request: The simple registration request object
data: The simple registration data for this response, as a
dictionary from unqualified simple registration field name to
string (unicode) value. For instance, the nickname should be
stored under the key 'nickname'.
static public extractResponse ( $request, $data ) |
public function GetSRegDataForRequest(User $user) { require_once 'Auth/OpenID/SReg.php'; // Other common SReg fields we could fill are: // dob, country, language, timezone. $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($this->request); return Auth_OpenID_SRegResponse::extractResponse($sreg_request, array('fullname' => $user->fullName(), 'nickname' => $user->displayName(), 'email' => $user->bestEmail(), 'gender' => $user->isFemale() ? 'F' : 'M')); }
function addSregFields(&$response, $info, $req_url) { $username = getUsernameFromUrl($req_url); $user = get_user_by_username($username); if ($user) { $email = $user->email; $fullname = $user->name; $sreg_data = array('fullname' => $fullname, 'email' => $email); // Add the simple registration response values to the OpenID // response message. $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); //error_log('DEBUG:' . (string)($response->fields)); $sreg_response->toMessage($response->fields); } }
function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null) { if (!$info) { // There is no authentication information, so bail return authCancel(null); } if ($info->idSelect()) { if ($idpSelect) { $req_url = idURL($idpSelect); } else { $trusted = false; } } else { $req_url = $info->identity; } $user = getLoggedInUser(); setRequestInfo($info); if (!$info->idSelect() && $req_url != idURL($user)) { return login_render(array(), $req_url, $req_url); } $trust_root = $info->trust_root; if ($trusted) { setRequestInfo(); $server =& getServer(); $response =& $info->answer(true, null, $req_url); // Answer with some sample Simple Registration data. $sreg_data = array('fullname' => 'Example User', 'nickname' => 'example', 'dob' => '1970-01-01', 'email' => '*****@*****.**', 'gender' => 'F', 'postcode' => '12345', 'country' => 'ES', 'language' => 'eu', 'timezone' => 'America/New_York'); // Add the simple registration response values to the OpenID // response message. $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); $sreg_response->toMessage($response->fields); // Generate a response to send to the user agent. $webresponse =& $server->encodeResponse($response); $new_headers = array(); foreach ($webresponse->headers as $k => $v) { $new_headers[] = $k . ": " . $v; } return array($new_headers, $webresponse->body); } elseif ($fail_cancels) { return authCancel($info); } else { return trust_render($info); } }
/** * Attach SReg response to authentication response. */ function openid_server_sreg_auth_response($response) { $user = wp_get_current_user(); // should we include SREG in the response? $include_sreg = false; if (isset($GLOBALS['openid_server_sreg_trust'])) { $include_sreg = $GLOBALS['openid_server_sreg_trust']; } else { $trusted_sites = get_usermeta($user->ID, 'openid_trusted_sites'); $request = $response->request; $site_hash = md5($request->trust_root); if (is_array($trusted_sites) && array_key_exists($site_hash, $trusted_sites)) { $include_sreg = $trusted_sites[$site_hash]['release_attributes']; } } if ($include_sreg) { $sreg_data = array(); foreach ($GLOBALS['Auth_OpenID_sreg_data_fields'] as $field => $name) { $sreg_data[$field] = openid_server_sreg_from_profile($field); } $sreg_response = Auth_OpenID_SRegResponse::extractResponse($GLOBALS['openid_server_sreg_request'], $sreg_data); $response->addExtension($sreg_response); } return $response; }
