email'], $db) : mysql_real_escape_string($_REQUEST['email'], $db); $nickname = @$sreg['nickname'] ? mysql_real_escape_string(@$sreg['nickname'], $db) : false; /* Augment with any AX response there may have been */ $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); if (($ax_email = $ax_resp->getSingle('http://axschema.org/contact/email')) && !is_a($ax_email, 'Auth_OpenID_AX_Error')) { $email = mysql_real_escape_string($ax_email, $db); } if (($ax_nickname = $ax_resp->getSingle('http://axschema.org/namePerson/friendly')) && !is_a($ax_nickname, 'Auth_OpenID_AX_Error')) { $nickname = mysql_real_escape_string($ax_nickname, $db); } if (($ax_fullname = $ax_resp->getSingle('http://axschema.org/namePerson')) && !is_a($ax_fullname, 'Auth_OpenID_AX_Error')) { $fullname = explode(' ', mysql_real_escape_string($ax_fullname, $db)); } /* And with any hCard */ if (!$email || !$nickname || !$photo) { $r = explode("\n", shell_exec("representative_hcard.rb '" . escapeshellcmd($response->identity_url) . "'")); if ($r[0]) { $nickname = mysql_real_escape_string($r[0], $db); }
/** * Construct a FetchResponse object from an OpenID library * SuccessResponse object. * * @param success_response: A successful id_res response object * * @param signed: Whether non-signed args should be processsed. If * True (the default), only signed arguments will be processsed. * * @return $response A FetchResponse containing the data from the * OpenID message */ function fromSuccessResponse($success_response, $signed = true) { $obj = new Auth_OpenID_AX_FetchResponse(); if ($signed) { $ax_args = $success_response->getSignedNS($obj->ns_uri); } else { $ax_args = $success_response->message->getArgs($obj->ns_uri); } if ($ax_args === null || Auth_OpenID::isFailure($ax_args) || sizeof($ax_args) == 0) { return null; } $result = $obj->parseExtensionArgs($ax_args); if (Auth_OpenID_AX::isError($result)) { #XXX log me return null; } return $obj; }
function index() { // Enable SSL? maintain_ssl($this->config->item("ssl_enabled")); // Get OpenID store object $store = new Auth_OpenID_FileStore($this->config->item("openid_file_store_path")); // Get OpenID consumer object $consumer = new Auth_OpenID_Consumer($store); if ($this->input->get('janrain_nonce')) { // Complete authentication process using server response $response = $consumer->complete(site_url('account/connect_google')); // Check the response status if ($response->status == Auth_OpenID_SUCCESS) { // Check if user has connect google to a3m if ($user = $this->account_openid_model->get_by_openid($response->getDisplayIdentifier())) { // Check if user is not signed in on a3m if (!$this->authentication->is_signed_in()) { // Run sign in routine $this->authentication->sign_in($user->account_id); } $user->account_id === $this->session->userdata('account_id') ? $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_this_account'), lang('connect_google'))) : $this->session->set_flashdata('linked_error', sprintf(lang('linked_linked_with_another_account'), lang('connect_google'))); redirect('account/account_linked'); } else { // Check if user is signed in on a3m if (!$this->authentication->is_signed_in()) { $openid_google = array(); if ($ax_args = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response)) { $ax_args = $ax_args->data; if (isset($ax_args['http://axschema.org/namePerson/friendly'][0])) { $openid_google['username'] = $ax_args['http://axschema.org/namePerson/friendly'][0]; } if (isset($ax_args['http://axschema.org/contact/email'][0])) { $email = $ax_args['http://axschema.org/contact/email'][0]; } if (isset($ax_args['http://axschema.org/namePerson'][0])) { $openid_google['fullname'] = $ax_args['http://axschema.org/namePerson'][0]; } if (isset($ax_args['http://axschema.org/birthDate'][0])) { $openid_google['dateofbirth'] = $ax_args['http://axschema.org/birthDate'][0]; } if (isset($ax_args['http://axschema.org/person/gender'][0])) { $openid_google['gender'] = $ax_args['http://axschema.org/person/gender'][0]; } if (isset($ax_args['http://axschema.org/contact/postalCode/home'][0])) { $openid_google['postalcode'] = $ax_args['http://axschema.org/contact/postalCode/home'][0]; } if (isset($ax_args['http://axschema.org/contact/country/home'][0])) { $openid_google['country'] = $ax_args['http://axschema.org/contact/country/home'][0]; } if (isset($ax_args['http://axschema.org/pref/language'][0])) { $openid_google['language'] = $ax_args['http://axschema.org/pref/language'][0]; } if (isset($ax_args['http://axschema.org/pref/timezone'][0])) { $openid_google['timezone'] = $ax_args['http://axschema.org/pref/timezone'][0]; } if (isset($ax_args['http://axschema.org/namePerson/first'][0])) { $openid_google['firstname'] = $ax_args['http://axschema.org/namePerson/first'][0]; } // google only if (isset($ax_args['http://axschema.org/namePerson/last'][0])) { $openid_google['lastname'] = $ax_args['http://axschema.org/namePerson/last'][0]; } // google only } // Store user's google data in session $this->session->set_userdata('connect_create', array(array('provider' => 'openid', 'provider_id' => $response->getDisplayIdentifier(), 'email' => isset($email) ? $email : NULL), $openid_google)); // Create a3m account redirect('account/connect_create'); } else { // Connect google to a3m $this->account_openid_model->insert($response->getDisplayIdentifier(), $this->session->userdata('account_id')); $this->session->set_flashdata('linked_info', sprintf(lang('linked_linked_with_your_account'), lang('connect_google'))); redirect('account/account_linked'); } } } else { $this->authentication->is_signed_in() ? redirect('account/account_linked') : redirect('account/sign_up'); } } // Begin OpenID authentication process $auth_request = $consumer->begin($this->config->item("openid_google_discovery_endpoint")); // Create ax request (Attribute Exchange) $ax_request = new Auth_OpenID_AX_FetchRequest(); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/friendly', 1, TRUE, 'username')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/email', 1, TRUE, 'email')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson', 1, TRUE, 'fullname')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/birthDate', 1, TRUE, 'dateofbirth')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/person/gender', 1, TRUE, 'gender')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/postalCode/home', 1, TRUE, 'postalcode')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/contact/country/home', 1, TRUE, 'country')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/language', 1, TRUE, 'language')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/pref/timezone', 1, TRUE, 'timezone')); $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/first', 1, TRUE, 'firstname')); // google only $ax_request->add(Auth_OpenID_AX_AttrInfo::make('http://axschema.org/namePerson/last', 1, TRUE, 'lastname')); // google only $auth_request->addExtension($ax_request); // Redirect to authorizate URL header("Location: " . $auth_request->redirectURL(base_url(), site_url('account/connect_google'))); }
/** * Construct a FetchResponse object from an OpenID library * SuccessResponse object. * * @param success_response: A successful id_res response object * * @param signed: Whether non-signed args should be processsed. If * True (the default), only signed arguments will be processsed. * * @return $response A FetchResponse containing the data from the * OpenID message */ function &fromSuccessResponse($success_response, $signed = true) { $obj = new Auth_OpenID_AX_FetchResponse(); if ($signed) { $ax_args = $success_response->getSignedNS($obj->ns_uri); } else { $ax_args = $success_response->message->getArgs($obj->ns_uri); } return $obj->parseExtensionArgs($ax_args); }
function compare_useremail_response($user, $response, &$return_email = null) { $email = null; if (empty($user) || empty($user->email)) { return true; } // cannot compare, assume ok $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); if (defined('ADD_AX_SUPPORT')) { $ax_resp = new Auth_OpenID_AX_FetchResponse(); $ax = $ax_resp->fromSuccessResponse($response); $email = get_ax_data(AX_SCHEMA_EMAIL, $ax); } if (empty($email) && !empty($sreg['email'])) { $email = $sreg['email']; } if ($return_email !== null) { $return_email = $email; } //error_log("/auth/openid/auth.php::compare_useremail_response(): $user->email ?= $email "); return !empty($email) ? $user->email == $email : true; }
function check() { $this->config->load('openid'); $this->load->helper('gfx'); $this->openid->set_request_to(site_url('auth/check')); $response = $this->openid->getResponse(); switch ($response->status) { case Auth_OpenID_CANCEL: flashdata_message('auth_login_canceled', 'highlight', 'info'); header('Location: ' . base_url()); break; case Auth_OpenID_FAILURE: flashdata_message('auth_login_failed'); header('Location: ' . base_url()); break; //case Auth_OpenID_SETUP_NEEDED: //Only happens in checkid_immediate mode // flashdata_message('Auth_OpenID_SETUP_NEEDED'); // header('Location: ' . base_url()); // break; //case Auth_OpenID_SETUP_NEEDED: //Only happens in checkid_immediate mode // flashdata_message('Auth_OpenID_SETUP_NEEDED'); // header('Location: ' . base_url()); // break; case Auth_OpenID_SUCCESS: $open_id = $response->getDisplayIdentifier(); $this->load->database(); $user = $this->db->get_where('users', array('login' => $open_id)); $sreg = Auth_OpenID_SRegResponse::fromSuccessResponse($response)->contents(); $ax_response = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); if ($ax_response) { $ax = $ax_response->data; } else { $ax = array(); } if ($user->num_rows() !== 0) { /* User exists */ $data = $user->row_array(); flashdata_message('auth_login', 'highlight', 'info'); if (!$data['email']) { if (isset($sreg['email'])) { $data['email'] = $sreg['email']; $this->db->update('users', array('email' => $sreg['email']), array('id' => $data['id'])); } elseif (isset($ax['http://axschema.org/contact/email'])) { $data['email'] = $ax['http://axschema.org/contact/email'][0]; $this->db->update('users', array('email' => $ax['http://axschema.org/contact/email'][0]), array('id' => $data['id'])); } } } else { $this->load->config('gfx'); if ($this->config->item('gfx_require_pre_authorization')) { header('Location: ' . site_url('about/closetest?claimed_id=' . urlencode($open_id))); return; } /* Create new user */ flashdata_message('auth_login_new', 'highlight', 'info'); $data = array('login' => $open_id, 'name' => '__temp__' . md5($open_id . time()), 'title' => '', 'admin' => 'N', 'avatar' => '', 'email' => '', 'bio' => '', 'web' => '', 'blog' => '', 'blog_rss' => '', 'forum_username' => '', 'count' => 1, 'visited' => 0); if (isset($sreg['fullname'])) { $data['title'] = $sreg['fullname']; } elseif (isset($sreg['nickname'])) { $data['title'] = $sreg['nickname']; } elseif (isset($ax['http://axschema.org/namePerson/first'])) { $data['title'] = $ax['http://axschema.org/namePerson/first'][0]; } if (isset($sreg['email'])) { $data['avatar'] = '(gravatar)'; $data['email'] = $sreg['email']; } elseif (isset($ax['http://axschema.org/contact/email'])) { $data['avatar'] = '(gravatar)'; $data['email'] = $ax['http://axschema.org/contact/email'][0]; } if (preg_match('/myid\\.tw\\/$/', $data['login'])) { $data['avatar'] = '(myidtw)'; } $this->db->insert('users', $data); $data['id'] = $this->db->insert_id(); $this->db->insert('u2g', array('user_id' => $data['id'], 'group_id' => '1', 'order' => '1')); } session_data_set(array('id' => $data['id'], 'name' => $data['name'], 'admin' => $data['admin'], 'hide_announcement' => ''), false); header('Location: ' . site_url('editor')); } if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', 0, '/'); } session_destroy(); }
