Start OpenID verification without doing OpenID server
discovery. This method is used internally by Consumer.begin
after discovery is performed, and exists to provide an
interface for library users needing to perform their own
discovery.
| public beginWithoutDiscovery ( Auth_OpenID_ServiceEndpoint $endpoint, $anonymous = false ) : Auth_OpenID_AuthRequest | ||
| $endpoint | Auth_OpenID_ServiceEndpoint | an OpenID service endpoint descriptor. |
| Résultat | Auth_OpenID_AuthRequest | $auth_request An OpenID authentication request object. |
/**
* Initiate an OpenID request
*
* @param boolean $allow_sreg Default true
* @param string $process_url Default empty (will use $CFG->wwwroot)
* @param array $params Array of extra parameters to append to the request
*/
function do_request($allow_sreg = true, $process_url = '', $params = array())
{
global $CFG, $USER;
// Create the consumer instance
$store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid');
$consumer = new Auth_OpenID_Consumer($store);
$openid_url = optional_param('openid_url', null);
if (defined('GOOGLE_OPENID_URL') && !empty($openid_url) && (stristr($openid_url, '@google.') || stristr($openid_url, '@gmail.'))) {
// BJB101206: map Google email addresses to OpenID url
$tmpemail = $openid_url;
$openid_url = GOOGLE_OPENID_URL;
logout_guestuser();
if (empty($USER->id) && ($tmpuser = get_complete_user_data('email', $tmpemail)) && $tmpuser->auth != 'openid') {
$allow_sreg = true;
// would like to verify email later
$process_url = $CFG->wwwroot . '/auth/openid/actions.php';
$USER = $tmpuser;
$params['openid_tmp_login'] = true;
// require flag in action.php
$params['openid_action'] = 'change';
$params['openid_url'] = $openid_url;
$params['openid_mode'] = 'switch2openid';
// arbitrary != null
//error_log('/auth/openid/auth.php::do_request() - Found user email: '.$tmpemail);
}
}
if (!empty($this->config->auth_openid_google_apps_domain)) {
$openid_url = $this->config->auth_openid_google_apps_domain;
new GApps_OpenID_Discovery($consumer);
}
$authreq = $consumer->begin($openid_url);
if (!$authreq && $this->is_sso()) {
$endpoint = new Auth_OpenID_ServiceEndpoint();
$endpoint->server_url = $openid_url;
$endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT;
$endpoint->type_uris = array('http://specs.openid.net/auth/2.0/signon');
$authreq = $consumer->beginWithoutDiscovery($endpoint);
}
if (!$authreq) {
print_error('auth_openid_login_error', 'auth_openid');
} else {
// Add any simple registration fields to the request
if ($allow_sreg === true) {
$sreg_added = false;
$req = array();
$opt = array();
$privacy_url = null;
// Required fields
if (!empty($this->config->openid_sreg_required)) {
$req = array_map('trim', explode(',', $this->config->openid_sreg_required));
$sreg_added = true;
}
// Optional fields
if (!empty($this->config->openid_sreg_optional)) {
$opt = array_map('trim', explode(',', $this->config->openid_sreg_optional));
$sreg_added = true;
}
// Privacy statement
if ($sreg_added && !empty($this->config->openid_privacy_url)) {
$privacy_url = $this->config->openid_privacy_url;
}
// We call the on_openid_do_request event handler function if it
// exists. This is called before the simple registration (sreg)
// extension is added to allow changes to be made to the sreg
// data fields if required
if (function_exists('on_openid_do_request')) {
on_openid_do_request($authreq);
}
// Finally, the simple registration data is added
if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) {
$sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url);
if ($sreg_request) {
$authreq->addExtension($sreg_request);
}
}
if (defined('ADD_AX_SUPPORT')) {
$AXattr = array();
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_EMAIL, 1, 1, 'email');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_NICKNAME, 1, 1, 'nickname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FULLNAME, 1, 1, 'fullname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FIRSTNAME, 1, 1, 'firstname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_LASTNAME, 1, 1, 'lastname');
$AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_COUNTRY, 1, 1, 'country');
// Create AX fetch request
$ax = new Auth_OpenID_AX_FetchRequest();
// Add attributes to AX fetch request
foreach ($AXattr as $attr) {
$ax->add($attr);
}
// Add AX fetch request to authentication request
$authreq->addExtension($ax);
}
}
// Prepare the remaining components for the request
if (empty($process_url)) {
$process_url = $CFG->wwwroot . '/login/index.php';
}
if (is_array($params) && !empty($params)) {
$query = '';
foreach ($params as $key => $val) {
$query .= '&' . $key . '=' . $val;
}
$process_url .= '?' . substr($query, 1);
}
$trust_root = $CFG->wwwroot . '/';
$_SESSION['openid_process_url'] = $process_url;
// Finally, redirect to the OpenID provider
// Check if the server is allowed ...