function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null) { if (!$info) { // There is no authentication information, so bail return authCancel(null); } $auth = getAuth(); $cert_webid_23 = str_replace('#', '%23', $auth['agent']['webid']); $cert_webid = str_replace('http://', '', $cert_webid_23); // $cert_webid = urlencode($auth['agent']['webid']); if ($_SERVER['HTTPS']) { $host = "https://openid4.me/"; } else { $host = "http://openid4.me/"; } $normalized_webid = $host . $cert_webid; if ($info->idSelect()) { // if ($idpSelect) { // $req_url = idURL($idpSelect); if ($auth[isAuthenticated]) { $req_url = $normalized_webid; } else { $trusted = false; } // } else { // $trusted = false; // } } else { $req_url = $info->identity; if ($req_url != $normalized_webid) { //Get link header $link_webid = fetch_foaf_profile($req_url); if ($cert_webid == $link_webid) { $trusted = true; } else { $agent = get_agent(urldecode($link_webid)); /* print "<pre>"; print_r($agent); print "</pre>"; */ $link_webid = isset($agent['agent']['webid']) ? str_replace('#', '%23', $agent['agent']['webid']) : ''; if ($cert_webid_23 == $link_webid) { $trusted = true; } else { $trusted = false; } } } else { $trusted = true; } } $user = getLoggedInUser(); setRequestInfo($info); /* if ((!$info->idSelect()) && ($req_url != idURL($user))) { return login_render(array(), $req_url, $req_url); } */ $trust_root = $info->trust_root; if ($trusted) { setRequestInfo(); $server =& getServer(); $response =& $info->answer(true, null, $req_url); // Answer with some sample Simple Registration data. $agent = get_agent($auth['agent']['webid']); $sreg_data = array(); if ($fullname = $agent['agent']['name']) { $sreg_data = array_merge($sreg_data, array('fullname' => $fullname)); } if ($nickname = $agent['agent']['nick'][0]) { $sreg_data = array_merge($sreg_data, array('nickname' => $nickname)); } if ($mbox = $agent['agent']['mbox'][0]) { $mbox = str_replace('mailto:', '', $mbox); $sreg_data = array_merge($sreg_data, array('email' => $mbox)); } // Add the simple registration response values to the OpenID // response message. $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); $sreg_response->toMessage($response->fields); // Generate a response to send to the user agent. $webresponse =& $server->encodeResponse($response); $new_headers = array(); foreach ($webresponse->headers as $k => $v) { $new_headers[] = $k . ": " . $v; } return array($new_headers, $webresponse->body); } elseif ($fail_cancels) { return authCancel($info); } else { return trust_render($info); } }
/** * Process a request. * * This function never returns. * * @param Auth_OpenID_Request $request The request we are processing. */ public function processRequest(array $state) { assert('isset($state["request"])'); $request = $state['request']; $sreg_req = Auth_OpenID_SRegRequest::fromOpenIDRequest($request); $ax_req = Auth_OpenId_AX_FetchRequest::fromOpenIDRequest($request); /* In resume.php there should be a way to display data requested through sreg or ax. */ if (!$this->authSource->isAuthenticated()) { if ($request->immediate) { /* Not logged in, and we cannot show a login form. */ $this->sendResponse($request->answer(FALSE)); } $resumeURL = $this->getStateURL('resume.php', $state); $this->authSource->requireAuth(array('ReturnTo' => $resumeURL)); } $identity = $this->getIdentity(); assert('$identity !== FALSE'); /* Should always be logged in here. */ if (!$request->idSelect() && $identity !== $request->identity) { /* The identity in the request doesn't match the one of the logged in user. */ throw new SimpleSAML_Error_Exception('Logged in as different user than the one requested.'); } if ($this->isTrusted($identity, $request->trust_root)) { $trusted = TRUE; } elseif (isset($state['TrustResponse'])) { $trusted = (bool) $state['TrustResponse']; } else { if ($request->immediate) { /* Not trusted, and we cannot show a trust-form. */ $this->sendResponse($request->answer(FALSE)); } $trustURL = $this->getStateURL('trust.php', $state); SimpleSAML_Utilities::redirectTrustedURL($trustURL); } if (!$trusted) { /* The user doesn't trust this site. */ $this->sendResponse($request->answer(FALSE)); } $response = $request->answer(TRUE, NULL, $identity); //Process attributes $attributes = $this->authSource->getAttributes(); foreach ($attributes as $key => $attr) { if (is_array($attr) && count($attr) === 1) { $attributes[$key] = $attr[0]; } } $pc = new SimpleSAML_Auth_ProcessingChain($this->authProc, array(), 'idp'); $state = array('Attributes' => $attributes, 'isPassive' => TRUE); $pc->processStatePassive(&$state); $attributes = $state['Attributes']; //Process SREG requests $sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $attributes); $sreg_resp->toMessage($response->fields); //Process AX requests $ax_resp = new Auth_OpenID_AX_FetchResponse(); foreach ($ax_req->iterTypes() as $type_uri) { if (isset($attributes[$type_uri])) { $ax_resp->addValue($type_uri, $attributes[$type_uri]); } } $ax_resp->toMessage($response->fields); /* The user is authenticated, and trusts this site. */ $this->sendResponse($response); }