/** * Retrieve user data from OpenID Attribute Exchange. * * @param string $identity_url OpenID to get user data about * @param reference $data reference to user data array * @see get_user_data */ function openid_get_user_data_ax($data, $identity_url) { set_include_path( dirname(__FILE__) . PATH_SEPARATOR . get_include_path() ); require_once('Auth/OpenID/AX.php'); restore_include_path(); $response = openid_response(); $ax = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); if (!$ax) return $data; $email = $ax->getSingle('http://axschema.org/contact/email'); if ($email && !is_a($email, 'Auth_OpenID_AX_Error')) { $data['user_email'] = $email; } $nickname = $ax->getSingle('http://axschema.org/namePerson/friendly'); if ($nickname && !is_a($nickname, 'Auth_OpenID_AX_Error')) { $data['nickname'] = $ax->getSingle('http://axschema.org/namePerson/friendly'); $data['user_nicename'] = $ax->getSingle('http://axschema.org/namePerson/friendly'); $data['display_name'] = $ax->getSingle('http://axschema.org/namePerson/friendly'); } $fullname = $ax->getSingle('http://axschema.org/namePerson'); if ($fullname && !is_a($fullname, 'Auth_OpenID_AX_Error')) { $namechunks = explode( ' ', $fullname, 2 ); if( isset($namechunks[0]) ) $data['first_name'] = $namechunks[0]; if( isset($namechunks[1]) ) $data['last_name'] = $namechunks[1]; $data['display_name'] = $fullname; } return $data; }
function openid_verify() { $consumer = new Auth_OpenID_Consumer(new Auth_OpenID_MySQLStore(theDb())); // Complete the authentication process using the server's // response. $return_to = getReturnTo(); $response = $consumer->complete($return_to); // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { // This means the authentication was cancelled. $msg = 'Verification cancelled.'; } else { if ($response->status == Auth_OpenID_FAILURE) { // Authentication failed; display the error message. $msg = "OpenID authentication failed: " . $response->message; } else { if ($response->status == Auth_OpenID_SUCCESS) { // This means the authentication succeeded; extract the // identity URL and Simple Registration data (if it was // returned). $openid = $response->getDisplayIdentifier(); $esc_identity = htmlentities($openid); $success = sprintf('You have successfully verified ' . '<a href="%s">%s</a> as your identity.', $esc_identity, $esc_identity); if ($response->endpoint->canonicalID) { $escaped_canonicalID = htmlentities($response->endpoint->canonicalID); $success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') '; } $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); $ax = new Auth_OpenID_AX_FetchResponse(); $obj = $ax->fromSuccessResponse($response); if ($obj) { function ax_get($obj, $url) { if (!$obj) { return ""; } $x = $obj->get($url); if (is_array($x) && is_string($x[0])) { return $x[0]; } return ""; } if ($x = ax_get($obj, 'http://axschema.org/contact/email')) { $sreg["email"] = $x; } if ($x = ax_get($obj, 'http://axschema.org/namePerson/first')) { $sreg["fullname"] = $x . " " . ax_get($obj, 'http://axschema.org/namePerson/last'); } } openid_user_update($openid, $sreg); unset($_SESSION["auth_error"]); return true; } } } $_SESSION["auth_error"] = $msg; return false; }
<?php include "config.php"; include "authCommon.php"; $response = $openID->complete($baseURL . $basePath); $identifier = $response->getDisplayIdentifier(); if ($response->status == Auth_OpenID_SUCCESS) { $axFetcher = new Auth_OpenID_AX_FetchResponse(); $axList = $axFetcher->fromSuccessResponse($response); $emailSplit = explode("@", $axList->data["http://axschema.org/contact/email"][0]); if ($emailSplit[1] != $requiredEmailDomain) { die("You must login using your " . $requiredEmailDomain . " account.<br><a href='https://www.google.com/accounts/Logout'>Logout</a> before trying again."); } if (intval($emailSplit[0]) != 0) { die("Students may not access this system! <a href='https://www.google.com/accounts/Logout'>Logout</a>"); } $_SESSION['loggedIn'] = true; $_SESSION['email'] = $axList->data["http://axschema.org/contact/email"][0]; header("Location: index.php"); } else { echo "OpenID auth failed!<br><br>"; print_r($response); }
// Complete the authentication process using the server's // response. $return_to = getReturnTo(); $response = $consumer->complete($return_to); // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { // This means the authentication was cancelled. $msg = 'Verification cancelled.'; } else { if ($response->status == Auth_OpenID_FAILURE) { // Authentication failed; display the error message. $msg = "OpenID authentication failed: " . $response->message; } else { if ($response->status == Auth_OpenID_SUCCESS) { // This means the authentication succeeded $ax = new Auth_OpenID_AX_FetchResponse(); $obj = $ax->fromSuccessResponse($response); $openid_username = $obj->data['http://axschema.org/contact/email'][0]; } } } } if (isset($_REQUEST['p1'])) { $p1 = $_REQUEST['p1']; } else { $p1 = $_REQUEST['camila_1']; } if (isset($_REQUEST['p2'])) { $p2 = $_REQUEST['p2']; } else { $p2 = $_REQUEST['camila_2'];
