beginWithoutDiscovery() public méthode

Start OpenID verification without doing OpenID server discovery. This method is used internally by Consumer.begin after discovery is performed, and exists to provide an interface for library users needing to perform their own discovery.
public beginWithoutDiscovery ( Auth_OpenID_ServiceEndpoint $endpoint, $anonymous = false ) : Auth_OpenID_AuthRequest
$endpoint Auth_OpenID_ServiceEndpoint an OpenID service endpoint descriptor.
Résultat Auth_OpenID_AuthRequest $auth_request An OpenID authentication request object.
Exemple #1
0
 /**
  * Initiate an OpenID request
  *
  * @param boolean $allow_sreg Default true
  * @param string $process_url Default empty (will use $CFG->wwwroot)
  * @param array $params Array of extra parameters to append to the request
  */
 function do_request($allow_sreg = true, $process_url = '', $params = array())
 {
     global $CFG, $USER;
     // Create the consumer instance
     $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid');
     $consumer = new Auth_OpenID_Consumer($store);
     $openid_url = optional_param('openid_url', null);
     if (defined('GOOGLE_OPENID_URL') && !empty($openid_url) && (stristr($openid_url, '@google.') || stristr($openid_url, '@gmail.'))) {
         // BJB101206: map Google email addresses to OpenID url
         $tmpemail = $openid_url;
         $openid_url = GOOGLE_OPENID_URL;
         logout_guestuser();
         if (empty($USER->id) && ($tmpuser = get_complete_user_data('email', $tmpemail)) && $tmpuser->auth != 'openid') {
             $allow_sreg = true;
             // would like to verify email later
             $process_url = $CFG->wwwroot . '/auth/openid/actions.php';
             $USER = $tmpuser;
             $params['openid_tmp_login'] = true;
             // require flag in action.php
             $params['openid_action'] = 'change';
             $params['openid_url'] = $openid_url;
             $params['openid_mode'] = 'switch2openid';
             // arbitrary != null
             //error_log('/auth/openid/auth.php::do_request() - Found user email: '.$tmpemail);
         }
     }
     if (!empty($this->config->auth_openid_google_apps_domain)) {
         $openid_url = $this->config->auth_openid_google_apps_domain;
         new GApps_OpenID_Discovery($consumer);
     }
     $authreq = $consumer->begin($openid_url);
     if (!$authreq && $this->is_sso()) {
         $endpoint = new Auth_OpenID_ServiceEndpoint();
         $endpoint->server_url = $openid_url;
         $endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT;
         $endpoint->type_uris = array('http://specs.openid.net/auth/2.0/signon');
         $authreq = $consumer->beginWithoutDiscovery($endpoint);
     }
     if (!$authreq) {
         print_error('auth_openid_login_error', 'auth_openid');
     } else {
         // Add any simple registration fields to the request
         if ($allow_sreg === true) {
             $sreg_added = false;
             $req = array();
             $opt = array();
             $privacy_url = null;
             // Required fields
             if (!empty($this->config->openid_sreg_required)) {
                 $req = array_map('trim', explode(',', $this->config->openid_sreg_required));
                 $sreg_added = true;
             }
             // Optional fields
             if (!empty($this->config->openid_sreg_optional)) {
                 $opt = array_map('trim', explode(',', $this->config->openid_sreg_optional));
                 $sreg_added = true;
             }
             // Privacy statement
             if ($sreg_added && !empty($this->config->openid_privacy_url)) {
                 $privacy_url = $this->config->openid_privacy_url;
             }
             // We call the on_openid_do_request event handler function if it
             // exists. This is called before the simple registration (sreg)
             // extension is added to allow changes to be made to the sreg
             // data fields if required
             if (function_exists('on_openid_do_request')) {
                 on_openid_do_request($authreq);
             }
             // Finally, the simple registration data is added
             if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) {
                 $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url);
                 if ($sreg_request) {
                     $authreq->addExtension($sreg_request);
                 }
             }
             if (defined('ADD_AX_SUPPORT')) {
                 $AXattr = array();
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_EMAIL, 1, 1, 'email');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_NICKNAME, 1, 1, 'nickname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FULLNAME, 1, 1, 'fullname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_FIRSTNAME, 1, 1, 'firstname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_LASTNAME, 1, 1, 'lastname');
                 $AXattr[] = Auth_OpenID_AX_AttrInfo::make(AX_SCHEMA_COUNTRY, 1, 1, 'country');
                 // Create AX fetch request
                 $ax = new Auth_OpenID_AX_FetchRequest();
                 // Add attributes to AX fetch request
                 foreach ($AXattr as $attr) {
                     $ax->add($attr);
                 }
                 // Add AX fetch request to authentication request
                 $authreq->addExtension($ax);
             }
         }
         // Prepare the remaining components for the request
         if (empty($process_url)) {
             $process_url = $CFG->wwwroot . '/login/index.php';
         }
         if (is_array($params) && !empty($params)) {
             $query = '';
             foreach ($params as $key => $val) {
                 $query .= '&' . $key . '=' . $val;
             }
             $process_url .= '?' . substr($query, 1);
         }
         $trust_root = $CFG->wwwroot . '/';
         $_SESSION['openid_process_url'] = $process_url;
         // Finally, redirect to the OpenID provider
         // Check if the server is allowed ...
         if (!openid_server_allowed($authreq->endpoint->server_url, $this->config)) {
             print_error('auth_openid_server_blacklisted', 'auth_openid', '', $authreq->endpoint->server_url);
         } elseif ($authreq->shouldSendRedirect()) {
             $redirect_url = $authreq->redirectURL($trust_root, $process_url);
             // If the redirect URL can't be built, display an error message.
             if (Auth_OpenID::isFailure($redirect_url)) {
                 error($redirect_url->message);
             } else {
                 redirect($redirect_url);
             }
         } else {
             // Generate form markup and render it.