function generateAllowResponse($request, $user) { $response = $request->answer(true, null, common_profile_url($user->nickname)); $profile = $user->getProfile(); $sreg_data = array('fullname' => $profile->fullname, 'nickname' => $user->nickname, 'email' => $user->email, 'language' => $user->language, 'timezone' => $user->timezone); $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($request); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); $sreg_response->toMessage($response->fields); return $response; }
public function executeTrust(sfWebRequest $request) { opApplicationConfiguration::registerJanRainOpenID(); require_once 'Auth/OpenID/Server.php'; require_once 'Auth/OpenID/FileStore.php'; require_once 'Auth/OpenID/SReg.php'; require_once 'Auth/OpenID/AX.php'; $info = unserialize($_SESSION['request']); $this->forward404Unless($info); $trusted = $request->hasParameter('trust') || $request->hasParameter('permanent'); if (!$trusted) { unset($_SESSION['request']); $url = $info->getCancelURL(); $this->redirect($url); } $reqUrl = $this->getController()->genUrl('OpenID/member?id=' . $this->getUser()->getMemberId(), true); if (!$info->idSelect()) { $this->forward404Unless($reqUrl === $info->identity, 'request:' . $reqUrl . '/identity:' . $info->identity); } unset($_SESSION['request']); $server = new Auth_OpenID_Server(new Auth_OpenID_FileStore(sfConfig::get('sf_cache_dir')), $info->identity); $response = $info->answer(true, null, $reqUrl); $sregRequest = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $axRequest = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info); $allowedProfiles = $request->getParameter('profiles', array()); $requiredProfiles = $this->createListOfRequestedProfiles($sregRequest, $axRequest); $rejectedProfiles = array_diff_key($requiredProfiles, array_flip($allowedProfiles)); if (in_array(true, $rejectedProfiles)) { $url = $info->getCancelURL(); $this->redirect($url); } if ($sregRequest) { $sregExchange = new opOpenIDProfileExchange('sreg', $this->getUser()->getMember()); $sregResp = Auth_OpenID_SRegResponse::extractResponse($sregRequest, $sregExchange->getData($allowedProfiles)); $response->addExtension($sregResp); } if ($axRequest && !$axRequest instanceof Auth_OpenID_AX_Error) { $axResp = new Auth_OpenID_AX_FetchResponse(); $axExchange = new opOpenIDProfileExchange('ax', $this->getUser()->getMember()); $userData = $axExchange->getData($allowedProfiles); foreach ($axRequest->requested_attributes as $k => $v) { if (!empty($userData[$k])) { $axResp->addValue($k, $userData[$k]); } } $response->addExtension($axResp); } $log = Doctrine::getTable('OpenIDTrustLog')->log($info->trust_root, $this->getUser()->getMemberId()); if ($request->hasParameter('permanent')) { $log->is_permanent = true; $log->save(); } $response = $server->encodeResponse($response); return $this->writeResponse($response); }
function _test($uri) { // Create a request message with simple registration fields $sreg_req = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), array('fullname')); $req_msg = new Auth_OpenID_Message($uri); $req_msg->updateArgs(Auth_OpenID_SREG_NS_URI, $sreg_req->getExtensionArgs()); $req = new Auth_OpenID_Request(); $req->message =& $req_msg; $req->namespace = $req_msg->getOpenIDNamespace(); // -> send checkid_* request // Create an empty response message $resp_msg = new Auth_OpenID_Message($uri); $resp = new Auth_OpenID_ServerResponse($req); $resp->fields = $resp_msg; $data = array('nickname' => 'linusaur', 'postcode' => '12345', 'country' => 'US', 'gender' => 'M', 'fullname' => 'Leonhard Euler', 'email' => '*****@*****.**', 'dob' => '0000-00-00', 'language' => 'en-us'); // Put the requested data fields in the response message $sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $data); $resp->addExtension($sreg_resp); // <- send id_res response // Extract the fields that were sent $sreg_data_resp = $resp->fields->getArgs(Auth_OpenID_SREG_NS_URI); $this->assertEquals(array('nickname' => 'linusaur', 'email' => '*****@*****.**', 'fullname' => 'Leonhard Euler'), $sreg_data_resp); }