/** * Process a request. * * This function never returns. * * @param Auth_OpenID_Request $request The request we are processing. */ public function processRequest(array $state) { assert('isset($state["request"])'); $request = $state['request']; $sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest($request); $ax_req = Auth_OpenId_AX_FetchRequest::fromOpenIDRequest($request); /* In resume.php there should be a way to display data requested through sreg or ax. */ if (!$this->authSource->isAuthenticated()) { if ($request->immediate) { /* Not logged in, and we cannot show a login form. */ $this->sendResponse($request->answer(FALSE)); } $resumeURL = $this->getStateURL('resume.php', $state); $this->authSource->requireAuth(array('ReturnTo' => $resumeURL)); } $identity = $this->getIdentity(); assert('$identity !== FALSE'); /* Should always be logged in here. */ if (!$request->idSelect() && $identity !== $request->identity) { /* The identity in the request doesn't match the one of the logged in user. */ throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.'); } if ($this->isTrusted($identity, $request->trust_root)) { $trusted = TRUE; } elseif (isset($state['TrustResponse'])) { $trusted = (bool) $state['TrustResponse']; } else { if ($request->immediate) { /* Not trusted, and we cannot show a trust-form. */ $this->sendResponse($request->answer(FALSE)); } $trustURL = $this->getStateURL('trust.php', $state); SimpleSAML_Utilities::redirectTrustedURL($trustURL); } if (!$trusted) { /* The user doesn't trust this site. */ $this->sendResponse($request->answer(FALSE)); } $response = $request->answer(TRUE, NULL, $identity); //Process attributes $attributes = $this->authSource->getAttributes(); foreach ($attributes as $key => $attr) { if (is_array($attr) && count($attr) === 1) { $attributes[$key] = $attr[0]; } } $pc = new SimpleSAML_Auth_ProcessingChain($this->authProc, array(), 'idp'); $state = array('Attributes' => $attributes, 'isPassive' => TRUE); $pc->processStatePassive(&$state); $attributes = $state['Attributes']; //Process SREG requests $sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $attributes); $sreg_resp->toMessage($response->fields); //Process AX requests $ax_resp = new Auth_OpenID_AX_FetchResponse(); foreach ($ax_req->iterTypes() as $type_uri) { if (isset($attributes[$type_uri])) { $ax_resp->addValue($type_uri, $attributes[$type_uri]); } } $ax_resp->toMessage($response->fields); /* The user is authenticated, and trusts this site. */ $this->sendResponse($response); }
private function getUserProfileInfo($response) { if (Auth_OpenID_supportsSReg($response->endpoint)) { $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); $email = @$sreg['email']; $full_name = @$sreg['fullname']; } else { //AX // Get registration informations $ax = new Auth_OpenID_AX_FetchResponse(); $obj = $ax->fromSuccessResponse($response); $email = $obj->data["http://axschema.org/contact/email"][0]; if (isset($obj->data["http://axschema.org/namePerson/first"])) { $full_name = $obj->data["http://axschema.org/namePerson/first"][0] . ' ' . $obj->data["http://axschema.org/namePerson/last"][0]; } else { $full_name = $obj->data["http://axschema.org/namePerson"][0]; } } return array($email, $full_name); }
//display pape policy return data if available $response_pape = Auth_OpenID_PAPE_Response::fromSuccessResponse($response); if ($response_pape) { //pape policies affected by authentication if ($response_pape->auth_policies) { $response_state .= "<br />PAPE returned policies which affected the authentication:"; foreach ($response_pape->auth_policies as $uri) { $response_state .= '- ' . htmlentities($uri); } } //server authentication age if ($response_pape->auth_age) { $response_state .= "<br />PAPE returned server authentication age with the value: " . htmlentities($response_pape->auth_age); } //nist authentication level if ($response_pape->nist_auth_level) { $response_state .= "<br />PAPE returned server NIST auth level with the value: " . htmlentities($response_pape->nist_auth_level); } } //get attribute exchange return values $response_ax = new Auth_OpenID_AX_FetchResponse(); $ax_return = $response_ax->fromSuccessResponse($response); echo "<h1>AX</h1>"; var_dump($ax_return); foreach ($ax_return->data as $item => $value) { $response_state .= "<br />AX returned <b>{$item}</b> with the value: <b>{$value[0]}</b>"; } } } } print $response_state;
/** * Using this option, we need to redirect to user profile after login * to update user details as we have no other way of getting this info * @return type */ function openIdLogin() { // session_start(); require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/SReg.php"; require_once "Auth/OpenID/AX.php"; $objAltConfig = $this->getObject('altconfig', 'config'); $modPath = $objAltConfig->getModulePath(); $moduleUri = $objAltConfig->getModuleURI(); $siteRoot = $objAltConfig->getSiteRoot(); $DEFAULT_REDIRECT_ULR = $siteRoot . '?module=security&action=openidloginresult'; $OPENID_AUTH_PAGE = $siteRoot . '?module=security&action=openidlogin'; $OPENID_CALLBACK_PAGE = $siteRoot . '?module=security&action=openidlogin'; $objMkDir = $this->getObject('mkdir', 'files'); $openidPath = $this->objConfig->getcontentBasePath() . '/openid'; $objMkDir->mkdirs($openidPath); $store = new Auth_OpenID_FileStore($openidPath); $consumer = new Auth_OpenID_Consumer($store); $response = $consumer->complete($OPENID_CALLBACK_PAGE); if ($response->status == Auth_OpenID_SUCCESS) { $ax = new Auth_OpenID_AX_FetchResponse(); $obj = $ax->fromSuccessResponse($response); $data = $obj->data; //this is a workaround because some openid providers, like myopenid.com, //does not fully support attribute exchange just yet. They're working on it. //I may update it in the future. if ($_SESSION['openid_user']) { $email = $_SESSION['openid_user']; $_SESSION['openid_user'] = null; } else { $email = $data['http://axschema.org/contact/email']['0']; } $_SESSION['user'] = $email; $_SESSION['AUTH'] = true; $me = array(); $updateDetailsPhrase = $this->objLanguage->languageText("mod_security_updateprofile", 'security'); $me['username'] = $email; $me['email'] = $email; $me['first_name'] = $updateDetailsPhrase; $me['last_name'] = ''; $me['gender'] = 'male'; $me['id'] = mt_rand(1000, 9999) . date('ymd'); return $this->openIdAuth($me); } else { $_SESSION['AUTH'] = false; header('Location: ' . $siteRoot . '?module=security&action=error&message=no_openidconnect&msg=mod_security_problemlogginginwith'); } }