if (!openid_server_allowed($authreq->endpoint->server_url, $this->config)) {
print_error('auth_openid_server_blacklisted', 'auth_openid', '', $authreq->endpoint->server_url);
} elseif ($authreq->shouldSendRedirect()) {
$redirect_url = $authreq->redirectURL($trust_root, $process_url);
// If the redirect URL can't be built, display an error message.
if (Auth_OpenID::isFailure($redirect_url)) {
error($redirect_url->message);
} else {
redirect($redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$message = $authreq->getMessage($trust_root, $process_url, false);
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($message)) {
error($message);
} else {
$form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue'));
echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>';
exit;
}
}
}
}
/**
* Initiate an OpenID request
*
* @param boolean $allow_sreg Default true
* @param string $process_url Default empty (will use $CFG->wwwroot)
* @param array $params Array of extra parameters to append to the request
*/
function do_request($allow_sreg = true, $process_url = '', $params = array())
{
global $CFG;
// Create the consumer instance
$store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid');
$consumer = new Auth_OpenID_Consumer($store);
// Create our own endpoint and skip the discovery step.
$endpoint = new Auth_OpenID_ServiceEndpoint();
$endpoint->server_url = $this->config->openid_sso_url;
$endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT;
$endpoint->type_uris = array(Auth_OpenID_OPENID1_NS);
$authreq = $consumer->beginWithoutDiscovery($endpoint);
if (!$authreq) {
error(get_string('auth_openid_login_error', 'auth_openid'));
} else {
// Add any simple registration fields to the request
if ($allow_sreg === true) {
$sreg_added = false;
$req = array();
$opt = array();
$privacy_url = null;
// Required fields
if (!empty($this->config->openid_sreg_required)) {
$req = explode(',', $this->config->openid_sreg_required);
$sreg_added = true;
}
// Optional fields
if (!empty($this->config->openid_sreg_optional)) {
$opt = explode(',', $this->config->openid_sreg_optional);
$sreg_added = true;
}
// Privacy statement
if ($sreg_added && !empty($this->config->openid_privacy_url)) {
$privacy_url = $this->config->openid_privacy_url;
}
// We call the on_openid_do_request event handler function if it
// exists. This is called before the simple registration (sreg)
// extension is added to allow changes to be made to the sreg
// data fields if required
if (function_exists('on_openid_do_request')) {
on_openid_do_request($authreq);
}
// Finally, the simple registration data is added
if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) {
$sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url);
if ($sreg_request) {
$authreq->addExtension($sreg_request);
}
}
}
// Prepare the remaining components for the request
if (empty($process_url)) {
$process_url = $CFG->wwwroot . '/login/index.php';
}
if (is_array($params) && !empty($params)) {
$query = '';
foreach ($params as $key => $val) {
$query .= '&' . $key . '=' . $val;
}
$process_url .= '?' . substr($query, 1);
}
$trust_root = $CFG->wwwroot . '/';
$_SESSION['openid_process_url'] = $process_url;
// Finally, redirect to the OpenID provider
if ($authreq->shouldSendRedirect()) {
$redirect_url = $authreq->redirectURL($trust_root, $process_url);
if (Auth_OpenID::isFailure($redirect_url)) {
error($redirect_url->message);
} else {
redirect($redirect_url);
}
} else {
// Generate form markup and render it.
$form_id = 'openid_message';
$message = $authreq->getMessage($trust_root, $process_url, false);
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($message)) {
error($message);
} else {
$form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue'));
echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>';
exit;
}
}
}
}