/** * Authenticate the currently logged in user. This sends the * result, and is thus no-return. */ public function authenticate() { global $serverUri; $id = $this->session->getUser(); if (!$id) { $this->cancel(); } $req = $this->session->getRequestInfo(); if (!$req) { $this->cancel(); } assert($id && $req); $fullid = "{$serverUri}?name=" . urlencode($id); $resp = $req->answer(true, NULL, $fullid); $this->checkError($resp); /* Get more data to send. */ $data = $this->nc->getIdValue($id); $sregData = array(); $sregKeys = array("name" => "fullname", "email" => "email", "website" => "website", "nick" => "nickname"); if ($data) { foreach ($sregKeys as $key => $val) { if (isset($data->{$key})) { $sregData[$val] = $data->{$key}; } } } /* Add simple registration data to response. */ $sregReq = Auth_OpenID_SRegRequest::fromOpenIDRequest($req); $sregResp = Auth_OpenID_SRegResponse::extractResponse($sregReq, $sregData); $sregResp->toMessage($resp->fields); /* Send response and clean out request info. */ $this->session->setRequestInfo(NULL); $this->sendResponse($resp); }
/** * Convenience function for copying all the sreg data that was * requested from a supplied set of sreg data into the response * message. If no data were requested, no data will be sent. * * openid_request: The OpenID (checkid_*) request that may be * requesting sreg data. * * data: The simple registration data to send. All requested fields * that are present in this dictionary will be added to the response * message. * * openid_response: The OpenID C{id_res} response to which the simple * registration data should be added * * Does not return a value; updates the openid_response instead. */ function Auth_OpenID_sendSRegFields(&$openid_request, $data, &$openid_response) { $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($openid_request->message); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $data); $sreg_response->toMessage($openid_response->fields); }
private function doAuth($info, $trusted = null, $fail_cancels = false, $idpSelect = null, $accepted_scopes = null) { if (!$info) { // There is no authentication information, so bail return $this->openid->authCancel(null); } if ($info->idSelect()) { if ($idpSelect) { $req_url = $this->openid->idURL($idpSelect); } else { $trusted = false; } } else { $req_url = $info->identity; } $id_url = $this->openid->idUrl($_SESSION['id']); $this->openid->setRequestInfo($info); if (!$info->idSelect() && $req_url != $id_url) { return $this->openid->authCancel($info); } if ($trusted) { // prepare the OpenID response object $this->openid->setRequestInfo(); $server =& $this->openid->getOpenIdServer(); $response =& $info->answer(true, null, $req_url); // Simple Registration Extension $people = $this->model('people'); $person = $people->get_person($_SESSION['id'], true); $date_of_birth_month = date('n', $person['date_of_birth']); $date_of_birth_day = date('j', $person['date_of_birth']); $date_of_birth_year = date('y', $person['date_of_birth']); // Answer with Simple Registration data. $sreg_data = array('fullname' => $person['first_name'] . ' ' . $person['last_name'], 'nickname' => $person['first_name'], 'dob' => $date_of_birth_year . '-' . $date_of_birth_month . '-' . $date_of_birth_day, 'email' => $person['email'], 'gender' => $person['gender'], 'country' => 'US', 'language' => 'en'); // Add the simple registration response values to the OpenID // response message. $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); $sreg_response->toMessage($response->fields); // Hybrid OAuth Extension $oauth_request = HybridOAuthRequest::fromOpenIDRequest($info); // handle accepted scopes (generates OAuth token) if ($oauth_request !== null) { $oauthDataStore = new PartuzaOAuthDataStore(); $consumer = $oauthDataStore->lookup_consumer($oauth_request->consumer); $token = $oauthDataStore->new_request_token($consumer, ''); $oauthDataStore->authorize_request_token($token->key); $oauth_response = HybridOAuthResponse::buildResponse($oauth_request, $token->key, $accepted_scopes); $oauth_response->toMessage($response->fields); } // Generate a response to send to the user agent. $webresponse =& $server->encodeResponse($response); header('Location: ' . $webresponse->headers['location']); header('Connection: close'); echo $webresponse->body; } elseif ($fail_cancels) { return $this->openid->authCancel($info); } else { return $this->trust_render($info); } }