/** * Get attributes from OpenID response and populate 'user'-like structure * If matching user exists then return matching user * * @param string $resp - the OpenID response * @return user object - false on multiple matches, or the matching user object * _or_ new user object with members: * username, email, firstname, lastname, country */ function openid_resp_to_user(&$resp) { $tmp_users = array(); $user = new stdClass(); $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($resp); $sreg = $sreg_resp->contents(); if (defined('ADD_AX_SUPPORT')) { $ax_resp = new Auth_OpenID_AX_FetchResponse(); $ax = $ax_resp->fromSuccessResponse($resp); } // We'll attempt to use the user's nickname to set their username if (isset($sreg['nickname']) && !empty($sreg['nickname']) && !($tmp_users['username'] = get_records('user', 'username', addslashes($sreg['nickname']))) || defined('USE_EMAIL_FOR_USERNAME') && isset($sreg['email']) && !empty($sreg['email']) && !($tmp_users['username_email'] = get_records('user', 'username', $sreg['email']))) { $user->username = addslashes(isset($sreg['nickname']) && !empty($sreg['nickname']) ? $sreg['nickname'] : $sreg['email']); } else { if (defined('ADD_AX_SUPPORT') && (($nickname = get_ax_data(AX_SCHEMA_NICKNAME, $ax)) && !($tmp_users['username'] = get_records('user', 'username', addslashes($nickname))) || defined('USE_EMAIL_FOR_USERNAME') && ($useremail = get_ax_data(AX_SCHEMA_EMAIL, $ax)) && !($tmp_users['username_email'] = get_records('user', 'username', $useremail)))) { // better to fall-back to email? may show-up in various display blocks $user->username = addslashes($nickname ? $nickname : $useremail); } else { $user->username = openid_normalize_url_as_username($resp->identity_url); } } // SREG fullname if (isset($sreg['fullname']) && !empty($sreg['fullname'])) { $name = openid_parse_full_name($sreg['fullname']); $user->firstname = addslashes($name['first']); $user->lastname = addslashes($name['last']); } else { if (defined('ADD_AX_SUPPORT') && (get_ax_data(AX_SCHEMA_FULLNAME, $ax) || get_ax_data(AX_SCHEMA_LASTNAME, $ax))) { if (get_ax_data(AX_SCHEMA_LASTNAME, $ax)) { $user->firstname = addslashes(get_ax_data(AX_SCHEMA_FIRSTNAME, $ax)); $user->lastname = addslashes(get_ax_data(AX_SCHEMA_LASTNAME, $ax)); } else { // fullname $name = openid_parse_full_name(get_ax_data(AX_SCHEMA_FULLNAME, $ax)); $user->firstname = addslashes($name['first']); $user->lastname = addslashes($name['last']); } } } if (!empty($user->lastname)) { $tmp_users['fullname'] = get_records_select('user', "firstname = '" . $user->firstname . "' AND lastname = '" . $user->lastname . "'"); } // SREG email if (!empty($sreg['email']) && !($tmp_users['email'] = get_records('user', 'email', $sreg['email']))) { $user->email = addslashes($sreg['email']); } else { if (defined('ADD_AX_SUPPORT') && ($useremail = get_ax_data(AX_SCHEMA_EMAIL, $ax)) && !($tmp_users['email'] = get_records('user', 'email', $useremail))) { $user->email = addslashes($useremail); } } // SREG country $country = ''; if (isset($sreg['country']) && !empty($sreg['country'])) { $country = $sreg['country']; } else { if (defined('ADD_AX_SUPPORT') && get_ax_data(AX_SCHEMA_COUNTRY, $ax)) { $country = get_ax_data(AX_SCHEMA_COUNTRY, $ax); } } if (!empty($country)) { $country_code = strtoupper($country); $countries = get_list_of_countries(); if (strlen($country) != 2 || !isset($countries[$country_code])) { $countries_keys = array_keys($countries); $countries_vals = array_values($countries); $country_code = array_search($country, $countries_vals); if ($country_code > 0) { $country_code = $countries_keys[$country_code]; } else { $country_code = ''; } } if (!empty($country_code)) { $user->country = $country_code; } } /* We're currently not attempting to get language and timezone values // SREG language if (isset($sreg['language']) && !empty($sreg['language'])) { } // SREG timezone if (isset($sreg['timezone']) && !empty($sreg['timezone'])) { } */ $config = get_config('auth/openid'); //error_log("/auth/openid/locallib.php::auth/openid::config=..."); //err_dump($config); //error_log("/auth/openid/locallib.php::openid_resp_to_user() - check for user matching ..."); //err_dump($user); // Map OpenID fields to whether field MUST be unique // TBD: make unique fields configurable im OpenID: auth_config_users.html // Keys must match keys in tmp_users[] array - set above. $openid_fields = array('email' => 1, 'fullname' => 0, 'username' => 0, 'username_email' => 1); foreach ($openid_fields as $openid_field => $field_unique) { $match_array = str_word_count($config->auth_openid_match_fields, 1, '_'); $num = !empty($match_array) ? 1 : 0; if ($field_unique && !empty($tmp_users[$openid_field]) && count($tmp_users[$openid_field]) > $num) { //error_log("/auth/openid/locallib.php::openid_resp_to_user() - multiple matches on count(tmp_users[{$openid_field}])=".count($tmp_users[$openid_field])." ..."); //err_dump($tmp_users[$openid_field]); //error_log("> match_array=..."); //err_dump($match_array); return false; } } $matching_user = null; // check tmp_users[] matches for valid existing user, // return false if conflicts between matching fields if (!empty($config->auth_openid_match_fields)) { $openid_match_fields = explode(',', $config->auth_openid_match_fields); foreach ($openid_match_fields as $match_field) { $match_field = trim($match_field); if (!empty($tmp_users[$match_field]) && count($tmp_users[$match_field]) == 1) { if (!$matching_user) { $matching_user = reset($tmp_users[$match_field]); } else { if ($openid_fields[$match_field] && $matching_user->id != reset($tmp_users[$match_field])->id) { // unique field matches different user! return false; } } } } } if (!empty($matching_user)) { merge_user_fields($matching_user, $user); //error_log( "openid_resp_to_user() - merged matching user: "); //err_dump($matching_user); return $matching_user; } return $user; }