             $form_id = 'openid_message';
             $message = $authreq->getMessage($trust_root, $process_url, false);
             // Display an error if the form markup couldn't be generated;
             // otherwise, render the HTML.
             if (Auth_OpenID::isFailure($message)) {
                 error($message);
             } else {
                 $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue'));
                 echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>';
                 exit;
             }
         }
     }
 }
Exemple #2
0
 /**
  * Initiate an OpenID request
  *
  * @param boolean $allow_sreg Default true
  * @param string $process_url Default empty (will use $CFG->wwwroot)
  * @param array $params Array of extra parameters to append to the request
  */
 function do_request($allow_sreg = true, $process_url = '', $params = array())
 {
     global $CFG;
     // Create the consumer instance
     $store = new Auth_OpenID_FileStore($CFG->dataroot . '/openid');
     $consumer = new Auth_OpenID_Consumer($store);
     // Create our own endpoint and skip the discovery step.
     $endpoint = new Auth_OpenID_ServiceEndpoint();
     $endpoint->server_url = $this->config->openid_sso_url;
     $endpoint->claimed_id = Auth_OpenID_IDENTIFIER_SELECT;
     $endpoint->type_uris = array(Auth_OpenID_OPENID1_NS);
     $authreq = $consumer->beginWithoutDiscovery($endpoint);
     if (!$authreq) {
         error(get_string('auth_openid_login_error', 'auth_openid'));
     } else {
         // Add any simple registration fields to the request
         if ($allow_sreg === true) {
             $sreg_added = false;
             $req = array();
             $opt = array();
             $privacy_url = null;
             // Required fields
             if (!empty($this->config->openid_sreg_required)) {
                 $req = explode(',', $this->config->openid_sreg_required);
                 $sreg_added = true;
             }
             // Optional fields
             if (!empty($this->config->openid_sreg_optional)) {
                 $opt = explode(',', $this->config->openid_sreg_optional);
                 $sreg_added = true;
             }
             // Privacy statement
             if ($sreg_added && !empty($this->config->openid_privacy_url)) {
                 $privacy_url = $this->config->openid_privacy_url;
             }
             // We call the on_openid_do_request event handler function if it
             // exists. This is called before the simple registration (sreg)
             // extension is added to allow changes to be made to the sreg
             // data fields if required
             if (function_exists('on_openid_do_request')) {
                 on_openid_do_request($authreq);
             }
             // Finally, the simple registration data is added
             if ($sreg_added && !(sizeof($req) < 1 && sizeof($opt) < 1)) {
                 $sreg_request = Auth_OpenID_SRegRequest::build($req, $opt, $privacy_url);
                 if ($sreg_request) {
                     $authreq->addExtension($sreg_request);
                 }
             }
         }
         // Prepare the remaining components for the request
         if (empty($process_url)) {
             $process_url = $CFG->wwwroot . '/login/index.php';
         }
         if (is_array($params) && !empty($params)) {
             $query = '';
             foreach ($params as $key => $val) {
                 $query .= '&' . $key . '=' . $val;
             }
             $process_url .= '?' . substr($query, 1);
         }
         $trust_root = $CFG->wwwroot . '/';
         $_SESSION['openid_process_url'] = $process_url;
         // Finally, redirect to the OpenID provider
         if ($authreq->shouldSendRedirect()) {
             $redirect_url = $authreq->redirectURL($trust_root, $process_url);
             if (Auth_OpenID::isFailure($redirect_url)) {
                 error($redirect_url->message);
             } else {
                 redirect($redirect_url);
             }
         } else {
             // Generate form markup and render it.
             $form_id = 'openid_message';
             $message = $authreq->getMessage($trust_root, $process_url, false);
             // Display an error if the form markup couldn't be generated;
             // otherwise, render the HTML.
             if (Auth_OpenID::isFailure($message)) {
                 error($message);
             } else {
                 $form_html = $message->toFormMarkup($authreq->endpoint->server_url, array('id' => $form_id), get_string('continue'));
                 echo '<html><head><title>OpenID request</title></head><body onload="document.getElementById(\'', $form_id, '\').submit();" style="text-align: center;"><div style="background: lightyellow; border: 1px solid black; margin: 30px 20%; padding: 5px 15px;"><p>', get_string('openid_redirecting', 'auth_openid'), '</p></div>', $form_html, '</body></html>';
                 exit;
             }
         }
     }
 }