function send_geni_user($server, $info) { $geni_user = geni_loadUser(); $req_url = idURL($geni_user->username); $response =& $info->answer(true, null, $req_url); // Answer with some sample Simple Registration data. global $portal_cert_file; global $portal_private_key_file; $sreg_data = array(); if ($geni_user) { $sreg_data['nickname'] = $geni_user->username; $sreg_data['email'] = $geni_user->email(); } if (empty($sreg_data)) { error_log("OpenID: Unable to access user information."); } // Add the simple registration response values to the OpenID // response message. $sreg_request = Auth_OpenID_SRegRequest::fromOpenIDRequest($info); $sreg_response = Auth_OpenID_SRegResponse::extractResponse($sreg_request, $sreg_data); $sreg_response->toMessage($response->fields); /* * Attribute Exchange (AX) is an OpenID extension to pass additional * attributes. This code was derived by looking at some client * examples and the AX code. No server-side examples of PHP OpenID * AX were found. * * AX seems to be fragile. Small changes to the code below can * result in authentication failures. * * The user URN has '+' characters but these consistently caused * authentication failures in testing. Replacing the '+' with '|' * worked, so that is a necessary transformation below. */ $ax_request = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($info); if ($ax_request and !Auth_OpenID_AX::isError($ax_request)) { /* error_log("received AX request: " . print_r($ax_request, true)); */ $ax_response = new Auth_OpenID_AX_FetchResponse(); add_project_slice_info($geni_user, $projects, $slices); foreach ($ax_request->iterTypes() as $ax_req_type) { switch ($ax_req_type) { case 'http://geni.net/projects': $ax_response->setValues($ax_req_type, $projects); break; case 'http://geni.net/slices': $ax_response->setValues($ax_req_type, $slices); break; case 'http://geni.net/user/urn': $urn = $geni_user->urn(); $urn = str_replace('+', '|', $urn); $ax_response->addValue('http://geni.net/user/urn', $urn); break; case 'http://geni.net/user/prettyname': $ax_response->addValue($ax_req_type, $geni_user->prettyName()); break; case 'http://geni.net/wimax/username': case 'http://geni.net/wimax/wimax_username': $wimax_name = null; if (isset($geni_user->ma_member->wimax_username)) { $wimax_name = $geni_user->ma_member->wimax_username; } /* Only send wimax name if it exists. */ if ($wimax_name) { $ax_response->addValue($ax_req_type, $wimax_name); } break; case 'http://geni.net/irods/username': /* Get the iRODS username. Do we need to respect the * 'irods_enabled' flag? */ $irods_username = null; if (isset($geni_user->ma_member->irods_username)) { $irods_username = $geni_user->ma_member->irods_username; } /* Only send it if it exists. */ if ($irods_username) { error_log("Returning iRODS username {$irods_username} for user " . $geni_user->urn()); $ax_response->addValue($ax_req_type, $irods_username); } else { error_log("No iRODS username in OpenID for user " . $geni_user->urn()); } break; case 'http://geni.net/irods/zone': /* Get the IRods zone for this user. */ $irods_zone = irods_default_zone(); /* Only send it if it exists. */ if ($irods_zone) { error_log("Returning iRODS zone {$irods_zone} for user " . $geni_user->urn()); $ax_response->addValue($ax_req_type, $irods_zone); } else { error_log("No iRODS zone in OpenID for user " . $geni_user->urn()); } break; } } $ax_response->toMessage($response->fields); } // Generate a response to send to the user agent. $webresponse =& $server->encodeResponse($response); $new_headers = array(); foreach ($webresponse->headers as $k => $v) { $new_headers[] = $k . ": " . $v; } return array($new_headers, $webresponse->body); }