function run() { $consumer = getConsumer(); // Complete the authentication process using the server's // response. $return_to = getReturnTo(); $response = $consumer->complete($return_to); // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { // This means the authentication was cancelled. $msg = gettext('Verification cancelled.'); } else { if ($response->status == Auth_OpenID_FAILURE) { // Authentication failed; display the error message. $msg = sprintf(gettext("OpenID authentication failed: %s"), $response->message); } else { if ($response->status == Auth_OpenID_SUCCESS) { // This means the authentication succeeded; extract the // identity URL and Simple Registration data (if it was // returned). $openid = $response->getDisplayIdentifier(); $esc_identity = escape($openid); $success = sprintf(gettext('You have successfully verified <a href="%s">%s</a> as your identity.'), $esc_identity, $esc_identity); if ($response->endpoint->canonicalID) { $escaped_canonicalID = escape($response->endpoint->canonicalID); $success .= ' (XRI CanonicalID: ' . $escaped_canonicalID . ') '; } $email = $name = NULL; $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $sreg = $sreg_resp->contents(); if ($sreg) { if (@$sreg['email']) { $email = trim($sreg['email']); } if (@$sreg['nickname']) { $name = $sreg['nickname']; } if (@$sreg['fullname']) { $name = $sreg['fullname']; } } $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); if ($ax_resp) { $arr_ax_resp = get_object_vars($ax_resp); $arr_ax_data = $arr_ax_resp['data']; if (empty($email) && isset($arr_ax_data["http://axschema.org/contact/email"]) && count($arr_ax_data["http://axschema.org/contact/email"]) > 0) { $email = $arr_ax_data["http://axschema.org/contact/email"][0]; } if (empty($name) && isset($arr_ax_data["http://axschema.org/namePerson"]) && count($arr_ax_data["http://axschema.org/namePerson"]) > 0) { $name = $arr_ax_data["http://axschema.org/namePerson"][0]; } if (empty($name)) { $name_first = ''; $name_middle = ''; $name_last = ''; if (isset($arr_ax_data["http://axschema.org/namePerson/first"]) && count($arr_ax_data["http://axschema.org/namePerson/first"]) > 0) { $name_first = $arr_ax_data["http://axschema.org/namePerson/first"][0]; } if (isset($arr_ax_data["http://axschema.org/namePerson/middle"]) && count($arr_ax_data["http://axschema.org/namePerson/middle"]) > 0) { $name_middle = $arr_ax_data["http://axschema.org/namePerson/middle"][0]; } if (isset($arr_ax_data["http://axschema.org/namePerson/last"]) && count($arr_ax_data["http://axschema.org/namePerson/last"]) > 0) { $name_last = $arr_ax_data["http://axschema.org/namePerson/last"][0]; } $fullname = trim(trim(trim($name_first) . ' ' . $name_middle) . ' ' . $name_last); if (!empty($fullname)) { $name = $fullname; } } if (empty($name) && isset($arr_ax_data["http://axschema.org/namePerson/friendly"]) && count($arr_ax_data["http://axschema.org/namePerson/friendly"]) > 0) { $name = $arr_ax_data["http://axschema.org/namePerson/friendly"][0]; } } $userid = trim(str_replace(array('http://', 'https://'), '', $openid), '/'); // always remove the protocol $pattern = @$_SESSION['OpenID_cleaner_pattern']; if ($pattern) { if (preg_match($pattern, $userid, $matches)) { $userid = $matches[1]; } } $provider = @$_SESSION['provider']; if (strlen($userid) + strlen($provider) > 63) { $userid = sha1($userid); } if ($provider) { $userid = $provider . ':' . $userid; } $redirect = @$_SESSION['OpenID_redirect']; $success .= logonFederatedCredentials($userid, $email, $name, $redirect); } } } return $success; }
/** * Finish up authentication. * * @access public * @return string */ public function finish_auth() { $msg = $error = $success = ''; $consumer = $this->_get_consumer(); // Complete the authentication process using the server's response. $response = $consumer->complete($this->_get_self()); // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { $data = $this->_throw_error(OPENID_RETURN_CANCEL); } else { if ($response->status == Auth_OpenID_FAILURE) { $data = $this->_throw_error(OPENID_RETURN_FAILURE, $response->message); } else { if ($response->status == Auth_OpenID_SUCCESS) { // if AX $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); if ($response->endpoint->used_yadis && $ax_resp) { $data = $ax_resp->data; $new_data = array(); foreach ($data as $i => $item) { if (array_key_exists($i, $this->ax_aliases)) { $new_data[$this->ax_aliases[$i]] = $item; } else { $new_data[$i] = $item; } } $data = $new_data; } else { $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); $data = $sreg_resp->contents(); } } } } // if handling a popup request if ($this->ci->session->userdata('_openid_popup')) { $this->ci->session->unset_userdata('_openid_popup'); // store the data in a session $this->ci->session->set_userdata('_openid_data', $data); // close the popup include OPENID_DIRECTORY . 'EasyOpenID_close.php'; die; } else { return $data; } }
public function executeTrust(sfWebRequest $request) { opApplicationConfiguration::registerJanRainOpenID(); require_once 'Auth/OpenID/Server.php'; require_once 'Auth/OpenID/FileStore.php'; require_once 'Auth/OpenID/SReg.php'; require_once 'Auth/OpenID/AX.php'; $info = unserialize($_SESSION['request']); $this->forward404Unless($info); $trusted = $request->hasParameter('trust') || $request->hasParameter('permanent'); if (!$trusted) { unset($_SESSION['request']); $url = $info->getCancelURL(); $this->redirect($url); } $reqUrl = $this->getController()->genUrl('OpenID/member?id=' . $this->getUser()->getMemberId(), true); if (!$info->idSelect()) { $this->forward404Unless($reqUrl === $info->identity, 'request:' . $reqUrl . '/identity:' . $info->identity); } unset($_SESSION['request']); $server = new Auth_OpenID_Server(new Auth_OpenID_FileStore(sfConfig::get('sf_cache_dir')), $info->identity); $response = $info->answer(true, null, $reqUrl); $sregRequest = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $axRequest = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info); $allowedProfiles = $request->getParameter('profiles', array()); $requiredProfiles = $this->createListOfRequestedProfiles($sregRequest, $axRequest); $rejectedProfiles = array_diff_key($requiredProfiles, array_flip($allowedProfiles)); if (in_array(true, $rejectedProfiles)) { $url = $info->getCancelURL(); $this->redirect($url); } if ($sregRequest) { $sregExchange = new opOpenIDProfileExchange('sreg', $this->getUser()->getMember()); $sregResp = Auth_OpenID_SRegResponse::extractResponse($sregRequest, $sregExchange->getData($allowedProfiles)); $response->addExtension($sregResp); } if ($axRequest && !$axRequest instanceof Auth_OpenID_AX_Error) { $axResp = new Auth_OpenID_AX_FetchResponse(); $axExchange = new opOpenIDProfileExchange('ax', $this->getUser()->getMember()); $userData = $axExchange->getData($allowedProfiles); foreach ($axRequest->requested_attributes as $k => $v) { if (!empty($userData[$k])) { $axResp->addValue($k, $userData[$k]); } } $response->addExtension($axResp); } $log = Doctrine::getTable('OpenIDTrustLog')->log($info->trust_root, $this->getUser()->getMemberId()); if ($request->hasParameter('permanent')) { $log->is_permanent = true; $log->save(); } $response = $server->encodeResponse($response); return $this->writeResponse($response); }
/** * Process an authentication response. * * @param array &$state The state array. */ public function postAuth(array &$state) { $consumer = $this->getConsumer($state); $return_to = SimpleSAML_Utilities::selfURL(); // Complete the authentication process using the server's // response. $response = $consumer->complete($return_to); // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { // This means the authentication was cancelled. throw new SimpleSAML_Error_UserAborted(); } else { if ($response->status == Auth_OpenID_FAILURE) { // Authentication failed; display the error message. throw new SimpleSAML_Error_AuthSource($this->authId, 'Authentication failed: ' . var_export($response->message, TRUE)); } else { if ($response->status != Auth_OpenID_SUCCESS) { throw new SimpleSAML_Error_AuthSource($this->authId, 'General error. Try again.'); } } } // This means the authentication succeeded; extract the // identity URL and Simple Registration data (if it was // returned). $openid = $response->identity_url; $attributes = array('openid' => array($openid)); $attributes['openid.server_url'] = array($response->endpoint->server_url); if ($response->endpoint->canonicalID) { $attributes['openid.canonicalID'] = array($response->endpoint->canonicalID); } if ($response->endpoint->local_id) { $attributes['openid.local_id'] = array($response->endpoint->local_id); } $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response, $this->validateSReg); $sregresponse = $sreg_resp->contents(); if (is_array($sregresponse) && count($sregresponse) > 0) { $attributes['openid.sregkeys'] = array_keys($sregresponse); foreach ($sregresponse as $sregkey => $sregvalue) { $attributes['openid.sreg.' . $sregkey] = array($sregvalue); } } // Get AX response information $ax = new Auth_OpenID_AX_FetchResponse(); $ax_resp = $ax->fromSuccessResponse($response); if ($ax_resp instanceof Auth_OpenID_AX_FetchResponse && !empty($ax_resp->data)) { $axresponse = $ax_resp->data; $attributes['openid.axkeys'] = array_keys($axresponse); foreach ($axresponse as $axkey => $axvalue) { if (preg_match("/^\\w+:/", $axkey)) { $attributes[$axkey] = is_array($axvalue) ? $axvalue : array($axvalue); } else { SimpleSAML_Logger::warning('Invalid attribute name in AX response: ' . var_export($axkey, TRUE)); } } } SimpleSAML_Logger::debug('OpenID Returned Attributes: ' . implode(", ", array_keys($attributes))); $state['Attributes'] = $attributes; SimpleSAML_Auth_Source::completeAuth($state); }
/** * Returns null and sets a flash message on all errors. **/ static function finishAuth() { $consumer = self::getConsumer(); $return_to = self::getReturnTo(); $response = $consumer->complete($return_to); if ($response->status == Auth_OpenID_CANCEL) { FlashMessage::add('Verificare anulată.'); return null; } else { if ($response->status == Auth_OpenID_FAILURE) { FlashMessage::add('Verificarea a eșuat: ' . $response->message); return null; } else { if ($response->status == Auth_OpenID_SUCCESS) { $result = array(); $result['identity'] = htmlentities($response->getDisplayIdentifier()); if ($response->endpoint->canonicalID) { $escaped_canonicalID = htmlentities($response->endpoint->canonicalID); // Ignored for now } $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response); if ($sreg_resp) { $sreg = $sreg_resp->contents(); if (isset($sreg['email'])) { $result['email'] = $sreg['email']; } if (isset($sreg['nickname'])) { $result['nickname'] = $sreg['nickname']; } if (isset($sreg['fullname'])) { $result['fullname'] = $sreg['fullname']; } } $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); if ($ax_resp) { $data = $ax_resp->data; if (isset($data['http://axschema.org/contact/email']) && count($data['http://axschema.org/contact/email'])) { $result['email'] = $data['http://axschema.org/contact/email'][0]; // Take this over sreg } if (isset($data['http://axschema.org/namePerson']) && count($data['http://axschema.org/namePerson'])) { $result['fullname'] = $data['http://axschema.org/namePerson'][0]; } $names = array(); if (isset($data['http://axschema.org/namePerson/first']) && count($data['http://axschema.org/namePerson/first'])) { $names[] = $data['http://axschema.org/namePerson/first'][0]; } if (isset($data['http://axschema.org/namePerson/last']) && count($data['http://axschema.org/namePerson/last'])) { $names[] = $data['http://axschema.org/namePerson/last'][0]; } if (count($names)) { $result['fullname'] = implode(' ', $names); } } return $result; } } } }