public function proceedAction() { // needed for unit tests $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNeverRender(true); $server = $this->_getOpenIdProvider(); $request = $server->decodeRequest(); if ($request->idSelect()) { $id = $this->user->openid; } else { $id = null; } $response = $request->answer(true, null, $id); if ($this->_hasSreg($request) && $this->_getParam('profileId')) { $profiles = new Users_Model_Profiles(); $profile = $profiles->getRowInstance($this->_getParam('profileId')); $personalInfoForm = Users_Form_PersonalInfo::getForm($request, $profile); $formData = $this->_request->getPost(); $personalInfoForm->populate($formData); // not planning on validating stuff here yet, but I call this // for the date element to be filled properly $foo = $personalInfoForm->isValid($formData); $sregResponse = Auth_OpenID_SRegResponse::extractResponse($personalInfoForm->getSregRequest(), $personalInfoForm->getUnqualifiedValues()); $sregResponse->toMessage($response->fields); } $trustRoot = $this->_getTrustRoot($request); if ($this->_getParam('allow')) { if ($this->_getParam('forever')) { $sites = new Model_Sites(); $sites->deleteForUserSite($this->user, $trustRoot); $siteObj = $sites->createRow(); $siteObj->user_id = $this->user->id; $siteObj->site = $trustRoot; $siteObj->creation_date = date('Y-m-d'); if (isset($personalInfoForm)) { $trusted = array(); // using this key name for BC pre 1.1 when we used Zend_OpenId $trusted['Zend_OpenId_Extension_Sreg'] = $personalInfoForm->getUnqualifiedValues(); } else { $trusted = true; } $siteObj->trusted = serialize($trusted); $siteObj->save(); } $this->_saveHistory($trustRoot, Model_History::AUTHORIZED); require_once 'libs/Auth/OpenID/PAPE.php'; if ($papeRequest = Auth_OpenID_PAPE_Request::fromOpenIDRequest($request)) { $this->_processPape($papeRequest, $response); } $webresponse = $server->encodeResponse($response); foreach ($webresponse->headers as $k => $v) { if ($k == 'location') { $this->_response->setRedirect($v); } else { $this->_response->setHeader($k, $v); } } $this->_response->setHeader('Connection', 'close'); $this->_response->appendBody($webresponse->body); } elseif ($this->_getParam('deny')) { if ($this->_getParam('forever')) { $sites = new Model_Sites(); $sites->deleteForUserSite($this->user, $trustRoot); $siteObj = $sites->createRow(); $siteObj->user_id = $this->user->id; $siteObj->site = $trustRoot; $siteObj->creation_date = date('Y-m-d'); $siteObj->trusted = serialize(false); $siteObj->save(); } $this->_saveHistory($trustRoot, Model_History::DENIED); return $this->_sendResponse($server, $request->answer(false)); } }
public function trustAction(Request $request) { if (!$this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) { $request->getSession()->set('_security.target_path', $request->headers->get('referer')); throw new AccessDeniedException(); } require_once 'Auth/OpenID/SReg.php'; $server = $this->getServer(); $params = $request->server->get('QUERY_STRING'); $params = $this->decodeQuery($params); $openidRequest = $server->decodeRequest($params); if (!$openidRequest) { throw new HttpException(400); } if (!$openidRequest instanceof \Auth_OpenID_Request) { return $this->handleServerError($openidRequest); } if ('checkid_setup' !== $openidRequest->mode) { throw new HttpException(400); } $sRegRequest = \Auth_OpenID_SRegRequest::fromOpenIDRequest($openidRequest); $user = $this->securityContext->getToken()->getUser(); $fields = $this->getFieldsData($user, $sRegRequest); $form = $this->createTrustForm($user, $sRegRequest); if ('POST' === $request->getMethod()) { $form->bindRequest($request); $trust = $request->request->get('trust'); if ($form->isValid() && !empty($trust)) { $unique = $this->adapter->getUserUnique($user); $identifier = $this->getIdentifierUri($unique); $openidResponse = $openidRequest->answer(true, null, $identifier); $sRegResponse = \Auth_OpenID_SRegResponse::extractResponse($sRegRequest, $fields); $sRegResponse->toMessage($openidResponse->fields); $webResponse = $server->encodeResponse($openidResponse); return $this->convertResponse($webResponse); } } $template = 'AlbOpenIDServerBundle:OpenIDServer:trust.html.twig'; return $this->render($template, array('form' => $form->createView(), 'form_action' => $this->getTrustUri($params), 'requested_fields' => $fields)); }