/** * Iff user was authenticated (at URL returned by getLoginUrl), * returns associative array that WILL contain user's Harvard email * address (mail) and that MAY contain user's name (displayName). * * @param return_to URL to which CS50 ID returned user * * @return user as associative array */ public static function getUser($return_to) { // ignore Janrain's use of deprecated functions $error_reporting = error_reporting(); error_reporting($error_reporting & ~E_DEPRECATED); // load Janrain's libary set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . DIRECTORY_SEPARATOR . "share" . DIRECTORY_SEPARATOR . "php-openid-2.3.0"); require_once "Auth/OpenID/AX.php"; require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/FileStore.php"; require_once "Auth/OpenID/SReg.php"; // ensure $_SESSION exists for Yadis @session_start(); // prepare filesystem-based store $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . md5($return_to); @mkdir($path, 0700); if (!is_dir($path)) { trigger_error("Could not create {$path}", E_USER_ERROR); } if (!is_readable($path)) { trigger_error("Could not read from {$path}", E_USER_ERROR); } if (!is_writable($path)) { trigger_error("Could not write to {$path}", E_USER_ERROR); } $store = new Auth_OpenID_FileStore($path); // get response $consumer = new Auth_OpenID_Consumer($store); $response = $consumer->complete($return_to); if ($response->status == Auth_OpenID_SUCCESS) { // get user's identity $user = ["identity" => $response->identity_url]; // get Simple Registration fields, if any if ($sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response)) { $user = array_merge($user, $sreg_resp->contents()); } // get Attribute Exchange attributes, if any if ($ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response)) { $user = array_merge($user, $ax_resp->data); } } // restore error_reporting error_reporting($error_reporting); // return user unless error return isset($user) ? $user : false; }
/** * Called when returning from the authentication server * Find the user with the given openid, if any or displays the "Choose name" * form */ function finish() { global $wgOut, $wgUser, $wgOpenIDUseEmailAsNickname; wfSuppressWarnings(); $consumer = $this->getConsumer(); $response = $consumer->complete( $this->scriptUrl( 'Finish' ) ); wfRestoreWarnings(); if ( is_null( $response ) ) { wfDebug( "OpenID: aborting in auth because no response was recieved\n" ); $wgOut->showErrorPage( 'openiderror', 'openiderrortext' ); return; } switch ( $response->status ) { case Auth_OpenID_CANCEL: // This means the authentication was cancelled. $wgOut->showErrorPage( 'openidcancel', 'openidcanceltext' ); break; case Auth_OpenID_FAILURE: wfDebug( "OpenID: error message '" . $response->message . "'\n" ); $wgOut->showErrorPage( 'openidfailure', 'openidfailuretext', array( ( $response->message ) ? $response->message : '' ) ); break; case Auth_OpenID_SUCCESS: // This means the authentication succeeded. wfSuppressWarnings(); $openid = $response->identity_url; if ( !$this->canLogin( $openid ) ) { $wgOut->showErrorPage( 'openidpermission', 'openidpermissiontext' ); return; } $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse( $response ); $sreg = $sreg_resp->contents(); $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse( $response ); $ax = $ax_resp->data; wfRestoreWarnings(); if ( is_null( $openid ) ) { wfDebug( "OpenID: aborting in auth success because identity URL is missing\n" ); $wgOut->showErrorPage( 'openiderror', 'openiderrortext' ); return; } $user = self::getUserFromUrl( $openid ); if ( $user instanceof User ) { $this->updateUser( $user, $sreg, $ax ); # update from server $wgUser = $user; $this->displaySuccessLogin( $openid ); } else { // if we are hardcoding nickname, and a valid e-mail address was returned, create a user with this name if ( $wgOpenIDUseEmailAsNickname ) { $name = $this->getNameFromEmail( $openid, $sreg, $ax ); if ( !empty( $name ) && $this->userNameOk( $name ) ) { $wgUser = $this->createUser( $openid, $sreg, $ax, $name ); $this->displaySuccessLogin( $openid ); return; } } $this->saveValues( $openid, $sreg, $ax ); $this->chooseNameForm( $openid, $sreg, $ax ); return; } } }
function test_fromSuccessResponse() { $name = "ziggy"; $value = "stardust"; $uri = "http://david.bowie.name/"; $args = array('mode' => 'id_res', 'ns' => Auth_OpenID_OPENID2_NS, 'ns.ax' => Auth_OpenID_AX_NS_URI, 'ax.mode' => 'fetch_response', 'ax.update_url' => 'http://example.com/realm/update_path', 'ax.type.' . $name => $uri, 'ax.count.' . $name => '1', 'ax.value.' . $name . '.1' => $value); $sf = array(); foreach (array_keys($args) as $k) { array_push($sf, $k); } $msg = Auth_OpenID_Message::fromOpenIDArgs($args); $e = new FauxEndpoint(); $resp = new Auth_OpenID_SuccessResponse($e, $msg, $sf); $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($resp, false); $this->assertFalse($ax_resp === null); $this->assertTrue(is_a($ax_resp, 'Auth_OpenID_AX_FetchResponse')); $values = $ax_resp->get($uri); $this->assertEquals(array($value), $values); }
/** * Verifies a given signed assertion. * @param &Attribute_Verifier &$attributeVerifier - An instance of the class passed for the verification. * @param Auth_OpenID_Response - Response object for extraction. * @return boolean - true if successful, false if verification fails. */ function verifyAssertion(&$attributeVerifier, $response) { $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($response); if ($ax_resp instanceof Auth_OpenID_AX_FetchResponse) { $ax_args = $ax_resp->getExtensionArgs(); if ($ax_args) { $value = base64_decode($ax_args['value.ext1.1']); if ($attributeVerifier->verify($value)) { return base64_decode($ax_args['value.ext0.1']); } else { return null; } } else { return null; } } else { return null; } }